Oct 31 15:24:35.215343: | newref logger@0x556b66334bb8(0->1) (in main() at plutomain.c:1591)
Oct 31 15:24:35.215987: | delref logger@0x556b66334bb8(1->0) (in main() at plutomain.c:1592)
Oct 31 15:24:35.215995: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.215998: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.216006: NSS DB directory: sql:/var/lib/ipsec/nss
Oct 31 15:24:35.216185: Initializing NSS
Oct 31 15:24:35.216192: Opening NSS database "sql:/var/lib/ipsec/nss" read-only
Oct 31 15:24:35.259057: FIPS Mode: NO
Oct 31 15:24:35.259074: NSS crypto library initialized
Oct 31 15:24:35.259103: FIPS mode disabled for pluto daemon
Oct 31 15:24:35.259106: FIPS HMAC integrity support [disabled]
Oct 31 15:24:35.259178: libcap-ng support [enabled]
Oct 31 15:24:35.259186: Linux audit support [enabled]
Oct 31 15:24:35.259223: Linux audit activated
Oct 31 15:24:35.259234: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2131847
Oct 31 15:24:35.259238: core dump dir: /tmp
Oct 31 15:24:35.259240: secrets file: /etc/ipsec.secrets
Oct 31 15:24:35.259242: leak-detective enabled
Oct 31 15:24:35.259244: NSS crypto [enabled]
Oct 31 15:24:35.259246: XAUTH PAM support [enabled]
Oct 31 15:24:35.259317: | libevent is using pluto's memory allocator
Oct 31 15:24:35.259323: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Oct 31 15:24:35.259343: | libevent_malloc: newref ptr-libevent@0x556b66349998 size 40
Oct 31 15:24:35.259345: | libevent_malloc: newref ptr-libevent@0x556b663ae2d8 size 40
Oct 31 15:24:35.259348: | libevent_malloc: newref ptr-libevent@0x556b663ba848 size 40
Oct 31 15:24:35.259351: | creating event base
Oct 31 15:24:35.259353: | libevent_malloc: newref ptr-libevent@0x556b663ba488 size 56
Oct 31 15:24:35.259356: | libevent_malloc: newref ptr-libevent@0x556b663b0e58 size 664
Oct 31 15:24:35.259368: | libevent_malloc: newref ptr-libevent@0x556b663e77f8 size 24
Oct 31 15:24:35.259370: | libevent_malloc: newref ptr-libevent@0x556b663ae528 size 384
Oct 31 15:24:35.259380: | libevent_malloc: newref ptr-libevent@0x556b663e7848 size 16
Oct 31 15:24:35.259383: | libevent_malloc: newref ptr-libevent@0x556b663ba7c8 size 40
Oct 31 15:24:35.259385: | libevent_malloc: newref ptr-libevent@0x556b663ba748 size 48
Oct 31 15:24:35.259390: | libevent_realloc: newref ptr-libevent@0x556b663ddfc8 size 256
Oct 31 15:24:35.259393: | libevent_malloc: newref ptr-libevent@0x556b663e7888 size 16
Oct 31 15:24:35.259398: | libevent_free: delref ptr-libevent@0x556b663ba488
Oct 31 15:24:35.259400: | libevent initialized
Oct 31 15:24:35.259405: | libevent_realloc: newref ptr-libevent@0x556b663ba488 size 64
Oct 31 15:24:35.259408: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Oct 31 15:24:35.259415: | init_nat_traversal() initialized with keep_alive=0s
Oct 31 15:24:35.259417: NAT-Traversal support  [enabled]
Oct 31 15:24:35.259419: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Oct 31 15:24:35.259424: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Oct 31 15:24:35.259427: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Oct 31 15:24:35.259504: | checking IKEv1 state table
Oct 31 15:24:35.259515: |   MAIN_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:24:35.259518: |     -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1)
Oct 31 15:24:35.259522: |   MAIN_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:35.259524: |     -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2)
Oct 31 15:24:35.259527: |   MAIN_R1: category: open IKE SA; flags: 0:
Oct 31 15:24:35.259529: |     -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2)
Oct 31 15:24:35.259531: |     -> MAIN_R1 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:35.259533: |     -> MAIN_R1 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:35.259536: |   MAIN_I2: category: open IKE SA; flags: 0:
Oct 31 15:24:35.259544: |     -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3)
Oct 31 15:24:35.259546: |     -> MAIN_I2 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:35.259549: |     -> MAIN_I2 EVENT_RETRANSMIT (unexpected)
Oct 31 15:24:35.259551: |   MAIN_R2: category: open IKE SA; flags: 0:
Oct 31 15:24:35.259553: |     -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3)
Oct 31 15:24:35.259555: |     -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3)
Oct 31 15:24:35.259557: |     -> MAIN_R2 EVENT_SA_REPLACE (unexpected)
Oct 31 15:24:35.259560: |   MAIN_I3: category: open IKE SA; flags: 0:
Oct 31 15:24:35.259562: |     -> MAIN_I4 EVENT_SA_REPLACE (main_inR3)
Oct 31 15:24:35.259564: |     -> MAIN_I4 EVENT_SA_REPLACE (main_inR3)
Oct 31 15:24:35.259566: |     -> MAIN_I3 EVENT_SA_REPLACE (unexpected)
Oct 31 15:24:35.259569: |   MAIN_R3: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259571: |     -> MAIN_R3 EVENT_NULL (unexpected)
Oct 31 15:24:35.259573: |   MAIN_I4: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259575: |     -> MAIN_I4 EVENT_NULL (unexpected)
Oct 31 15:24:35.259578: |   AGGR_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:24:35.259580: |     -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1)
Oct 31 15:24:35.259582: |   AGGR_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:35.259584: |     -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2)
Oct 31 15:24:35.259587: |     -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2)
Oct 31 15:24:35.259589: |   AGGR_R1: category: open IKE SA; flags: 0:
Oct 31 15:24:35.259591: |     -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2)
Oct 31 15:24:35.259593: |     -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2)
Oct 31 15:24:35.259596: |   AGGR_I2: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259598: |     -> AGGR_I2 EVENT_NULL (unexpected)
Oct 31 15:24:35.259600: |   AGGR_R2: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259602: |     -> AGGR_R2 EVENT_NULL (unexpected)
Oct 31 15:24:35.259605: |   QUICK_R0: category: established CHILD SA; flags: 0:
Oct 31 15:24:35.259607: |     -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1)
Oct 31 15:24:35.259609: |   QUICK_I1: category: established CHILD SA; flags: 0:
Oct 31 15:24:35.259612: |     -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2)
Oct 31 15:24:35.259614: |   QUICK_R1: category: established CHILD SA; flags: 0:
Oct 31 15:24:35.259616: |     -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2)
Oct 31 15:24:35.259618: |   QUICK_I2: category: established CHILD SA; flags: 0:
Oct 31 15:24:35.259621: |     -> QUICK_I2 EVENT_NULL (unexpected)
Oct 31 15:24:35.259623: |   QUICK_R2: category: established CHILD SA; flags: 0:
Oct 31 15:24:35.259625: |     -> QUICK_R2 EVENT_NULL (unexpected)
Oct 31 15:24:35.259627: |   INFO: category: informational; flags: 0:
Oct 31 15:24:35.259630: |     -> INFO EVENT_NULL (informational)
Oct 31 15:24:35.259632: |   INFO_PROTECTED: category: informational; flags: 0:
Oct 31 15:24:35.259634: |     -> INFO_PROTECTED EVENT_NULL (informational)
Oct 31 15:24:35.259636: |   XAUTH_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259639: |     -> XAUTH_R1 EVENT_NULL (xauth_inR0)
Oct 31 15:24:35.259641: |   XAUTH_R1: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259643: |     -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1)
Oct 31 15:24:35.259646: |   MODE_CFG_R0: category: informational; flags: 0:
Oct 31 15:24:35.259648: |     -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0)
Oct 31 15:24:35.259650: |   MODE_CFG_R1: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259652: |     -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1)
Oct 31 15:24:35.259655: |   MODE_CFG_R2: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259657: |     -> MODE_CFG_R2 EVENT_NULL (unexpected)
Oct 31 15:24:35.259660: |   MODE_CFG_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259662: |     -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1)
Oct 31 15:24:35.259664: |   XAUTH_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259666: |     -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0)
Oct 31 15:24:35.259670: |   XAUTH_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259673: |     -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1)
Oct 31 15:24:35.259678: | checking IKEv2 state table
Oct 31 15:24:35.259682: |   V2_REKEY_IKE_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259684: |     -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Oct 31 15:24:35.259688: |   V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259690: |     -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Oct 31 15:24:35.259693: |   V2_NEW_CHILD_I0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259695: |     -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Oct 31 15:24:35.259698: |   PARENT_I0: category: ignore; flags: 0:
Oct 31 15:24:35.259700: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Oct 31 15:24:35.259703: |   PARENT_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:35.259705: |     -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added)
Oct 31 15:24:35.259711: |     -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload)
Oct 31 15:24:35.259713: |     -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination)
Oct 31 15:24:35.259716: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE)
Oct 31 15:24:35.259718: |   PARENT_I2: category: open IKE SA; flags: 0:
Oct 31 15:24:35.259721: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE)
Oct 31 15:24:35.259723: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Oct 31 15:24:35.259725: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Oct 31 15:24:35.259727: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Oct 31 15:24:35.259730: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Oct 31 15:24:35.259732: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Oct 31 15:24:35.259734: |   PARENT_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:24:35.259737: |     -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT)
Oct 31 15:24:35.259739: |   PARENT_R1: category: half-open IKE SA; flags: 0:
Oct 31 15:24:35.259741: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED))
Oct 31 15:24:35.259744: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED))
Oct 31 15:24:35.259746: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED))
Oct 31 15:24:35.259748: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request)
Oct 31 15:24:35.259751: |   V2_REKEY_IKE_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259753: |     -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey)
Oct 31 15:24:35.259756: |   V2_REKEY_IKE_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259758: |     -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Oct 31 15:24:35.259760: |   V2_NEW_CHILD_I1: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259762: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Oct 31 15:24:35.259765: |   V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259767: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request)
Oct 31 15:24:35.259770: |   V2_NEW_CHILD_R0: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259773: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request)
Oct 31 15:24:35.259776: |   ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259778: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe))
Oct 31 15:24:35.259781: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe))
Oct 31 15:24:35.259783: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request)
Oct 31 15:24:35.259785: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response)
Oct 31 15:24:35.259788: |   IKESA_DEL: category: established IKE SA; flags: 0:
Oct 31 15:24:35.259790: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Oct 31 15:24:35.259793: |   CHILDSA_DEL: category: informational; flags: 0:
Oct 31 15:24:35.259795: |     -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Oct 31 15:24:35.259798: | global one-shot timer EVENT_REVIVE_CONNS initialized
Oct 31 15:24:35.259802: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Oct 31 15:24:35.259805: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Oct 31 15:24:35.259938: Encryption algorithms:
Oct 31 15:24:35.259946:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Oct 31 15:24:35.259951:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Oct 31 15:24:35.259955:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Oct 31 15:24:35.259959:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Oct 31 15:24:35.259964:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Oct 31 15:24:35.259968:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Oct 31 15:24:35.259973:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Oct 31 15:24:35.259977:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Oct 31 15:24:35.259982:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Oct 31 15:24:35.259986:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Oct 31 15:24:35.259990:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Oct 31 15:24:35.259995:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Oct 31 15:24:35.259998:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Oct 31 15:24:35.260002:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Oct 31 15:24:35.260005: Hash algorithms:
Oct 31 15:24:35.260008:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Oct 31 15:24:35.260011:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Oct 31 15:24:35.260015:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Oct 31 15:24:35.260018:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Oct 31 15:24:35.260021:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Oct 31 15:24:35.260023: PRF algorithms:
Oct 31 15:24:35.260027:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Oct 31 15:24:35.260030:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Oct 31 15:24:35.260034:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Oct 31 15:24:35.260040:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Oct 31 15:24:35.260044:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Oct 31 15:24:35.260047:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Oct 31 15:24:35.260049: Integrity algorithms:
Oct 31 15:24:35.260053:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Oct 31 15:24:35.260057:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Oct 31 15:24:35.260062:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Oct 31 15:24:35.260066:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Oct 31 15:24:35.260070:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Oct 31 15:24:35.260074:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Oct 31 15:24:35.260078:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Oct 31 15:24:35.260081:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Oct 31 15:24:35.260085:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Oct 31 15:24:35.260087: DH algorithms:
Oct 31 15:24:35.260091:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Oct 31 15:24:35.260094:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Oct 31 15:24:35.260097:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Oct 31 15:24:35.260100:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Oct 31 15:24:35.260104:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Oct 31 15:24:35.260107:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Oct 31 15:24:35.260110:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Oct 31 15:24:35.260113:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Oct 31 15:24:35.260117:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Oct 31 15:24:35.260121:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Oct 31 15:24:35.260124:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Oct 31 15:24:35.260126: testing CAMELLIA_CBC:
Oct 31 15:24:35.260129:   Camellia: 16 bytes with 128-bit key
Oct 31 15:24:35.260210:   Camellia: 16 bytes with 128-bit key
Oct 31 15:24:35.260246:   Camellia: 16 bytes with 256-bit key
Oct 31 15:24:35.260278:   Camellia: 16 bytes with 256-bit key
Oct 31 15:24:35.260309: testing AES_GCM_16:
Oct 31 15:24:35.260312:   empty string
Oct 31 15:24:35.260340:   one block
Oct 31 15:24:35.260367:   two blocks
Oct 31 15:24:35.260396:   two blocks with associated data
Oct 31 15:24:35.260423: testing AES_CTR:
Oct 31 15:24:35.260427:   Encrypting 16 octets using AES-CTR with 128-bit key
Oct 31 15:24:35.260456:   Encrypting 32 octets using AES-CTR with 128-bit key
Oct 31 15:24:35.260491:   Encrypting 36 octets using AES-CTR with 128-bit key
Oct 31 15:24:35.260525:   Encrypting 16 octets using AES-CTR with 192-bit key
Oct 31 15:24:35.260556:   Encrypting 32 octets using AES-CTR with 192-bit key
Oct 31 15:24:35.260587:   Encrypting 36 octets using AES-CTR with 192-bit key
Oct 31 15:24:35.260619:   Encrypting 16 octets using AES-CTR with 256-bit key
Oct 31 15:24:35.260651:   Encrypting 32 octets using AES-CTR with 256-bit key
Oct 31 15:24:35.260680:   Encrypting 36 octets using AES-CTR with 256-bit key
Oct 31 15:24:35.260713: testing AES_CBC:
Oct 31 15:24:35.260716:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Oct 31 15:24:35.260746:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Oct 31 15:24:35.260781:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Oct 31 15:24:35.260817:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Oct 31 15:24:35.260860: testing AES_XCBC:
Oct 31 15:24:35.260864:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Oct 31 15:24:35.260987:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Oct 31 15:24:35.261124:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Oct 31 15:24:35.261262:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Oct 31 15:24:35.261406:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Oct 31 15:24:35.261542:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Oct 31 15:24:35.261690:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Oct 31 15:24:35.261990:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Oct 31 15:24:35.262128:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Oct 31 15:24:35.262306:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Oct 31 15:24:35.262561: testing HMAC_MD5:
Oct 31 15:24:35.262567:   RFC 2104: MD5_HMAC test 1
Oct 31 15:24:35.262759:   RFC 2104: MD5_HMAC test 2
Oct 31 15:24:35.262936:   RFC 2104: MD5_HMAC test 3
Oct 31 15:24:35.263124: 8 CPU cores online
Oct 31 15:24:35.263129: starting up 7 helper threads
Oct 31 15:24:35.263180: started thread for helper 0
Oct 31 15:24:35.263215: started thread for helper 1
Oct 31 15:24:35.263257: started thread for helper 2
Oct 31 15:24:35.263290: | starting helper thread 3
Oct 31 15:24:35.263300: seccomp security disabled for crypto helper 3
Oct 31 15:24:35.263293: | starting helper thread 1
Oct 31 15:24:35.263294: started thread for helper 3
Oct 31 15:24:35.263307: | status value returned by setting the priority of this helper thread 3: 22
Oct 31 15:24:35.263316: seccomp security disabled for crypto helper 1
Oct 31 15:24:35.263331: | helper thread 3 has nothing to do
Oct 31 15:24:35.263337: | status value returned by setting the priority of this helper thread 1: 22
Oct 31 15:24:35.263344: started thread for helper 4
Oct 31 15:24:35.263344: | helper thread 1 has nothing to do
Oct 31 15:24:35.263347: | starting helper thread 5
Oct 31 15:24:35.263360: seccomp security disabled for crypto helper 5
Oct 31 15:24:35.263362: | status value returned by setting the priority of this helper thread 5: 22
Oct 31 15:24:35.263364: | helper thread 5 has nothing to do
Oct 31 15:24:35.263372: started thread for helper 5
Oct 31 15:24:35.263375: | starting helper thread 6
Oct 31 15:24:35.263379: seccomp security disabled for crypto helper 6
Oct 31 15:24:35.263381: | status value returned by setting the priority of this helper thread 6: 22
Oct 31 15:24:35.263382: | helper thread 6 has nothing to do
Oct 31 15:24:35.263399: started thread for helper 6
Oct 31 15:24:35.263402: | starting helper thread 7
Oct 31 15:24:35.263404: seccomp security disabled for crypto helper 7
Oct 31 15:24:35.263406: | status value returned by setting the priority of this helper thread 7: 22
Oct 31 15:24:35.263408: | helper thread 7 has nothing to do
Oct 31 15:24:35.263423: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64
Oct 31 15:24:35.263479: | Hard-wiring algorithms
Oct 31 15:24:35.263483: | adding AES_CCM_16 to kernel algorithm db
Oct 31 15:24:35.263489: | adding AES_CCM_12 to kernel algorithm db
Oct 31 15:24:35.263491: | adding AES_CCM_8 to kernel algorithm db
Oct 31 15:24:35.263498: | adding 3DES_CBC to kernel algorithm db
Oct 31 15:24:35.263500: | adding CAMELLIA_CBC to kernel algorithm db
Oct 31 15:24:35.263502: | adding AES_GCM_16 to kernel algorithm db
Oct 31 15:24:35.263504: | adding AES_GCM_12 to kernel algorithm db
Oct 31 15:24:35.263506: | adding AES_GCM_8 to kernel algorithm db
Oct 31 15:24:35.263509: | adding AES_CTR to kernel algorithm db
Oct 31 15:24:35.263511: | adding AES_CBC to kernel algorithm db
Oct 31 15:24:35.263513: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Oct 31 15:24:35.263515: | adding NULL to kernel algorithm db
Oct 31 15:24:35.263518: | adding CHACHA20_POLY1305 to kernel algorithm db
Oct 31 15:24:35.263520: | adding HMAC_MD5_96 to kernel algorithm db
Oct 31 15:24:35.263522: | adding HMAC_SHA1_96 to kernel algorithm db
Oct 31 15:24:35.263524: | adding HMAC_SHA2_512_256 to kernel algorithm db
Oct 31 15:24:35.263527: | adding HMAC_SHA2_384_192 to kernel algorithm db
Oct 31 15:24:35.263529: | adding HMAC_SHA2_256_128 to kernel algorithm db
Oct 31 15:24:35.263531: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Oct 31 15:24:35.263534: | adding AES_XCBC_96 to kernel algorithm db
Oct 31 15:24:35.263536: | adding AES_CMAC_96 to kernel algorithm db
Oct 31 15:24:35.263538: | adding NONE to kernel algorithm db
Oct 31 15:24:35.263563: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Oct 31 15:24:35.263569: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Oct 31 15:24:35.263571: | setup kernel fd callback
Oct 31 15:24:35.263574: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x556b663f0fd8
Oct 31 15:24:35.263578: | libevent_malloc: newref ptr-libevent@0x556b663b8188 size 128
Oct 31 15:24:35.263581: | libevent_malloc: newref ptr-libevent@0x556b663eb5e8 size 16
Oct 31 15:24:35.263587: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x556b663f49e8
Oct 31 15:24:35.263590: | libevent_malloc: newref ptr-libevent@0x556b663b8288 size 128
Oct 31 15:24:35.263592: | libevent_malloc: newref ptr-libevent@0x556b663eafa8 size 16
Oct 31 15:24:35.263821: | global one-shot timer EVENT_CHECK_CRLS initialized
Oct 31 15:24:35.263848: SELinux support is enabled in PERMISSIVE mode.
Oct 31 15:24:35.264039: | unbound context created - setting debug level to 5
Oct 31 15:24:35.264044: | starting helper thread 4
Oct 31 15:24:35.264049: seccomp security disabled for crypto helper 4
Oct 31 15:24:35.264053: | status value returned by setting the priority of this helper thread 4: 22
Oct 31 15:24:35.264056: | helper thread 4 has nothing to do
Oct 31 15:24:35.264078: | /etc/hosts lookups activated
Oct 31 15:24:35.264092: | /etc/resolv.conf usage activated
Oct 31 15:24:35.264141: | outgoing-port-avoid set 0-65535
Oct 31 15:24:35.264165: | outgoing-port-permit set 32768-60999
Oct 31 15:24:35.264168: | loading dnssec root key from:/var/lib/unbound/root.key
Oct 31 15:24:35.264171: | no additional dnssec trust anchors defined via dnssec-trusted= option
Oct 31 15:24:35.264174: | Setting up events, loop start
Oct 31 15:24:35.264176: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x556b663f7f48
Oct 31 15:24:35.264179: | libevent_malloc: newref ptr-libevent@0x556b663f4b08 size 128
Oct 31 15:24:35.264182: | libevent_malloc: newref ptr-libevent@0x556b663eb9c8 size 16
Oct 31 15:24:35.264188: | libevent_realloc: newref ptr-libevent@0x556b663f7fb8 size 256
Oct 31 15:24:35.264190: | libevent_malloc: newref ptr-libevent@0x556b663eb628 size 8
Oct 31 15:24:35.264193: | libevent_realloc: newref ptr-libevent@0x556b663ec028 size 144
Oct 31 15:24:35.264195: | libevent_malloc: newref ptr-libevent@0x556b6634cb68 size 152
Oct 31 15:24:35.264218: | libevent_malloc: newref ptr-libevent@0x556b663eb7d8 size 16
Oct 31 15:24:35.264226: | signal event handler PLUTO_SIGCHLD installed
Oct 31 15:24:35.264228: | libevent_malloc: newref ptr-libevent@0x556b663f80e8 size 8
Oct 31 15:24:35.264231: | libevent_malloc: newref ptr-libevent@0x556b66339278 size 152
Oct 31 15:24:35.264233: | signal event handler PLUTO_SIGTERM installed
Oct 31 15:24:35.264239: | libevent_malloc: newref ptr-libevent@0x556b663f8128 size 8
Oct 31 15:24:35.264241: | libevent_malloc: newref ptr-libevent@0x556b663f8168 size 152
Oct 31 15:24:35.264244: | signal event handler PLUTO_SIGHUP installed
Oct 31 15:24:35.264246: | libevent_malloc: newref ptr-libevent@0x556b663f8238 size 8
Oct 31 15:24:35.264248: | libevent_realloc: delref ptr-libevent@0x556b663ec028
Oct 31 15:24:35.264250: | libevent_realloc: newref ptr-libevent@0x556b663f8278 size 256
Oct 31 15:24:35.264252: | libevent_malloc: newref ptr-libevent@0x556b663f83a8 size 152
Oct 31 15:24:35.264255: | signal event handler PLUTO_SIGSYS installed
Oct 31 15:24:35.264573: | created addconn helper (pid:2131918) using fork+execve
Oct 31 15:24:35.264594: | forked child 2131918
Oct 31 15:24:35.264606: seccomp security disabled
Oct 31 15:24:35.265230: | starting helper thread 2
Oct 31 15:24:35.265240: seccomp security disabled for crypto helper 2
Oct 31 15:24:35.265244: | status value returned by setting the priority of this helper thread 2: 22
Oct 31 15:24:35.265247: | helper thread 2 has nothing to do
Oct 31 15:24:35.271030: | newref struct fd@0x556b663f8508(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.271045: | fd_accept: new fd-fd@0x556b663f8508 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.271061: | whack: listen
Oct 31 15:24:35.271066: listening for IKE messages
Oct 31 15:24:35.285527: | Inspecting interface lo 
Oct 31 15:24:35.285558: | found lo with address 127.0.0.1
Oct 31 15:24:35.285571: | Inspecting interface eth0 
Oct 31 15:24:35.285578: | found eth0 with address 192.0.3.254
Oct 31 15:24:35.285583: | Inspecting interface eth1 
Oct 31 15:24:35.285591: | found eth1 with address 192.1.3.33
Oct 31 15:24:35.285605: | newref struct iface_dev@0x556b663f8a28(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:24:35.292428: Kernel supports NIC esp-hw-offload
Oct 31 15:24:35.292461: | iface: marking eth1 add
Oct 31 15:24:35.292469: | newref struct iface_dev@0x556b663f8b58(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:24:35.292475: | iface: marking eth0 add
Oct 31 15:24:35.292479: | newref struct iface_dev@0x556b663f8c28(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:24:35.292483: | iface: marking lo add
Oct 31 15:24:35.292558: | no interfaces to sort
Oct 31 15:24:35.292580: | MSG_ERRQUEUE enabled on fd 18
Oct 31 15:24:35.292598: | addref ifd@0x556b663f8a28(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:35.292607: adding UDP interface eth1 192.1.3.33:500
Oct 31 15:24:35.292625: | MSG_ERRQUEUE enabled on fd 19
Oct 31 15:24:35.292633: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:24:35.292637: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:24:35.292641: | addref ifd@0x556b663f8a28(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:35.292646: adding UDP interface eth1 192.1.3.33:4500
Oct 31 15:24:35.292661: | MSG_ERRQUEUE enabled on fd 20
Oct 31 15:24:35.292670: | addref ifd@0x556b663f8b58(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:35.292674: adding UDP interface eth0 192.0.3.254:500
Oct 31 15:24:35.292687: | MSG_ERRQUEUE enabled on fd 21
Oct 31 15:24:35.292693: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:24:35.292696: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:24:35.292699: | addref ifd@0x556b663f8b58(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:35.292702: adding UDP interface eth0 192.0.3.254:4500
Oct 31 15:24:35.292715: | MSG_ERRQUEUE enabled on fd 22
Oct 31 15:24:35.292723: | addref ifd@0x556b663f8c28(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:35.292727: adding UDP interface lo 127.0.0.1:500
Oct 31 15:24:35.292739: | MSG_ERRQUEUE enabled on fd 23
Oct 31 15:24:35.292746: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:24:35.292749: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:24:35.292752: | addref ifd@0x556b663f8c28(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:24:35.292756: adding UDP interface lo 127.0.0.1:4500
Oct 31 15:24:35.292766: | updating interfaces - listing interfaces that are going down
Oct 31 15:24:35.292769: | updating interfaces - checking orientation
Oct 31 15:24:35.292771: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Oct 31 15:24:35.292794: | libevent_malloc: newref ptr-libevent@0x556b663f4a58 size 128
Oct 31 15:24:35.292801: | libevent_malloc: newref ptr-libevent@0x556b663f8e98 size 16
Oct 31 15:24:35.292812: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP
Oct 31 15:24:35.292817: | libevent_malloc: newref ptr-libevent@0x556b663b8388 size 128
Oct 31 15:24:35.292820: | libevent_malloc: newref ptr-libevent@0x556b663f9608 size 16
Oct 31 15:24:35.292826: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP
Oct 31 15:24:35.292829: | libevent_malloc: newref ptr-libevent@0x556b663b8588 size 128
Oct 31 15:24:35.292830: | libevent_malloc: newref ptr-libevent@0x556b663f9648 size 16
Oct 31 15:24:35.292834: | setup callback for interface eth0 192.0.3.254:4500 fd 21 on UDP
Oct 31 15:24:35.292836: | libevent_malloc: newref ptr-libevent@0x556b663b8488 size 128
Oct 31 15:24:35.292837: | libevent_malloc: newref ptr-libevent@0x556b663f9688 size 16
Oct 31 15:24:35.292840: | setup callback for interface eth0 192.0.3.254:500 fd 20 on UDP
Oct 31 15:24:35.292843: | libevent_malloc: newref ptr-libevent@0x556b663b4e38 size 128
Oct 31 15:24:35.292844: | libevent_malloc: newref ptr-libevent@0x556b663f96c8 size 16
Oct 31 15:24:35.292847: | setup callback for interface eth1 192.1.3.33:4500 fd 19 on UDP
Oct 31 15:24:35.292849: | libevent_malloc: newref ptr-libevent@0x556b663b4d38 size 128
Oct 31 15:24:35.292851: | libevent_malloc: newref ptr-libevent@0x556b663f9708 size 16
Oct 31 15:24:35.292854: | setup callback for interface eth1 192.1.3.33:500 fd 18 on UDP
Oct 31 15:24:35.295580: | no stale xfrmi interface 'ipsec1' found
Oct 31 15:24:35.295596: | certs and keys locked by 'free_preshared_secrets'
Oct 31 15:24:35.295600: | certs and keys unlocked by 'free_preshared_secrets'
Oct 31 15:24:35.295630: loading secrets from "/etc/ipsec.secrets"
Oct 31 15:24:35.295681: no secrets filename matched "/etc/ipsec.d/*.secrets"
Oct 31 15:24:35.295694: | old food groups:
Oct 31 15:24:35.295697: | new food groups:
Oct 31 15:24:35.295701: | delref fd@0x556b663f8508(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.295707: | freeref fd-fd@0x556b663f8508 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.295715: | spent 1.05 (24.7) milliseconds in whack
Oct 31 15:24:35.295734: | newref struct fd@0x556b663f8af8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.295738: | fd_accept: new fd-fd@0x556b663f8af8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.295750: | whack: options (impair|debug)
Oct 31 15:24:35.295755: | old debugging base+cpu-usage + none
Oct 31 15:24:35.295758: | new debugging = base+cpu-usage
Oct 31 15:24:35.295764: | delref fd@0x556b663f8af8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.295773: | freeref fd-fd@0x556b663f8af8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.295780: | spent 0.0536 (0.0536) milliseconds in whack
Oct 31 15:24:35.296272: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:35.296291: | waitpid returned pid 2131918 (exited with status 0)
Oct 31 15:24:35.296297: | reaped addconn helper child (status 0)
Oct 31 15:24:35.296302: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:35.296308: | spent 0.023 (0.0232) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:35.374643: | newref struct fd@0x556b663f8548(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.374664: | fd_accept: new fd-fd@0x556b663f8548 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.374678: | whack: options (impair|debug)
Oct 31 15:24:35.374685: | old debugging base+cpu-usage + none
Oct 31 15:24:35.374688: | new debugging = base+cpu-usage
Oct 31 15:24:35.374692: | suppress-retransmits:yes
Oct 31 15:24:35.374698: | delref fd@0x556b663f8548(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.374712: | freeref fd-fd@0x556b663f8548 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.374721: | spent 0.0891 (0.0883) milliseconds in whack
Oct 31 15:24:35.433681: | newref struct fd@0x556b663f8588(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.433693: | fd_accept: new fd-fd@0x556b663f8588 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.433704: | whack: options (impair|debug)
Oct 31 15:24:35.433708: | old debugging base+cpu-usage + none
Oct 31 15:24:35.433711: | new debugging = base+cpu-usage
Oct 31 15:24:35.433714: | suppress-retransmits:yes
Oct 31 15:24:35.433719: | delref fd@0x556b663f8588(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.433726: | freeref fd-fd@0x556b663f8588 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.433735: | spent 0.0613 (0.0609) milliseconds in whack
Oct 31 15:24:35.614544: | newref struct fd@0x556b663f85c8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.614559: | fd_accept: new fd-fd@0x556b663f85c8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.614582: | whack: delete 'northnet-eastnets/0x1'
Oct 31 15:24:35.614586: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:35.614589: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:24:35.614591: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:35.614593: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:24:35.614595: | whack: connection 'northnet-eastnets/0x1'
Oct 31 15:24:35.614599: | addref fd@0x556b663f85c8(1->2) (in string_logger() at log.c:838)
Oct 31 15:24:35.614606: | newref string logger@0x556b663ebd88(0->1) (in add_connection() at connections.c:1998)
Oct 31 15:24:35.614609: | Connection DB: adding connection "northnet-eastnets/0x1" $1
Oct 31 15:24:35.614616: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:35.614628: | added new connection northnet-eastnets/0x1 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5
Oct 31 15:24:35.614700: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Oct 31 15:24:35.614705: | from whack: got --esp=
Oct 31 15:24:35.614752: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Oct 31 15:24:35.615359: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA'
Oct 31 15:24:35.615377: | loading left certificate 'north' pubkey
Oct 31 15:24:35.615480: | newref struct pubkey@0x556b664002e8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.615504: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b663fbfd8
Oct 31 15:24:35.615508: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b663fc028
Oct 31 15:24:35.615511: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b663fc078
Oct 31 15:24:35.615565: | newref struct pubkey@0x556b663fc378(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.615620: | newref struct pubkey@0x556b663fc618(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.615668: | newref struct pubkey@0x556b66401908(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.615674: | delref pkp@0x556b664002e8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.615679: | preload cert/secret for connection: north
Oct 31 15:24:35.615735: | adding RSA secret for certificate: north
Oct 31 15:24:35.617178: | copying key using reference slot
Oct 31 15:24:35.620351: | certs and keys locked by 'lsw_add_rsa_secret'
Oct 31 15:24:35.620364: | certs and keys unlocked by 'lsw_add_rsa_secret'
Oct 31 15:24:35.620400: | spent 3.08 (4.71) milliseconds in preload_private_key_by_cert() loading private key north
Oct 31 15:24:35.620407: connection "northnet-eastnets/0x1": loaded private key matching left certificate 'north'
Oct 31 15:24:35.620419: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0
Oct 31 15:24:35.621245: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA'
Oct 31 15:24:35.621260: | loading right certificate 'east' pubkey
Oct 31 15:24:35.621365: | newref struct pubkey@0x556b664045f8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.621384: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b664026b8
Oct 31 15:24:35.621388: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b66402708
Oct 31 15:24:35.621391: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b66402758
Oct 31 15:24:35.621393: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b664027a8
Oct 31 15:24:35.621396: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b664037d8
Oct 31 15:24:35.621438: | newref struct pubkey@0x556b66403ad8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.621473: | newref struct pubkey@0x556b66409638(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.621506: | newref struct pubkey@0x556b664099d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.621543: | newref struct pubkey@0x556b66408fa8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.621589: | newref struct pubkey@0x556b6640a3d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.621595: | delref pkp@0x556b664045f8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.621601: | preload cert/secret for connection: east
Oct 31 15:24:35.621651: | trying secret PKK_RSA:AwEAAcIgy
Oct 31 15:24:35.621654: | adding RSA secret for certificate: east
Oct 31 15:24:35.621722: | spent 0.112 (0.112) milliseconds in preload_private_key_by_cert() loading private key east
Oct 31 15:24:35.621728: | no private key matching right certificate east: NSS: cert private key not found
Oct 31 15:24:35.621739: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0
Oct 31 15:24:35.621745: | updating connection from left.host_addr
Oct 31 15:24:35.621748: | left host_port 500
Oct 31 15:24:35.621751: | updating connection from right.host_addr
Oct 31 15:24:35.621754: | right host_port 500
Oct 31 15:24:35.621760: | orienting northnet-eastnets/0x1
Oct 31 15:24:35.621768: | northnet-eastnets/0x1 doesn't match 127.0.0.1:4500 at all
Oct 31 15:24:35.621774: | northnet-eastnets/0x1 doesn't match 127.0.0.1:500 at all
Oct 31 15:24:35.621777: | northnet-eastnets/0x1 doesn't match 192.0.3.254:4500 at all
Oct 31 15:24:35.621781: | northnet-eastnets/0x1 doesn't match 192.0.3.254:500 at all
Oct 31 15:24:35.621785: | northnet-eastnets/0x1 doesn't match 192.1.3.33:4500 at all
Oct 31 15:24:35.621788: | oriented northnet-eastnets/0x1's this
Oct 31 15:24:35.621795: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none
Oct 31 15:24:35.621801: | newref hp@0x556b66400088(0->1) (in connect_to_host_pair() at hostpair.c:290)
Oct 31 15:24:35.621805: added IKEv2 connection "northnet-eastnets/0x1"
Oct 31 15:24:35.621821: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5
Oct 31 15:24:35.621853: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24
Oct 31 15:24:35.621866: | delref logger@0x556b663ebd88(1->0) (in add_connection() at connections.c:2026)
Oct 31 15:24:35.621871: | delref fd@0x556b663f85c8(2->1) (in free_logger() at log.c:853)
Oct 31 15:24:35.621874: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.621880: | delref fd@0x556b663f85c8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.621890: | freeref fd-fd@0x556b663f85c8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.621895: | spent 5.72 (7.37) milliseconds in whack
Oct 31 15:24:35.622025: | newref struct fd@0x556b664037d8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.622031: | fd_accept: new fd-fd@0x556b664037d8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.622046: | whack: delete 'northnet-eastnets/0x2'
Oct 31 15:24:35.622050: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:35.622052: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:24:35.622055: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:35.622057: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:24:35.622060: | whack: connection 'northnet-eastnets/0x2'
Oct 31 15:24:35.622063: | addref fd@0x556b664037d8(1->2) (in string_logger() at log.c:838)
Oct 31 15:24:35.622066: | newref string logger@0x556b663f86f8(0->1) (in add_connection() at connections.c:1998)
Oct 31 15:24:35.622069: | Connection DB: adding connection "northnet-eastnets/0x2" $2
Oct 31 15:24:35.622075: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:35.622080: | added new connection northnet-eastnets/0x2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5
Oct 31 15:24:35.622147: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Oct 31 15:24:35.622151: | from whack: got --esp=
Oct 31 15:24:35.622218: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Oct 31 15:24:35.622442: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA'
Oct 31 15:24:35.622450: | loading left certificate 'north' pubkey
Oct 31 15:24:35.622513: | newref struct pubkey@0x556b6640b268(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.622521: | delref pkp@0x556b66401908(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.622536: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b6640b1b8
Oct 31 15:24:35.622539: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b6640b208
Oct 31 15:24:35.622542: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b6640b5f8
Oct 31 15:24:35.622593: | newref struct pubkey@0x556b6640b748(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.622600: | delref pkp@0x556b663fc378(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.622650: | newref struct pubkey@0x556b6640b908(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.622656: | delref pkp@0x556b663fc618(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.622707: | newref struct pubkey@0x556b6640c388(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.622713: | delref pkp@0x556b6640b268(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.622717: | preload cert/secret for connection: north
Oct 31 15:24:35.622758: | trying secret PKK_RSA:AwEAAcIgy
Oct 31 15:24:35.622761: | matched
Oct 31 15:24:35.622763: | secrets entry for certificate already exists: north
Oct 31 15:24:35.622772: | spent 0.0449 (0.049) milliseconds in preload_private_key_by_cert() loading private key north
Oct 31 15:24:35.622779: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0
Oct 31 15:24:35.622847: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA'
Oct 31 15:24:35.622852: | loading right certificate 'east' pubkey
Oct 31 15:24:35.622897: | newref struct pubkey@0x556b6640bca8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.622905: | delref pkp@0x556b6640a3d8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.622918: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b6640b548
Oct 31 15:24:35.622921: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b6640b208
Oct 31 15:24:35.622924: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b66401c48
Oct 31 15:24:35.622927: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b6640a3d8
Oct 31 15:24:35.622930: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556b6640a428
Oct 31 15:24:35.622969: | newref struct pubkey@0x556b6640c038(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.622974: | delref pkp@0x556b66403ad8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.623031: | newref struct pubkey@0x556b6640c148(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.623039: | delref pkp@0x556b66409638(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.623080: | newref struct pubkey@0x556b66409638(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.623085: | delref pkp@0x556b664099d8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.623117: | newref struct pubkey@0x556b664099d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.623121: | delref pkp@0x556b66408fa8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.623152: | newref struct pubkey@0x556b66408fa8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.623155: | delref pkp@0x556b6640bca8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.623158: | preload cert/secret for connection: east
Oct 31 15:24:35.623189: | trying secret PKK_RSA:AwEAAcIgy
Oct 31 15:24:35.623192: | adding RSA secret for certificate: east
Oct 31 15:24:35.623271: | spent 0.0933 (0.108) milliseconds in preload_private_key_by_cert() loading private key east
Oct 31 15:24:35.623277: | no private key matching right certificate east: NSS: cert private key not found
Oct 31 15:24:35.623283: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0
Oct 31 15:24:35.623286: | updating connection from left.host_addr
Oct 31 15:24:35.623288: | left host_port 500
Oct 31 15:24:35.623290: | updating connection from right.host_addr
Oct 31 15:24:35.623291: | right host_port 500
Oct 31 15:24:35.623293: | orienting northnet-eastnets/0x2
Oct 31 15:24:35.623303: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all
Oct 31 15:24:35.623310: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all
Oct 31 15:24:35.623313: | northnet-eastnets/0x2 doesn't match 192.0.3.254:4500 at all
Oct 31 15:24:35.623317: | northnet-eastnets/0x2 doesn't match 192.0.3.254:500 at all
Oct 31 15:24:35.623321: | northnet-eastnets/0x2 doesn't match 192.1.3.33:4500 at all
Oct 31 15:24:35.623324: | oriented northnet-eastnets/0x2's this
Oct 31 15:24:35.623330: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports
Oct 31 15:24:35.623336: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x556b66400088: northnet-eastnets/0x1
Oct 31 15:24:35.623339: added IKEv2 connection "northnet-eastnets/0x2"
Oct 31 15:24:35.623369: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5
Oct 31 15:24:35.623403: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24
Oct 31 15:24:35.623407: | delref logger@0x556b663f86f8(1->0) (in add_connection() at connections.c:2026)
Oct 31 15:24:35.623410: | delref fd@0x556b664037d8(2->1) (in free_logger() at log.c:853)
Oct 31 15:24:35.623413: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.623419: | delref fd@0x556b664037d8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.623908: | freeref fd-fd@0x556b664037d8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.623920: | spent 1.31 (1.9) milliseconds in whack
Oct 31 15:24:35.630258: | newref struct fd@0x556b6640b548(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.630277: | fd_accept: new fd-fd@0x556b6640b548 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:35.630299: | whack: initiate
Oct 31 15:24:35.630303: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:35.630307: initiating all conns with alias='northnet-eastnets'
Oct 31 15:24:35.630314: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:24:35.630322: | connection 'northnet-eastnets/0x2' +POLICY_UP
Oct 31 15:24:35.630325: | FOR_EACH_STATE_... in find_phase1_state
Oct 31 15:24:35.630347: | newref alloc logger@0x556b663ebd88(0->1) (in new_state() at state.c:576)
Oct 31 15:24:35.630351: | addref fd@0x556b6640b548(1->2) (in new_state() at state.c:577)
Oct 31 15:24:35.630354: | creating state object #1 at 0x556b6640c498
Oct 31 15:24:35.630356: | State DB: adding IKEv2 state #1 in UNDEFINED
Oct 31 15:24:35.630368: | pstats #1 ikev2.ike started
Oct 31 15:24:35.630371: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore)
Oct 31 15:24:35.630380: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620)
Oct 31 15:24:35.630391: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744550.06318 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744550.06318 ike.wip.initiator=0->-1 ike.wip.responder=0->-1
Oct 31 15:24:35.630395: | orienting northnet-eastnets/0x2
Oct 31 15:24:35.630402: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all
Oct 31 15:24:35.630406: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all
Oct 31 15:24:35.630409: | northnet-eastnets/0x2 doesn't match 192.0.3.254:4500 at all
Oct 31 15:24:35.630414: | northnet-eastnets/0x2 doesn't match 192.0.3.254:500 at all
Oct 31 15:24:35.630417: | northnet-eastnets/0x2 doesn't match 192.1.3.33:4500 at all
Oct 31 15:24:35.630420: | oriented northnet-eastnets/0x2's this
Oct 31 15:24:35.630427: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544)
Oct 31 15:24:35.630431: | addref fd@0x556b6640b548(2->3) (in add_pending() at pending.c:86)
Oct 31 15:24:35.630436: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "northnet-eastnets/0x2"
Oct 31 15:24:35.630440: "northnet-eastnets/0x2" #1: initiating IKEv2 connection
Oct 31 15:24:35.630446: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE)
Oct 31 15:24:35.630456: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:35.630466: | ...  ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630470: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:35.630481: | ...  ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630485: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:35.630491: | ...  ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630495: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:24:35.630501: | ...  ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630505: "northnet-eastnets/0x2": local IKE proposals (IKE SA initiator selecting KE): 
Oct 31 15:24:35.630511: "northnet-eastnets/0x2":   1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630516: "northnet-eastnets/0x2":   2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630522: "northnet-eastnets/0x2":   3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630527: "northnet-eastnets/0x2":   4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.630533: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:35.630536: | addref fd@0x556b6640b548(3->4) (in clone_logger() at log.c:810)
Oct 31 15:24:35.630539: | newref clone logger@0x556b663eba08(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:35.630542: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue
Oct 31 15:24:35.630544: | state #1 has no .st_event to delete
Oct 31 15:24:35.630547: | #1 STATE_PARENT_I0: retransmits: cleared
Oct 31 15:24:35.630550: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b66401c48
Oct 31 15:24:35.630553: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:24:35.630557: | libevent_malloc: newref ptr-libevent@0x556b66403728 size 128
Oct 31 15:24:35.630573: | #1 spent 0.25 (0.25) milliseconds in ikev2_parent_outI1()
Oct 31 15:24:35.630580: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640)
Oct 31 15:24:35.630586: | connection 'northnet-eastnets/0x1' +POLICY_UP
Oct 31 15:24:35.630588: | FOR_EACH_STATE_... in find_phase1_state
Oct 31 15:24:35.630594: | addref fd@0x556b6640b548(4->5) (in add_pending() at pending.c:86)
Oct 31 15:24:35.630599: "northnet-eastnets/0x1": queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "northnet-eastnets/0x2"
Oct 31 15:24:35.630606: | delref fd@0x556b6640b548(5->4) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:35.630611: | spent 0.359 (0.365) milliseconds in whack
Oct 31 15:24:35.630629: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 3 starting job
Oct 31 15:24:35.632437: | "northnet-eastnets/0x2" #1: spent 1.8 (1.8) milliseconds in helper 3 processing job 1 for state #1: ikev2_outI1 KE (pcr)
Oct 31 15:24:35.632449: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 3 sending result back to state
Oct 31 15:24:35.632452: | scheduling resume sending helper answer back to state for #1
Oct 31 15:24:35.632455: | libevent_malloc: newref ptr-libevent@0x7f6fe8006108 size 128
Oct 31 15:24:35.632463: | helper thread 3 has nothing to do
Oct 31 15:24:35.632472: | processing resume sending helper answer back to state for #1
Oct 31 15:24:35.632483: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:35.632493: | unsuspending #1 MD (nil)
Oct 31 15:24:35.632496: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 3
Oct 31 15:24:35.632499: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x556b65737fe7
Oct 31 15:24:35.632502: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0
Oct 31 15:24:35.632505: | DH secret MODP2048@0x7f6fe8006ba8: transferring ownership from helper KE to state #1
Oct 31 15:24:35.632533: | opening output PBS reply packet
Oct 31 15:24:35.632537: | **emit ISAKMP Message:
Oct 31 15:24:35.632543: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.632546: |    responder SPI: 00 00 00 00  00 00 00 00
Oct 31 15:24:35.632549: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.632552: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.632555: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Oct 31 15:24:35.632558: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.632562: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:35.632565: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.632581: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.632584: | Emitting ikev2_proposals ...
Oct 31 15:24:35.632586: | ***emit IKEv2 Security Association Payload:
Oct 31 15:24:35.632589: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.632591: |    flags: none (0x0)
Oct 31 15:24:35.632594: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:24:35.632596: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.632600: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.632603: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.632606: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.632609: |    prop #: 1 (01)
Oct 31 15:24:35.632611: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:35.632613: |    spi size: 0 (00)
Oct 31 15:24:35.632616: |    # transforms: 11 (0b)
Oct 31 15:24:35.632618: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.632621: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632624: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632626: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.632628: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.632630: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632633: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.632635: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.632638: |    length/value: 256 (01 00)
Oct 31 15:24:35.632641: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.632643: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632646: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632648: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.632650: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:35.632653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632665: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632667: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632669: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632672: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.632674: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:35.632677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632682: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632685: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.632688: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632690: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632692: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632695: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.632697: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632702: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632705: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632707: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632709: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632712: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:35.632714: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632717: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632719: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632721: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632724: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632726: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632728: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:35.632730: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632732: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632734: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632737: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632739: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632742: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632744: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:35.632747: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632753: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632756: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632758: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632760: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632762: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:35.632765: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632769: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632772: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632774: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632776: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632779: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:35.632781: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632785: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632788: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632790: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632792: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632794: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:35.632797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632801: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632803: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632805: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.632807: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632809: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:35.632812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632814: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632816: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632818: | emitting length of IKEv2 Proposal Substructure Payload: 100
Oct 31 15:24:35.632820: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.632824: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.632827: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.632829: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.632832: |    prop #: 2 (02)
Oct 31 15:24:35.632834: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:35.632837: |    spi size: 0 (00)
Oct 31 15:24:35.632840: |    # transforms: 11 (0b)
Oct 31 15:24:35.632842: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.632847: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.632850: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632852: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632854: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.632856: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.632859: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632861: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.632864: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.632867: |    length/value: 128 (00 80)
Oct 31 15:24:35.632869: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.632872: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632874: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632876: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.632879: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:35.632882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632886: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632889: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632891: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632894: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.632896: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:35.632898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632900: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632903: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632906: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.632908: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632910: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632912: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632914: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.632917: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632918: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632921: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632923: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632925: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632927: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632929: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:35.632931: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632933: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632935: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632937: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632939: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632942: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632944: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:35.632946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632950: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632952: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632954: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632956: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632958: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:35.632960: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632962: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632964: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632966: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632968: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632970: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632972: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:35.632974: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632978: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632980: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632982: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632984: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.632986: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:35.632989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.632993: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.632995: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.632997: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.632999: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633001: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:35.633004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633006: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633008: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633011: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633013: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.633015: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633017: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:35.633019: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633024: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633026: | emitting length of IKEv2 Proposal Substructure Payload: 100
Oct 31 15:24:35.633028: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.633032: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.633034: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.633036: |    prop #: 3 (03)
Oct 31 15:24:35.633039: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:35.633041: |    spi size: 0 (00)
Oct 31 15:24:35.633043: |    # transforms: 13 (0d)
Oct 31 15:24:35.633046: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.633048: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.633051: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633053: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633055: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.633057: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:35.633060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633062: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.633065: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.633067: |    length/value: 256 (01 00)
Oct 31 15:24:35.633070: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.633072: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633074: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633077: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.633079: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:35.633082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633086: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633089: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633091: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633093: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.633095: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:35.633098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633102: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633105: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633106: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633109: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.633111: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:35.633113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633115: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633119: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633122: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633124: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633126: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.633128: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:35.633130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633134: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633136: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633138: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633141: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633143: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.633145: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633149: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633151: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633153: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633155: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633157: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:35.633160: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633162: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633164: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633166: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633168: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633170: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633173: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:35.633175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633178: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633180: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633182: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633184: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633187: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633189: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:35.633191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633196: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633252: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633261: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633263: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633268: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:35.633270: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633273: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633275: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633278: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633280: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633282: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633286: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:35.633289: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633292: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633294: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633297: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633299: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633302: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633304: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:35.633307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633312: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633314: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633317: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.633319: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633321: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:35.633324: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633326: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633329: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633331: | emitting length of IKEv2 Proposal Substructure Payload: 116
Oct 31 15:24:35.633334: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.633338: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.633340: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:35.633343: |    prop #: 4 (04)
Oct 31 15:24:35.633346: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:35.633349: |    spi size: 0 (00)
Oct 31 15:24:35.633352: |    # transforms: 13 (0d)
Oct 31 15:24:35.633355: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.633357: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.633361: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633364: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633366: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.633368: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:35.633371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633375: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.633378: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.633381: |    length/value: 128 (00 80)
Oct 31 15:24:35.633384: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.633387: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633389: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633392: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.633394: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:35.633396: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633399: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633402: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633404: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633406: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633409: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.633411: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:35.633414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633419: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633422: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633424: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633427: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.633429: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:35.633433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633438: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633441: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633443: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633445: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.633448: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:35.633451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633456: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633459: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633461: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633464: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633466: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.633469: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633475: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633478: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633481: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633483: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633486: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:35.633489: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633494: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633496: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633498: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633500: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633503: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:35.633505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633510: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633512: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633514: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633517: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633519: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:35.633522: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633524: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633527: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633529: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633531: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633534: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633536: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:35.633539: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633541: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633543: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633545: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633548: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633550: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633552: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:35.633554: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633557: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633559: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633561: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633564: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633566: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633568: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:35.633575: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633577: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633579: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633582: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.633584: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.633586: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.633589: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:35.633591: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.633594: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.633596: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.633599: | emitting length of IKEv2 Proposal Substructure Payload: 116
Oct 31 15:24:35.633602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.633604: | emitting length of IKEv2 Security Association Payload: 436
Oct 31 15:24:35.633607: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:24:35.633610: | ***emit IKEv2 Key Exchange Payload:
Oct 31 15:24:35.633613: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.633616: |    flags: none (0x0)
Oct 31 15:24:35.633618: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.633621: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Oct 31 15:24:35.633623: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.633627: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Oct 31 15:24:35.633630: | ikev2 g^x:
Oct 31 15:24:35.633633: |   59 b6 df 64  a9 23 fe cb  39 5c 40 7c  13 e6 2c d3
Oct 31 15:24:35.633635: |   bf 8a 6c a6  fa 0b 88 af  e9 20 33 06  50 d4 16 34
Oct 31 15:24:35.633637: |   a5 11 bb b0  c2 c8 d1 23  62 fd af 6b  aa e0 e7 f1
Oct 31 15:24:35.633639: |   7a 79 f2 13  37 5c 3d fe  a3 dc a5 21  47 d4 95 52
Oct 31 15:24:35.633641: |   08 d1 a8 b3  46 15 cc 43  0b 8e 2e 55  f3 ca 51 a1
Oct 31 15:24:35.633643: |   a2 1d 8f a1  15 cc 43 8a  d7 e9 91 11  e8 d5 41 3e
Oct 31 15:24:35.633645: |   b2 87 d8 e7  9a 4b 0e 4e  d5 a0 e7 36  b5 94 0e 9c
Oct 31 15:24:35.633648: |   43 ac 29 75  df 3c 95 87  64 ae 0d 7c  b3 6f c2 35
Oct 31 15:24:35.633650: |   12 5f 00 a4  b2 06 1c 18  ba fa ad af  cc 65 e5 cb
Oct 31 15:24:35.633652: |   c3 e0 6a 8a  69 a8 17 2a  d7 78 01 12  4a 98 e3 ec
Oct 31 15:24:35.633654: |   49 b2 99 b6  6a 29 ea d2  86 ec fb b3  59 e6 70 14
Oct 31 15:24:35.633656: |   5a 7a 4e 75  80 28 72 9b  ad a9 08 d4  50 a3 81 65
Oct 31 15:24:35.633658: |   d1 26 f9 7c  5f db 68 19  09 c7 a3 ce  68 5d 12 c1
Oct 31 15:24:35.633660: |   8d 30 53 3c  44 36 bc d1  3a 29 a3 dc  7b 0d 12 21
Oct 31 15:24:35.633662: |   e5 9f ed 5d  cf b8 38 7e  5b 55 c3 57  11 70 9c da
Oct 31 15:24:35.633665: |   5e 31 53 c7  35 2f 16 52  8e df 95 d1  8a ff 23 24
Oct 31 15:24:35.633667: | emitting length of IKEv2 Key Exchange Payload: 264
Oct 31 15:24:35.633669: | ***emit IKEv2 Nonce Payload:
Oct 31 15:24:35.633672: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.633674: |    flags: none (0x0)
Oct 31 15:24:35.633677: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Oct 31 15:24:35.633681: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.633684: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Oct 31 15:24:35.633686: | IKEv2 nonce:
Oct 31 15:24:35.633688: |   0d 4e f3 27  a7 5f 36 3d  55 51 c4 7c  33 c0 7f be
Oct 31 15:24:35.633690: |   11 9d ef 07  22 eb 50 68  4e 77 34 92  02 55 ad 93
Oct 31 15:24:35.633692: | emitting length of IKEv2 Nonce Payload: 36
Oct 31 15:24:35.633695: | adding a v2N Payload
Oct 31 15:24:35.633698: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:35.633701: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.633703: |    flags: none (0x0)
Oct 31 15:24:35.633705: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.633709: |    SPI size: 0 (00)
Oct 31 15:24:35.633711: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Oct 31 15:24:35.633714: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:35.633717: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.633719: | emitting length of IKEv2 Notify Payload: 8
Oct 31 15:24:35.633722: | adding a v2N Payload
Oct 31 15:24:35.633725: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:35.633727: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.633729: |    flags: none (0x0)
Oct 31 15:24:35.633732: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.633734: |    SPI size: 0 (00)
Oct 31 15:24:35.633736: |    Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
Oct 31 15:24:35.633738: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:35.633740: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.633744: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload
Oct 31 15:24:35.633747: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02
Oct 31 15:24:35.633749: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload
Oct 31 15:24:35.633752: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03
Oct 31 15:24:35.633754: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload
Oct 31 15:24:35.633757: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04
Oct 31 15:24:35.633759: | emitting length of IKEv2 Notify Payload: 14
Oct 31 15:24:35.633763: |  NAT-Traversal support  [enabled] add v2N payloads.
Oct 31 15:24:35.633765: | nat: IKE.SPIr is zero
Oct 31 15:24:35.633783: | natd_hash: hasher=0x556b65829f80(20)
Oct 31 15:24:35.633787: | natd_hash: icookie=
Oct 31 15:24:35.633789: |   34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.633791: | natd_hash: rcookie=
Oct 31 15:24:35.633793: |   00 00 00 00  00 00 00 00
Oct 31 15:24:35.633795: | natd_hash: ip=
Oct 31 15:24:35.633797: |   c0 01 03 21
Oct 31 15:24:35.633799: | natd_hash: port=
Oct 31 15:24:35.633801: |   01 f4
Oct 31 15:24:35.633803: | natd_hash: hash=
Oct 31 15:24:35.633806: |   08 88 70 d1  87 9f f7 20  31 63 8a 38  a0 c5 ea a6
Oct 31 15:24:35.633808: |   8c cb 3e 3f
Oct 31 15:24:35.633811: | adding a v2N Payload
Oct 31 15:24:35.633813: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:35.633816: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.633818: |    flags: none (0x0)
Oct 31 15:24:35.633820: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.633823: |    SPI size: 0 (00)
Oct 31 15:24:35.633826: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Oct 31 15:24:35.633829: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:35.633831: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.633836: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:24:35.633838: | Notify data:
Oct 31 15:24:35.633840: |   08 88 70 d1  87 9f f7 20  31 63 8a 38  a0 c5 ea a6
Oct 31 15:24:35.633842: |   8c cb 3e 3f
Oct 31 15:24:35.633845: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:24:35.633847: | nat: IKE.SPIr is zero
Oct 31 15:24:35.633857: | natd_hash: hasher=0x556b65829f80(20)
Oct 31 15:24:35.633860: | natd_hash: icookie=
Oct 31 15:24:35.633863: |   34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.633864: | natd_hash: rcookie=
Oct 31 15:24:35.633867: |   00 00 00 00  00 00 00 00
Oct 31 15:24:35.633869: | natd_hash: ip=
Oct 31 15:24:35.633871: |   c0 01 02 17
Oct 31 15:24:35.633873: | natd_hash: port=
Oct 31 15:24:35.633875: |   01 f4
Oct 31 15:24:35.633878: | natd_hash: hash=
Oct 31 15:24:35.633880: |   97 3f 8d 3b  ce 26 2b f4  a3 92 1e ef  2d 8e b7 5e
Oct 31 15:24:35.633882: |   e5 ee d9 1f
Oct 31 15:24:35.633885: | adding a v2N Payload
Oct 31 15:24:35.633887: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:35.633889: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.633892: |    flags: none (0x0)
Oct 31 15:24:35.633895: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.633898: |    SPI size: 0 (00)
Oct 31 15:24:35.633900: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Oct 31 15:24:35.633903: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:35.633906: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.633909: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:24:35.633912: | Notify data:
Oct 31 15:24:35.633914: |   97 3f 8d 3b  ce 26 2b f4  a3 92 1e ef  2d 8e b7 5e
Oct 31 15:24:35.633916: |   e5 ee d9 1f
Oct 31 15:24:35.633918: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:24:35.633921: | emitting length of ISAKMP Message: 842
Oct 31 15:24:35.633932: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.633938: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK
Oct 31 15:24:35.633941: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1
Oct 31 15:24:35.633944: | Message ID: updating counters for #1
Oct 31 15:24:35.633947: | Message ID: IKE #1 skipping update_recv as MD is fake
Oct 31 15:24:35.633956: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.06318 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=0 ike.wip.responder=-1
Oct 31 15:24:35.633961: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
Oct 31 15:24:35.633976: | event_schedule: newref EVENT_RETRANSMIT-pe@0x556b6640ad48
Oct 31 15:24:35.633980: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
Oct 31 15:24:35.633984: | libevent_malloc: newref ptr-libevent@0x556b66403ad8 size 128
Oct 31 15:24:35.633990: | #1 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744550.066771
Oct 31 15:24:35.633997: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.06318 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1->0 ike.wip.responder=-1
Oct 31 15:24:35.634003: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.06318 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=0 ike.wip.responder=-1
Oct 31 15:24:35.634008: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA)
Oct 31 15:24:35.634013: | announcing the state transition
Oct 31 15:24:35.634017: "northnet-eastnets/0x2" #1: sent IKE_SA_INIT request
Oct 31 15:24:35.634036: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.634039: |   34 d5 c0 79  f1 ec a3 66  00 00 00 00  00 00 00 00
Oct 31 15:24:35.634041: |   21 20 22 08  00 00 00 00  00 00 03 4a  22 00 01 b4
Oct 31 15:24:35.634044: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Oct 31 15:24:35.634046: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Oct 31 15:24:35.634049: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Oct 31 15:24:35.634051: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Oct 31 15:24:35.634053: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Oct 31 15:24:35.634055: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Oct 31 15:24:35.634057: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Oct 31 15:24:35.634060: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Oct 31 15:24:35.634062: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Oct 31 15:24:35.634064: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Oct 31 15:24:35.634066: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Oct 31 15:24:35.634068: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Oct 31 15:24:35.634070: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Oct 31 15:24:35.634072: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Oct 31 15:24:35.634074: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Oct 31 15:24:35.634076: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Oct 31 15:24:35.634079: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Oct 31 15:24:35.634081: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Oct 31 15:24:35.634083: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Oct 31 15:24:35.634085: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Oct 31 15:24:35.634087: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Oct 31 15:24:35.634090: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Oct 31 15:24:35.634092: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Oct 31 15:24:35.634094: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Oct 31 15:24:35.634096: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Oct 31 15:24:35.634098: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Oct 31 15:24:35.634100: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Oct 31 15:24:35.634102: |   28 00 01 08  00 0e 00 00  59 b6 df 64  a9 23 fe cb
Oct 31 15:24:35.634104: |   39 5c 40 7c  13 e6 2c d3  bf 8a 6c a6  fa 0b 88 af
Oct 31 15:24:35.634106: |   e9 20 33 06  50 d4 16 34  a5 11 bb b0  c2 c8 d1 23
Oct 31 15:24:35.634108: |   62 fd af 6b  aa e0 e7 f1  7a 79 f2 13  37 5c 3d fe
Oct 31 15:24:35.634110: |   a3 dc a5 21  47 d4 95 52  08 d1 a8 b3  46 15 cc 43
Oct 31 15:24:35.634112: |   0b 8e 2e 55  f3 ca 51 a1  a2 1d 8f a1  15 cc 43 8a
Oct 31 15:24:35.634114: |   d7 e9 91 11  e8 d5 41 3e  b2 87 d8 e7  9a 4b 0e 4e
Oct 31 15:24:35.634116: |   d5 a0 e7 36  b5 94 0e 9c  43 ac 29 75  df 3c 95 87
Oct 31 15:24:35.634118: |   64 ae 0d 7c  b3 6f c2 35  12 5f 00 a4  b2 06 1c 18
Oct 31 15:24:35.634120: |   ba fa ad af  cc 65 e5 cb  c3 e0 6a 8a  69 a8 17 2a
Oct 31 15:24:35.634122: |   d7 78 01 12  4a 98 e3 ec  49 b2 99 b6  6a 29 ea d2
Oct 31 15:24:35.634125: |   86 ec fb b3  59 e6 70 14  5a 7a 4e 75  80 28 72 9b
Oct 31 15:24:35.634127: |   ad a9 08 d4  50 a3 81 65  d1 26 f9 7c  5f db 68 19
Oct 31 15:24:35.634130: |   09 c7 a3 ce  68 5d 12 c1  8d 30 53 3c  44 36 bc d1
Oct 31 15:24:35.634132: |   3a 29 a3 dc  7b 0d 12 21  e5 9f ed 5d  cf b8 38 7e
Oct 31 15:24:35.634135: |   5b 55 c3 57  11 70 9c da  5e 31 53 c7  35 2f 16 52
Oct 31 15:24:35.634137: |   8e df 95 d1  8a ff 23 24  29 00 00 24  0d 4e f3 27
Oct 31 15:24:35.634139: |   a7 5f 36 3d  55 51 c4 7c  33 c0 7f be  11 9d ef 07
Oct 31 15:24:35.634142: |   22 eb 50 68  4e 77 34 92  02 55 ad 93  29 00 00 08
Oct 31 15:24:35.634144: |   00 00 40 2e  29 00 00 0e  00 00 40 2f  00 02 00 03
Oct 31 15:24:35.634148: |   00 04 29 00  00 1c 00 00  40 04 08 88  70 d1 87 9f
Oct 31 15:24:35.634150: |   f7 20 31 63  8a 38 a0 c5  ea a6 8c cb  3e 3f 00 00
Oct 31 15:24:35.634152: |   00 1c 00 00  40 05 97 3f  8d 3b ce 26  2b f4 a3 92
Oct 31 15:24:35.634154: |   1e ef 2d 8e  b7 5e e5 ee  d9 1f
Oct 31 15:24:35.634277: | sent 1 messages
Oct 31 15:24:35.634285: | checking that a retransmit timeout_event was already
Oct 31 15:24:35.634288: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:35.634293: | libevent_free: delref ptr-libevent@0x556b66403728
Oct 31 15:24:35.634296: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b66401c48
Oct 31 15:24:35.634301: | delref logger@0x556b663eba08(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:35.634304: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.634306: | delref fd@0x556b6640b548(4->3) (in free_logger() at log.c:854)
Oct 31 15:24:35.634310: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition()
Oct 31 15:24:35.634313: | delref mdp@NULL (in resume_handler() at server.c:743)
Oct 31 15:24:35.634320: | #1 spent 1.71 (1.83) milliseconds in resume sending helper answer back to state
Oct 31 15:24:35.634325: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:24:35.634328: | libevent_free: delref ptr-libevent@0x7f6fe8006108
Oct 31 15:24:35.641174: | spent 0.00224 (0.00219) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:35.641219: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.641228: | newref alloc logger@0x556b663f86f8(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.641236: | *received 471 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:35.641238: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.641241: |   21 20 22 20  00 00 00 00  00 00 01 d7  22 00 00 28
Oct 31 15:24:35.641243: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Oct 31 15:24:35.641246: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Oct 31 15:24:35.641249: |   04 00 00 0e  28 00 01 08  00 0e 00 00  53 9d 83 a1
Oct 31 15:24:35.641251: |   f4 0d 1c d7  81 ca ee c8  0a 0a c9 9a  9f 17 59 52
Oct 31 15:24:35.641254: |   f4 7d 19 48  b4 af 59 8c  55 bb ab 27  7b c8 63 42
Oct 31 15:24:35.641256: |   d3 12 15 56  b4 19 b9 73  b0 17 56 72  d0 ad 37 38
Oct 31 15:24:35.641259: |   e4 07 ed aa  12 68 4b b7  48 e7 3a f8  d3 31 2e 67
Oct 31 15:24:35.641262: |   84 ac 62 3e  fe ca 2a 60  5e f1 5d e0  40 20 2d 67
Oct 31 15:24:35.641264: |   43 3e f1 5c  41 ff bf 24  0e 2d 72 11  6d b2 d2 b9
Oct 31 15:24:35.641266: |   8a 03 51 51  ba 7e 08 f1  33 8e 7e c5  ff 72 6e ae
Oct 31 15:24:35.641269: |   27 1a 72 54  da 33 4e 62  75 82 73 38  5b 05 d3 7a
Oct 31 15:24:35.641271: |   67 5d 7d 72  f4 7a 06 03  2b b4 1b fb  58 fa ee 0c
Oct 31 15:24:35.641274: |   a4 8c ed 72  3f 95 85 eb  e5 02 29 0e  20 36 65 34
Oct 31 15:24:35.641276: |   24 25 98 9c  76 02 7c a0  06 73 32 56  ba 6a a7 43
Oct 31 15:24:35.641279: |   7e 03 56 a2  dc fa a4 69  21 9f 9f ab  0b d8 1f 32
Oct 31 15:24:35.641281: |   99 f9 4d f6  94 6c 7d b4  aa 6d a9 c7  b8 f1 77 03
Oct 31 15:24:35.641284: |   72 f9 11 0b  8f 5c 19 d9  45 35 71 46  29 06 b9 7d
Oct 31 15:24:35.641286: |   b5 fb 40 b9  43 f9 ae 25  3a 9a b4 92  e0 91 8e 36
Oct 31 15:24:35.641289: |   4d bf d8 36  e6 4d a8 b5  55 50 4f 71  29 00 00 24
Oct 31 15:24:35.641291: |   bc b8 26 01  02 50 0a ed  0b 34 2b 38  7d 64 ed 90
Oct 31 15:24:35.641293: |   fa 41 21 33  72 16 4e 33  03 6e 3f 9b  59 a7 57 65
Oct 31 15:24:35.641295: |   29 00 00 08  00 00 40 2e  29 00 00 0e  00 00 40 2f
Oct 31 15:24:35.641298: |   00 02 00 03  00 04 29 00  00 1c 00 00  40 04 dc ff
Oct 31 15:24:35.641300: |   ec 88 4d c1  77 04 df f6  26 a3 04 56  a7 d8 9b 1f
Oct 31 15:24:35.641303: |   d8 4d 26 00  00 1c 00 00  40 05 6c c7  74 cc f9 c0
Oct 31 15:24:35.641306: |   7c fc dc 15  c6 6a b3 b7  9b 8d ca 7f  24 83 00 00
Oct 31 15:24:35.641310: |   00 19 04 de  91 76 61 50  ac 79 0d 0f  60 83 8c a3
Oct 31 15:24:35.641313: |   c3 15 48 d1  1f d2 d2
Oct 31 15:24:35.641320: | **parse ISAKMP Message:
Oct 31 15:24:35.641325: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.641329: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.641333: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Oct 31 15:24:35.641336: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.641339: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Oct 31 15:24:35.641342: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:35.641346: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:35.641350: |    length: 471 (00 00 01 d7)
Oct 31 15:24:35.641354: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Oct 31 15:24:35.641358: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response 
Oct 31 15:24:35.641363: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi)
Oct 31 15:24:35.641366: | #1 is idle
Oct 31 15:24:35.641369: | #1 idle
Oct 31 15:24:35.641371: | unpacking clear payloads
Oct 31 15:24:35.641374: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Oct 31 15:24:35.641378: | ***parse IKEv2 Security Association Payload:
Oct 31 15:24:35.641381: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Oct 31 15:24:35.641384: |    flags: none (0x0)
Oct 31 15:24:35.641388: |    length: 40 (00 28)
Oct 31 15:24:35.641391: | processing payload: ISAKMP_NEXT_v2SA (len=36)
Oct 31 15:24:35.641394: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Oct 31 15:24:35.641397: | ***parse IKEv2 Key Exchange Payload:
Oct 31 15:24:35.641400: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Oct 31 15:24:35.641403: |    flags: none (0x0)
Oct 31 15:24:35.641406: |    length: 264 (01 08)
Oct 31 15:24:35.641409: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.641412: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Oct 31 15:24:35.641415: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Oct 31 15:24:35.641418: | ***parse IKEv2 Nonce Payload:
Oct 31 15:24:35.641421: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:24:35.641423: |    flags: none (0x0)
Oct 31 15:24:35.641427: |    length: 36 (00 24)
Oct 31 15:24:35.641430: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Oct 31 15:24:35.641432: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:24:35.641436: | ***parse IKEv2 Notify Payload:
Oct 31 15:24:35.641438: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:24:35.641440: |    flags: none (0x0)
Oct 31 15:24:35.641444: |    length: 8 (00 08)
Oct 31 15:24:35.641447: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.641450: |    SPI size: 0 (00)
Oct 31 15:24:35.641454: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Oct 31 15:24:35.641457: | processing payload: ISAKMP_NEXT_v2N (len=0)
Oct 31 15:24:35.641460: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:24:35.641463: | ***parse IKEv2 Notify Payload:
Oct 31 15:24:35.641466: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:24:35.641468: |    flags: none (0x0)
Oct 31 15:24:35.641471: |    length: 14 (00 0e)
Oct 31 15:24:35.641474: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.641477: |    SPI size: 0 (00)
Oct 31 15:24:35.641480: |    Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
Oct 31 15:24:35.641483: | processing payload: ISAKMP_NEXT_v2N (len=6)
Oct 31 15:24:35.641486: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:24:35.641489: | ***parse IKEv2 Notify Payload:
Oct 31 15:24:35.641491: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:24:35.641494: |    flags: none (0x0)
Oct 31 15:24:35.641497: |    length: 28 (00 1c)
Oct 31 15:24:35.641500: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.641503: |    SPI size: 0 (00)
Oct 31 15:24:35.641506: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Oct 31 15:24:35.641509: | processing payload: ISAKMP_NEXT_v2N (len=20)
Oct 31 15:24:35.641515: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:24:35.641518: | ***parse IKEv2 Notify Payload:
Oct 31 15:24:35.641521: |    next payload type: ISAKMP_NEXT_v2CERTREQ (0x26)
Oct 31 15:24:35.641524: |    flags: none (0x0)
Oct 31 15:24:35.641527: |    length: 28 (00 1c)
Oct 31 15:24:35.641530: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:35.641532: |    SPI size: 0 (00)
Oct 31 15:24:35.641535: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Oct 31 15:24:35.641538: | processing payload: ISAKMP_NEXT_v2N (len=20)
Oct 31 15:24:35.641540: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ)
Oct 31 15:24:35.641543: | ***parse IKEv2 Certificate Request Payload:
Oct 31 15:24:35.641545: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.641548: |    flags: none (0x0)
Oct 31 15:24:35.641551: |    length: 25 (00 19)
Oct 31 15:24:35.641554: |    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
Oct 31 15:24:35.641557: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20)
Oct 31 15:24:35.641559: | looking for message matching transition from STATE_PARENT_I1
Oct 31 15:24:35.641562: |   trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added
Oct 31 15:24:35.641565: |     message has errors
Oct 31 15:24:35.641567: |   trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload
Oct 31 15:24:35.641569: |     message has errors
Oct 31 15:24:35.641572: |   trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination
Oct 31 15:24:35.641574: |     message has errors
Oct 31 15:24:35.641576: |   trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE
Oct 31 15:24:35.641579: |     matched unencrypted message
Oct 31 15:24:35.641587: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848)
Oct 31 15:24:35.641590: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE
Oct 31 15:24:35.641594: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
Oct 31 15:24:35.641597: | hash algorithm identifier (network ordered)
Oct 31 15:24:35.641599: |   00 02
Oct 31 15:24:35.641602: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy
Oct 31 15:24:35.641604: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
Oct 31 15:24:35.641606: | hash algorithm identifier (network ordered)
Oct 31 15:24:35.641609: |   00 03
Oct 31 15:24:35.641612: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy
Oct 31 15:24:35.641614: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
Oct 31 15:24:35.641617: | hash algorithm identifier (network ordered)
Oct 31 15:24:35.641619: |   00 04
Oct 31 15:24:35.641622: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy
Oct 31 15:24:35.641624: | ikev2 parent inR1: calculating g^{xy} in order to send I2
Oct 31 15:24:35.641644: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:35.641648: | comparing remote proposals against IKE initiator (accepting) 4 local proposals
Oct 31 15:24:35.641652: | local proposal 1 type ENCR has 1 transforms
Oct 31 15:24:35.641655: | local proposal 1 type PRF has 2 transforms
Oct 31 15:24:35.641660: | local proposal 1 type INTEG has 1 transforms
Oct 31 15:24:35.641663: | local proposal 1 type DH has 8 transforms
Oct 31 15:24:35.641666: | local proposal 1 type ESN has 0 transforms
Oct 31 15:24:35.641669: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Oct 31 15:24:35.641672: | local proposal 2 type ENCR has 1 transforms
Oct 31 15:24:35.641675: | local proposal 2 type PRF has 2 transforms
Oct 31 15:24:35.641677: | local proposal 2 type INTEG has 1 transforms
Oct 31 15:24:35.641680: | local proposal 2 type DH has 8 transforms
Oct 31 15:24:35.641682: | local proposal 2 type ESN has 0 transforms
Oct 31 15:24:35.641686: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Oct 31 15:24:35.641688: | local proposal 3 type ENCR has 1 transforms
Oct 31 15:24:35.641691: | local proposal 3 type PRF has 2 transforms
Oct 31 15:24:35.641693: | local proposal 3 type INTEG has 2 transforms
Oct 31 15:24:35.641695: | local proposal 3 type DH has 8 transforms
Oct 31 15:24:35.641698: | local proposal 3 type ESN has 0 transforms
Oct 31 15:24:35.641702: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Oct 31 15:24:35.641705: | local proposal 4 type ENCR has 1 transforms
Oct 31 15:24:35.641707: | local proposal 4 type PRF has 2 transforms
Oct 31 15:24:35.641710: | local proposal 4 type INTEG has 2 transforms
Oct 31 15:24:35.641713: | local proposal 4 type DH has 8 transforms
Oct 31 15:24:35.641715: | local proposal 4 type ESN has 0 transforms
Oct 31 15:24:35.641719: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Oct 31 15:24:35.641722: | ****parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.641725: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:35.641728: |    length: 36 (00 24)
Oct 31 15:24:35.641732: |    prop #: 1 (01)
Oct 31 15:24:35.641735: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:35.641738: |    spi size: 0 (00)
Oct 31 15:24:35.641741: |    # transforms: 3 (03)
Oct 31 15:24:35.641745: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals
Oct 31 15:24:35.641748: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.641751: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.641754: |    length: 12 (00 0c)
Oct 31 15:24:35.641757: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.641759: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.641762: | ******parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.641766: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.641769: |    length/value: 256 (01 00)
Oct 31 15:24:35.641774: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Oct 31 15:24:35.641777: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.641780: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.641830: |    length: 8 (00 08)
Oct 31 15:24:35.641835: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:35.641837: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:35.641842: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Oct 31 15:24:35.641845: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.641848: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.641851: |    length: 8 (00 08)
Oct 31 15:24:35.641853: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.641856: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.641860: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Oct 31 15:24:35.641865: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Oct 31 15:24:35.641870: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Oct 31 15:24:35.641873: | remote proposal 1 matches local proposal 1
Oct 31 15:24:35.641878: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match]
Oct 31 15:24:35.641882: | converting proposal to internal trans attrs
Oct 31 15:24:35.641904: | natd_hash: hasher=0x556b65829f80(20)
Oct 31 15:24:35.641907: | natd_hash: icookie=
Oct 31 15:24:35.641910: |   34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.641912: | natd_hash: rcookie=
Oct 31 15:24:35.641915: |   e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.641917: | natd_hash: ip=
Oct 31 15:24:35.641920: |   c0 01 03 21
Oct 31 15:24:35.641922: | natd_hash: port=
Oct 31 15:24:35.641925: |   01 f4
Oct 31 15:24:35.641927: | natd_hash: hash=
Oct 31 15:24:35.641929: |   6c c7 74 cc  f9 c0 7c fc  dc 15 c6 6a  b3 b7 9b 8d
Oct 31 15:24:35.641932: |   ca 7f 24 83
Oct 31 15:24:35.641939: | natd_hash: hasher=0x556b65829f80(20)
Oct 31 15:24:35.641942: | natd_hash: icookie=
Oct 31 15:24:35.641945: |   34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.641947: | natd_hash: rcookie=
Oct 31 15:24:35.641949: |   e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.641952: | natd_hash: ip=
Oct 31 15:24:35.641954: |   c0 01 02 17
Oct 31 15:24:35.642024: | natd_hash: port=
Oct 31 15:24:35.642029: |   01 f4
Oct 31 15:24:35.642031: | natd_hash: hash=
Oct 31 15:24:35.642034: |   dc ff ec 88  4d c1 77 04  df f6 26 a3  04 56 a7 d8
Oct 31 15:24:35.642037: |   9b 1f d8 4d
Oct 31 15:24:35.642040: | NAT_TRAVERSAL encaps using auto-detect
Oct 31 15:24:35.642043: | NAT_TRAVERSAL this end is NOT behind NAT
Oct 31 15:24:35.642045: | NAT_TRAVERSAL that end is NOT behind NAT
Oct 31 15:24:35.642049: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23
Oct 31 15:24:35.642056: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Oct 31 15:24:35.642061: | DH secret MODP2048@0x7f6fe8006ba8: transferring ownership from state #1 to helper IKEv2 DH
Oct 31 15:24:35.642066: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:35.642070: | addref fd@0x556b6640b548(3->4) (in clone_logger() at log.c:810)
Oct 31 15:24:35.642073: | newref clone logger@0x556b664038b8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:35.642076: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue
Oct 31 15:24:35.642079: | state #1 has no .st_event to delete
Oct 31 15:24:35.642083: | #1 requesting EVENT_RETRANSMIT-pe@0x556b6640ad48 be deleted
Oct 31 15:24:35.642088: | libevent_free: delref ptr-libevent@0x556b66403ad8
Oct 31 15:24:35.642092: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x556b6640ad48
Oct 31 15:24:35.642095: | #1 STATE_PARENT_I1: retransmits: cleared
Oct 31 15:24:35.642098: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b663eba08
Oct 31 15:24:35.642101: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:24:35.642104: | libevent_malloc: newref ptr-libevent@0x556b66403728 size 128
Oct 31 15:24:35.642118: |   #1 spent 0.431 (0.521) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch()
Oct 31 15:24:35.642124: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.642130: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1
Oct 31 15:24:35.642133: | suspending state #1 and saving MD 0x556b6640e158
Oct 31 15:24:35.642136: | addref md@0x556b6640e158(1->2) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:24:35.642139: | #1 is busy; has suspended MD 0x556b6640e158
Oct 31 15:24:35.642144: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1850)
Oct 31 15:24:35.642150: | #1 spent 0.88 (0.988) milliseconds in ikev2_process_packet()
Oct 31 15:24:35.642153: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:35.642156: | delref mdp@0x556b6640e158(2->1) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.642161: | spent 0.892 (0.999) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:35.642183: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 1 starting job
Oct 31 15:24:35.643253: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4
Oct 31 15:24:35.643753: | "northnet-eastnets/0x2" #1: spent 1.14 (1.54) milliseconds in helper 1 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr)
Oct 31 15:24:35.643762: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 1 sending result back to state
Oct 31 15:24:35.643766: | scheduling resume sending helper answer back to state for #1
Oct 31 15:24:35.643770: | libevent_malloc: newref ptr-libevent@0x7f6fe000cc18 size 128
Oct 31 15:24:35.643780: | helper thread 1 has nothing to do
Oct 31 15:24:35.643794: | processing resume sending helper answer back to state for #1
Oct 31 15:24:35.643804: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:35.643809: | unsuspending #1 MD 0x556b6640e158
Oct 31 15:24:35.643812: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 1
Oct 31 15:24:35.643816: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x556b65737fe7
Oct 31 15:24:35.643819: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2
Oct 31 15:24:35.643823: | DH secret MODP2048@0x7f6fe8006ba8: transferring ownership from helper IKEv2 DH to state #1
Oct 31 15:24:35.643843: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir]
Oct 31 15:24:35.643872: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512
Oct 31 15:24:35.643903: | get_connection_private_key() using certificate north to find private key for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind RSA
Oct 31 15:24:35.644022: | trying secret PKK_RSA:AwEAAcIgy
Oct 31 15:24:35.644027: | matched
Oct 31 15:24:35.644030: | secrets entry for certificate already exists: north
Oct 31 15:24:35.644035: | connection northnet-eastnets/0x2's RSA private key found in NSS DB using cert
Oct 31 15:24:35.644114: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:35.644120: | addref fd@0x556b6640b548(4->5) (in clone_logger() at log.c:810)
Oct 31 15:24:35.644124: | newref clone logger@0x556b66401c48(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:35.644127: | job 3 for #1: computing responder signature (signature): adding job to queue
Oct 31 15:24:35.644131: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:35.644135: | libevent_free: delref ptr-libevent@0x556b66403728
Oct 31 15:24:35.644138: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b663eba08
Oct 31 15:24:35.644142: | #1 STATE_PARENT_I1: retransmits: cleared
Oct 31 15:24:35.644146: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b66403728
Oct 31 15:24:35.644149: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:24:35.644152: | libevent_malloc: newref ptr-libevent@0x556b663f9b08 size 128
Oct 31 15:24:35.644165: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.644170: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1
Oct 31 15:24:35.644173: | suspending state #1 and saving MD 0x556b6640e158
Oct 31 15:24:35.644174: | job 3 for #1: computing responder signature (signature): helper 5 starting job
Oct 31 15:24:35.644177: | addref md@0x556b6640e158(1->2) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:24:35.644189: | #1 is busy; has suspended MD 0x556b6640e158
Oct 31 15:24:35.644186: | hash to sign
Oct 31 15:24:35.644241: |   8f 73 df 95  43 5b ae 33  29 b6 42 06  5c da 40 d4
Oct 31 15:24:35.644250: |   a3 32 7f 0c  e8 7c 76 9e  44 b3 72 12  64 f8 54 29
Oct 31 15:24:35.644256: |   30 1e e8 69  35 c8 03 2b  a9 33 f6 f0  84 8d 2e 1b
Oct 31 15:24:35.644259: |   70 5d d8 1d  6d 41 31 42  b0 db ce 67  43 a3 be 6d
Oct 31 15:24:35.644263: | RSA_sign_hash: Started using NSS
Oct 31 15:24:35.644195: | delref logger@0x556b664038b8(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:35.646531: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.646538: | delref fd@0x556b6640b548(5->4) (in free_logger() at log.c:854)
Oct 31 15:24:35.646543: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition()
Oct 31 15:24:35.646547: | delref mdp@0x556b6640e158(2->1) (in resume_handler() at server.c:743)
Oct 31 15:24:35.646557: | #1 spent 0.353 (2.74) milliseconds in resume sending helper answer back to state
Oct 31 15:24:35.646565: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:24:35.646571: | libevent_free: delref ptr-libevent@0x7f6fe000cc18
Oct 31 15:24:35.663063: | RSA_sign_hash: Ended using NSS
Oct 31 15:24:35.663086: |     "northnet-eastnets/0x2" #1: spent 15.3 (18.8) milliseconds in v2_auth_signature() calling sign_hash()
Oct 31 15:24:35.663090: |   "northnet-eastnets/0x2" #1: spent 15.4 (18.9) milliseconds in v2_auth_signature()
Oct 31 15:24:35.663094: | "northnet-eastnets/0x2" #1: spent 15.4 (18.9) milliseconds in helper 5 processing job 3 for state #1: computing responder signature (signature)
Oct 31 15:24:35.663096: | job 3 for #1: computing responder signature (signature): helper thread 5 sending result back to state
Oct 31 15:24:35.663099: | scheduling resume sending helper answer back to state for #1
Oct 31 15:24:35.663102: | libevent_malloc: newref ptr-libevent@0x7f6fe4000da8 size 128
Oct 31 15:24:35.663111: | helper thread 5 has nothing to do
Oct 31 15:24:35.663121: | processing resume sending helper answer back to state for #1
Oct 31 15:24:35.663132: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:35.663137: | unsuspending #1 MD 0x556b6640e158
Oct 31 15:24:35.663141: | job 3 for #1: computing responder signature (signature): processing response from helper 5
Oct 31 15:24:35.663143: | job 3 for #1: computing responder signature (signature): calling continuation function 0x556b6566677f
Oct 31 15:24:35.663153: | newref alloc logger@0x556b663eba08(0->1) (in new_state() at state.c:576)
Oct 31 15:24:35.663157: | addref fd@0x556b6640b548(4->5) (in new_state() at state.c:577)
Oct 31 15:24:35.663160: | creating state object #2 at 0x556b66411968
Oct 31 15:24:35.663163: | State DB: adding IKEv2 state #2 in UNDEFINED
Oct 31 15:24:35.663173: | pstats #2 ikev2.child started
Oct 31 15:24:35.663176: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA
Oct 31 15:24:35.663185: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581)
Oct 31 15:24:35.663197: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.06318 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=0->-1 child.wip.responder=0->-1
Oct 31 15:24:35.663217: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore)
Oct 31 15:24:35.663222: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666)
Oct 31 15:24:35.663228: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.06318 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=0->-1 ike.wip.responder=-1
Oct 31 15:24:35.663255: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.06318 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1->0 child.wip.responder=-1
Oct 31 15:24:35.663263: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155)
Oct 31 15:24:35.663268: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:35.663271: | libevent_free: delref ptr-libevent@0x556b663f9b08
Oct 31 15:24:35.663274: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b66403728
Oct 31 15:24:35.663278: | #1 STATE_PARENT_I1: retransmits: cleared
Oct 31 15:24:35.663281: | event_schedule: newref EVENT_SA_REPLACE-pe@0x556b664038b8
Oct 31 15:24:35.663284: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1
Oct 31 15:24:35.663287: | libevent_malloc: newref ptr-libevent@0x7f6fe000cc18 size 128
Oct 31 15:24:35.663291: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA)
Oct 31 15:24:35.663297: | opening output PBS reply packet
Oct 31 15:24:35.663301: | **emit ISAKMP Message:
Oct 31 15:24:35.663305: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.663309: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.663312: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.663314: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.663317: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.663320: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.663324: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.663327: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.663330: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:35.663333: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.663335: |    flags: none (0x0)
Oct 31 15:24:35.663338: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:35.663340: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.663343: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:35.663357: | IKEv2 CERT: send a certificate?
Oct 31 15:24:35.663360: | IKEv2 CERT: OK to send a certificate (always)
Oct 31 15:24:35.663363: | IDr payload will be sent
Oct 31 15:24:35.663365: | ****emit IKEv2 Identification - Initiator - Payload:
Oct 31 15:24:35.663367: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.663369: |    flags: none (0x0)
Oct 31 15:24:35.663371: |    ID type: ID_DER_ASN1_DN (0x9)
Oct 31 15:24:35.663374: |    reserved: 00 00 00
Oct 31 15:24:35.663376: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi)
Oct 31 15:24:35.663378: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.663381: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload
Oct 31 15:24:35.663383: | my identity:
Oct 31 15:24:35.663385: |   30 81 b6 31  0b 30 09 06  03 55 04 06  13 02 43 41
Oct 31 15:24:35.663387: |   31 10 30 0e  06 03 55 04  08 0c 07 4f  6e 74 61 72
Oct 31 15:24:35.663389: |   69 6f 31 10  30 0e 06 03  55 04 07 0c  07 54 6f 72
Oct 31 15:24:35.663391: |   6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 0c 09 4c
Oct 31 15:24:35.663392: |   69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
Oct 31 15:24:35.663394: |   0b 0c 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
Oct 31 15:24:35.663396: |   6e 74 31 24  30 22 06 03  55 04 03 0c  1b 6e 6f 72
Oct 31 15:24:35.663398: |   74 68 2e 74  65 73 74 69  6e 67 2e 6c  69 62 72 65
Oct 31 15:24:35.663399: |   73 77 61 6e  2e 6f 72 67  31 2f 30 2d  06 09 2a 86
Oct 31 15:24:35.663401: |   48 86 f7 0d  01 09 01 16  20 75 73 65  72 2d 6e 6f
Oct 31 15:24:35.663403: |   72 74 68 40  74 65 73 74  69 6e 67 2e  6c 69 62 72
Oct 31 15:24:35.663405: |   65 73 77 61  6e 2e 6f 72  67
Oct 31 15:24:35.663407: | emitting length of IKEv2 Identification - Initiator - Payload: 193
Oct 31 15:24:35.663412: | sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.663414: | ****emit IKEv2 Certificate Payload:
Oct 31 15:24:35.663417: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.663419: |    flags: none (0x0)
Oct 31 15:24:35.663421: |    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
Oct 31 15:24:35.663423: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT)
Oct 31 15:24:35.663425: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.663428: | emitting 1356 raw bytes of CERT into IKEv2 Certificate Payload
Oct 31 15:24:35.663429: | CERT:
Oct 31 15:24:35.663431: |   30 82 05 48  30 82 04 30  a0 03 02 01  02 02 01 06
Oct 31 15:24:35.663433: |   30 0d 06 09  2a 86 48 86  f7 0d 01 01  0b 05 00 30
Oct 31 15:24:35.663435: |   81 ac 31 0b  30 09 06 03  55 04 06 13  02 43 41 31
Oct 31 15:24:35.663437: |   10 30 0e 06  03 55 04 08  0c 07 4f 6e  74 61 72 69
Oct 31 15:24:35.663439: |   6f 31 10 30  0e 06 03 55  04 07 0c 07  54 6f 72 6f
Oct 31 15:24:35.663440: |   6e 74 6f 31  12 30 10 06  03 55 04 0a  0c 09 4c 69
Oct 31 15:24:35.663442: |   62 72 65 73  77 61 6e 31  18 30 16 06  03 55 04 0b
Oct 31 15:24:35.663444: |   0c 0f 54 65  73 74 20 44  65 70 61 72  74 6d 65 6e
Oct 31 15:24:35.663446: |   74 31 25 30  23 06 03 55  04 03 0c 1c  4c 69 62 72
Oct 31 15:24:35.663448: |   65 73 77 61  6e 20 74 65  73 74 20 43  41 20 66 6f
Oct 31 15:24:35.663450: |   72 20 6d 61  69 6e 63 61  31 24 30 22  06 09 2a 86
Oct 31 15:24:35.663452: |   48 86 f7 0d  01 09 01 16  15 74 65 73  74 69 6e 67
Oct 31 15:24:35.663454: |   40 6c 69 62  72 65 73 77  61 6e 2e 6f  72 67 30 22
Oct 31 15:24:35.663455: |   18 0f 32 30  32 30 31 30  32 32 31 37  33 37 30 38
Oct 31 15:24:35.663457: |   5a 18 0f 32  30 32 33 31  30 32 32 31  37 33 37 30
Oct 31 15:24:35.663459: |   38 5a 30 81  b6 31 0b 30  09 06 03 55  04 06 13 02
Oct 31 15:24:35.663461: |   43 41 31 10  30 0e 06 03  55 04 08 0c  07 4f 6e 74
Oct 31 15:24:35.663463: |   61 72 69 6f  31 10 30 0e  06 03 55 04  07 0c 07 54
Oct 31 15:24:35.663465: |   6f 72 6f 6e  74 6f 31 12  30 10 06 03  55 04 0a 0c
Oct 31 15:24:35.663467: |   09 4c 69 62  72 65 73 77  61 6e 31 18  30 16 06 03
Oct 31 15:24:35.663468: |   55 04 0b 0c  0f 54 65 73  74 20 44 65  70 61 72 74
Oct 31 15:24:35.663470: |   6d 65 6e 74  31 24 30 22  06 03 55 04  03 0c 1b 6e
Oct 31 15:24:35.663472: |   6f 72 74 68  2e 74 65 73  74 69 6e 67  2e 6c 69 62
Oct 31 15:24:35.663474: |   72 65 73 77  61 6e 2e 6f  72 67 31 2f  30 2d 06 09
Oct 31 15:24:35.663475: |   2a 86 48 86  f7 0d 01 09  01 16 20 75  73 65 72 2d
Oct 31 15:24:35.663477: |   6e 6f 72 74  68 40 74 65  73 74 69 6e  67 2e 6c 69
Oct 31 15:24:35.663479: |   62 72 65 73  77 61 6e 2e  6f 72 67 30  82 01 a2 30
Oct 31 15:24:35.663481: |   0d 06 09 2a  86 48 86 f7  0d 01 01 01  05 00 03 82
Oct 31 15:24:35.663482: |   01 8f 00 30  82 01 8a 02  82 01 81 00  c2 20 c8 b3
Oct 31 15:24:35.663485: |   e7 66 04 be  08 51 b3 99  cf 02 a8 a4  ca ed ba 66
Oct 31 15:24:35.663486: |   23 2a ff ad  99 c3 1a 76  55 23 2d 9d  cc 7b a2 31
Oct 31 15:24:35.663488: |   62 e7 6d 60  f6 51 44 f3  13 d6 85 78  76 7e 8f 89
Oct 31 15:24:35.663490: |   2a c5 0a a6  0d 88 ed 0f  ac 90 7d cf  05 c8 fc 8e
Oct 31 15:24:35.663491: |   4a 61 07 f6  20 40 56 2e  f1 33 1c d5  c9 11 b4 21
Oct 31 15:24:35.663493: |   08 93 e4 67  94 17 9d 20  93 76 21 56  ff 70 1d a2
Oct 31 15:24:35.663495: |   72 ef 2a c7  e6 86 0a dc  a5 69 9f 69  99 97 ef 81
Oct 31 15:24:35.663497: |   a8 34 79 ed  66 78 ba 5c  4f 83 04 5f  24 a2 21 d5
Oct 31 15:24:35.663499: |   3b 05 e2 54  9c d3 bb 52  c9 fe d8 5e  0d 80 d9 d3
Oct 31 15:24:35.663501: |   68 31 37 e6  ed 75 b9 30  e1 14 0b 08  e3 c8 a1 17
Oct 31 15:24:35.663503: |   ab c9 7f e4  34 c8 55 49  29 f0 1a 66  4e ab eb b4
Oct 31 15:24:35.663506: |   63 7a 0f a9  69 94 4a 49  bd c2 04 3c  37 5d f0 5c
Oct 31 15:24:35.663508: |   64 94 8e c9  a8 2a 41 72  39 78 43 fa  7e 78 7e f5
Oct 31 15:24:35.663510: |   b6 93 ab a8  8a 09 27 1b  dc 4d a7 d0  69 cb f5 26
Oct 31 15:24:35.663512: |   f7 58 08 dc  d9 59 76 1f  26 6d d2 f1  80 b5 59 89
Oct 31 15:24:35.663513: |   16 45 c8 99  35 f0 85 b4  b2 76 20 0d  ba 22 c4 d1
Oct 31 15:24:35.663516: |   7e 3c ee 79  6b 1a 72 ea  96 0e 65 72  6a bf aa e8
Oct 31 15:24:35.663518: |   3e 83 21 6a  15 13 72 14  44 89 65 75  cc d9 0b ad
Oct 31 15:24:35.663520: |   8d a9 02 ad  d9 bb 10 65  4d 6c 5c 1a  92 8e d7 df
Oct 31 15:24:35.663522: |   a5 7b c5 8f  46 71 f8 1d  f5 b6 fe 53  42 a1 1c 8e
Oct 31 15:24:35.663524: |   83 e2 ea 4a  19 6f 01 11  f3 04 37 31  bc c0 a6 ee
Oct 31 15:24:35.663526: |   f2 ba d5 01  d2 44 7a eb  25 30 c9 4d  7e 31 89 51
Oct 31 15:24:35.663527: |   19 0d 20 e8  60 cf fa c9  ee 65 2c 75  19 f5 96 00
Oct 31 15:24:35.663529: |   80 36 b8 3b  fb 55 fa 68  54 da 51 db  02 03 01 00
Oct 31 15:24:35.663531: |   01 a3 81 e4  30 81 e1 30  09 06 03 55  1d 13 04 02
Oct 31 15:24:35.663533: |   30 00 30 26  06 03 55 1d  11 04 1f 30  1d 82 1b 6e
Oct 31 15:24:35.663535: |   6f 72 74 68  2e 74 65 73  74 69 6e 67  2e 6c 69 62
Oct 31 15:24:35.663537: |   72 65 73 77  61 6e 2e 6f  72 67 30 0b  06 03 55 1d
Oct 31 15:24:35.663539: |   0f 04 04 03  02 07 80 30  1d 06 03 55  1d 25 04 16
Oct 31 15:24:35.663541: |   30 14 06 08  2b 06 01 05  05 07 03 01  06 08 2b 06
Oct 31 15:24:35.663543: |   01 05 05 07  03 02 30 41  06 08 2b 06  01 05 05 07
Oct 31 15:24:35.663545: |   01 01 04 35  30 33 30 31  06 08 2b 06  01 05 05 07
Oct 31 15:24:35.663547: |   30 01 86 25  68 74 74 70  3a 2f 2f 6e  69 63 2e 74
Oct 31 15:24:35.663549: |   65 73 74 69  6e 67 2e 6c  69 62 72 65  73 77 61 6e
Oct 31 15:24:35.663551: |   2e 6f 72 67  3a 32 35 36  30 30 3d 06  03 55 1d 1f
Oct 31 15:24:35.663553: |   04 36 30 34  30 32 a0 30  a0 2e 86 2c  68 74 74 70
Oct 31 15:24:35.663555: |   3a 2f 2f 6e  69 63 2e 74  65 73 74 69  6e 67 2e 6c
Oct 31 15:24:35.663557: |   69 62 72 65  73 77 61 6e  2e 6f 72 67  2f 72 65 76
Oct 31 15:24:35.663558: |   6f 6b 65 64  2e 63 72 6c  30 0d 06 09  2a 86 48 86
Oct 31 15:24:35.663560: |   f7 0d 01 01  0b 05 00 03  82 01 01 00  3d d9 77 ea
Oct 31 15:24:35.663562: |   b6 b9 f7 5d  14 4d da 1d  3d 93 ae e3  e9 ea a3 98
Oct 31 15:24:35.663564: |   d0 8e b6 c7  f3 c8 cf eb  48 3d 3d fa  f4 03 99 c0
Oct 31 15:24:35.663566: |   c5 00 27 8b  9c c8 ed 58  8f f0 29 cb  a6 ef 28 ec
Oct 31 15:24:35.663568: |   c8 ac 31 2d  4d 28 61 66  53 90 b5 93  f2 a2 7f 81
Oct 31 15:24:35.663570: |   dd 79 e2 e1  77 f8 f1 83  16 a2 5b b1  ca cd 38 f0
Oct 31 15:24:35.663572: |   c8 78 e4 d6  b0 3d 7b 74  d2 f6 e2 a4  ac ee 53 1b
Oct 31 15:24:35.663575: |   c8 49 78 99  27 79 65 21  11 2c a0 9a  1a 7f e7 72
Oct 31 15:24:35.663577: |   46 2c 75 93  13 a5 21 72  d4 09 d9 2c  f5 33 21 e7
Oct 31 15:24:35.663579: |   c1 a1 ca 1f  04 36 f7 21  11 a2 24 13  6c 13 7c aa
Oct 31 15:24:35.663581: |   4f 24 16 45  fb 90 e9 a5  50 a7 fa 54  ff 45 4a 11
Oct 31 15:24:35.663583: |   c2 73 88 82  e5 24 4f ea  fd 1a 2a 3c  6e 61 e7 23
Oct 31 15:24:35.663586: |   c9 cf 19 b1  0c 69 ce 53  0a 22 62 43  ed 8c 02 34
Oct 31 15:24:35.663588: |   0c 83 63 07  10 71 ea 70  bd 31 5f d3  d4 f4 9d fa
Oct 31 15:24:35.663591: |   6a 95 57 a8  99 03 33 4c  97 8c 91 56  51 6e 87 ac
Oct 31 15:24:35.663592: |   21 4c d0 d8  41 fd 18 0f  4d 2e e7 69  5b a3 ba 22
Oct 31 15:24:35.663594: |   9a d2 cf 06  29 34 2e 83  57 6f 55 d4
Oct 31 15:24:35.663597: | emitting length of IKEv2 Certificate Payload: 1361
Oct 31 15:24:35.663599: | IKEv2 CERTREQ: send a cert request?
Oct 31 15:24:35.663604: | IKEv2 CERTREQ: OK to send a certificate request
Oct 31 15:24:35.663618: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org
Oct 31 15:24:35.663620: | connection->kind is CK_PERMANENT so send CERTREQ
Oct 31 15:24:35.663623: | ****emit IKEv2 Certificate Request Payload:
Oct 31 15:24:35.663626: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.663629: |    flags: none (0x0)
Oct 31 15:24:35.663632: |    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
Oct 31 15:24:35.663634: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ)
Oct 31 15:24:35.663636: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.664520: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ
Oct 31 15:24:35.664540: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload
Oct 31 15:24:35.664543: | CA cert public key hash:
Oct 31 15:24:35.664546: |   de 91 76 61  50 ac 79 0d  0f 60 83 8c  a3 c3 15 48
Oct 31 15:24:35.664548: |   d1 1f d2 d2
Oct 31 15:24:35.664552: | emitting length of IKEv2 Certificate Request Payload: 25
Oct 31 15:24:35.664556: | ****emit IKEv2 Identification - Responder - Payload:
Oct 31 15:24:35.664560: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.664562: |    flags: none (0x0)
Oct 31 15:24:35.664565: |    ID type: ID_DER_ASN1_DN (0x9)
Oct 31 15:24:35.664568: |    reserved: 00 00 00
Oct 31 15:24:35.664572: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Oct 31 15:24:35.664574: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.664578: | emitting 183 raw bytes of their IDr into IKEv2 Identification - Responder - Payload
Oct 31 15:24:35.664580: | their IDr:
Oct 31 15:24:35.664582: |   30 81 b4 31  0b 30 09 06  03 55 04 06  13 02 43 41
Oct 31 15:24:35.664585: |   31 10 30 0e  06 03 55 04  08 0c 07 4f  6e 74 61 72
Oct 31 15:24:35.664587: |   69 6f 31 10  30 0e 06 03  55 04 07 0c  07 54 6f 72
Oct 31 15:24:35.664589: |   6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 0c 09 4c
Oct 31 15:24:35.664591: |   69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
Oct 31 15:24:35.664594: |   0b 0c 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
Oct 31 15:24:35.664596: |   6e 74 31 23  30 21 06 03  55 04 03 0c  1a 65 61 73
Oct 31 15:24:35.664598: |   74 2e 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
Oct 31 15:24:35.664599: |   77 61 6e 2e  6f 72 67 31  2e 30 2c 06  09 2a 86 48
Oct 31 15:24:35.664601: |   86 f7 0d 01  09 01 16 1f  75 73 65 72  2d 65 61 73
Oct 31 15:24:35.664603: |   74 40 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
Oct 31 15:24:35.664605: |   77 61 6e 2e  6f 72 67
Oct 31 15:24:35.664608: | emitting length of IKEv2 Identification - Responder - Payload: 191
Oct 31 15:24:35.664611: | not sending INITIAL_CONTACT
Oct 31 15:24:35.664614: | ****emit IKEv2 Authentication Payload:
Oct 31 15:24:35.664616: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.664619: |    flags: none (0x0)
Oct 31 15:24:35.664621: |    auth method: IKEv2_AUTH_DIGSIG (0xe)
Oct 31 15:24:35.664624: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Oct 31 15:24:35.664627: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.664630: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512
Oct 31 15:24:35.664633: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload
Oct 31 15:24:35.664635: | OID of ASN.1 Algorithm Identifier:
Oct 31 15:24:35.664637: |   43 30 41 06  09 2a 86 48  86 f7 0d 01  01 0a 30 34
Oct 31 15:24:35.664639: |   a0 0f 30 0d  06 09 60 86  48 01 65 03  04 02 03 05
Oct 31 15:24:35.664641: |   00 a1 1c 30  1a 06 09 2a  86 48 86 f7  0d 01 01 08
Oct 31 15:24:35.664644: |   30 0d 06 09  60 86 48 01  65 03 04 02  03 05 00 a2
Oct 31 15:24:35.664646: |   03 02 01 40
Oct 31 15:24:35.664648: | emitting 384 raw bytes of signature into IKEv2 Authentication Payload
Oct 31 15:24:35.664653: | signature:
Oct 31 15:24:35.664655: |   3f 0d f3 e8  1e e0 f3 e1  9a 87 a5 8b  1a 14 76 b1
Oct 31 15:24:35.664657: |   a2 ed c0 e1  8f 44 df 12  34 a9 f0 49  fb b6 a8 87
Oct 31 15:24:35.664659: |   02 c4 35 04  08 e5 00 39  18 61 ce 17  47 f5 a6 ec
Oct 31 15:24:35.664661: |   a8 de 93 32  a6 09 a3 5e  b6 ef 26 0d  1a 34 14 f2
Oct 31 15:24:35.664663: |   30 24 40 5c  f6 7e 88 db  23 da 52 4e  8d 26 fe f5
Oct 31 15:24:35.664665: |   e2 66 cf 80  b6 47 70 03  0a 8e 4c dd  92 0d 04 dc
Oct 31 15:24:35.664667: |   af f5 22 fe  7c 5e 30 19  bf 2f 97 4b  ce 67 6e 9a
Oct 31 15:24:35.664670: |   ef 57 44 f6  25 f2 80 0c  cf eb 94 80  ab 52 f3 a9
Oct 31 15:24:35.664672: |   a0 06 ae f7  b9 e4 27 b3  e2 2f e8 89  7d 20 4a f3
Oct 31 15:24:35.664674: |   7f 64 c6 ac  7b 7e 95 a7  fc 85 5a 94  84 33 9f 4a
Oct 31 15:24:35.664676: |   6e 0c 1b 70  c2 06 64 88  75 f6 37 04  6f fa 5e 09
Oct 31 15:24:35.664678: |   d5 a5 e0 e3  00 59 e1 57  7d 0c 62 4e  cf 2b dc 49
Oct 31 15:24:35.664680: |   e8 c0 c4 b7  58 c1 f5 5e  ee c9 8b 14  73 90 25 00
Oct 31 15:24:35.664682: |   57 c0 02 17  ff 0f 53 fb  b0 e8 6a ad  4a f1 13 7d
Oct 31 15:24:35.664684: |   cb 22 41 c4  83 12 17 46  c9 a8 2d 29  3f ef f1 0f
Oct 31 15:24:35.664686: |   92 0d 32 04  47 f0 f9 db  0c 65 4a 26  9f 7f ff be
Oct 31 15:24:35.664688: |   09 d5 88 b1  61 7b fa 12  ef de c6 2a  e9 d9 14 38
Oct 31 15:24:35.664690: |   8f 8e 01 9d  c7 ed b6 69  12 da a6 c0  b1 9f eb 48
Oct 31 15:24:35.664693: |   d0 53 32 92  42 64 71 ff  6c 66 bd 5d  0b 10 dc 63
Oct 31 15:24:35.664694: |   78 fb 2f 1d  93 19 98 fd  dc 55 8d e7  42 72 34 c1
Oct 31 15:24:35.664696: |   76 59 56 7e  5f 51 0c da  f8 8a 55 65  e1 ed c6 43
Oct 31 15:24:35.664698: |   74 60 ed 0f  69 32 e3 22  c7 73 f7 44  41 d8 55 2b
Oct 31 15:24:35.664701: |   c9 49 36 67  e1 9e 6b a1  06 d5 13 07  6c b6 48 b3
Oct 31 15:24:35.664702: |   36 7b 76 94  37 1d ab 8f  5d ba 22 42  8a e0 2d ac
Oct 31 15:24:35.664704: | emitting length of IKEv2 Authentication Payload: 460
Oct 31 15:24:35.664707: | getting first pending from state #1
Oct 31 15:24:35.664710: | delref fd@0x556b6640b548(5->4) (in first_pending() at pending.c:318)
Oct 31 15:24:35.664713: | addref fd@0x556b6640b548(4->5) (in first_pending() at pending.c:319)
Oct 31 15:24:35.664716: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2"
Oct 31 15:24:35.664720: | in connection_discard for connection northnet-eastnets/0x2
Oct 31 15:24:35.664741: | netlink_get_spi: allocated 0xb0822f84 for esp.0@192.1.3.33
Oct 31 15:24:35.664745: | constructing ESP/AH proposals with all DH removed  for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals)
Oct 31 15:24:35.664753: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Oct 31 15:24:35.664760: | ...  ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED
Oct 31 15:24:35.664763: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Oct 31 15:24:35.664766: | ...  ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED
Oct 31 15:24:35.664770: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:35.664773: | ...  ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:35.664776: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:35.664780: | ...  ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:35.664783: "northnet-eastnets/0x1": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): 
Oct 31 15:24:35.664787: "northnet-eastnets/0x1":   1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED
Oct 31 15:24:35.664791: "northnet-eastnets/0x1":   2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED
Oct 31 15:24:35.664794: "northnet-eastnets/0x1":   3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:35.664797: "northnet-eastnets/0x1":   4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:35.664799: | Emitting ikev2_proposals ...
Oct 31 15:24:35.664804: | ****emit IKEv2 Security Association Payload:
Oct 31 15:24:35.664806: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.664809: |    flags: none (0x0)
Oct 31 15:24:35.664811: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:24:35.664813: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.664817: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.664820: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.664822: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.664824: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.664827: |    prop #: 1 (01)
Oct 31 15:24:35.664829: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.664832: |    spi size: 4 (04)
Oct 31 15:24:35.664834: |    # transforms: 2 (02)
Oct 31 15:24:35.664837: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.664840: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.664842: | our spi: b0 82 2f 84
Oct 31 15:24:35.664845: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.664847: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.664850: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.664852: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.664855: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.664858: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.664861: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.664864: |    length/value: 256 (01 00)
Oct 31 15:24:35.664867: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.664870: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.664872: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.664874: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.664877: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.664879: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.664881: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.664884: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.664887: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.664889: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.664891: | emitting length of IKEv2 Proposal Substructure Payload: 32
Oct 31 15:24:35.664894: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.664896: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.664899: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.664902: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.664904: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.664906: |    prop #: 2 (02)
Oct 31 15:24:35.664908: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.664910: |    spi size: 4 (04)
Oct 31 15:24:35.664913: |    # transforms: 2 (02)
Oct 31 15:24:35.664915: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.664917: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.664922: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.664925: | our spi: b0 82 2f 84
Oct 31 15:24:35.664928: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.664930: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.664932: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.664935: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.664938: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.664941: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.664944: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.664948: |    length/value: 128 (00 80)
Oct 31 15:24:35.664951: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.664955: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.664958: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.664960: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.664962: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.664964: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.664967: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.664969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.664971: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.664973: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.664976: | emitting length of IKEv2 Proposal Substructure Payload: 32
Oct 31 15:24:35.664978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.664981: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.664983: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.664985: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.664988: |    prop #: 3 (03)
Oct 31 15:24:35.664992: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.664994: |    spi size: 4 (04)
Oct 31 15:24:35.664997: |    # transforms: 4 (04)
Oct 31 15:24:35.665001: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.665004: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.665007: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.665011: | our spi: b0 82 2f 84
Oct 31 15:24:35.665014: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665017: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665020: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.665023: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:35.665026: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665029: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.665032: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.665036: |    length/value: 256 (01 00)
Oct 31 15:24:35.665039: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.665042: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665044: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665047: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.665050: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:35.665056: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665059: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665062: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.665065: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665068: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665071: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.665073: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:35.665077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665083: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.665086: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.665089: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665092: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.665095: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.665098: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.665101: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665107: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.665110: | emitting length of IKEv2 Proposal Substructure Payload: 48
Oct 31 15:24:35.665112: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.665116: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.665119: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.665122: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:35.665125: |    prop #: 4 (04)
Oct 31 15:24:35.665129: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.665132: |    spi size: 4 (04)
Oct 31 15:24:35.665135: |    # transforms: 4 (04)
Oct 31 15:24:35.665139: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.665141: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.665145: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.665149: | our spi: b0 82 2f 84
Oct 31 15:24:35.665152: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665155: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665157: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.665160: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:35.665163: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665166: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.665169: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.665174: |    length/value: 128 (00 80)
Oct 31 15:24:35.665177: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.665179: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665183: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665188: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.665191: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:35.665194: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665210: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.665214: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665217: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665220: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.665223: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:35.665226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665232: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.665235: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.665238: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.665241: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.665244: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.665246: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.665250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.665252: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.665256: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.665258: | emitting length of IKEv2 Proposal Substructure Payload: 48
Oct 31 15:24:35.665261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.665264: | emitting length of IKEv2 Security Association Payload: 164
Oct 31 15:24:35.665266: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:24:35.665273: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:24:35.665276: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.665279: |    flags: none (0x0)
Oct 31 15:24:35.665283: |    number of TS: 1 (01)
Oct 31 15:24:35.665286: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Oct 31 15:24:35.665289: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.665293: | *****emit IKEv2 Traffic Selector:
Oct 31 15:24:35.665296: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.665299: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.665303: |    start port: 0 (00 00)
Oct 31 15:24:35.665306: |    end port: 65535 (ff ff)
Oct 31 15:24:35.665311: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:24:35.665314: | IP start: c0 00 03 00
Oct 31 15:24:35.665318: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:24:35.665321: | IP end: c0 00 03 ff
Oct 31 15:24:35.665324: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:24:35.665326: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Oct 31 15:24:35.665329: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:24:35.665334: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.665337: |    flags: none (0x0)
Oct 31 15:24:35.665341: |    number of TS: 1 (01)
Oct 31 15:24:35.665344: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Oct 31 15:24:35.665347: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.665350: | *****emit IKEv2 Traffic Selector:
Oct 31 15:24:35.665353: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.665356: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.665360: |    start port: 0 (00 00)
Oct 31 15:24:35.665364: |    end port: 65535 (ff ff)
Oct 31 15:24:35.665367: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:24:35.665371: | IP start: c0 00 02 00
Oct 31 15:24:35.665374: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:24:35.665378: | IP end: c0 00 02 ff
Oct 31 15:24:35.665381: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:24:35.665384: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Oct 31 15:24:35.665387: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE
Oct 31 15:24:35.665391: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Oct 31 15:24:35.665395: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.665399: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:35.665402: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:35.665405: | emitting length of IKEv2 Encryption Payload: 2471
Oct 31 15:24:35.665408: | emitting length of ISAKMP Message: 2499
Oct 31 15:24:35.665416: | **parse ISAKMP Message:
Oct 31 15:24:35.665421: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.665425: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.665428: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:24:35.665430: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.665433: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.665436: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.665440: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.665443: |    length: 2499 (00 00 09 c3)
Oct 31 15:24:35.665447: | **parse IKEv2 Encryption Payload:
Oct 31 15:24:35.665449: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Oct 31 15:24:35.665452: |    flags: none (0x0)
Oct 31 15:24:35.665455: |    length: 2471 (09 a7)
Oct 31 15:24:35.665457: | opening output PBS reply frag packet
Oct 31 15:24:35.665460: | **emit ISAKMP Message:
Oct 31 15:24:35.665463: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.665467: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.665470: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.665472: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.665475: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.665477: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.665480: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.665483: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.665486: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:24:35.665489: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Oct 31 15:24:35.665491: |    flags: none (0x0)
Oct 31 15:24:35.665494: |    fragment number: 1 (00 01)
Oct 31 15:24:35.665497: |    total fragments: 6 (00 06)
Oct 31 15:24:35.665500: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi
Oct 31 15:24:35.665503: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.665505: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:24:35.665510: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665518: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665521: | cleartext fragment:
Oct 31 15:24:35.665523: |   25 00 00 c1  09 00 00 00  30 81 b6 31  0b 30 09 06
Oct 31 15:24:35.665525: |   03 55 04 06  13 02 43 41  31 10 30 0e  06 03 55 04
Oct 31 15:24:35.665528: |   08 0c 07 4f  6e 74 61 72  69 6f 31 10  30 0e 06 03
Oct 31 15:24:35.665530: |   55 04 07 0c  07 54 6f 72  6f 6e 74 6f  31 12 30 10
Oct 31 15:24:35.665532: |   06 03 55 04  0a 0c 09 4c  69 62 72 65  73 77 61 6e
Oct 31 15:24:35.665534: |   31 18 30 16  06 03 55 04  0b 0c 0f 54  65 73 74 20
Oct 31 15:24:35.665536: |   44 65 70 61  72 74 6d 65  6e 74 31 24  30 22 06 03
Oct 31 15:24:35.665538: |   55 04 03 0c  1b 6e 6f 72  74 68 2e 74  65 73 74 69
Oct 31 15:24:35.665540: |   6e 67 2e 6c  69 62 72 65  73 77 61 6e  2e 6f 72 67
Oct 31 15:24:35.665542: |   31 2f 30 2d  06 09 2a 86  48 86 f7 0d  01 09 01 16
Oct 31 15:24:35.665544: |   20 75 73 65  72 2d 6e 6f  72 74 68 40  74 65 73 74
Oct 31 15:24:35.665546: |   69 6e 67 2e  6c 69 62 72  65 73 77 61  6e 2e 6f 72
Oct 31 15:24:35.665548: |   67 26 00 05  51 04 30 82  05 48 30 82  04 30 a0 03
Oct 31 15:24:35.665550: |   02 01 02 02  01 06 30 0d  06 09 2a 86  48 86 f7 0d
Oct 31 15:24:35.665551: |   01 01 0b 05  00 30 81 ac  31 0b 30 09  06 03 55 04
Oct 31 15:24:35.665553: |   06 13 02 43  41 31 10 30  0e 06 03 55  04 08 0c 07
Oct 31 15:24:35.665555: |   4f 6e 74 61  72 69 6f 31  10 30 0e 06  03 55 04 07
Oct 31 15:24:35.665557: |   0c 07 54 6f  72 6f 6e 74  6f 31 12 30  10 06 03 55
Oct 31 15:24:35.665559: |   04 0a 0c 09  4c 69 62 72  65 73 77 61  6e 31 18 30
Oct 31 15:24:35.665561: |   16 06 03 55  04 0b 0c 0f  54 65 73 74  20 44 65 70
Oct 31 15:24:35.665563: |   61 72 74 6d  65 6e 74 31  25 30 23 06  03 55 04 03
Oct 31 15:24:35.665565: |   0c 1c 4c 69  62 72 65 73  77 61 6e 20  74 65 73 74
Oct 31 15:24:35.665567: |   20 43 41 20  66 6f 72 20  6d 61 69 6e  63 61 31 24
Oct 31 15:24:35.665569: |   30 22 06 09  2a 86 48 86  f7 0d 01 09  01 16 15 74
Oct 31 15:24:35.665571: |   65 73 74 69  6e 67 40 6c  69 62 72 65  73 77 61 6e
Oct 31 15:24:35.665572: |   2e 6f 72 67  30 22 18 0f  32 30 32 30  31 30 32 32
Oct 31 15:24:35.665574: |   31 37 33 37  30 38 5a 18  0f 32 30 32  33 31 30 32
Oct 31 15:24:35.665576: |   32 31 37 33  37 30 38 5a  30 81 b6 31  0b 30 09 06
Oct 31 15:24:35.665578: |   03 55 04 06  13 02 43 41  31 10 30 0e  06 03 55 04
Oct 31 15:24:35.665580: |   08 0c 07 4f  6e 74 61 72  69 6f 31 10  30 0e
Oct 31 15:24:35.665582: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.665585: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665587: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665589: | emitting length of IKEv2 Encrypted Fragment: 511
Oct 31 15:24:35.665591: | emitting length of ISAKMP Message: 539
Oct 31 15:24:35.665605: | recording fragment 1
Oct 31 15:24:35.665609: | opening output PBS reply frag packet
Oct 31 15:24:35.665611: | **emit ISAKMP Message:
Oct 31 15:24:35.665614: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.665618: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.665620: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.665623: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.665625: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.665627: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.665630: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.665633: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.665635: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:24:35.665638: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.665640: |    flags: none (0x0)
Oct 31 15:24:35.665643: |    fragment number: 2 (00 02)
Oct 31 15:24:35.665647: |    total fragments: 6 (00 06)
Oct 31 15:24:35.665650: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE
Oct 31 15:24:35.665652: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.665655: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:24:35.665657: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665660: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665662: | cleartext fragment:
Oct 31 15:24:35.665664: |   06 03 55 04  07 0c 07 54  6f 72 6f 6e  74 6f 31 12
Oct 31 15:24:35.665667: |   30 10 06 03  55 04 0a 0c  09 4c 69 62  72 65 73 77
Oct 31 15:24:35.665669: |   61 6e 31 18  30 16 06 03  55 04 0b 0c  0f 54 65 73
Oct 31 15:24:35.665671: |   74 20 44 65  70 61 72 74  6d 65 6e 74  31 24 30 22
Oct 31 15:24:35.665673: |   06 03 55 04  03 0c 1b 6e  6f 72 74 68  2e 74 65 73
Oct 31 15:24:35.665675: |   74 69 6e 67  2e 6c 69 62  72 65 73 77  61 6e 2e 6f
Oct 31 15:24:35.665677: |   72 67 31 2f  30 2d 06 09  2a 86 48 86  f7 0d 01 09
Oct 31 15:24:35.665680: |   01 16 20 75  73 65 72 2d  6e 6f 72 74  68 40 74 65
Oct 31 15:24:35.665682: |   73 74 69 6e  67 2e 6c 69  62 72 65 73  77 61 6e 2e
Oct 31 15:24:35.665684: |   6f 72 67 30  82 01 a2 30  0d 06 09 2a  86 48 86 f7
Oct 31 15:24:35.665686: |   0d 01 01 01  05 00 03 82  01 8f 00 30  82 01 8a 02
Oct 31 15:24:35.665689: |   82 01 81 00  c2 20 c8 b3  e7 66 04 be  08 51 b3 99
Oct 31 15:24:35.665691: |   cf 02 a8 a4  ca ed ba 66  23 2a ff ad  99 c3 1a 76
Oct 31 15:24:35.665694: |   55 23 2d 9d  cc 7b a2 31  62 e7 6d 60  f6 51 44 f3
Oct 31 15:24:35.665696: |   13 d6 85 78  76 7e 8f 89  2a c5 0a a6  0d 88 ed 0f
Oct 31 15:24:35.665698: |   ac 90 7d cf  05 c8 fc 8e  4a 61 07 f6  20 40 56 2e
Oct 31 15:24:35.665700: |   f1 33 1c d5  c9 11 b4 21  08 93 e4 67  94 17 9d 20
Oct 31 15:24:35.665702: |   93 76 21 56  ff 70 1d a2  72 ef 2a c7  e6 86 0a dc
Oct 31 15:24:35.665705: |   a5 69 9f 69  99 97 ef 81  a8 34 79 ed  66 78 ba 5c
Oct 31 15:24:35.665707: |   4f 83 04 5f  24 a2 21 d5  3b 05 e2 54  9c d3 bb 52
Oct 31 15:24:35.665709: |   c9 fe d8 5e  0d 80 d9 d3  68 31 37 e6  ed 75 b9 30
Oct 31 15:24:35.665711: |   e1 14 0b 08  e3 c8 a1 17  ab c9 7f e4  34 c8 55 49
Oct 31 15:24:35.665713: |   29 f0 1a 66  4e ab eb b4  63 7a 0f a9  69 94 4a 49
Oct 31 15:24:35.665715: |   bd c2 04 3c  37 5d f0 5c  64 94 8e c9  a8 2a 41 72
Oct 31 15:24:35.665717: |   39 78 43 fa  7e 78 7e f5  b6 93 ab a8  8a 09 27 1b
Oct 31 15:24:35.665719: |   dc 4d a7 d0  69 cb f5 26  f7 58 08 dc  d9 59 76 1f
Oct 31 15:24:35.665721: |   26 6d d2 f1  80 b5 59 89  16 45 c8 99  35 f0 85 b4
Oct 31 15:24:35.665723: |   b2 76 20 0d  ba 22 c4 d1  7e 3c ee 79  6b 1a 72 ea
Oct 31 15:24:35.665725: |   96 0e 65 72  6a bf aa e8  3e 83 21 6a  15 13 72 14
Oct 31 15:24:35.665726: |   44 89 65 75  cc d9 0b ad  8d a9 02 ad  d9 bb
Oct 31 15:24:35.665728: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.665731: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665733: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665735: | emitting length of IKEv2 Encrypted Fragment: 511
Oct 31 15:24:35.665737: | emitting length of ISAKMP Message: 539
Oct 31 15:24:35.665745: | recording fragment 2
Oct 31 15:24:35.665748: | opening output PBS reply frag packet
Oct 31 15:24:35.665751: | **emit ISAKMP Message:
Oct 31 15:24:35.665754: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.665757: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.665759: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.665762: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.665764: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.665766: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.665773: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.665776: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.665780: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:24:35.665782: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.665784: |    flags: none (0x0)
Oct 31 15:24:35.665786: |    fragment number: 3 (00 03)
Oct 31 15:24:35.665789: |    total fragments: 6 (00 06)
Oct 31 15:24:35.665791: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE
Oct 31 15:24:35.665793: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.665795: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:24:35.665798: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665802: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665804: | cleartext fragment:
Oct 31 15:24:35.665806: |   10 65 4d 6c  5c 1a 92 8e  d7 df a5 7b  c5 8f 46 71
Oct 31 15:24:35.665808: |   f8 1d f5 b6  fe 53 42 a1  1c 8e 83 e2  ea 4a 19 6f
Oct 31 15:24:35.665810: |   01 11 f3 04  37 31 bc c0  a6 ee f2 ba  d5 01 d2 44
Oct 31 15:24:35.665812: |   7a eb 25 30  c9 4d 7e 31  89 51 19 0d  20 e8 60 cf
Oct 31 15:24:35.665813: |   fa c9 ee 65  2c 75 19 f5  96 00 80 36  b8 3b fb 55
Oct 31 15:24:35.665815: |   fa 68 54 da  51 db 02 03  01 00 01 a3  81 e4 30 81
Oct 31 15:24:35.665817: |   e1 30 09 06  03 55 1d 13  04 02 30 00  30 26 06 03
Oct 31 15:24:35.665819: |   55 1d 11 04  1f 30 1d 82  1b 6e 6f 72  74 68 2e 74
Oct 31 15:24:35.665821: |   65 73 74 69  6e 67 2e 6c  69 62 72 65  73 77 61 6e
Oct 31 15:24:35.665823: |   2e 6f 72 67  30 0b 06 03  55 1d 0f 04  04 03 02 07
Oct 31 15:24:35.665825: |   80 30 1d 06  03 55 1d 25  04 16 30 14  06 08 2b 06
Oct 31 15:24:35.665826: |   01 05 05 07  03 01 06 08  2b 06 01 05  05 07 03 02
Oct 31 15:24:35.665828: |   30 41 06 08  2b 06 01 05  05 07 01 01  04 35 30 33
Oct 31 15:24:35.665831: |   30 31 06 08  2b 06 01 05  05 07 30 01  86 25 68 74
Oct 31 15:24:35.665832: |   74 70 3a 2f  2f 6e 69 63  2e 74 65 73  74 69 6e 67
Oct 31 15:24:35.665834: |   2e 6c 69 62  72 65 73 77  61 6e 2e 6f  72 67 3a 32
Oct 31 15:24:35.665836: |   35 36 30 30  3d 06 03 55  1d 1f 04 36  30 34 30 32
Oct 31 15:24:35.665838: |   a0 30 a0 2e  86 2c 68 74  74 70 3a 2f  2f 6e 69 63
Oct 31 15:24:35.665840: |   2e 74 65 73  74 69 6e 67  2e 6c 69 62  72 65 73 77
Oct 31 15:24:35.665842: |   61 6e 2e 6f  72 67 2f 72  65 76 6f 6b  65 64 2e 63
Oct 31 15:24:35.665844: |   72 6c 30 0d  06 09 2a 86  48 86 f7 0d  01 01 0b 05
Oct 31 15:24:35.665846: |   00 03 82 01  01 00 3d d9  77 ea b6 b9  f7 5d 14 4d
Oct 31 15:24:35.665848: |   da 1d 3d 93  ae e3 e9 ea  a3 98 d0 8e  b6 c7 f3 c8
Oct 31 15:24:35.665850: |   cf eb 48 3d  3d fa f4 03  99 c0 c5 00  27 8b 9c c8
Oct 31 15:24:35.665852: |   ed 58 8f f0  29 cb a6 ef  28 ec c8 ac  31 2d 4d 28
Oct 31 15:24:35.665855: |   61 66 53 90  b5 93 f2 a2  7f 81 dd 79  e2 e1 77 f8
Oct 31 15:24:35.665857: |   f1 83 16 a2  5b b1 ca cd  38 f0 c8 78  e4 d6 b0 3d
Oct 31 15:24:35.665859: |   7b 74 d2 f6  e2 a4 ac ee  53 1b c8 49  78 99 27 79
Oct 31 15:24:35.665861: |   65 21 11 2c  a0 9a 1a 7f  e7 72 46 2c  75 93 13 a5
Oct 31 15:24:35.665863: |   21 72 d4 09  d9 2c f5 33  21 e7 c1 a1  ca 1f
Oct 31 15:24:35.665865: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.665868: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665871: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665873: | emitting length of IKEv2 Encrypted Fragment: 511
Oct 31 15:24:35.665876: | emitting length of ISAKMP Message: 539
Oct 31 15:24:35.665883: | recording fragment 3
Oct 31 15:24:35.665886: | opening output PBS reply frag packet
Oct 31 15:24:35.665888: | **emit ISAKMP Message:
Oct 31 15:24:35.665894: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.665899: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.665901: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.665903: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.665906: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.665908: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.665912: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.665914: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.665917: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:24:35.665920: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.665922: |    flags: none (0x0)
Oct 31 15:24:35.665925: |    fragment number: 4 (00 04)
Oct 31 15:24:35.665928: |    total fragments: 6 (00 06)
Oct 31 15:24:35.665930: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE
Oct 31 15:24:35.665932: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.665934: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:24:35.665937: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665945: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:24:35.665948: | cleartext fragment:
Oct 31 15:24:35.665950: |   04 36 f7 21  11 a2 24 13  6c 13 7c aa  4f 24 16 45
Oct 31 15:24:35.665952: |   fb 90 e9 a5  50 a7 fa 54  ff 45 4a 11  c2 73 88 82
Oct 31 15:24:35.665954: |   e5 24 4f ea  fd 1a 2a 3c  6e 61 e7 23  c9 cf 19 b1
Oct 31 15:24:35.665956: |   0c 69 ce 53  0a 22 62 43  ed 8c 02 34  0c 83 63 07
Oct 31 15:24:35.665959: |   10 71 ea 70  bd 31 5f d3  d4 f4 9d fa  6a 95 57 a8
Oct 31 15:24:35.665961: |   99 03 33 4c  97 8c 91 56  51 6e 87 ac  21 4c d0 d8
Oct 31 15:24:35.665963: |   41 fd 18 0f  4d 2e e7 69  5b a3 ba 22  9a d2 cf 06
Oct 31 15:24:35.665964: |   29 34 2e 83  57 6f 55 d4  24 00 00 19  04 de 91 76
Oct 31 15:24:35.665966: |   61 50 ac 79  0d 0f 60 83  8c a3 c3 15  48 d1 1f d2
Oct 31 15:24:35.665968: |   d2 27 00 00  bf 09 00 00  00 30 81 b4  31 0b 30 09
Oct 31 15:24:35.665970: |   06 03 55 04  06 13 02 43  41 31 10 30  0e 06 03 55
Oct 31 15:24:35.665972: |   04 08 0c 07  4f 6e 74 61  72 69 6f 31  10 30 0e 06
Oct 31 15:24:35.665974: |   03 55 04 07  0c 07 54 6f  72 6f 6e 74  6f 31 12 30
Oct 31 15:24:35.665975: |   10 06 03 55  04 0a 0c 09  4c 69 62 72  65 73 77 61
Oct 31 15:24:35.665977: |   6e 31 18 30  16 06 03 55  04 0b 0c 0f  54 65 73 74
Oct 31 15:24:35.665979: |   20 44 65 70  61 72 74 6d  65 6e 74 31  23 30 21 06
Oct 31 15:24:35.665981: |   03 55 04 03  0c 1a 65 61  73 74 2e 74  65 73 74 69
Oct 31 15:24:35.665983: |   6e 67 2e 6c  69 62 72 65  73 77 61 6e  2e 6f 72 67
Oct 31 15:24:35.665985: |   31 2e 30 2c  06 09 2a 86  48 86 f7 0d  01 09 01 16
Oct 31 15:24:35.665986: |   1f 75 73 65  72 2d 65 61  73 74 40 74  65 73 74 69
Oct 31 15:24:35.665989: |   6e 67 2e 6c  69 62 72 65  73 77 61 6e  2e 6f 72 67
Oct 31 15:24:35.665990: |   21 00 01 cc  0e 00 00 00  43 30 41 06  09 2a 86 48
Oct 31 15:24:35.665992: |   86 f7 0d 01  01 0a 30 34  a0 0f 30 0d  06 09 60 86
Oct 31 15:24:35.665994: |   48 01 65 03  04 02 03 05  00 a1 1c 30  1a 06 09 2a
Oct 31 15:24:35.665996: |   86 48 86 f7  0d 01 01 08  30 0d 06 09  60 86 48 01
Oct 31 15:24:35.665998: |   65 03 04 02  03 05 00 a2  03 02 01 40  3f 0d f3 e8
Oct 31 15:24:35.666000: |   1e e0 f3 e1  9a 87 a5 8b  1a 14 76 b1  a2 ed c0 e1
Oct 31 15:24:35.666002: |   8f 44 df 12  34 a9 f0 49  fb b6 a8 87  02 c4 35 04
Oct 31 15:24:35.666004: |   08 e5 00 39  18 61 ce 17  47 f5 a6 ec  a8 de 93 32
Oct 31 15:24:35.666006: |   a6 09 a3 5e  b6 ef 26 0d  1a 34 14 f2  30 24
Oct 31 15:24:35.666008: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.666011: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666015: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666018: | emitting length of IKEv2 Encrypted Fragment: 511
Oct 31 15:24:35.666020: | emitting length of ISAKMP Message: 539
Oct 31 15:24:35.666028: | recording fragment 4
Oct 31 15:24:35.666031: | opening output PBS reply frag packet
Oct 31 15:24:35.666034: | **emit ISAKMP Message:
Oct 31 15:24:35.666038: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.666042: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666044: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.666046: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.666049: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.666051: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.666054: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.666057: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.666060: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:24:35.666062: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.666064: |    flags: none (0x0)
Oct 31 15:24:35.666066: |    fragment number: 5 (00 05)
Oct 31 15:24:35.666069: |    total fragments: 6 (00 06)
Oct 31 15:24:35.666071: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE
Oct 31 15:24:35.666074: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.666076: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:24:35.666078: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666082: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666084: | cleartext fragment:
Oct 31 15:24:35.666086: |   40 5c f6 7e  88 db 23 da  52 4e 8d 26  fe f5 e2 66
Oct 31 15:24:35.666088: |   cf 80 b6 47  70 03 0a 8e  4c dd 92 0d  04 dc af f5
Oct 31 15:24:35.666090: |   22 fe 7c 5e  30 19 bf 2f  97 4b ce 67  6e 9a ef 57
Oct 31 15:24:35.666092: |   44 f6 25 f2  80 0c cf eb  94 80 ab 52  f3 a9 a0 06
Oct 31 15:24:35.666093: |   ae f7 b9 e4  27 b3 e2 2f  e8 89 7d 20  4a f3 7f 64
Oct 31 15:24:35.666095: |   c6 ac 7b 7e  95 a7 fc 85  5a 94 84 33  9f 4a 6e 0c
Oct 31 15:24:35.666097: |   1b 70 c2 06  64 88 75 f6  37 04 6f fa  5e 09 d5 a5
Oct 31 15:24:35.666099: |   e0 e3 00 59  e1 57 7d 0c  62 4e cf 2b  dc 49 e8 c0
Oct 31 15:24:35.666101: |   c4 b7 58 c1  f5 5e ee c9  8b 14 73 90  25 00 57 c0
Oct 31 15:24:35.666103: |   02 17 ff 0f  53 fb b0 e8  6a ad 4a f1  13 7d cb 22
Oct 31 15:24:35.666105: |   41 c4 83 12  17 46 c9 a8  2d 29 3f ef  f1 0f 92 0d
Oct 31 15:24:35.666107: |   32 04 47 f0  f9 db 0c 65  4a 26 9f 7f  ff be 09 d5
Oct 31 15:24:35.666108: |   88 b1 61 7b  fa 12 ef de  c6 2a e9 d9  14 38 8f 8e
Oct 31 15:24:35.666111: |   01 9d c7 ed  b6 69 12 da  a6 c0 b1 9f  eb 48 d0 53
Oct 31 15:24:35.666112: |   32 92 42 64  71 ff 6c 66  bd 5d 0b 10  dc 63 78 fb
Oct 31 15:24:35.666114: |   2f 1d 93 19  98 fd dc 55  8d e7 42 72  34 c1 76 59
Oct 31 15:24:35.666116: |   56 7e 5f 51  0c da f8 8a  55 65 e1 ed  c6 43 74 60
Oct 31 15:24:35.666118: |   ed 0f 69 32  e3 22 c7 73  f7 44 41 d8  55 2b c9 49
Oct 31 15:24:35.666120: |   36 67 e1 9e  6b a1 06 d5  13 07 6c b6  48 b3 36 7b
Oct 31 15:24:35.666122: |   76 94 37 1d  ab 8f 5d ba  22 42 8a e0  2d ac 2c 00
Oct 31 15:24:35.666124: |   00 a4 02 00  00 20 01 03  04 02 b0 82  2f 84 03 00
Oct 31 15:24:35.666126: |   00 0c 01 00  00 14 80 0e  01 00 00 00  00 08 05 00
Oct 31 15:24:35.666128: |   00 00 02 00  00 20 02 03  04 02 b0 82  2f 84 03 00
Oct 31 15:24:35.666130: |   00 0c 01 00  00 14 80 0e  00 80 00 00  00 08 05 00
Oct 31 15:24:35.666132: |   00 00 02 00  00 30 03 03  04 04 b0 82  2f 84 03 00
Oct 31 15:24:35.666134: |   00 0c 01 00  00 0c 80 0e  01 00 03 00  00 08 03 00
Oct 31 15:24:35.666136: |   00 0e 03 00  00 08 03 00  00 0c 00 00  00 08 05 00
Oct 31 15:24:35.666139: |   00 00 00 00  00 30 04 03  04 04 b0 82  2f 84 03 00
Oct 31 15:24:35.666141: |   00 0c 01 00  00 0c 80 0e  00 80 03 00  00 08 03 00
Oct 31 15:24:35.666143: |   00 0e 03 00  00 08 03 00  00 0c 00 00  00 08
Oct 31 15:24:35.666146: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.666148: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666151: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666153: | emitting length of IKEv2 Encrypted Fragment: 511
Oct 31 15:24:35.666155: | emitting length of ISAKMP Message: 539
Oct 31 15:24:35.666163: | recording fragment 5
Oct 31 15:24:35.666166: | opening output PBS reply frag packet
Oct 31 15:24:35.666168: | **emit ISAKMP Message:
Oct 31 15:24:35.666172: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.666176: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666178: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.666180: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.666183: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.666185: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.666189: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.666192: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.666195: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:24:35.666197: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.666209: |    flags: none (0x0)
Oct 31 15:24:35.666212: |    fragment number: 6 (00 06)
Oct 31 15:24:35.666215: |    total fragments: 6 (00 06)
Oct 31 15:24:35.666218: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE
Oct 31 15:24:35.666221: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.666223: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:24:35.666226: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666231: | emitting 52 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666233: | cleartext fragment:
Oct 31 15:24:35.666236: |   05 00 00 00  2d 00 00 18  01 00 00 00  07 00 00 10
Oct 31 15:24:35.666238: |   00 00 ff ff  c0 00 03 00  c0 00 03 ff  00 00 00 18
Oct 31 15:24:35.666240: |   01 00 00 00  07 00 00 10  00 00 ff ff  c0 00 02 00
Oct 31 15:24:35.666242: |   c0 00 02 ff
Oct 31 15:24:35.666245: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.666247: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666250: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:24:35.666252: | emitting length of IKEv2 Encrypted Fragment: 85
Oct 31 15:24:35.666254: | emitting length of ISAKMP Message: 113
Oct 31 15:24:35.666262: | recording fragment 6
Oct 31 15:24:35.666267: | delref logger@0x556b66401c48(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:35.666270: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.666273: | delref fd@0x556b6640b548(5->4) (in free_logger() at log.c:854)
Oct 31 15:24:35.666278: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2
Oct 31 15:24:35.666287: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.666292: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.666298: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL
Oct 31 15:24:35.666301: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2
Oct 31 15:24:35.666305: | Message ID: updating counters for #2
Oct 31 15:24:35.666314: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744550.06318 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:35.666322: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744550.06318->744550.099104 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=0->-1 child.wip.responder=-1
Oct 31 15:24:35.666328: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744550.099104 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=1 child.wip.responder=-1
Oct 31 15:24:35.666333: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
Oct 31 15:24:35.666348: | event_schedule: newref EVENT_RETRANSMIT-pe@0x556b66401c48
Oct 31 15:24:35.666352: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2
Oct 31 15:24:35.666356: | libevent_malloc: newref ptr-libevent@0x556b66416378 size 128
Oct 31 15:24:35.666362: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744550.099143
Oct 31 15:24:35.666369: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744550.099104 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1->1 child.wip.responder=-1
Oct 31 15:24:35.666375: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744550.099104 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:35.666379: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA)
Oct 31 15:24:35.666382: | announcing the state transition
Oct 31 15:24:35.666388: "northnet-eastnets/0x2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Oct 31 15:24:35.666398: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.666401: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666403: |   35 20 23 08  00 00 00 01  00 00 02 1b  23 00 01 ff
Oct 31 15:24:35.666406: |   00 01 00 06  62 ee 24 49  38 cd 0e 77  14 80 5d fa
Oct 31 15:24:35.666408: |   04 8a d1 01  b3 44 88 eb  c5 6e ce e9  33 5b 14 51
Oct 31 15:24:35.666410: |   46 a2 33 69  1a 39 ac 8d  04 61 fe 52  62 19 82 8a
Oct 31 15:24:35.666412: |   1a 30 7a 0a  2f e8 98 32  c1 20 f2 cc  84 8c b7 96
Oct 31 15:24:35.666415: |   19 18 b4 38  25 7f 2a f7  71 f9 48 c7  5b 00 3e e1
Oct 31 15:24:35.666417: |   28 43 b6 da  aa 70 14 27  62 5c e8 ab  7e 5f 4d a0
Oct 31 15:24:35.666418: |   e9 57 ec e5  9a 7a 76 80  a5 2e ad 35  1c 14 cd a5
Oct 31 15:24:35.666421: |   b4 38 7a 38  f0 92 9c 95  32 56 13 dd  62 8b e4 7a
Oct 31 15:24:35.666423: |   82 50 84 03  dd 82 2c 94  56 5a 28 67  55 e5 41 4d
Oct 31 15:24:35.666425: |   a4 4a 34 b8  75 04 3f 6b  c9 ef 82 0a  8c b1 0b 6a
Oct 31 15:24:35.666426: |   dc 7f b7 34  4f d5 9f 54  7f 22 ac 23  28 7d 8b 4a
Oct 31 15:24:35.666428: |   a8 5b f8 9a  9d 67 05 8a  30 dc e4 59  a7 58 f8 ec
Oct 31 15:24:35.666431: |   59 d2 15 c2  1e c1 f7 30  33 fb 22 ca  a5 b2 cb 7d
Oct 31 15:24:35.666433: |   e6 a5 b9 56  22 9d b3 24  24 0d 41 e8  0a 10 89 e7
Oct 31 15:24:35.666435: |   9d ae 10 de  5e 08 96 91  30 f0 1c 31  35 d4 09 e5
Oct 31 15:24:35.666437: |   3e d0 c9 4d  65 af 74 3a  c2 3b 97 30  ad 34 e5 49
Oct 31 15:24:35.666439: |   73 09 57 6c  18 26 74 5d  a6 f3 40 1c  cf 7d 70 fe
Oct 31 15:24:35.666445: |   69 ea 57 dc  f8 34 39 13  f2 7a 5b 60  79 c1 86 51
Oct 31 15:24:35.666448: |   31 eb 40 17  77 29 0c bb  71 8c 95 d3  8c fd 08 aa
Oct 31 15:24:35.666450: |   cd d9 44 ce  23 6d 3e 86  b8 5d 40 d6  de 20 ee 1f
Oct 31 15:24:35.666453: |   a0 8a 0d 94  d8 f7 fe cb  ce 90 70 ac  34 83 e3 7a
Oct 31 15:24:35.666454: |   c8 f5 7c bb  ba 4a ae a0  e0 47 3c d2  20 d1 ad 91
Oct 31 15:24:35.666457: |   cb 92 77 ce  0c 6d fd eb  f4 eb f7 ec  51 74 8f 04
Oct 31 15:24:35.666459: |   c2 c3 9a ff  0c 11 f4 e0  9e 18 70 9e  c0 0e 7e ae
Oct 31 15:24:35.666461: |   c3 d8 10 c7  1c 79 e9 2a  d7 5d 0a 9e  c4 31 cb c7
Oct 31 15:24:35.666463: |   4d a5 2f 6f  85 1c b7 2e  9e 39 16 8d  44 ec 3e 49
Oct 31 15:24:35.666465: |   9f d5 58 a8  66 a9 5b b1  9a a6 7c 22  ed 6d ad 61
Oct 31 15:24:35.666467: |   0e cc 14 81  d5 3b 17 51  4c b3 90 8d  cb c2 2a 01
Oct 31 15:24:35.666469: |   11 43 c8 d3  86 eb 2f 57  23 21 35 62  1d 8e ad 6c
Oct 31 15:24:35.666472: |   df 60 08 de  26 ea 47 f6  0a 4e 3b fd  67 f5 97 bf
Oct 31 15:24:35.666473: |   85 24 5c e1  15 0d e9 e2  27 b8 f1 61  84 67 6e 9f
Oct 31 15:24:35.666476: |   8b 10 84 e5  bc ca 87 49  40 e1 2a
Oct 31 15:24:35.666541: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.666545: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666546: |   35 20 23 08  00 00 00 01  00 00 02 1b  00 00 01 ff
Oct 31 15:24:35.666548: |   00 02 00 06  da dc 6e bd  ed 2d f5 f0  21 32 8e ec
Oct 31 15:24:35.666550: |   09 96 dc d1  66 2a 80 a2  9e 8c 06 5f  f5 1a ec bb
Oct 31 15:24:35.666553: |   c7 b0 b0 f1  68 67 1e 9b  8d 10 a0 59  34 40 a3 d6
Oct 31 15:24:35.666555: |   9b ca c3 6d  be be 42 2b  d3 1b 98 2a  2a db 63 e4
Oct 31 15:24:35.666556: |   db 9e 22 00  c2 8c 36 2a  07 ea a9 65  98 f5 f1 2c
Oct 31 15:24:35.666558: |   5e 5c a7 b9  c0 dd 71 7f  a2 38 17 6f  d0 d7 fd 7d
Oct 31 15:24:35.666560: |   b3 31 82 5d  11 50 0f c0  b8 e6 38 b5  53 06 ff 35
Oct 31 15:24:35.666562: |   7e e9 dd 51  5c d0 b4 88  a9 9a 27 d8  b5 b4 b0 20
Oct 31 15:24:35.666563: |   5b 7b 92 81  d6 98 a0 3c  f6 e3 4c d5  52 4b f6 63
Oct 31 15:24:35.666566: |   12 65 45 52  ea 29 2d 89  15 bf 10 05  fe a7 56 6e
Oct 31 15:24:35.666568: |   e6 ad 53 4c  de 98 92 86  75 48 17 04  e1 fe 4a 23
Oct 31 15:24:35.666569: |   1e df ca 6a  fc 1c 64 3c  18 81 4a f9  36 ec e0 ec
Oct 31 15:24:35.666572: |   85 f7 88 3a  4a e8 69 7d  86 59 0a 01  ea 2c 8d 20
Oct 31 15:24:35.666573: |   5e 35 8b fd  f2 53 55 0b  dd f1 dd 84  80 4b c5 b1
Oct 31 15:24:35.666575: |   5c da a7 e1  2a 37 42 b3  be 42 86 b7  06 df b5 ca
Oct 31 15:24:35.666577: |   9c 46 a4 6e  ea e7 f4 da  9b 75 8d bf  5f e1 91 c6
Oct 31 15:24:35.666579: |   17 06 63 9e  d6 a5 44 94  5b 84 66 88  7b 14 e1 ab
Oct 31 15:24:35.666581: |   8f 92 de a5  f6 9f 52 e1  c1 89 7c 41  b4 07 a6 35
Oct 31 15:24:35.666583: |   0e 65 00 22  fc 75 d0 d4  71 75 02 e9  aa 9f 02 77
Oct 31 15:24:35.666585: |   fc 5e 28 a3  ea 07 4f 5e  dd f0 6f 22  29 35 8a 24
Oct 31 15:24:35.666588: |   18 5f 40 1c  a5 cd f4 0c  f6 7f 3e f7  44 b2 0d 31
Oct 31 15:24:35.666590: |   82 a5 a1 ff  26 40 d0 9e  8c 4e 1f fb  dc e4 c8 af
Oct 31 15:24:35.666592: |   64 e8 94 0b  42 8f 9b ac  33 30 69 ed  f0 d6 64 09
Oct 31 15:24:35.666594: |   40 2f 7d e1  90 53 60 a5  4f 4f ad 09  c3 a2 bc 80
Oct 31 15:24:35.666596: |   5f 3f 81 62  74 be 5b 6c  c5 ba a3 10  69 9c 58 61
Oct 31 15:24:35.666599: |   c0 7f cc 9e  e1 80 b4 93  19 56 32 fd  d5 21 a6 c3
Oct 31 15:24:35.666601: |   d0 3e e7 6f  ec 42 00 2c  86 ff b2 69  ba 2e 25 0a
Oct 31 15:24:35.666603: |   ef 22 09 07  cb c1 ee 48  ed b0 94 09  a5 aa c4 84
Oct 31 15:24:35.666606: |   c0 e6 af 8a  28 3b a5 07  97 84 09 f9  15 f9 34 1f
Oct 31 15:24:35.666608: |   0b 5a 12 32  fd 73 64 d9  9f 59 5b fd  f1 d4 1e 4a
Oct 31 15:24:35.666611: |   4a 84 ca 0b  5d 1b 28 62  d1 b4 51 f6  f3 91 65 32
Oct 31 15:24:35.666613: |   22 dd 44 3a  54 31 5c 40  98 f4 38
Oct 31 15:24:35.666636: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.666640: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666643: |   35 20 23 08  00 00 00 01  00 00 02 1b  00 00 01 ff
Oct 31 15:24:35.666645: |   00 03 00 06  ae 33 d6 05  be 27 ef d3  07 d3 8a f6
Oct 31 15:24:35.666647: |   47 55 11 ac  fd 6a 82 eb  3e bc e5 de  3e b8 23 fb
Oct 31 15:24:35.666649: |   e8 70 a9 a8  2f 21 94 6d  20 f2 9e ec  ad d4 20 ff
Oct 31 15:24:35.666652: |   3a 41 d4 dc  11 c3 97 1e  b7 d6 6d 15  aa f4 c2 e6
Oct 31 15:24:35.666654: |   3e 35 1a b5  91 d0 18 44  68 ab 63 bf  fc aa 67 c1
Oct 31 15:24:35.666657: |   94 02 5e 84  d2 21 23 66  5d 75 9b a6  5a cf 56 c7
Oct 31 15:24:35.666659: |   ba c1 15 71  29 75 e2 4e  71 c8 bf c1  e1 c0 c9 2a
Oct 31 15:24:35.666661: |   86 b3 e3 d0  4e 14 c8 db  7a 1d 40 e6  88 5a 08 0f
Oct 31 15:24:35.666664: |   a4 fd a9 cf  03 05 64 44  a6 3b 22 36  53 0c 7b b1
Oct 31 15:24:35.666666: |   73 60 6e 1a  99 72 54 82  cf f9 0d 89  f1 f4 8d 83
Oct 31 15:24:35.666668: |   2e 31 8b 61  e7 8a 2a 95  92 d1 22 7d  18 3e 94 53
Oct 31 15:24:35.666671: |   05 77 56 37  d5 e6 c1 50  62 9b d2 03  e4 7b 28 17
Oct 31 15:24:35.666673: |   ce 32 bb 90  92 36 30 d5  b9 2e 0a c6  f0 17 8b 93
Oct 31 15:24:35.666675: |   1e 7b fe 3b  de d6 29 a3  f9 a3 a6 f1  92 7a 5a b3
Oct 31 15:24:35.666677: |   fa a6 44 fe  d3 f3 6c 4b  51 60 6e de  b5 95 9d 33
Oct 31 15:24:35.666679: |   ff 30 7a aa  ef 34 eb c3  66 01 32 14  78 b4 2d e8
Oct 31 15:24:35.666682: |   c2 f7 76 f3  f2 d6 35 1f  bc b8 f0 07  e4 88 7d 90
Oct 31 15:24:35.666684: |   87 fe 4c eb  cc 37 be 37  1e 1e e0 fe  fc c2 ae 36
Oct 31 15:24:35.666686: |   81 af da 56  0a c2 4d 02  ce 88 9f 1a  b1 00 1d 28
Oct 31 15:24:35.666689: |   71 9e b5 2f  f1 9b 7c 9a  9e d0 25 fc  26 0c 46 cd
Oct 31 15:24:35.666691: |   70 5b 45 e6  17 99 95 eb  0e 00 be 01  80 8c 17 73
Oct 31 15:24:35.666693: |   ab 01 cf 06  e6 b3 38 46  35 68 b1 f1  0f bb 97 35
Oct 31 15:24:35.666696: |   92 93 8b 7e  af 08 29 e6  84 73 9e e0  9c 03 da 58
Oct 31 15:24:35.666698: |   5d 06 85 5e  ec 10 69 b7  06 ca b3 41  8f 0b b3 b5
Oct 31 15:24:35.666700: |   07 1c 66 44  9e e5 ce 3c  54 44 65 05  df a1 fc 9d
Oct 31 15:24:35.666702: |   10 69 09 25  47 8e e3 64  fe 0a 71 93  83 85 3a 07
Oct 31 15:24:35.666705: |   09 de 16 6f  2d 02 2f 9a  7a a0 91 57  22 be 68 c0
Oct 31 15:24:35.666707: |   4e fd 36 5b  35 27 0d 47  2b 93 a4 70  73 45 cf 4e
Oct 31 15:24:35.666709: |   f3 4b 72 d1  67 e2 bc 9b  9a 8f 87 d4  6c 79 c3 b9
Oct 31 15:24:35.666712: |   19 77 3b 36  9d c9 68 a0  0a 2c 90 50  cf 1a d4 0c
Oct 31 15:24:35.666714: |   8f a9 57 0e  b1 07 16 13  c5 b0 b3 ad  3f be 75 d2
Oct 31 15:24:35.666716: |   5f ae c4 50  9d 81 a2 32  6c de 81
Oct 31 15:24:35.666731: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.666734: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666736: |   35 20 23 08  00 00 00 01  00 00 02 1b  00 00 01 ff
Oct 31 15:24:35.666739: |   00 04 00 06  86 4f fe b6  d2 cf 44 8a  af 41 4c d0
Oct 31 15:24:35.666741: |   8b 16 40 3d  10 73 a0 0b  29 9f d0 76  a7 5a 8a de
Oct 31 15:24:35.666743: |   c6 96 97 ca  b1 fc 5e 52  0c bd 24 b1  38 80 4e 99
Oct 31 15:24:35.666745: |   eb 26 59 6b  e5 d1 25 b6  d7 2e 25 a2  d5 70 b6 ac
Oct 31 15:24:35.666747: |   ad 9f 50 9c  20 bf 45 f8  b1 b0 d2 37  0f 8d 3a 97
Oct 31 15:24:35.666750: |   c6 f7 f8 35  9d 13 6d 8a  ce d6 0f 71  ac d1 f7 db
Oct 31 15:24:35.666752: |   4d 5b f6 39  65 9d 5d 6d  08 85 04 d0  0e d9 bc a9
Oct 31 15:24:35.666754: |   b7 2b 3e df  18 63 a4 1c  5c 4a ce f3  2b 19 f8 a6
Oct 31 15:24:35.666756: |   17 c1 d6 09  9c 25 2c 03  f9 dd be a0  85 9a d3 bc
Oct 31 15:24:35.666759: |   08 e5 c1 0a  35 5c 7a a2  af 2b 46 fa  8f 0e d7 78
Oct 31 15:24:35.666761: |   ad 86 97 4e  77 b6 b2 f6  83 c9 d6 cc  54 74 2a e2
Oct 31 15:24:35.666763: |   22 a6 e0 9e  c9 cb 32 fc  0c 10 dd 26  50 ea 3e 16
Oct 31 15:24:35.666765: |   94 48 00 b5  43 41 8b 3a  2b c4 bb 4c  96 b2 70 ef
Oct 31 15:24:35.666768: |   71 8a 2d 88  46 dd 06 7d  3f 94 58 16  99 55 e3 42
Oct 31 15:24:35.666772: |   c3 4b 5f 21  b8 bb 65 f0  d4 d6 05 3e  c4 41 f8 e6
Oct 31 15:24:35.666774: |   bd 93 37 4d  67 b2 fc 8f  46 29 d0 6e  0b ce af c9
Oct 31 15:24:35.666777: |   63 6e 87 7f  0c e6 b0 f6  a9 33 32 9d  d9 f6 07 d8
Oct 31 15:24:35.666779: |   72 ec c5 c8  f0 fd 56 95  6c de e1 e9  84 e5 8a 27
Oct 31 15:24:35.666781: |   9c 25 40 e1  cd e5 c5 3d  3f 2b 21 10  ef e8 93 87
Oct 31 15:24:35.666784: |   c5 82 1b ec  97 55 f5 34  7a 2d 4f dc  7d e2 b0 fd
Oct 31 15:24:35.666786: |   01 eb d8 ea  4c 04 e9 c1  78 1e cc 29  4d ae 63 13
Oct 31 15:24:35.666788: |   cc 5a c4 be  72 1f af ee  a1 ce c1 cc  36 e9 4c 27
Oct 31 15:24:35.666790: |   77 a1 f7 b5  c8 51 ee 8d  21 83 eb d1  1e 0e 23 4f
Oct 31 15:24:35.666792: |   ec fd 41 4c  d2 0d 95 a0  a9 18 9a 1c  34 cc 84 48
Oct 31 15:24:35.666794: |   a5 27 57 42  df 21 ac ba  1c 60 a3 9c  46 64 b2 4c
Oct 31 15:24:35.666797: |   52 a5 5a 9a  d5 6e 29 3f  f5 ee a8 3c  e4 5b 00 c8
Oct 31 15:24:35.666799: |   74 44 6f d8  7a fb b8 de  85 65 5d 3d  0b 72 a8 6a
Oct 31 15:24:35.666801: |   a2 59 a2 c0  4e aa 44 c2  22 70 b0 c2  31 ca 22 73
Oct 31 15:24:35.666803: |   9d 3d b9 ab  42 8a 15 36  3e c9 4c be  02 a9 c1 92
Oct 31 15:24:35.666805: |   6c 13 0d d8  6a 2e f4 a6  72 8e 55 ce  ff dd 2b e7
Oct 31 15:24:35.666807: |   13 9e 29 c5  50 17 6a 26  6b f5 ac 53  86 72 bb 53
Oct 31 15:24:35.666810: |   20 75 f5 46  9a e8 8f d3  69 c0 4e
Oct 31 15:24:35.666826: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.666829: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666831: |   35 20 23 08  00 00 00 01  00 00 02 1b  00 00 01 ff
Oct 31 15:24:35.666833: |   00 05 00 06  91 3b 96 f3  ad 74 4a 80  43 30 c6 99
Oct 31 15:24:35.666836: |   a4 46 cc cc  8c 49 01 3f  f3 3a a3 0f  c7 fe a0 43
Oct 31 15:24:35.666838: |   d3 03 44 5d  14 97 8f 9a  aa 24 8c e3  cf f1 69 b6
Oct 31 15:24:35.666840: |   12 d5 b2 92  f0 df 2d 4b  0f e1 75 bb  cf af 28 ff
Oct 31 15:24:35.666842: |   ef 1c 9d 26  d9 32 2e 17  20 f4 dc cb  ba aa 58 e3
Oct 31 15:24:35.666844: |   c9 38 34 d7  c5 18 df 1d  56 08 a8 f7  1e dc 39 e8
Oct 31 15:24:35.666847: |   12 77 fd 04  89 53 95 20  a6 a2 62 ed  7c ac 14 97
Oct 31 15:24:35.666849: |   d4 f8 c0 ba  6c c6 19 5c  01 be be 84  63 da f9 94
Oct 31 15:24:35.666851: |   8d dc 96 f0  71 0f b6 d3  35 ba 9c 9c  a4 e6 5c 56
Oct 31 15:24:35.666853: |   f6 91 bd f3  97 fc 8c 5b  b5 33 da 5b  d7 36 1f 6f
Oct 31 15:24:35.666855: |   e3 f8 de 44  d4 92 7c cb  42 c5 98 a7  16 8f f6 c9
Oct 31 15:24:35.666858: |   13 eb 6b f8  48 94 51 3d  60 a1 3a 7b  8b 85 26 1c
Oct 31 15:24:35.666860: |   9e f1 70 90  07 01 a1 0d  81 38 63 6c  49 f2 15 20
Oct 31 15:24:35.666863: |   ac d1 69 2b  ce 92 98 e2  d3 be 0f ac  1f 2f c2 6e
Oct 31 15:24:35.666865: |   08 ef 0e c4  48 d8 df 3e  c6 2e 67 23  77 82 42 4d
Oct 31 15:24:35.666867: |   d5 6f 4c 1c  e2 30 d5 f2  71 40 b4 51  92 ea 27 60
Oct 31 15:24:35.666870: |   2b d8 02 3e  98 e1 21 ff  a5 db 1c 26  44 69 c8 45
Oct 31 15:24:35.666872: |   41 82 78 ad  bb 9e 61 2c  0c dc a4 7e  3f e0 d3 14
Oct 31 15:24:35.666874: |   0f 89 80 bd  c2 5f 00 62  4c 7e b7 43  d0 43 52 bd
Oct 31 15:24:35.666877: |   22 ca 1f 67  3f 98 d5 69  d2 36 32 bc  7f 8a 5d 92
Oct 31 15:24:35.666879: |   79 2a 3d 9b  cb cd 8b 1d  55 b7 d2 b0  1a c2 31 2e
Oct 31 15:24:35.666881: |   e8 0f 12 5b  c7 fd 06 a1  7a d9 7e 42  ec 42 bc 7e
Oct 31 15:24:35.666884: |   e7 4c 1a db  ba 83 c0 27  7c 18 27 e0  52 fb 72 dd
Oct 31 15:24:35.666886: |   6c 84 81 1d  d0 95 27 fe  4c 35 93 29  84 66 4e ed
Oct 31 15:24:35.666888: |   7b 3e 66 89  40 7d 64 dd  e8 ad d3 cb  d8 59 29 37
Oct 31 15:24:35.666891: |   c0 57 8e 45  e0 95 dd 86  ce 60 db 60  b6 f6 fb 0e
Oct 31 15:24:35.666893: |   81 54 0e f0  99 33 f0 56  25 2a 76 de  96 61 5c 4f
Oct 31 15:24:35.666895: |   02 34 e5 12  1f 46 2b 96  cf 89 c4 fa  c2 ff b0 16
Oct 31 15:24:35.666898: |   c7 5b 15 af  95 0f 8a ca  50 6c 34 3d  13 57 8d b6
Oct 31 15:24:35.666900: |   90 90 41 49  30 23 42 ab  cb e8 d4 75  f6 74 d5 fe
Oct 31 15:24:35.666904: |   c2 ec e4 a2  57 6f 2d f5  d2 fa 43 65  52 d0 46 d1
Oct 31 15:24:35.666907: |   19 eb 13 1a  23 6b e7 07  51 de 20
Oct 31 15:24:35.666923: | sending 113 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.666926: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.666928: |   35 20 23 08  00 00 00 01  00 00 00 71  00 00 00 55
Oct 31 15:24:35.666931: |   00 06 00 06  03 1a f3 b5  5b 1e 90 d7  f4 64 fd 75
Oct 31 15:24:35.666933: |   c7 df a1 5f  fe f0 ee 37  a4 7a d7 81  c6 91 3f 0b
Oct 31 15:24:35.666935: |   05 c7 aa 5a  32 71 e2 ca  50 ad a9 31  03 a7 bf 4a
Oct 31 15:24:35.666937: |   ea 1b d6 06  ac 62 bb c8  bb 21 30 e2  1d 33 55 6a
Oct 31 15:24:35.666940: |   01 60 fb 4d  b9 59 64 25  c1 f7 d3 6f  ba e9 47 3e
Oct 31 15:24:35.666942: |   bf
Oct 31 15:24:35.666953: | sent 6 messages
Oct 31 15:24:35.666956: | checking that a retransmit timeout_event was already
Oct 31 15:24:35.666959: | state #2 has no .st_event to delete
Oct 31 15:24:35.666963: | delref mdp@0x556b6640e158(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:35.666966: | delref logger@0x556b663f86f8(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:35.666969: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.666971: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.666979: | #1 spent 3.71 (3.84) milliseconds in resume sending helper answer back to state
Oct 31 15:24:35.666985: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:24:35.666990: | libevent_free: delref ptr-libevent@0x7f6fe4000da8
Oct 31 15:24:35.791931: | spent 0.00221 (0.00222) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:35.791951: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.791955: | newref alloc logger@0x556b66403728(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.791962: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:35.791965: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.791967: |   35 20 23 20  00 00 00 01  00 00 02 1b  24 00 01 ff
Oct 31 15:24:35.791969: |   00 01 00 05  ad ab e0 86  8f 95 71 86  22 58 8e 6f
Oct 31 15:24:35.791971: |   f0 11 98 d2  d2 e4 22 d1  ce 78 4a 61  8e ec 0a 48
Oct 31 15:24:35.791973: |   cc 77 1c 93  c4 cc 67 f5  83 56 3f a5  25 df 99 dd
Oct 31 15:24:35.791976: |   b1 30 3e 9b  98 54 ff 57  33 db 61 96  ae 10 b0 b4
Oct 31 15:24:35.791978: |   5e 6a 49 17  85 28 c5 f9  49 73 ec 94  f8 e7 e2 57
Oct 31 15:24:35.791980: |   a7 40 6f 8e  02 13 62 49  fa 6f 20 93  c4 af 81 31
Oct 31 15:24:35.791982: |   b9 f2 9d 29  40 b8 71 80  44 8f 44 13  f3 8c bd 27
Oct 31 15:24:35.791984: |   5e 5b 88 88  74 14 66 d3  ae 59 6c 6a  50 75 9d 64
Oct 31 15:24:35.791986: |   14 05 20 0b  f1 01 ea 99  d9 a8 cc 68  96 d4 af 2e
Oct 31 15:24:35.791988: |   ef 57 cb 43  d3 87 4f ce  2e f8 ea df  f2 e4 74 7b
Oct 31 15:24:35.791990: |   98 91 5d 13  a0 70 a4 13  b6 fa dd 97  54 d6 d9 78
Oct 31 15:24:35.791992: |   e5 b8 4a c1  2d 69 4b a1  2a 68 90 01  a4 f5 df 61
Oct 31 15:24:35.791994: |   48 f7 d6 66  b0 ca 96 36  ed 32 63 d7  4b b9 4a e1
Oct 31 15:24:35.791996: |   c9 cc 72 52  0c cc 3e 04  0b 21 25 ae  ba 7f 1b c2
Oct 31 15:24:35.791998: |   33 32 d7 7a  fa b4 0a b1  d2 e4 7a a7  dd 9e ef df
Oct 31 15:24:35.792000: |   51 7f b1 15  90 4b 61 71  ff 3d a2 20  5e 42 20 18
Oct 31 15:24:35.792002: |   58 8c 72 99  16 0b f0 1c  09 2c 79 f4  8b 98 5a 39
Oct 31 15:24:35.792004: |   25 01 fd bd  f5 ae c8 dc  dd d9 52 0d  6c df e2 76
Oct 31 15:24:35.792006: |   d1 fd 55 12  98 5d 47 df  31 e8 c7 0d  26 b5 f7 58
Oct 31 15:24:35.792008: |   27 0a a1 c4  58 56 00 a0  a1 82 f2 e8  15 16 44 54
Oct 31 15:24:35.792010: |   57 6d 53 2a  63 9e 4d 20  bf 7d 40 06  69 92 cc c3
Oct 31 15:24:35.792012: |   6b 5c ee 47  fc 58 0c 57  02 1e 30 09  43 8b 85 c2
Oct 31 15:24:35.792014: |   d9 6f 16 12  42 98 72 8a  87 7e 7e f1  03 a8 34 84
Oct 31 15:24:35.792019: |   72 55 ac 26  b0 f1 eb 5a  ee 6a 2e dd  54 14 a3 51
Oct 31 15:24:35.792021: |   11 13 d3 de  b6 a6 0b f2  b0 e6 d9 0d  dc fa 18 b4
Oct 31 15:24:35.792023: |   9d c5 a1 e1  3b 26 7e 20  c3 4c 13 40  fe f4 11 ab
Oct 31 15:24:35.792025: |   b4 a6 8b 76  ba 89 25 3a  3c a0 e1 50  e2 cb da a0
Oct 31 15:24:35.792027: |   e6 a9 a4 5e  ba 31 4e 27  ab 94 06 1e  be 56 53 55
Oct 31 15:24:35.792029: |   fd cf 4d b0  a1 49 4b 11  a7 06 3d bc  7d b9 97 34
Oct 31 15:24:35.792031: |   7d e4 63 a9  3c fc 0c 4a  41 a6 e5 e8  ae 33 2a 53
Oct 31 15:24:35.792033: |   ce 3d c3 ff  89 09 3b 7f  eb 95 70 78  18 b0 69 2c
Oct 31 15:24:35.792035: |   c1 59 b6 6f  1b 0f 24 ee  6e a2 c1
Oct 31 15:24:35.792039: | **parse ISAKMP Message:
Oct 31 15:24:35.792044: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.792047: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.792050: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Oct 31 15:24:35.792053: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.792055: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.792057: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:35.792061: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.792064: |    length: 539 (00 00 02 1b)
Oct 31 15:24:35.792067: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Oct 31 15:24:35.792070: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response 
Oct 31 15:24:35.792075: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa)
Oct 31 15:24:35.792082: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:35.792085: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip)
Oct 31 15:24:35.792088: | #2 is idle
Oct 31 15:24:35.792090: | #2 idle
Oct 31 15:24:35.792094: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792099: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792101: | unpacking clear payload
Oct 31 15:24:35.792104: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.792107: | ***parse IKEv2 Encrypted Fragment:
Oct 31 15:24:35.792109: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Oct 31 15:24:35.792112: |    flags: none (0x0)
Oct 31 15:24:35.792115: |    length: 511 (01 ff)
Oct 31 15:24:35.792118: |    fragment number: 1 (00 01)
Oct 31 15:24:35.792121: |    total fragments: 5 (00 05)
Oct 31 15:24:35.792123: | processing payload: ISAKMP_NEXT_v2SKF (len=503)
Oct 31 15:24:35.792126: | #2 in state PARENT_I2: sent IKE_AUTH request
Oct 31 15:24:35.792129: | received IKE encrypted fragment number '1', total number '5', next payload '36'
Oct 31 15:24:35.792135: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:35.792140: | #1 spent 0.218 (0.217) milliseconds in ikev2_process_packet()
Oct 31 15:24:35.792143: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:35.792146: | delref mdp@0x556b6640e158(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.792149: | delref logger@0x556b66403728(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.792151: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.792154: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.792159: | spent 0.237 (0.236) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:35.792169: | spent 0.00165 (0.00164) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:35.792174: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.792177: | newref alloc logger@0x556b66403728(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.792182: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:35.792186: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.792188: |   35 20 23 20  00 00 00 01  00 00 02 1b  00 00 01 ff
Oct 31 15:24:35.792190: |   00 02 00 05  d1 1a 06 f9  ca b7 2c 82  eb aa 53 a0
Oct 31 15:24:35.792192: |   87 24 92 72  35 f4 dd f1  ec 5c bf 0d  d8 2a 20 01
Oct 31 15:24:35.792194: |   e3 0d fc 23  da e9 0f ec  32 38 16 29  03 9a 8e 3f
Oct 31 15:24:35.792196: |   79 24 62 af  12 74 45 9a  76 9b ae 1e  79 d0 7d 8e
Oct 31 15:24:35.792215: |   ea 88 b2 dd  b7 29 4d 84  f4 83 b8 89  6e 42 f8 a0
Oct 31 15:24:35.792219: |   2b aa 24 75  76 15 0d 26  57 d5 13 d0  3e 02 4f 48
Oct 31 15:24:35.792222: |   13 fa a5 78  90 96 21 44  b9 7a 49 2e  9a 81 8b d3
Oct 31 15:24:35.792224: |   2d 69 9f ce  91 58 80 50  dc 47 e8 5b  54 b8 6c 87
Oct 31 15:24:35.792226: |   80 aa f4 4b  dd a3 f4 8f  2a d0 0c cc  eb 84 60 24
Oct 31 15:24:35.792228: |   68 9d 5c 5c  83 88 6e f9  4f b9 23 3b  13 a4 b7 7a
Oct 31 15:24:35.792230: |   8b 31 86 d1  61 d1 e0 7d  94 5a a4 c6  2d 1d e2 e5
Oct 31 15:24:35.792232: |   e3 ab f9 bc  65 b7 c3 04  5b b1 07 1b  70 cf 19 99
Oct 31 15:24:35.792234: |   38 9d 71 88  d9 35 e8 e5  bf b1 86 d9  89 f1 28 fb
Oct 31 15:24:35.792235: |   6e 7d bb c8  65 d0 05 26  0a 25 5b a9  58 d5 ee 63
Oct 31 15:24:35.792237: |   c7 3e eb 96  36 70 79 a5  7d 15 ae f8  f3 a9 2d 23
Oct 31 15:24:35.792239: |   f1 9e 72 9b  2b 77 04 66  40 ce 8b de  2e d5 68 40
Oct 31 15:24:35.792241: |   5f 84 b2 db  36 1f 5c 1a  79 dd 7e 17  9f 28 a2 78
Oct 31 15:24:35.792243: |   f1 b3 b1 a4  0f fe 47 3a  1a 01 97 5b  df ad f4 3d
Oct 31 15:24:35.792245: |   da 1d ec 7d  62 81 1a cf  2e cf 37 0e  10 15 cb e9
Oct 31 15:24:35.792247: |   27 1b cc e5  60 38 d3 a7  90 24 c4 2a  14 45 67 c6
Oct 31 15:24:35.792249: |   b5 36 8f 7d  4c a5 30 c6  12 f7 dd 9a  03 bd 0b eb
Oct 31 15:24:35.792251: |   4a 19 e2 55  61 9b 99 b8  44 73 53 42  46 a1 88 d9
Oct 31 15:24:35.792253: |   d5 14 1a 9d  54 ff d1 7b  f1 31 fb d3  6e b7 0f 57
Oct 31 15:24:35.792255: |   50 0e 07 9b  84 d4 33 cc  5c 7f 8b ca  ea b6 44 c0
Oct 31 15:24:35.792257: |   dd 46 68 e7  a2 5e 31 a6  c8 93 64 f5  c2 9e fb 12
Oct 31 15:24:35.792259: |   6c 45 c1 fc  cc 35 c4 d8  05 18 03 b0  88 a9 50 a6
Oct 31 15:24:35.792261: |   6c e4 50 12  d2 f5 af 57  53 4d c7 29  c1 81 4b 6f
Oct 31 15:24:35.792263: |   d7 04 42 49  56 9b fa 65  4c c6 25 bd  28 64 2e ec
Oct 31 15:24:35.792265: |   4c d4 29 52  84 e7 be a5  34 3b 46 0e  12 4e 2b 50
Oct 31 15:24:35.792267: |   fe a0 77 67  b8 f7 2b 6d  86 46 84 71  0d 41 89 d0
Oct 31 15:24:35.792269: |   68 30 48 52  4c 5d 9d 29  e0 22 01 66  aa 51 70 68
Oct 31 15:24:35.792272: |   01 fd 09 62  64 97 56 aa  ba 4a 66
Oct 31 15:24:35.792275: | **parse ISAKMP Message:
Oct 31 15:24:35.792333: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.792340: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.792343: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Oct 31 15:24:35.792346: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.792403: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.792460: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:35.792467: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.792470: |    length: 539 (00 00 02 1b)
Oct 31 15:24:35.792473: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Oct 31 15:24:35.792477: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response 
Oct 31 15:24:35.792481: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa)
Oct 31 15:24:35.792487: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:35.792491: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip)
Oct 31 15:24:35.792493: | #2 is idle
Oct 31 15:24:35.792495: | #2 idle
Oct 31 15:24:35.792500: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792507: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792509: | unpacking clear payload
Oct 31 15:24:35.792512: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.792515: | ***parse IKEv2 Encrypted Fragment:
Oct 31 15:24:35.792518: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.792520: |    flags: none (0x0)
Oct 31 15:24:35.792523: |    length: 511 (01 ff)
Oct 31 15:24:35.792526: |    fragment number: 2 (00 02)
Oct 31 15:24:35.792529: |    total fragments: 5 (00 05)
Oct 31 15:24:35.792532: | processing payload: ISAKMP_NEXT_v2SKF (len=503)
Oct 31 15:24:35.792534: | #2 in state PARENT_I2: sent IKE_AUTH request
Oct 31 15:24:35.792537: | received IKE encrypted fragment number '2', total number '5', next payload '0'
Oct 31 15:24:35.792543: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:35.792548: | #1 spent 0.225 (0.381) milliseconds in ikev2_process_packet()
Oct 31 15:24:35.792550: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:35.792553: | delref mdp@0x556b6640e158(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.792556: | delref logger@0x556b66403728(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.792559: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.792561: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.792566: | spent 0.244 (0.4) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:35.792575: | spent 0.00166 (0.00159) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:35.792582: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.792585: | newref alloc logger@0x556b66403728(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.792590: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:35.792593: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.792595: |   35 20 23 20  00 00 00 01  00 00 02 1b  00 00 01 ff
Oct 31 15:24:35.792597: |   00 03 00 05  ca bb 0d a9  3f 7a b3 4c  3f ca e4 fd
Oct 31 15:24:35.792599: |   60 59 66 26  0c 76 d1 18  a5 3c 94 54  5f f1 a5 e3
Oct 31 15:24:35.792601: |   d9 5c 30 96  f8 2a df 59  31 ea 22 af  d0 f3 2f 8d
Oct 31 15:24:35.792604: |   62 1a fd 36  b5 fc b1 f5  d5 68 9c 7f  5d 78 b3 3b
Oct 31 15:24:35.792606: |   ac 8e 9c fe  8c e5 88 13  47 5e c7 32  80 2f 80 7e
Oct 31 15:24:35.792608: |   92 bd 48 cd  c0 6b 40 26  49 b1 47 3b  40 08 49 f5
Oct 31 15:24:35.792610: |   04 77 f2 54  e5 1c 01 5e  01 43 2b e8  bf 98 10 48
Oct 31 15:24:35.792612: |   85 1a ba 8b  8d e6 7e c0  21 7c 62 7f  4e bf 8c a8
Oct 31 15:24:35.792614: |   41 de 08 58  d9 85 c1 40  82 90 cf 4a  a0 df 10 75
Oct 31 15:24:35.792616: |   ac 25 43 9a  05 44 0a 7e  a0 55 04 f8  8c de fb 09
Oct 31 15:24:35.792619: |   82 c4 82 6b  f7 f0 f8 11  72 63 84 60  34 1f ed ac
Oct 31 15:24:35.792621: |   a9 aa cd 65  c1 1a 86 4c  ff 39 66 a0  ce 67 12 b6
Oct 31 15:24:35.792623: |   0f 97 6c 84  25 c1 20 dd  38 d4 b7 ee  42 68 9e f7
Oct 31 15:24:35.792625: |   c5 2d 0c 15  18 0c 73 f5  2c a9 a9 d1  6f 8e 1a 50
Oct 31 15:24:35.792627: |   02 ea 9a b7  bf 2d 2c 12  7c 20 0c 61  28 b7 1a c1
Oct 31 15:24:35.792629: |   e2 f6 d6 72  28 92 23 23  f1 ab ae 50  96 f6 df f6
Oct 31 15:24:35.792631: |   d0 6f c5 ed  bb 20 2b 42  b7 09 0b fe  c5 f9 e5 3d
Oct 31 15:24:35.792634: |   43 43 ce ae  9f 3d cf 2c  90 2c f6 0a  fb 62 69 06
Oct 31 15:24:35.792636: |   1f 9d 16 23  67 9b c6 98  45 c3 71 02  e6 83 8f 49
Oct 31 15:24:35.792638: |   73 ed 9f 92  92 5e 94 4f  25 e4 ca 31  34 d5 fb 16
Oct 31 15:24:35.792640: |   0b 87 5c 2b  85 0a df e0  ca 53 bf b7  8d 14 87 d2
Oct 31 15:24:35.792642: |   3d c4 a7 fe  d6 19 7b 69  e1 60 05 90  7f ec 5a 44
Oct 31 15:24:35.792644: |   27 69 5b 3d  69 8a 99 a6  32 1c 7a 12  32 b7 72 00
Oct 31 15:24:35.792646: |   6b 84 ad 75  b8 03 c8 86  89 62 b1 21  fa 99 12 61
Oct 31 15:24:35.792650: |   a7 49 f6 ee  7e 63 a8 97  14 02 c6 fd  31 48 cf 2d
Oct 31 15:24:35.792652: |   a3 ae 43 b2  4d 21 33 0e  76 50 b3 da  5f 53 7a d5
Oct 31 15:24:35.792654: |   e7 01 66 b7  cb 58 6a 46  cc 71 9a 1a  11 1b 19 4c
Oct 31 15:24:35.792656: |   f8 1a 6d 6c  35 52 6b 1a  cd 93 cb e9  42 ab e7 62
Oct 31 15:24:35.792658: |   23 fd fc 11  bc 88 b6 14  fb db c5 c4  1d e7 8d 17
Oct 31 15:24:35.792660: |   5c 73 ca 02  02 b8 cc 17  a2 18 a7 f0  11 33 05 7a
Oct 31 15:24:35.792662: |   ab 2f d6 ce  8b 37 52 4d  83 59 3f c9  53 50 16 eb
Oct 31 15:24:35.792664: |   f6 4e be 0e  78 b2 cc aa  4e f6 b8
Oct 31 15:24:35.792668: | **parse ISAKMP Message:
Oct 31 15:24:35.792672: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.792675: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.792678: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Oct 31 15:24:35.792680: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.792683: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.792685: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:35.792689: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.792692: |    length: 539 (00 00 02 1b)
Oct 31 15:24:35.792695: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Oct 31 15:24:35.792697: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response 
Oct 31 15:24:35.792700: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa)
Oct 31 15:24:35.792706: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:35.792708: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip)
Oct 31 15:24:35.792766: | #2 is idle
Oct 31 15:24:35.792770: | #2 idle
Oct 31 15:24:35.792775: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792780: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792782: | unpacking clear payload
Oct 31 15:24:35.792785: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.792788: | ***parse IKEv2 Encrypted Fragment:
Oct 31 15:24:35.792790: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.792793: |    flags: none (0x0)
Oct 31 15:24:35.792796: |    length: 511 (01 ff)
Oct 31 15:24:35.792799: |    fragment number: 3 (00 03)
Oct 31 15:24:35.792802: |    total fragments: 5 (00 05)
Oct 31 15:24:35.792805: | processing payload: ISAKMP_NEXT_v2SKF (len=503)
Oct 31 15:24:35.792807: | #2 in state PARENT_I2: sent IKE_AUTH request
Oct 31 15:24:35.792810: | received IKE encrypted fragment number '3', total number '5', next payload '0'
Oct 31 15:24:35.792815: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:35.792820: | #1 spent 0.199 (0.247) milliseconds in ikev2_process_packet()
Oct 31 15:24:35.792823: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:35.792826: | delref mdp@0x556b6640e158(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.792829: | delref logger@0x556b66403728(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.792831: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.792834: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.792838: | spent 0.218 (0.266) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:35.792847: | spent 0.00155 (0.00155) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:35.792853: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.792856: | newref alloc logger@0x556b66403728(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.792861: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:35.792866: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.792868: |   35 20 23 20  00 00 00 01  00 00 02 1b  00 00 01 ff
Oct 31 15:24:35.792870: |   00 04 00 05  db f4 66 15  54 57 09 af  37 d3 73 45
Oct 31 15:24:35.792872: |   af ad 24 ae  f3 7d de 69  76 23 ec 71  26 6e 6e f0
Oct 31 15:24:35.792874: |   65 06 db 76  29 9e 84 35  c2 45 52 cc  44 77 4c 03
Oct 31 15:24:35.792876: |   61 f1 66 a1  86 b7 94 12  b4 b5 39 6b  b6 7c 00 9a
Oct 31 15:24:35.792879: |   21 12 cb b8  27 78 d1 23  0d ed 19 d2  ff 36 99 14
Oct 31 15:24:35.792881: |   14 44 ba ee  1e 6f 38 8f  70 61 1c 7b  e7 26 f2 2c
Oct 31 15:24:35.792883: |   72 36 8d 71  32 8b 6d d0  b4 bd 5d 05  ce 7c f7 f1
Oct 31 15:24:35.792885: |   2c 38 82 d6  4a 9c 9f 37  2c 2a ca 5c  2f 24 15 cd
Oct 31 15:24:35.792887: |   b4 f1 b8 90  02 c9 b2 57  8a 9d 99 de  d6 a9 82 91
Oct 31 15:24:35.792889: |   7b fd 09 a5  0c e9 e3 a9  ab 5f 6b 59  86 c0 b7 94
Oct 31 15:24:35.792891: |   ab 59 61 0d  f1 7a d3 3c  34 e1 f2 33  3b 93 57 e0
Oct 31 15:24:35.792894: |   52 28 54 b2  13 45 53 d7  d8 d7 2f a2  f1 33 51 da
Oct 31 15:24:35.792896: |   28 da 85 c8  2c 7a 36 82  3e e9 60 7f  0f b3 be f5
Oct 31 15:24:35.792898: |   35 02 06 17  e0 fd 49 2f  79 d9 47 af  5b 0a 56 bc
Oct 31 15:24:35.792900: |   81 d7 0a 3d  5d 1d 30 fc  0e a2 d3 05  cd 36 00 e2
Oct 31 15:24:35.792902: |   a7 f2 78 e4  34 76 d2 16  e3 89 fa 94  fb 04 65 11
Oct 31 15:24:35.792904: |   ac e6 2d 82  25 42 87 bc  c0 66 44 bb  b0 77 4d 01
Oct 31 15:24:35.792907: |   0c 77 5f 67  28 d1 1e 7b  a0 82 bf 93  e3 9d ac 5c
Oct 31 15:24:35.792909: |   ad 44 14 0b  1d 9a 85 2a  f6 53 3e a5  58 41 f2 1e
Oct 31 15:24:35.792911: |   7b 38 f5 d5  a7 f6 31 93  db c7 7f a9  88 e6 9a d9
Oct 31 15:24:35.792913: |   42 8b d1 6c  91 3f fc fc  94 ce 47 69  2c 29 dc d3
Oct 31 15:24:35.792915: |   3c 9d 06 4f  a8 f5 c1 9a  5b fa 99 2b  65 dd d7 3e
Oct 31 15:24:35.792917: |   4d 17 05 8b  c0 51 44 02  64 6c eb 14  3e 9b 6f db
Oct 31 15:24:35.792920: |   ab 1f 2b 14  62 6d 7d a4  ad 98 00 48  4e a7 d2 d8
Oct 31 15:24:35.792922: |   5d 12 36 2f  5e 38 c6 2e  e4 66 f9 eb  e1 1d 56 18
Oct 31 15:24:35.792924: |   48 a5 d3 bc  9a a2 99 8a  17 b2 84 06  9b d9 4c 87
Oct 31 15:24:35.792926: |   11 48 a7 d5  a1 f0 46 bc  57 e3 71 bf  6b 03 f3 d2
Oct 31 15:24:35.792928: |   80 50 25 e2  28 6b 7d 4c  e4 c0 f2 34  5d 9a 3e c2
Oct 31 15:24:35.792930: |   76 f9 e3 bd  c4 f5 f5 a6  1c c7 56 c5  f4 5a e4 09
Oct 31 15:24:35.792933: |   28 1c 44 2c  f4 76 e6 f5  ac cb 3a a8  1e 58 4a 5d
Oct 31 15:24:35.792935: |   ac 64 c5 20  4a 0e c3 2e  ab 72 aa 5a  44 e2 22 eb
Oct 31 15:24:35.792937: |   05 a0 c6 8c  b9 f9 43 ac  6d a9 94
Oct 31 15:24:35.792940: | **parse ISAKMP Message:
Oct 31 15:24:35.792944: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.792947: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.792950: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Oct 31 15:24:35.792952: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.792955: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.792957: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:35.792961: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.792964: |    length: 539 (00 00 02 1b)
Oct 31 15:24:35.792966: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Oct 31 15:24:35.792969: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response 
Oct 31 15:24:35.792972: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa)
Oct 31 15:24:35.792978: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:35.792981: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip)
Oct 31 15:24:35.792983: | #2 is idle
Oct 31 15:24:35.792985: | #2 idle
Oct 31 15:24:35.792990: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792994: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.792998: | unpacking clear payload
Oct 31 15:24:35.793000: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.793003: | ***parse IKEv2 Encrypted Fragment:
Oct 31 15:24:35.793005: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.793007: |    flags: none (0x0)
Oct 31 15:24:35.793010: |    length: 511 (01 ff)
Oct 31 15:24:35.793013: |    fragment number: 4 (00 04)
Oct 31 15:24:35.793016: |    total fragments: 5 (00 05)
Oct 31 15:24:35.793019: | processing payload: ISAKMP_NEXT_v2SKF (len=503)
Oct 31 15:24:35.793021: | #2 in state PARENT_I2: sent IKE_AUTH request
Oct 31 15:24:35.793024: | received IKE encrypted fragment number '4', total number '5', next payload '0'
Oct 31 15:24:35.793029: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:35.793033: | #1 spent 0.189 (0.189) milliseconds in ikev2_process_packet()
Oct 31 15:24:35.793036: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:35.793039: | delref mdp@0x556b6640e158(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.793041: | delref logger@0x556b66403728(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.793044: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.793046: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.793050: | spent 0.206 (0.206) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:35.793058: | spent 0.00137 (0.00139) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:35.793063: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.793066: | newref alloc logger@0x556b66403728(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.793071: | *received 278 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:35.793074: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.793076: |   35 20 23 20  00 00 00 01  00 00 01 16  00 00 00 fa
Oct 31 15:24:35.793078: |   00 05 00 05  d7 cd 5c 42  8e e2 80 a2  15 8d 7f 88
Oct 31 15:24:35.793080: |   b1 38 af fb  43 29 8d 7b  79 e7 e2 37  d9 31 41 05
Oct 31 15:24:35.793082: |   b1 e7 e8 bf  0b d7 be 60  12 93 2e ea  e8 6a 3c 20
Oct 31 15:24:35.793084: |   78 5b 53 d4  9d bb fe 8d  2f 85 49 5c  e4 a4 7b 9d
Oct 31 15:24:35.793086: |   0c 1f f4 a9  68 c9 6c 3b  5b 51 bf 37  11 ef c4 c8
Oct 31 15:24:35.793089: |   73 f4 60 d8  f8 f0 e5 dc  39 26 7f 9c  50 bd 1f 6d
Oct 31 15:24:35.793091: |   28 a5 bb 8c  fd b8 28 2f  71 97 ed 3a  1d 23 4b fc
Oct 31 15:24:35.793093: |   9d ed 37 e7  ab 17 53 49  5c 5a 42 fd  29 bf 31 52
Oct 31 15:24:35.793095: |   59 45 fd 7d  db b9 0b 78  bb ab e0 a4  a5 e6 76 e9
Oct 31 15:24:35.793097: |   61 2d 99 78  c8 12 1c d8  0d f5 81 c2  ff 99 37 6e
Oct 31 15:24:35.793099: |   28 a1 6a 30  34 07 21 04  b1 ed 0d 54  4f 3e a4 c3
Oct 31 15:24:35.793101: |   7c 54 34 09  8f a0 d0 0a  28 0e fc de  9b 43 7e 89
Oct 31 15:24:35.793103: |   a5 d7 b4 7d  34 a4 75 fc  5d 48 d2 96  cf 90 7e 41
Oct 31 15:24:35.793106: |   02 4b d6 a7  7b 9f 33 ac  2a 46 7e dc  90 48 56 6d
Oct 31 15:24:35.793108: |   40 5d 3f 8d  4b 18 50 68  f4 a9 c5 08  9e d1 72 35
Oct 31 15:24:35.793110: |   27 ee a4 b2  d0 56
Oct 31 15:24:35.793113: | **parse ISAKMP Message:
Oct 31 15:24:35.793117: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.793120: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.793123: |    next payload type: ISAKMP_NEXT_v2SKF (0x35)
Oct 31 15:24:35.793125: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.793127: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:24:35.793130: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:35.793133: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:35.793137: |    length: 278 (00 00 01 16)
Oct 31 15:24:35.793139: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Oct 31 15:24:35.793143: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response 
Oct 31 15:24:35.793146: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa)
Oct 31 15:24:35.793151: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:35.793154: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip)
Oct 31 15:24:35.793156: | #2 is idle
Oct 31 15:24:35.793158: | #2 idle
Oct 31 15:24:35.793163: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.793167: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.793170: | unpacking clear payload
Oct 31 15:24:35.793172: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF)
Oct 31 15:24:35.793175: | ***parse IKEv2 Encrypted Fragment:
Oct 31 15:24:35.793177: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.793179: |    flags: none (0x0)
Oct 31 15:24:35.793183: |    length: 250 (00 fa)
Oct 31 15:24:35.793186: |    fragment number: 5 (00 05)
Oct 31 15:24:35.793189: |    total fragments: 5 (00 05)
Oct 31 15:24:35.793191: | processing payload: ISAKMP_NEXT_v2SKF (len=242)
Oct 31 15:24:35.793194: | #2 in state PARENT_I2: sent IKE_AUTH request
Oct 31 15:24:35.793196: | received IKE encrypted fragment number '5', total number '5', next payload '0'
Oct 31 15:24:35.793270: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Oct 31 15:24:35.793277: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Oct 31 15:24:35.793280: | **parse IKEv2 Identification - Responder - Payload:
Oct 31 15:24:35.793282: |    next payload type: ISAKMP_NEXT_v2CERT (0x25)
Oct 31 15:24:35.793284: |    flags: none (0x0)
Oct 31 15:24:35.793287: |    length: 191 (00 bf)
Oct 31 15:24:35.793290: |    ID type: ID_DER_ASN1_DN (0x9)
Oct 31 15:24:35.793293: |    reserved: 00 00 00
Oct 31 15:24:35.793295: | processing payload: ISAKMP_NEXT_v2IDr (len=183)
Oct 31 15:24:35.793297: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT)
Oct 31 15:24:35.793300: | **parse IKEv2 Certificate Payload:
Oct 31 15:24:35.793302: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Oct 31 15:24:35.793304: |    flags: none (0x0)
Oct 31 15:24:35.793358: |    length: 1394 (05 72)
Oct 31 15:24:35.793364: |    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
Oct 31 15:24:35.793367: | processing payload: ISAKMP_NEXT_v2CERT (len=1389)
Oct 31 15:24:35.793370: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Oct 31 15:24:35.793373: | **parse IKEv2 Authentication Payload:
Oct 31 15:24:35.793375: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Oct 31 15:24:35.793383: |    flags: none (0x0)
Oct 31 15:24:35.793386: |    length: 460 (01 cc)
Oct 31 15:24:35.793389: |    auth method: IKEv2_AUTH_DIGSIG (0xe)
Oct 31 15:24:35.793391: | processing payload: ISAKMP_NEXT_v2AUTH (len=452)
Oct 31 15:24:35.793393: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Oct 31 15:24:35.793396: | **parse IKEv2 Security Association Payload:
Oct 31 15:24:35.793398: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Oct 31 15:24:35.793400: |    flags: none (0x0)
Oct 31 15:24:35.793403: |    length: 36 (00 24)
Oct 31 15:24:35.793406: | processing payload: ISAKMP_NEXT_v2SA (len=32)
Oct 31 15:24:35.793408: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Oct 31 15:24:35.793410: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:24:35.793413: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Oct 31 15:24:35.793415: |    flags: none (0x0)
Oct 31 15:24:35.793418: |    length: 24 (00 18)
Oct 31 15:24:35.793420: |    number of TS: 1 (01)
Oct 31 15:24:35.793423: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Oct 31 15:24:35.793425: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Oct 31 15:24:35.793427: | **parse IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:24:35.793430: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.793436: |    flags: none (0x0)
Oct 31 15:24:35.793442: |    length: 24 (00 18)
Oct 31 15:24:35.793445: |    number of TS: 1 (01)
Oct 31 15:24:35.793447: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Oct 31 15:24:35.793451: | selected state microcode Initiator: process IKE_AUTH response
Oct 31 15:24:35.793453: | calling processor Initiator: process IKE_AUTH response
Oct 31 15:24:35.793458: | addref md@0x556b6640e158(1->2) (in submit_cert_decode() at cert_decode_helper.c:81)
Oct 31 15:24:35.793461: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds
Oct 31 15:24:35.793465: loading root certificate cache
Oct 31 15:24:35.793469: | newref struct root_certs@0x556b664157d8(0->1) (in submit_cert_decode() at cert_decode_helper.c:80)
Oct 31 15:24:35.793472: | addref root_certs@0x556b664157d8(1->2) (in submit_cert_decode() at cert_decode_helper.c:80)
Oct 31 15:24:35.797243: | spent 3.7 (3.76) milliseconds in root_certs_addref() calling PK11_ListCertsInSlot()
Oct 31 15:24:35.797261: | adding the CA+root cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797266: | discarding non-CA cert E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797270: | discarding non-CA cert E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797273: | discarding non-CA cert E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797276: | discarding non-CA cert E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797279: | discarding non-CA cert E=user-hashsha1@testing.libreswan.org,CN=hashsha1.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797287: | discarding non-CA cert E=testing@libreswan.org,CN=west-ec.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797290: | discarding non-CA cert E=testing@libreswan.org,CN=east-ec.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797293: | discarding non-CA cert E=user-nic@testing.libreswan.org,CN=nic.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797320: | spent 0.0597 (0.0597) milliseconds in root_certs_addref() filtering CAs
Oct 31 15:24:35.797331: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:35.797335: | addref fd@0x556b6640b548(4->5) (in clone_logger() at log.c:810)
Oct 31 15:24:35.797338: | newref clone logger@0x556b6640bce8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:35.797341: | job 4 for #2: initiator decoding certificates (decode certificate payload): adding job to queue
Oct 31 15:24:35.797344: | state #2 has no .st_event to delete
Oct 31 15:24:35.797348: | #2 requesting EVENT_RETRANSMIT-pe@0x556b66401c48 be deleted
Oct 31 15:24:35.797354: | libevent_free: delref ptr-libevent@0x556b66416378
Oct 31 15:24:35.797357: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x556b66401c48
Oct 31 15:24:35.797361: | #2 STATE_PARENT_I2: retransmits: cleared
Oct 31 15:24:35.797364: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b663f86f8
Oct 31 15:24:35.797368: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2
Oct 31 15:24:35.797371: | libevent_malloc: newref ptr-libevent@0x556b66416378 size 128
Oct 31 15:24:35.797397: | job 4 for #2: initiator decoding certificates (decode certificate payload): helper 6 starting job
Oct 31 15:24:35.797402: | checking for known CERT payloads
Oct 31 15:24:35.797405: | saving certificate of type 'X509_SIGNATURE'
Oct 31 15:24:35.797472: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797480: |   "northnet-eastnets/0x2" #1: spent 0.0761 (0.0762) milliseconds in find_and_verify_certs() calling decode_cert_payloads()
Oct 31 15:24:35.797489: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797546: |   "northnet-eastnets/0x2" #1: spent 0.0561 (0.0562) milliseconds in find_and_verify_certs() calling crl_update_check()
Oct 31 15:24:35.797551: | missing or expired CRL
Oct 31 15:24:35.797555: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0
Oct 31 15:24:35.797557: | verify_end_cert verifying E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA using:
Oct 31 15:24:35.797560: |   trusted CA: E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.797562: | verify_end_cert trying profile IPsec
Oct 31 15:24:35.797686: | certificate is valid (profile IPsec)
Oct 31 15:24:35.797693: |   "northnet-eastnets/0x2" #1: spent 0.138 (0.138) milliseconds in find_and_verify_certs() calling verify_end_cert()
Oct 31 15:24:35.797753: | newref struct pubkey@0x7f6fd80037e8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.797767: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f6fd8002368
Oct 31 15:24:35.797770: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f6fd8002268
Oct 31 15:24:35.797772: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f6fd8002588
Oct 31 15:24:35.797774: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f6fd8001d38
Oct 31 15:24:35.797777: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f6fd80055e8
Oct 31 15:24:35.797821: | newref struct pubkey@0x7f6fd8003bb8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.797864: | newref struct pubkey@0x7f6fd8003f58(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.797907: | newref struct pubkey@0x7f6fd8000e38(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.797950: | newref struct pubkey@0x7f6fd80011d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.797992: | newref struct pubkey@0x7f6fd80042a8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962)
Oct 31 15:24:35.797997: | delref pkp@0x7f6fd80037e8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:35.798004: |   "northnet-eastnets/0x2" #1: spent 0.306 (0.306) milliseconds in find_and_verify_certs() calling add_pubkey_from_nss_cert()
Oct 31 15:24:35.798009: | "northnet-eastnets/0x2" #1: spent 0.613 (0.613) milliseconds in helper 6 processing job 4 for state #2: initiator decoding certificates (decode certificate payload)
Oct 31 15:24:35.798012: | job 4 for #2: initiator decoding certificates (decode certificate payload): helper thread 6 sending result back to state
Oct 31 15:24:35.798015: | scheduling resume sending helper answer back to state for #2
Oct 31 15:24:35.798017: | libevent_malloc: newref ptr-libevent@0x7f6fd8001868 size 128
Oct 31 15:24:35.798021: | libevent_realloc: delref ptr-libevent@0x556b663ba488
Oct 31 15:24:35.798023: | libevent_realloc: newref ptr-libevent@0x556b66416148 size 128
Oct 31 15:24:35.798028: | helper thread 6 has nothing to do
Oct 31 15:24:35.798039: | #2 spent 3.87 (4.58) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch()
Oct 31 15:24:35.798047: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.798052: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=NULL
Oct 31 15:24:35.798054: | suspending state #2 and saving MD 0x556b6640e158
Oct 31 15:24:35.798057: | addref md@0x556b6640e158(2->3) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:24:35.798059: | #2 is busy; has suspended MD 0x556b6640e158
Oct 31 15:24:35.798064: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:35.798070: | #1 spent 4.21 (5.01) milliseconds in ikev2_process_packet()
Oct 31 15:24:35.798073: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:35.798076: | delref mdp@0x556b6640e158(3->2) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.798080: | spent 4.22 (5.02) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:35.798090: | processing resume sending helper answer back to state for #2
Oct 31 15:24:35.798095: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:35.798098: | unsuspending #2 MD 0x556b6640e158
Oct 31 15:24:35.798101: | job 4 for #2: initiator decoding certificates (decode certificate payload): processing response from helper 6
Oct 31 15:24:35.798103: | job 4 for #2: initiator decoding certificates (decode certificate payload): calling continuation function 0x556b657220d4
Oct 31 15:24:35.798106: | delref mdp@0x556b6640e158(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:215)
Oct 31 15:24:35.798109: | delref root_certs@0x556b664157d8(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:216)
Oct 31 15:24:35.798113: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA
Oct 31 15:24:35.798126: | DER ASN1 DN:
Oct 31 15:24:35.798129: |   30 81 b4 31  0b 30 09 06  03 55 04 06  13 02 43 41
Oct 31 15:24:35.798131: |   31 10 30 0e  06 03 55 04  08 0c 07 4f  6e 74 61 72
Oct 31 15:24:35.798133: |   69 6f 31 10  30 0e 06 03  55 04 07 0c  07 54 6f 72
Oct 31 15:24:35.798135: |   6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 0c 09 4c
Oct 31 15:24:35.798137: |   69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
Oct 31 15:24:35.798139: |   0b 0c 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
Oct 31 15:24:35.798141: |   6e 74 31 23  30 21 06 03  55 04 03 0c  1a 65 61 73
Oct 31 15:24:35.798143: |   74 2e 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
Oct 31 15:24:35.798145: |   77 61 6e 2e  6f 72 67 31  2e 30 2c 06  09 2a 86 48
Oct 31 15:24:35.798147: |   86 f7 0d 01  09 01 16 1f  75 73 65 72  2d 65 61 73
Oct 31 15:24:35.798150: |   74 40 74 65  73 74 69 6e  67 2e 6c 69  62 72 65 73
Oct 31 15:24:35.798152: |   77 61 6e 2e  6f 72 67
Oct 31 15:24:35.798173: | comparing ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' to certificate derSubject='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' (subjectName='E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA')
Oct 31 15:24:35.798182: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
Oct 31 15:24:35.798184: | X509: CERT and ID matches current connection
Oct 31 15:24:35.798196: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.798209: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org'
Oct 31 15:24:35.798267: | verifying AUTH payload
Oct 31 15:24:35.798272: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512
Oct 31 15:24:35.798275: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo
Oct 31 15:24:35.798277: | ASN.1 blob for hash algo
Oct 31 15:24:35.798280: |   43 30 41 06  09 2a 86 48  86 f7 0d 01  01 0a 30 34
Oct 31 15:24:35.798282: |   a0 0f 30 0d  06 09 60 86  48 01 65 03  04 02 03 05
Oct 31 15:24:35.798286: |   00 a1 1c 30  1a 06 09 2a  86 48 86 f7  0d 01 01 08
Oct 31 15:24:35.798288: |   30 0d 06 09  60 86 48 01  65 03 04 02  03 05 00 a2
Oct 31 15:24:35.798290: |   03 02 01 40
Oct 31 15:24:35.798312: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.798320: | trying all remote certificates public keys for RSA key that matches ID: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org
Oct 31 15:24:35.798331: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.798341: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.798357: |   trying 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.798360: | NSS RSA: verifying that decrypted signature matches hash: 
Oct 31 15:24:35.798362: |   44 29 7c 95  f6 dc 21 f2  ab 41 7d 2a  22 66 e2 3d
Oct 31 15:24:35.798365: |   48 ae 8d 8c  98 ee 9c 79  a4 50 7f 2b  0b a4 47 17
Oct 31 15:24:35.798367: |   be a6 c0 b8  20 32 3d f4  b7 96 f7 9a  a9 30 48 dc
Oct 31 15:24:35.798369: |   cb e1 af d5  74 7a 65 c9  ec d2 6c 48  7a 63 2c 69
Oct 31 15:24:35.798550: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170)
Oct 31 15:24:35.798554: | addref pk@0x7f6fd80042a8(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171)
Oct 31 15:24:35.798557: | an RSA Sig check passed with *AwEAAeu8z [remote certificates]
Oct 31 15:24:35.798562: |   #1 spent 0.201 (0.201) milliseconds in try_all_keys() trying a pubkey
Oct 31 15:24:35.798565: "northnet-eastnets/0x2" #1: authenticated using RSA with SHA2_512
Oct 31 15:24:35.798587: | #1 spent 0.281 (0.293) milliseconds in ikev2_verify_rsa_hash()
Oct 31 15:24:35.798592: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA)
Oct 31 15:24:35.798596: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key)
Oct 31 15:24:35.798599: | state #1 deleting .st_event EVENT_SA_REPLACE
Oct 31 15:24:35.798603: | libevent_free: delref ptr-libevent@0x7f6fe000cc18
Oct 31 15:24:35.798605: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x556b664038b8
Oct 31 15:24:35.798609: | event_schedule: newref EVENT_SA_REKEY-pe@0x556b664038b8
Oct 31 15:24:35.798611: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1
Oct 31 15:24:35.798614: | libevent_malloc: newref ptr-libevent@0x556b6642e8b8 size 128
Oct 31 15:24:35.798706: | pstats #1 ikev2.ike established
Oct 31 15:24:35.798716: | TSi: parsing 1 traffic selectors
Oct 31 15:24:35.798722: | ***parse IKEv2 Traffic Selector:
Oct 31 15:24:35.798725: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.798728: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.798732: |    length: 16 (00 10)
Oct 31 15:24:35.798736: |    start port: 0 (00 00)
Oct 31 15:24:35.798739: |    end port: 65535 (ff ff)
Oct 31 15:24:35.798742: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:24:35.798745: | TS low
Oct 31 15:24:35.798747: |   c0 00 03 00
Oct 31 15:24:35.798750: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:24:35.798752: | TS high
Oct 31 15:24:35.798754: |   c0 00 03 ff
Oct 31 15:24:35.798757: | TSi: parsed 1 traffic selectors
Oct 31 15:24:35.798759: | TSr: parsing 1 traffic selectors
Oct 31 15:24:35.798762: | ***parse IKEv2 Traffic Selector:
Oct 31 15:24:35.798765: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.798767: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.798770: |    length: 16 (00 10)
Oct 31 15:24:35.798773: |    start port: 0 (00 00)
Oct 31 15:24:35.798776: |    end port: 65535 (ff ff)
Oct 31 15:24:35.798782: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:24:35.798784: | TS low
Oct 31 15:24:35.798787: |   c0 00 02 00
Oct 31 15:24:35.798789: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:24:35.798792: | TS high
Oct 31 15:24:35.798794: |   c0 00 02 ff
Oct 31 15:24:35.798796: | TSr: parsed 1 traffic selectors
Oct 31 15:24:35.798804: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Oct 31 15:24:35.798866: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:35.798878: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Oct 31 15:24:35.798887: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Oct 31 15:24:35.798890: |           TSi[0] port match: YES fitness 65536
Oct 31 15:24:35.798893: |         narrow protocol end=*0 == TSi[0]=*0: 0
Oct 31 15:24:35.798896: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:35.798902: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:35.798908: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Oct 31 15:24:35.798912: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Oct 31 15:24:35.798914: |           TSr[0] port match: YES fitness 65536
Oct 31 15:24:35.798917: |         narrow protocol end=*0 == TSr[0]=*0: 0
Oct 31 15:24:35.798919: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:35.798921: | best fit so far: TSi[0] TSr[0]
Oct 31 15:24:35.798924: | found an acceptable TSi/TSr Traffic Selector
Oct 31 15:24:35.798926: | printing contents struct traffic_selector
Oct 31 15:24:35.798929: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:24:35.798931: |   ipprotoid: 0
Oct 31 15:24:35.798933: |   port range: 0-65535
Oct 31 15:24:35.798938: |   ip range: 192.0.3.0-192.0.3.255
Oct 31 15:24:35.798940: | printing contents struct traffic_selector
Oct 31 15:24:35.798942: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:24:35.798944: |   ipprotoid: 0
Oct 31 15:24:35.798947: |   port range: 0-65535
Oct 31 15:24:35.798951: |   ip range: 192.0.2.0-192.0.2.255
Oct 31 15:24:35.798965: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:24:35.798969: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals
Oct 31 15:24:35.798976: | local proposal 1 type ENCR has 1 transforms
Oct 31 15:24:35.798978: | local proposal 1 type PRF has 0 transforms
Oct 31 15:24:35.798981: | local proposal 1 type INTEG has 1 transforms
Oct 31 15:24:35.798983: | local proposal 1 type DH has 1 transforms
Oct 31 15:24:35.798985: | local proposal 1 type ESN has 1 transforms
Oct 31 15:24:35.798989: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Oct 31 15:24:35.798991: | local proposal 2 type ENCR has 1 transforms
Oct 31 15:24:35.798993: | local proposal 2 type PRF has 0 transforms
Oct 31 15:24:35.798996: | local proposal 2 type INTEG has 1 transforms
Oct 31 15:24:35.798998: | local proposal 2 type DH has 1 transforms
Oct 31 15:24:35.799000: | local proposal 2 type ESN has 1 transforms
Oct 31 15:24:35.799003: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Oct 31 15:24:35.799005: | local proposal 3 type ENCR has 1 transforms
Oct 31 15:24:35.799008: | local proposal 3 type PRF has 0 transforms
Oct 31 15:24:35.799010: | local proposal 3 type INTEG has 2 transforms
Oct 31 15:24:35.799074: | local proposal 3 type DH has 1 transforms
Oct 31 15:24:35.799078: | local proposal 3 type ESN has 1 transforms
Oct 31 15:24:35.799082: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Oct 31 15:24:35.799087: | local proposal 4 type ENCR has 1 transforms
Oct 31 15:24:35.799089: | local proposal 4 type PRF has 0 transforms
Oct 31 15:24:35.799091: | local proposal 4 type INTEG has 2 transforms
Oct 31 15:24:35.799093: | local proposal 4 type DH has 1 transforms
Oct 31 15:24:35.799095: | local proposal 4 type ESN has 1 transforms
Oct 31 15:24:35.799098: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Oct 31 15:24:35.799102: | ***parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.799105: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:35.799108: |    length: 32 (00 20)
Oct 31 15:24:35.799111: |    prop #: 1 (01)
Oct 31 15:24:35.799113: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.799116: |    spi size: 4 (04)
Oct 31 15:24:35.799118: |    # transforms: 2 (02)
Oct 31 15:24:35.799122: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Oct 31 15:24:35.799124: | remote SPI
Oct 31 15:24:35.799126: |   c3 17 78 87
Oct 31 15:24:35.799129: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals
Oct 31 15:24:35.799132: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.799135: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.799138: |    length: 12 (00 0c)
Oct 31 15:24:35.799140: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.799142: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.799144: | *****parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.799146: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.799148: |    length/value: 256 (01 00)
Oct 31 15:24:35.799151: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Oct 31 15:24:35.799152: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.799154: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.799156: |    length: 8 (00 08)
Oct 31 15:24:35.799157: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.799159: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.799161: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Oct 31 15:24:35.799163: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Oct 31 15:24:35.799166: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Oct 31 15:24:35.799167: | remote proposal 1 matches local proposal 1
Oct 31 15:24:35.799170: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match]
Oct 31 15:24:35.799173: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=c3177887
Oct 31 15:24:35.799175: | converting proposal to internal trans attrs
Oct 31 15:24:35.799179: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36
Oct 31 15:24:35.799269: | install_ipsec_sa() for #2: inbound and outbound
Oct 31 15:24:35.799279: | could_route called for northnet-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500
Oct 31 15:24:35.799283: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:35.799286: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.799289: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000
Oct 31 15:24:35.799292: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.799294: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000
Oct 31 15:24:35.799298: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL
Oct 31 15:24:35.799302: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:24:35.799305: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:24:35.799308: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:24:35.799311: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:24:35.799323: | setting IPsec SA replay-window to 32
Oct 31 15:24:35.799328: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1
Oct 31 15:24:35.799331: | netlink: enabling tunnel mode
Oct 31 15:24:35.799334: | XFRM: adding IPsec SA with reqid 16389
Oct 31 15:24:35.799336: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:24:35.799339: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:24:35.799400: | netlink response for Add SA esp.c3177887@192.1.2.23 included non-error error
Oct 31 15:24:35.799406: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1
Oct 31 15:24:35.799410: | set up outgoing SA, ref=0/0
Oct 31 15:24:35.799413: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:24:35.799472: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:24:35.799531: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:24:35.799535: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:24:35.799540: | setting IPsec SA replay-window to 32
Oct 31 15:24:35.799542: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1
Oct 31 15:24:35.799545: | netlink: enabling tunnel mode
Oct 31 15:24:35.799548: | XFRM: adding IPsec SA with reqid 16389
Oct 31 15:24:35.799550: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:24:35.799553: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:24:35.799732: | netlink response for Add SA esp.b0822f84@192.1.3.33 included non-error error
Oct 31 15:24:35.799740: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1
Oct 31 15:24:35.799743: | setup_half_ipsec_sa() is installing inbound eroute
Oct 31 15:24:35.799746: | setup_half_ipsec_sa() before proto 50
Oct 31 15:24:35.799749: | setup_half_ipsec_sa() after proto 50
Oct 31 15:24:35.799751: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound)
Oct 31 15:24:35.799754: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce)
Oct 31 15:24:35.799764: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16389 (raw_eroute) proto=50
Oct 31 15:24:35.799768: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:35.799966: | raw_eroute result=success
Oct 31 15:24:35.799972: | set up incoming SA, ref=0/0
Oct 31 15:24:35.799975: | sr for #2: unrouted
Oct 31 15:24:35.799978: | route_and_eroute() for proto 0, and source port 0 dest port 0
Oct 31 15:24:35.799981: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:35.799984: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.799988: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000
Oct 31 15:24:35.799991: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.799994: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000
Oct 31 15:24:35.799997: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL
Oct 31 15:24:35.800000: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
Oct 31 15:24:35.800007: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce)
Oct 31 15:24:35.800015: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50
Oct 31 15:24:35.800019: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:35.800176: | raw_eroute result=success
Oct 31 15:24:35.800183: | running updown command "ipsec _updown" for verb up 
Oct 31 15:24:35.800186: | command executing up-client
Oct 31 15:24:35.800191: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:35.800205: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:35.800369: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.800385: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.800416: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='...
Oct 31 15:24:35.800422: | popen cmd is 1505 chars long
Oct 31 15:24:35.800425: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0:
Oct 31 15:24:35.800428: | cmd(  80):x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT:
Oct 31 15:24:35.800431: | cmd( 160):O_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=:
Oct 31 15:24:35.800433: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user:
Oct 31 15:24:35.800436: | cmd( 320):-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET:
Oct 31 15:24:35.800439: | cmd( 400):='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO:
Oct 31 15:24:35.800441: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLU:
Oct 31 15:24:35.800444: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=eas:
Oct 31 15:24:35.800446: | cmd( 640):t.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='1:
Oct 31 15:24:35.800576: | cmd( 720):92.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.2:
Oct 31 15:24:35.800579: | cmd( 800):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontari:
Oct 31 15:24:35.800582: | cmd( 880):o, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, :
Oct 31 15:24:35.800584: | cmd( 960):E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CON:
Oct 31 15:24:35.800586: | cmd(1040):N_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+R:
Oct 31 15:24:35.800589: | cmd(1120):SASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA:
Oct 31 15:24:35.800591: | cmd(1200):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' :
Oct 31 15:24:35.800599: | cmd(1280):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR:
Oct 31 15:24:35.800602: | cmd(1360):ED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH:
Oct 31 15:24:35.800604: | cmd(1440):ARED='no' SPI_IN=0xc3177887 SPI_OUT=0xb0822f84 ipsec _updown 2>&1:
Oct 31 15:24:35.815175: | route_and_eroute: firewall_notified: true
Oct 31 15:24:35.815188: | running updown command "ipsec _updown" for verb prepare 
Oct 31 15:24:35.815191: | command executing prepare-client
Oct 31 15:24:35.815217: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:35.815239: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:35.815301: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.815314: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.815340: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLU...
Oct 31 15:24:35.815345: | popen cmd is 1510 chars long
Oct 31 15:24:35.815348: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn:
Oct 31 15:24:35.815350: | cmd(  80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='':
Oct 31 15:24:35.815352: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari:
Oct 31 15:24:35.815355: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E:
Oct 31 15:24:35.815357: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN:
Oct 31 15:24:35.815359: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M:
Oct 31 15:24:35.815362: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23:
Oct 31 15:24:35.815364: | cmd( 560):' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, C:
Oct 31 15:24:35.815367: | cmd( 640):N=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIE:
Oct 31 15:24:35.815369: | cmd( 720):NT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.:
Oct 31 15:24:35.815371: | cmd( 800):255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=O:
Oct 31 15:24:35.815374: | cmd( 880):ntario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mai:
Oct 31 15:24:35.815376: | cmd( 960):nca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUT:
Oct 31 15:24:35.815378: | cmd(1040):O_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN:
Oct 31 15:24:35.815381: | cmd(1120):_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU:
Oct 31 15:24:35.815383: | cmd(1200):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF:
Oct 31 15:24:35.815386: | cmd(1280):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON:
Oct 31 15:24:35.815388: | cmd(1360):FIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' V:
Oct 31 15:24:35.815390: | cmd(1440):TI_SHARED='no' SPI_IN=0xc3177887 SPI_OUT=0xb0822f84 ipsec _updown 2>&1:
Oct 31 15:24:35.846525: | running updown command "ipsec _updown" for verb route 
Oct 31 15:24:35.846538: | command executing route-client
Oct 31 15:24:35.846545: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:35.846562: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:35.846617: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.846629: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.846652: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_S...
Oct 31 15:24:35.846658: | popen cmd is 1508 chars long
Oct 31 15:24:35.846661: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet:
Oct 31 15:24:35.846663: | cmd(  80):s/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P:
Oct 31 15:24:35.846665: | cmd( 160):LUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario,:
Oct 31 15:24:35.846667: | cmd( 240): L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=u:
Oct 31 15:24:35.846669: | cmd( 320):ser-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_:
Oct 31 15:24:35.846672: | cmd( 400):NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_:
Oct 31 15:24:35.846674: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' :
Oct 31 15:24:35.846676: | cmd( 560):PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=:
Oct 31 15:24:35.846678: | cmd( 640):east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT:
Oct 31 15:24:35.846680: | cmd( 720):='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.25:
Oct 31 15:24:35.846682: | cmd( 800):5.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ont:
Oct 31 15:24:35.846684: | cmd( 880):ario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainc:
Oct 31 15:24:35.846686: | cmd( 960):a, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_:
Oct 31 15:24:35.846688: | cmd(1040):CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_N:
Oct 31 15:24:35.846691: | cmd(1120):O+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH:
Oct 31 15:24:35.846693: | cmd(1200):_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=:
Oct 31 15:24:35.846695: | cmd(1280):'' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI:
Oct 31 15:24:35.846697: | cmd(1360):GURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI:
Oct 31 15:24:35.846699: | cmd(1440):_SHARED='no' SPI_IN=0xc3177887 SPI_OUT=0xb0822f84 ipsec _updown 2>&1:
Oct 31 15:24:35.882493: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.882574: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.882626: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.882672: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.882789: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.882848: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.882967: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883097: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883153: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883208: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883298: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883355: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883397: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883414: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883422: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883515: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883557: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883570: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883597: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883632: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883659: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883683: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883705: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883731: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883837: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.883986: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884033: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884136: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884174: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884214: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884253: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884291: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884329: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884367: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884406: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884443: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884546: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884589: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884623: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884637: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884652: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884671: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.884682: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885120: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885137: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885147: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885152: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885157: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885162: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885166: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885171: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885176: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885181: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885186: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.885351: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:35.914949: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x556b663f9d58,sr=0x556b663f9d58} to #2 (was #0) (newest_ipsec_sa=#0)
Oct 31 15:24:35.915154: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Oct 31 15:24:35.915164: | delref logger@0x556b6640bce8(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:35.915168: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.915171: | delref fd@0x556b6640b548(5->4) (in free_logger() at log.c:854)
Oct 31 15:24:35.915182: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.915188: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL
Oct 31 15:24:35.915191: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:24:35.915194: | Message ID: updating counters for #2
Oct 31 15:24:35.915216: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744550.099104 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:35.915230: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744550.099104->744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=1->-1 child.wip.responder=-1
Oct 31 15:24:35.915237: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:35.915244: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:35.915248: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA)
Oct 31 15:24:35.915252: | pstats #2 ikev2.child established
Oct 31 15:24:35.915255: | announcing the state transition
Oct 31 15:24:35.915264: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0]
Oct 31 15:24:35.915276: | NAT-T: encaps is 'auto'
Oct 31 15:24:35.915283: "northnet-eastnets/0x1" #2: IPsec SA established tunnel mode {ESP=>0xc3177887 <0xb0822f84 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Oct 31 15:24:35.915292: | releasing #2's fd-fd@0x556b6640b548 because IKEv2 transitions finished
Oct 31 15:24:35.915296: | delref fd@0x556b6640b548(4->3) (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:24:35.915298: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:24:35.915301: | unpending #2's IKE SA #1
Oct 31 15:24:35.915304: | unpending state #1 connection "northnet-eastnets/0x1"
Oct 31 15:24:35.915308: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1"
Oct 31 15:24:35.915311: | delref fd@0x556b6640b548(3->2) (in delete_pending() at pending.c:218)
Oct 31 15:24:35.915314: | removing pending policy for no connection {0x556b6640bbb8}
Oct 31 15:24:35.915317: | FOR_EACH_STATE_... in find_pending_phase2
Oct 31 15:24:35.915323: | newref alloc logger@0x556b66401c48(0->1) (in new_state() at state.c:576)
Oct 31 15:24:35.915326: | addref fd@0x556b6640b548(2->3) (in new_state() at state.c:577)
Oct 31 15:24:35.915329: | creating state object #3 at 0x556b6642bc98
Oct 31 15:24:35.915332: | State DB: adding IKEv2 state #3 in UNDEFINED
Oct 31 15:24:35.915338: | pstats #3 ikev2.child started
Oct 31 15:24:35.915341: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA
Oct 31 15:24:35.915347: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581)
Oct 31 15:24:35.915357: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=0->-1 child.wip.responder=0->-1
Oct 31 15:24:35.915361: | child state #3: UNDEFINED(ignore) => V2_NEW_CHILD_I0(established IKE SA)
Oct 31 15:24:35.915365: | #3.st_v2_transition NULL -> V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 (in new_v2_child_state() at state.c:1666)
Oct 31 15:24:35.915370: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960)
Oct 31 15:24:35.915375: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960)
Oct 31 15:24:35.915379: | create child proposal's DH changed from no-PFS to MODP2048, flushing
Oct 31 15:24:35.915383: | constructing ESP/AH proposals with default DH MODP2048  for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals)
Oct 31 15:24:35.915388: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Oct 31 15:24:35.915395: | ...  ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED
Oct 31 15:24:35.915398: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Oct 31 15:24:35.915403: | ...  ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED
Oct 31 15:24:35.915406: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:35.915411: | ...  ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:35.915414: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:35.915419: | ...  ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:35.915423: "northnet-eastnets/0x2": local ESP/AH proposals (ESP/AH initiator emitting proposals): 
Oct 31 15:24:35.915427: "northnet-eastnets/0x2":   1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED
Oct 31 15:24:35.915431: "northnet-eastnets/0x2":   2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED
Oct 31 15:24:35.915435: "northnet-eastnets/0x2":   3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:35.915440: "northnet-eastnets/0x2":   4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:35.915446: | #3 schedule initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 using IKE# 1 pfs=MODP2048
Oct 31 15:24:35.915450: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x556b663dfeb8
Oct 31 15:24:35.915455: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3
Oct 31 15:24:35.915459: | libevent_malloc: newref ptr-libevent@0x556b663dfe08 size 128
Oct 31 15:24:35.915467: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035)
Oct 31 15:24:35.915471: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2"
Oct 31 15:24:35.915474: | delref fd@0x556b6640b548(3->2) (in delete_pending() at pending.c:218)
Oct 31 15:24:35.915476: | removing pending policy for no connection {0x556b6640a3d8}
Oct 31 15:24:35.915479: | releasing #1's fd-fd@0x556b6640b548 because IKEv2 transitions finished so releaseing IKE SA
Oct 31 15:24:35.915482: | delref fd@0x556b6640b548(2->1) (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:24:35.915485: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:24:35.915489: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key)
Oct 31 15:24:35.915492: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:35.915496: | libevent_free: delref ptr-libevent@0x556b66416378
Oct 31 15:24:35.915499: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b663f86f8
Oct 31 15:24:35.915503: | event_schedule: newref EVENT_SA_REKEY-pe@0x556b663f86f8
Oct 31 15:24:35.915506: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2
Oct 31 15:24:35.915508: | libevent_malloc: newref ptr-libevent@0x556b66416378 size 128
Oct 31 15:24:35.915512: | delref mdp@0x556b6640e158(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:35.915516: | delref logger@0x556b66403728(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:35.915518: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.915521: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:35.915531: | #2 spent 3.56 (117) milliseconds in resume sending helper answer back to state
Oct 31 15:24:35.915534: | processing: STOP state #0 (in resume_handler() at server.c:745)
Oct 31 15:24:35.915537: | libevent_free: delref ptr-libevent@0x7f6fd8001868
Oct 31 15:24:35.915551: | timer_event_cb: processing event@0x556b663dfeb8
Oct 31 15:24:35.915554: | handling event EVENT_v2_INITIATE_CHILD for child state #3
Oct 31 15:24:35.915557: | libevent_free: delref ptr-libevent@0x556b663dfe08
Oct 31 15:24:35.915559: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x556b663dfeb8
Oct 31 15:24:35.915564: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188)
Oct 31 15:24:35.915571: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:35.915575: | addref fd@0x556b6640b548(1->2) (in clone_logger() at log.c:810)
Oct 31 15:24:35.915578: | newref clone logger@0x556b6640bce8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:35.915581: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): adding job to queue
Oct 31 15:24:35.915584: | state #3 has no .st_event to delete
Oct 31 15:24:35.915587: | #3 STATE_V2_NEW_CHILD_I0: retransmits: cleared
Oct 31 15:24:35.915590: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b663f9b68
Oct 31 15:24:35.915593: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
Oct 31 15:24:35.915596: | libevent_malloc: newref ptr-libevent@0x7f6fd8001868 size 128
Oct 31 15:24:35.915607: | #3 spent 0.0546 (0.0545) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD
Oct 31 15:24:35.915613: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447)
Oct 31 15:24:35.915616: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:35.915621: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:35.915626: | spent 0.00491 (0.0049) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:35.915629: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:35.915632: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:35.915636: | spent 0.00355 (0.00352) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:35.915641: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:35.915646: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:35.915651: | spent 0.00413 (0.00459) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:35.915691: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper 7 starting job
Oct 31 15:24:35.918158: | "northnet-eastnets/0x2" #3: spent 1.77 (2.46) milliseconds in helper 7 processing job 5 for state #3: Child Initiator KE and nonce ni (pcr)
Oct 31 15:24:35.918175: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper thread 7 sending result back to state
Oct 31 15:24:35.918179: | scheduling resume sending helper answer back to state for #3
Oct 31 15:24:35.918183: | libevent_malloc: newref ptr-libevent@0x7f6fdc006108 size 128
Oct 31 15:24:35.918204: | helper thread 7 has nothing to do
Oct 31 15:24:35.918223: | processing resume sending helper answer back to state for #3
Oct 31 15:24:35.918237: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:35.918242: | unsuspending #3 MD (nil)
Oct 31 15:24:35.918246: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): processing response from helper 7
Oct 31 15:24:35.918249: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x556b65737fe7
Oct 31 15:24:35.918253: | ikev2_child_outI_continue() for #3 STATE_V2_NEW_CHILD_I0
Oct 31 15:24:35.918257: | DH secret MODP2048@0x7f6fdc006ba8: transferring ownership from helper KE to state #3
Oct 31 15:24:35.918260: | adding CHILD SA #3 to IKE SA #1 message initiator queue
Oct 31 15:24:35.918268: | Message ID: CHILD #1.#3 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:35.918272: | scheduling callback v2_msgid_schedule_next_initiator (#1)
Oct 31 15:24:35.918275: | libevent_malloc: newref ptr-libevent@0x556b663ffcc8 size 128
Oct 31 15:24:35.918281: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.918286: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_SUSPEND
Oct 31 15:24:35.918288: | no MD to suspend
Oct 31 15:24:35.918292: | delref logger@0x556b6640bce8(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:35.918295: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:35.918298: | delref fd@0x556b6640b548(2->1) (in free_logger() at log.c:854)
Oct 31 15:24:35.918302: | resume sending helper answer back to state for #3 suppresed complete_v2_state_transition()
Oct 31 15:24:35.918305: | delref mdp@NULL (in resume_handler() at server.c:743)
Oct 31 15:24:35.918311: | #3 spent 0.0667 (0.0666) milliseconds in resume sending helper answer back to state
Oct 31 15:24:35.918316: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:24:35.918319: | libevent_free: delref ptr-libevent@0x7f6fdc006108
Oct 31 15:24:35.918325: | libevent_free: delref ptr-libevent@0x556b663ffcc8
Oct 31 15:24:35.918328: | processing callback v2_msgid_schedule_next_initiator for #1
Oct 31 15:24:35.918334: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:828)
Oct 31 15:24:35.918341: | Message ID: CHILD #1.#3 resuming SA using IKE SA (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:35.918346: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675)
Oct 31 15:24:35.918356: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675)
Oct 31 15:24:35.918359: | unsuspending #3 MD (nil)
Oct 31 15:24:35.918364: | opening output PBS reply packet
Oct 31 15:24:35.918368: | **emit ISAKMP Message:
Oct 31 15:24:35.918373: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.918378: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.918381: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:35.918384: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.918386: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Oct 31 15:24:35.918389: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:35.918393: |    Message ID: 2 (00 00 00 02)
Oct 31 15:24:35.918397: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:35.918400: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:35.918403: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.918405: |    flags: none (0x0)
Oct 31 15:24:35.918409: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:35.918411: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.918415: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:35.918439: | netlink_get_spi: allocated 0xdf167b2b for esp.0@192.1.3.33
Oct 31 15:24:35.918442: | Emitting ikev2_proposals ...
Oct 31 15:24:35.918445: | ****emit IKEv2 Security Association Payload:
Oct 31 15:24:35.918447: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.918450: |    flags: none (0x0)
Oct 31 15:24:35.918453: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:24:35.918455: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.918460: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.918464: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.918466: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.918469: |    prop #: 1 (01)
Oct 31 15:24:35.918472: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.918475: |    spi size: 4 (04)
Oct 31 15:24:35.918478: |    # transforms: 3 (03)
Oct 31 15:24:35.918481: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.918484: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.918488: | our spi: df 16 7b 2b
Oct 31 15:24:35.918490: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918493: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918495: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.918498: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.918501: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918504: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.918506: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.918510: |    length/value: 256 (01 00)
Oct 31 15:24:35.918512: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.918516: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.918518: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918521: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918523: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.918526: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.918529: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918536: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918539: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918542: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.918544: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.918546: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.918549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918555: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918557: | emitting length of IKEv2 Proposal Substructure Payload: 40
Oct 31 15:24:35.918559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.918563: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:35.918565: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.918568: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.918571: |    prop #: 2 (02)
Oct 31 15:24:35.918573: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.918576: |    spi size: 4 (04)
Oct 31 15:24:35.918579: |    # transforms: 3 (03)
Oct 31 15:24:35.918582: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.918585: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.918588: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.918591: | our spi: df 16 7b 2b
Oct 31 15:24:35.918594: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918596: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918599: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.918601: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.918604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918606: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.918609: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.918612: |    length/value: 128 (00 80)
Oct 31 15:24:35.918615: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.918618: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:35.918620: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918623: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918625: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.918628: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.918631: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918633: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918636: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918638: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918641: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.918643: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.918647: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.918650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918655: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918657: | emitting length of IKEv2 Proposal Substructure Payload: 40
Oct 31 15:24:35.918660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.918663: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.918666: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.918669: |    prop #: 3 (03)
Oct 31 15:24:35.918671: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.918674: |    spi size: 4 (04)
Oct 31 15:24:35.918677: |    # transforms: 5 (05)
Oct 31 15:24:35.918680: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.918682: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.918685: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.918689: | our spi: df 16 7b 2b
Oct 31 15:24:35.918691: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918694: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918696: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.918699: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:35.918701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918704: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.918706: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.918710: |    length/value: 256 (01 00)
Oct 31 15:24:35.918712: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.918715: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918717: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918720: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.918722: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:35.918725: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918730: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918733: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918735: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918738: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.918740: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:35.918743: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918745: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918748: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918750: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918753: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918755: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.918759: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.918762: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918764: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918767: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918769: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918772: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.918774: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.918776: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.918779: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918782: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918784: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918787: | emitting length of IKEv2 Proposal Substructure Payload: 56
Oct 31 15:24:35.918789: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.918792: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.918795: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:35.918798: |    prop #: 4 (04)
Oct 31 15:24:35.918800: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.918803: |    spi size: 4 (04)
Oct 31 15:24:35.918806: |    # transforms: 5 (05)
Oct 31 15:24:35.918809: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:35.918811: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:35.918814: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:35.918818: | our spi: df 16 7b 2b
Oct 31 15:24:35.918820: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918823: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918825: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.918827: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:35.918830: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918832: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.918835: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.918838: |    length/value: 128 (00 80)
Oct 31 15:24:35.918841: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:35.918843: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918846: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918848: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.918850: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:35.918853: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918856: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918858: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918861: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918863: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918866: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:35.918868: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:35.918872: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918874: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918877: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918880: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918882: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918884: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.918887: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.918890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918892: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918895: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918897: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.918900: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.918902: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.918905: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.918907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.918910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:35.918912: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:35.918915: | emitting length of IKEv2 Proposal Substructure Payload: 56
Oct 31 15:24:35.918917: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:35.918920: | emitting length of IKEv2 Security Association Payload: 196
Oct 31 15:24:35.918922: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:24:35.918925: | ****emit IKEv2 Nonce Payload:
Oct 31 15:24:35.918927: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.918930: |    flags: none (0x0)
Oct 31 15:24:35.918933: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Oct 31 15:24:35.918935: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.918938: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Oct 31 15:24:35.918940: | IKEv2 nonce:
Oct 31 15:24:35.918943: |   40 94 8d 01  a0 49 07 0a  8e 68 50 8f  73 f5 87 24
Oct 31 15:24:35.918945: |   0f ac bf 0a  3b 45 4d 38  61 d1 49 73  e5 e9 ea c3
Oct 31 15:24:35.918948: | emitting length of IKEv2 Nonce Payload: 36
Oct 31 15:24:35.918950: | ****emit IKEv2 Key Exchange Payload:
Oct 31 15:24:35.918953: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.918955: |    flags: none (0x0)
Oct 31 15:24:35.918958: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.918960: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Oct 31 15:24:35.918963: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.918966: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Oct 31 15:24:35.918968: | ikev2 g^x:
Oct 31 15:24:35.918971: |   7b e9 f5 68  a9 57 3b 62  c4 5f 10 af  1c 7c a0 7a
Oct 31 15:24:35.918973: |   04 67 81 0c  ff fc 6e 0d  59 1b b7 98  d8 00 6c df
Oct 31 15:24:35.918977: |   e9 76 0f 63  f7 3a 75 aa  c7 41 0d e7  b0 62 b7 2c
Oct 31 15:24:35.918979: |   22 67 f5 61  06 ab 89 1d  f0 c2 e1 96  98 b6 70 46
Oct 31 15:24:35.918981: |   65 b5 2e 78  e7 e2 19 0f  29 2f ef bd  b5 0f 0f 33
Oct 31 15:24:35.918984: |   03 9d 07 de  77 28 44 cf  93 8e 86 1f  4a 9d 61 99
Oct 31 15:24:35.918986: |   22 e5 d0 69  58 f7 49 8a  df 81 9f 56  86 e0 98 0b
Oct 31 15:24:35.918988: |   c2 75 6c bf  76 e2 83 fc  34 77 97 73  b9 fe 06 2a
Oct 31 15:24:35.918990: |   da 12 cb 2d  eb a1 d6 0f  f4 50 21 95  30 ab d1 a3
Oct 31 15:24:35.918993: |   8d f3 78 fe  25 47 5e c7  1c fc 9e b3  b7 2e 5a ee
Oct 31 15:24:35.918995: |   78 9a a6 ef  ec 20 f4 c8  f1 46 68 98  7d a4 4c e5
Oct 31 15:24:35.918997: |   da 6a 5a 96  83 3e eb 96  63 38 92 31  dc 9f e1 94
Oct 31 15:24:35.918999: |   f6 2b 0f 59  ed 42 55 49  45 6e c5 5c  ec e2 d2 16
Oct 31 15:24:35.919002: |   36 9a ed 40  31 fe 79 a8  f5 4d 69 96  d9 93 12 d0
Oct 31 15:24:35.919009: |   d9 76 b8 6c  e0 96 c4 15  2c 7c 7c 7a  68 61 e6 96
Oct 31 15:24:35.919011: |   e5 ef 2e a4  63 d8 5e ac  b9 e5 85 08  3b 29 fb da
Oct 31 15:24:35.919013: | emitting length of IKEv2 Key Exchange Payload: 264
Oct 31 15:24:35.919018: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:24:35.919020: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.919022: |    flags: none (0x0)
Oct 31 15:24:35.919026: |    number of TS: 1 (01)
Oct 31 15:24:35.919028: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Oct 31 15:24:35.919031: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.919034: | *****emit IKEv2 Traffic Selector:
Oct 31 15:24:35.919036: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.919039: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.919042: |    start port: 0 (00 00)
Oct 31 15:24:35.919045: |    end port: 65535 (ff ff)
Oct 31 15:24:35.919048: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:24:35.919052: | IP start: c0 00 03 00
Oct 31 15:24:35.919055: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:24:35.919058: | IP end: c0 00 03 ff
Oct 31 15:24:35.919060: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:24:35.919063: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Oct 31 15:24:35.919065: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:24:35.919068: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.919070: |    flags: none (0x0)
Oct 31 15:24:35.919073: |    number of TS: 1 (01)
Oct 31 15:24:35.919076: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Oct 31 15:24:35.919078: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:35.919081: | *****emit IKEv2 Traffic Selector:
Oct 31 15:24:35.919084: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.919086: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.919089: |    start port: 0 (00 00)
Oct 31 15:24:35.919093: |    end port: 65535 (ff ff)
Oct 31 15:24:35.919095: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:24:35.919099: | IP start: c0 00 16 00
Oct 31 15:24:35.919101: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:24:35.919104: | IP end: c0 00 16 ff
Oct 31 15:24:35.919107: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:24:35.919109: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Oct 31 15:24:35.919112: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE
Oct 31 15:24:35.919114: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:35.919117: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:35.919121: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:35.919123: | emitting length of IKEv2 Encryption Payload: 573
Oct 31 15:24:35.919126: | emitting length of ISAKMP Message: 601
Oct 31 15:24:35.919149: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.919153: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_OK
Oct 31 15:24:35.919156: | transitioning from state STATE_V2_NEW_CHILD_I0 to state STATE_V2_NEW_CHILD_I1
Oct 31 15:24:35.919158: | Message ID: updating counters for #3
Oct 31 15:24:35.919161: | Message ID: IKE #1 skipping update_recv as MD is fake
Oct 31 15:24:35.919168: | Message ID: CHILD #1.#3 scheduling EVENT_RETRANSMIT: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=2 child.wip.responder=-1
Oct 31 15:24:35.919172: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
Oct 31 15:24:35.919189: | event_schedule: newref EVENT_RETRANSMIT-pe@0x556b6642dc08
Oct 31 15:24:35.919192: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3
Oct 31 15:24:35.919194: | libevent_malloc: newref ptr-libevent@0x556b663ffcc8 size 128
Oct 31 15:24:35.919202: | #3 STATE_V2_NEW_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744550.351983
Oct 31 15:24:35.919213: | Message ID: CHILD #1.#3 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1->2 child.wip.responder=-1
Oct 31 15:24:35.919219: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:35.919223: | child state #3: V2_NEW_CHILD_I0(established IKE SA) => V2_NEW_CHILD_I1(established IKE SA)
Oct 31 15:24:35.919225: | announcing the state transition
Oct 31 15:24:35.919229: "northnet-eastnets/0x2" #3: sent CREATE_CHILD_SA request for new IPsec SA
Oct 31 15:24:35.919238: | sending 601 bytes for STATE_V2_NEW_CHILD_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:35.919241: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.919243: |   2e 20 24 08  00 00 00 02  00 00 02 59  21 00 02 3d
Oct 31 15:24:35.919245: |   27 6c 0b 31  11 3d f5 e0  f8 ad 6c 3d  02 cd ce 8d
Oct 31 15:24:35.919247: |   4d 32 39 57  8f b0 35 99  5f da 86 6f  8d 0c 3f c9
Oct 31 15:24:35.919250: |   19 16 61 7d  92 bb e9 d8  96 a6 6f 31  99 94 8a bf
Oct 31 15:24:35.919252: |   d9 a9 b6 37  e5 ce 2a 32  62 7e 7a fd  1a 76 96 08
Oct 31 15:24:35.919254: |   9f 60 1f 37  41 1f e1 02  7c 3f c7 74  0d e9 3a e0
Oct 31 15:24:35.919256: |   e7 ca 94 d8  a7 7f 3e 64  a3 10 1d ee  66 bc 3b ff
Oct 31 15:24:35.919258: |   57 82 03 29  72 b7 8f 24  49 9a 75 87  39 57 5f 9a
Oct 31 15:24:35.919261: |   3b 51 12 4f  b0 b7 d0 01  49 81 43 4b  db a2 30 f0
Oct 31 15:24:35.919263: |   51 94 f6 d6  fc 8e 05 50  da f8 51 8d  6b 20 c2 c9
Oct 31 15:24:35.919265: |   ec 71 39 d0  49 71 76 c0  e4 7f cd 9f  ea 45 f5 f5
Oct 31 15:24:35.919267: |   43 8f ba 7a  47 7b 50 6d  41 71 fa 11  b0 b2 07 3f
Oct 31 15:24:35.919269: |   a8 38 53 a6  4d e0 b9 72  e7 a8 02 63  03 74 55 aa
Oct 31 15:24:35.919271: |   ee 46 b7 a6  ff 9e ba c0  03 5c 6a 73  f2 17 eb 46
Oct 31 15:24:35.919274: |   bb cf d5 f5  6c c7 41 07  c0 14 14 e8  9d 71 fc 89
Oct 31 15:24:35.919276: |   23 da 2c ee  da ba 70 20  93 32 2b 7b  6c 7b 11 5c
Oct 31 15:24:35.919278: |   25 2e c1 8e  df 20 49 6a  f0 d6 fb 9e  98 97 18 19
Oct 31 15:24:35.919282: |   3d 62 4c c7  61 d9 dd 47  5e a4 b3 c1  1f 2b 31 56
Oct 31 15:24:35.919284: |   1c f8 0f e7  6b a0 33 1e  24 41 23 de  96 80 52 ef
Oct 31 15:24:35.919286: |   37 32 d3 b7  3a e4 a7 84  7c 42 ce 53  a8 ce 88 7c
Oct 31 15:24:35.919289: |   33 66 c8 ba  2b da 2c 83  10 8e 3f 0c  73 61 fb 5a
Oct 31 15:24:35.919291: |   7a 6f 20 26  91 b5 a6 32  44 58 58 70  3f 40 1d 88
Oct 31 15:24:35.919293: |   6d c8 7f b5  12 54 50 65  b6 ad 97 97  bf 7f 9d 3e
Oct 31 15:24:35.919295: |   09 34 43 06  c8 88 bb e6  25 61 55 a8  8a 7b e6 c7
Oct 31 15:24:35.919297: |   6e 79 3b 25  fc 70 24 92  97 bf 73 db  e5 b2 21 b4
Oct 31 15:24:35.919299: |   02 1a 09 95  20 59 80 ee  29 ee 2c cf  7e f1 2e 4e
Oct 31 15:24:35.919302: |   f6 16 7b 49  aa a5 b2 1c  0b b4 4a eb  bc c5 7b ed
Oct 31 15:24:35.919304: |   51 63 bf d1  78 6b 24 52  ce b1 fd 7c  86 8b a0 7f
Oct 31 15:24:35.919306: |   9e dd a4 d3  4e 6a 8c 1d  5a d8 f7 c9  0b 66 25 e6
Oct 31 15:24:35.919308: |   61 b9 ba ca  39 4c e0 e4  7a 59 f9 a5  12 36 a0 e7
Oct 31 15:24:35.919310: |   5f 7b a8 ad  a7 97 70 bd  32 ff 04 0a  86 ec 0c ff
Oct 31 15:24:35.919312: |   bc 8d bd 7c  0b 9e 4b 5b  fb f2 5a 68  7c f4 a3 01
Oct 31 15:24:35.919315: |   f8 5d 55 07  40 48 5c 0a  cd a8 97 44  5a 92 17 8e
Oct 31 15:24:35.919317: |   ea 12 da ee  8e 8f 6f 02  86 4c d3 97  de ea 16 dd
Oct 31 15:24:35.919319: |   94 ee c5 d6  12 61 34 a6  86 86 fe ed  11 1f c4 a5
Oct 31 15:24:35.919321: |   96 c7 05 6a  0c 51 5c 8e  3e bb 31 de  d9 07 67 6a
Oct 31 15:24:35.919323: |   d6 a1 54 32  ad b7 30 30  1d
Oct 31 15:24:35.919375: | sent 1 messages
Oct 31 15:24:35.919379: | checking that a retransmit timeout_event was already
Oct 31 15:24:35.919382: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:35.919385: | libevent_free: delref ptr-libevent@0x7f6fd8001868
Oct 31 15:24:35.919388: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b663f9b68
Oct 31 15:24:35.919391: | delref mdp@NULL (in initiate_next() at ikev2_msgid.c:705)
Oct 31 15:24:35.919396: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707)
Oct 31 15:24:35.919401: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707)
Oct 31 15:24:35.919406: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:832)
Oct 31 15:24:35.919411: | spent 1.04 (1.08) milliseconds in callback v2_msgid_schedule_next_initiator
Oct 31 15:24:35.953431: | spent 0.00233 (0.00231) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:35.953449: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.953453: | newref alloc logger@0x556b6640bce8(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:35.953460: | *received 449 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:35.953463: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.953465: |   2e 20 24 20  00 00 00 02  00 00 01 c1  21 00 01 a5
Oct 31 15:24:35.953468: |   38 46 2b 9b  ae b1 dc 26  55 b3 aa c1  3e 67 83 f3
Oct 31 15:24:35.953470: |   43 b8 52 61  ea e7 2b cb  25 5f 8b d4  4e 94 68 b6
Oct 31 15:24:35.953473: |   97 2a 37 81  2b 97 f0 79  f0 3a 1b c1  1e 6c 97 fc
Oct 31 15:24:35.953474: |   71 50 32 39  7b a9 17 4c  4c 0d aa c5  36 b5 94 ac
Oct 31 15:24:35.953476: |   0d 42 75 58  ad 37 f1 2d  23 1a ae 7c  98 b7 83 21
Oct 31 15:24:35.953478: |   b5 71 e1 c6  57 64 ab 56  8c ef 87 77  af e6 97 a3
Oct 31 15:24:35.953481: |   7b 44 97 c0  ef 5d 39 ba  99 9b 96 0f  17 4d 0e 17
Oct 31 15:24:35.953483: |   8e d5 1a 60  8a c7 f0 17  34 cf 20 eb  14 30 69 43
Oct 31 15:24:35.953485: |   ae 6d 49 73  d4 3e 4c cb  8d 27 c2 c2  3d ba bc 3f
Oct 31 15:24:35.953487: |   18 e9 45 02  33 9f 21 99  7c e4 2c e9  20 4e 6f af
Oct 31 15:24:35.953490: |   57 f6 1e 09  62 53 ca 4c  17 4f d5 c7  1a c3 eb 89
Oct 31 15:24:35.953492: |   c4 74 ba 30  ba a0 8d 9b  b2 e3 14 d1  74 e3 cb 42
Oct 31 15:24:35.953496: |   d3 6c 47 91  1f 43 b2 3f  88 4a 39 2c  57 c9 c9 c3
Oct 31 15:24:35.953498: |   ce af 54 e6  e7 04 52 95  47 16 a9 3b  d7 a6 e4 b0
Oct 31 15:24:35.953500: |   11 0f a6 95  be ed 0a ec  31 de e8 65  14 5c ed 69
Oct 31 15:24:35.953503: |   c6 12 45 d5  7d 3d 0c 0a  a0 cd 96 88  50 1c e6 3d
Oct 31 15:24:35.953505: |   d7 83 ed 77  84 34 2f 71  9a 0f 55 d8  4e 59 cf ff
Oct 31 15:24:35.953507: |   f9 07 3d 3a  64 57 a1 89  3f c8 85 71  82 77 69 65
Oct 31 15:24:35.953510: |   85 0c 38 f6  08 0e 28 34  50 07 9b a8  f6 dd 83 a0
Oct 31 15:24:35.953512: |   27 c9 81 b1  1c 2d 83 4d  a0 27 26 01  24 b3 04 60
Oct 31 15:24:35.953514: |   7f d1 53 0d  d4 f2 1a 18  fc 9f 1a 5b  4c c8 03 fa
Oct 31 15:24:35.953516: |   16 37 d6 f1  40 5f 72 cf  6c 44 28 53  b2 ac ac b4
Oct 31 15:24:35.953518: |   40 b0 6e 9c  60 63 e3 3a  d3 46 13 00  27 2b 8b 7f
Oct 31 15:24:35.953520: |   41 69 f0 25  bd 32 8a a5  e7 dd 05 70  1c ef ed be
Oct 31 15:24:35.953522: |   40 ec 64 5c  20 5a 4d 53  d0 3d a1 66  d9 01 93 d8
Oct 31 15:24:35.953524: |   93 3c ce a1  04 89 f5 02  2a 60 da 84  07 1b 08 d2
Oct 31 15:24:35.953525: |   ed
Oct 31 15:24:35.953530: | **parse ISAKMP Message:
Oct 31 15:24:35.953534: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:35.953537: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:35.953539: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:24:35.953541: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:35.953543: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Oct 31 15:24:35.953546: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:24:35.953549: |    Message ID: 2 (00 00 00 02)
Oct 31 15:24:35.953551: |    length: 449 (00 00 01 c1)
Oct 31 15:24:35.953554: |  processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36)
Oct 31 15:24:35.953557: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response 
Oct 31 15:24:35.953561: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa)
Oct 31 15:24:35.953568: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:35.953571: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_I1 (find_v2_sa_by_initiator_wip)
Oct 31 15:24:35.953574: | #3 is idle
Oct 31 15:24:35.953575: | #3 idle
Oct 31 15:24:35.953579: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.953583: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:35.953585: | unpacking clear payload
Oct 31 15:24:35.953587: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:24:35.953590: | ***parse IKEv2 Encryption Payload:
Oct 31 15:24:35.953592: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Oct 31 15:24:35.953594: |    flags: none (0x0)
Oct 31 15:24:35.953597: |    length: 421 (01 a5)
Oct 31 15:24:35.953599: | processing payload: ISAKMP_NEXT_v2SK (len=417)
Oct 31 15:24:35.953601: | #3 in state V2_NEW_CHILD_I1: sent CREATE_CHILD_SA request for new IPsec SA
Oct 31 15:24:35.953620: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success
Oct 31 15:24:35.953624: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Oct 31 15:24:35.953644: | **parse IKEv2 Security Association Payload:
Oct 31 15:24:35.953646: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Oct 31 15:24:35.953648: |    flags: none (0x0)
Oct 31 15:24:35.953652: |    length: 44 (00 2c)
Oct 31 15:24:35.953654: | processing payload: ISAKMP_NEXT_v2SA (len=40)
Oct 31 15:24:35.953657: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Oct 31 15:24:35.953659: | **parse IKEv2 Nonce Payload:
Oct 31 15:24:35.953661: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Oct 31 15:24:35.953664: |    flags: none (0x0)
Oct 31 15:24:35.953666: |    length: 36 (00 24)
Oct 31 15:24:35.953669: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Oct 31 15:24:35.953671: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Oct 31 15:24:35.953676: | **parse IKEv2 Key Exchange Payload:
Oct 31 15:24:35.953681: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Oct 31 15:24:35.953684: |    flags: none (0x0)
Oct 31 15:24:35.953687: |    length: 264 (01 08)
Oct 31 15:24:35.953690: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.953692: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Oct 31 15:24:35.953694: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Oct 31 15:24:35.953697: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:24:35.953700: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Oct 31 15:24:35.953702: |    flags: none (0x0)
Oct 31 15:24:35.953705: |    length: 24 (00 18)
Oct 31 15:24:35.953708: |    number of TS: 1 (01)
Oct 31 15:24:35.953711: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Oct 31 15:24:35.953713: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Oct 31 15:24:35.953716: | **parse IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:24:35.953718: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:35.953721: |    flags: none (0x0)
Oct 31 15:24:35.953724: |    length: 24 (00 18)
Oct 31 15:24:35.953727: |    number of TS: 1 (01)
Oct 31 15:24:35.953729: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Oct 31 15:24:35.953732: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response
Oct 31 15:24:35.953739: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2631)
Oct 31 15:24:35.953742: | forcing ST #3 to CHILD #1.#3 in FSM processor
Oct 31 15:24:35.953744: | calling processor Process CREATE_CHILD_SA IPsec SA Response
Oct 31 15:24:35.953759: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:35.953763: | comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals
Oct 31 15:24:35.953767: | local proposal 1 type ENCR has 1 transforms
Oct 31 15:24:35.953770: | local proposal 1 type PRF has 0 transforms
Oct 31 15:24:35.953772: | local proposal 1 type INTEG has 1 transforms
Oct 31 15:24:35.953774: | local proposal 1 type DH has 1 transforms
Oct 31 15:24:35.953777: | local proposal 1 type ESN has 1 transforms
Oct 31 15:24:35.953780: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG
Oct 31 15:24:35.953783: | local proposal 2 type ENCR has 1 transforms
Oct 31 15:24:35.953785: | local proposal 2 type PRF has 0 transforms
Oct 31 15:24:35.953787: | local proposal 2 type INTEG has 1 transforms
Oct 31 15:24:35.953790: | local proposal 2 type DH has 1 transforms
Oct 31 15:24:35.953792: | local proposal 2 type ESN has 1 transforms
Oct 31 15:24:35.953795: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG
Oct 31 15:24:35.953798: | local proposal 3 type ENCR has 1 transforms
Oct 31 15:24:35.953800: | local proposal 3 type PRF has 0 transforms
Oct 31 15:24:35.953803: | local proposal 3 type INTEG has 2 transforms
Oct 31 15:24:35.953805: | local proposal 3 type DH has 1 transforms
Oct 31 15:24:35.953807: | local proposal 3 type ESN has 1 transforms
Oct 31 15:24:35.953810: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none
Oct 31 15:24:35.953813: | local proposal 4 type ENCR has 1 transforms
Oct 31 15:24:35.953815: | local proposal 4 type PRF has 0 transforms
Oct 31 15:24:35.953818: | local proposal 4 type INTEG has 2 transforms
Oct 31 15:24:35.953821: | local proposal 4 type DH has 1 transforms
Oct 31 15:24:35.953823: | local proposal 4 type ESN has 1 transforms
Oct 31 15:24:35.953827: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none
Oct 31 15:24:35.953830: | ***parse IKEv2 Proposal Substructure Payload:
Oct 31 15:24:35.953835: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:35.953839: |    length: 40 (00 28)
Oct 31 15:24:35.953842: |    prop #: 1 (01)
Oct 31 15:24:35.953844: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:35.953847: |    spi size: 4 (04)
Oct 31 15:24:35.953850: |    # transforms: 3 (03)
Oct 31 15:24:35.953854: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Oct 31 15:24:35.953857: | remote SPI
Oct 31 15:24:35.953859: |   3e 9a 0d 8e
Oct 31 15:24:35.953862: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals
Oct 31 15:24:35.953865: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.953868: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.953871: |    length: 12 (00 0c)
Oct 31 15:24:35.953873: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:35.953875: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:35.953878: | *****parse IKEv2 Attribute Substructure Payload:
Oct 31 15:24:35.953881: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:35.953884: |    length/value: 256 (01 00)
Oct 31 15:24:35.953888: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Oct 31 15:24:35.953891: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.953894: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:35.953897: |    length: 8 (00 08)
Oct 31 15:24:35.953899: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:35.953901: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:35.953905: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Oct 31 15:24:35.953908: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:24:35.953913: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:35.953917: |    length: 8 (00 08)
Oct 31 15:24:35.953920: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:35.953922: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:35.953925: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Oct 31 15:24:35.953930: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none
Oct 31 15:24:35.953935: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN
Oct 31 15:24:35.953937: | remote proposal 1 matches local proposal 1
Oct 31 15:24:35.953941: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match]
Oct 31 15:24:35.953946: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-MODP2048-DISABLED SPI=3e9a0d8e
Oct 31 15:24:35.953949: | converting proposal to internal trans attrs
Oct 31 15:24:35.953985: | updating #3's .st_oakley with preserved PRF, but why update?
Oct 31 15:24:35.953993: | DH secret MODP2048@0x7f6fdc006ba8: transferring ownership from state #3 to helper DH
Oct 31 15:24:35.954000: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:35.954004: | addref fd@0x556b6640b548(1->2) (in clone_logger() at log.c:810)
Oct 31 15:24:35.954008: | newref clone logger@0x556b6640ad48(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:35.954012: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): adding job to queue
Oct 31 15:24:35.954015: | state #3 has no .st_event to delete
Oct 31 15:24:35.954019: | #3 requesting EVENT_RETRANSMIT-pe@0x556b6642dc08 be deleted
Oct 31 15:24:35.954024: | libevent_free: delref ptr-libevent@0x556b663ffcc8
Oct 31 15:24:35.954028: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x556b6642dc08
Oct 31 15:24:35.954031: | #3 STATE_V2_NEW_CHILD_I1: retransmits: cleared
Oct 31 15:24:35.954035: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b6642b0f8
Oct 31 15:24:35.954038: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
Oct 31 15:24:35.954042: | libevent_malloc: newref ptr-libevent@0x7f6fd8001868 size 128
Oct 31 15:24:35.954060: | #3 spent 0.289 (0.309) milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in v2_dispatch()
Oct 31 15:24:35.954067: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:35.954074: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1
Oct 31 15:24:35.954079: | suspending state #3 and saving MD 0x556b6640e158
Oct 31 15:24:35.954073: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): helper 4 starting job
Oct 31 15:24:35.954083: | addref md@0x556b6640e158(1->2) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:24:35.954232: | #3 is busy; has suspended MD 0x556b6640e158
Oct 31 15:24:35.954241: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:35.954249: | #1 spent 0.646 (0.826) milliseconds in ikev2_process_packet()
Oct 31 15:24:35.954252: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:35.954256: | delref mdp@0x556b6640e158(2->1) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:35.954260: | spent 0.66 (0.839) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:35.955107: | "northnet-eastnets/0x2" #3: spent 0.887 (1.03) milliseconds in helper 4 processing job 6 for state #3: ikev2 Child SA initiator pfs=yes (dh)
Oct 31 15:24:35.955117: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): helper thread 4 sending result back to state
Oct 31 15:24:35.955122: | scheduling resume sending helper answer back to state for #3
Oct 31 15:24:35.955127: | libevent_malloc: newref ptr-libevent@0x7f6fd0001fb8 size 128
Oct 31 15:24:35.955140: | helper thread 4 has nothing to do
Oct 31 15:24:35.955149: | processing resume sending helper answer back to state for #3
Oct 31 15:24:35.955160: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:35.955164: | unsuspending #3 MD 0x556b6640e158
Oct 31 15:24:35.955167: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): processing response from helper 4
Oct 31 15:24:35.955170: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): calling continuation function 0x556b657397cb
Oct 31 15:24:35.955172: | DH secret MODP2048@0x7f6fdc006ba8: transferring ownership from helper IKEv2 DH to state #3
Oct 31 15:24:35.955175: | ikev2_child_inR_continue() for #3 STATE_V2_NEW_CHILD_I1
Oct 31 15:24:35.955179: | TSi: parsing 1 traffic selectors
Oct 31 15:24:35.955184: | ***parse IKEv2 Traffic Selector:
Oct 31 15:24:35.955187: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.955189: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.955192: |    length: 16 (00 10)
Oct 31 15:24:35.955195: |    start port: 0 (00 00)
Oct 31 15:24:35.955201: |    end port: 65535 (ff ff)
Oct 31 15:24:35.955208: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:24:35.955210: | TS low
Oct 31 15:24:35.955212: |   c0 00 03 00
Oct 31 15:24:35.955214: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:24:35.955216: | TS high
Oct 31 15:24:35.955217: |   c0 00 03 ff
Oct 31 15:24:35.955219: | TSi: parsed 1 traffic selectors
Oct 31 15:24:35.955221: | TSr: parsing 1 traffic selectors
Oct 31 15:24:35.955223: | ***parse IKEv2 Traffic Selector:
Oct 31 15:24:35.955226: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:24:35.955228: |    IP Protocol ID: ALL (0x0)
Oct 31 15:24:35.955231: |    length: 16 (00 10)
Oct 31 15:24:35.955235: |    start port: 0 (00 00)
Oct 31 15:24:35.955237: |    end port: 65535 (ff ff)
Oct 31 15:24:35.955240: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:24:35.955242: | TS low
Oct 31 15:24:35.955244: |   c0 00 16 00
Oct 31 15:24:35.955246: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:24:35.955248: | TS high
Oct 31 15:24:35.955250: |   c0 00 16 ff
Oct 31 15:24:35.955255: | TSr: parsed 1 traffic selectors
Oct 31 15:24:35.955262: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their:
Oct 31 15:24:35.955268: |     TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:35.955277: |         match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32
Oct 31 15:24:35.955280: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Oct 31 15:24:35.955283: |           TSi[0] port match: YES fitness 65536
Oct 31 15:24:35.955286: |         narrow protocol end=*0 == TSi[0]=*0: 0
Oct 31 15:24:35.955289: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:35.955294: |     TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:24:35.955301: |         match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32
Oct 31 15:24:35.955304: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Oct 31 15:24:35.955306: |           TSr[0] port match: YES fitness 65536
Oct 31 15:24:35.955309: |         narrow protocol end=*0 == TSr[0]=*0: 0
Oct 31 15:24:35.955312: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Oct 31 15:24:35.955314: | best fit so far: TSi[0] TSr[0]
Oct 31 15:24:35.955316: | found an acceptable TSi/TSr Traffic Selector
Oct 31 15:24:35.955319: | printing contents struct traffic_selector
Oct 31 15:24:35.955321: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:24:35.955323: |   ipprotoid: 0
Oct 31 15:24:35.955326: |   port range: 0-65535
Oct 31 15:24:35.955330: |   ip range: 192.0.3.0-192.0.3.255
Oct 31 15:24:35.955332: | printing contents struct traffic_selector
Oct 31 15:24:35.955334: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:24:35.955336: |   ipprotoid: 0
Oct 31 15:24:35.955338: |   port range: 0-65535
Oct 31 15:24:35.955343: |   ip range: 192.0.22.0-192.0.22.255
Oct 31 15:24:35.955347: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36
Oct 31 15:24:35.955419: | install_ipsec_sa() for #3: inbound and outbound
Oct 31 15:24:35.955425: | could_route called for northnet-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500
Oct 31 15:24:35.955428: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:35.955431: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.955434: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000
Oct 31 15:24:35.955436: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.955439: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000
Oct 31 15:24:35.955443: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL
Oct 31 15:24:35.955446: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:24:35.955450: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:24:35.955452: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:24:35.955455: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:24:35.955459: | setting IPsec SA replay-window to 32
Oct 31 15:24:35.955462: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1
Oct 31 15:24:35.955466: | netlink: enabling tunnel mode
Oct 31 15:24:35.955468: | XFRM: adding IPsec SA with reqid 16393
Oct 31 15:24:35.955470: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:24:35.955473: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:24:35.955566: | netlink response for Add SA esp.3e9a0d8e@192.1.2.23 included non-error error
Oct 31 15:24:35.955572: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1
Oct 31 15:24:35.955574: | set up outgoing SA, ref=0/0
Oct 31 15:24:35.955578: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:24:35.955580: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:24:35.955583: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:24:35.955588: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:24:35.955592: | setting IPsec SA replay-window to 32
Oct 31 15:24:35.955595: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1
Oct 31 15:24:35.955598: | netlink: enabling tunnel mode
Oct 31 15:24:35.955600: | XFRM: adding IPsec SA with reqid 16393
Oct 31 15:24:35.955602: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:24:35.955605: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:24:35.955675: | netlink response for Add SA esp.df167b2b@192.1.3.33 included non-error error
Oct 31 15:24:35.955680: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1
Oct 31 15:24:35.955681: | setup_half_ipsec_sa() is installing inbound eroute
Oct 31 15:24:35.955684: | setup_half_ipsec_sa() before proto 50
Oct 31 15:24:35.955685: | setup_half_ipsec_sa() after proto 50
Oct 31 15:24:35.955687: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound)
Oct 31 15:24:35.955689: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce)
Oct 31 15:24:35.955695: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16393 (raw_eroute) proto=50
Oct 31 15:24:35.955699: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:35.955724: | raw_eroute result=success
Oct 31 15:24:35.955726: | set up incoming SA, ref=0/0
Oct 31 15:24:35.955729: | sr for #3: unrouted
Oct 31 15:24:35.955731: | route_and_eroute() for proto 0, and source port 0 dest port 0
Oct 31 15:24:35.955733: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:35.955735: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.955737: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000
Oct 31 15:24:35.955739: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:35.955741: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000
Oct 31 15:24:35.955744: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL
Oct 31 15:24:35.955747: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3
Oct 31 15:24:35.955749: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce)
Oct 31 15:24:35.955756: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 using reqid 16393 (raw_eroute) proto=50
Oct 31 15:24:35.955759: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:35.955773: | raw_eroute result=success
Oct 31 15:24:35.955777: | running updown command "ipsec _updown" for verb up 
Oct 31 15:24:35.955779: | command executing up-client
Oct 31 15:24:35.955784: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:35.955794: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:35.955855: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.955868: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.955888: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK...
Oct 31 15:24:35.955892: | popen cmd is 1507 chars long
Oct 31 15:24:35.955895: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0:
Oct 31 15:24:35.955897: | cmd(  80):x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT:
Oct 31 15:24:35.955899: | cmd( 160):O_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=:
Oct 31 15:24:35.955901: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user:
Oct 31 15:24:35.955902: | cmd( 320):-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET:
Oct 31 15:24:35.955904: | cmd( 400):='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO:
Oct 31 15:24:35.955906: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLU:
Oct 31 15:24:35.955908: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=eas:
Oct 31 15:24:35.955909: | cmd( 640):t.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='1:
Oct 31 15:24:35.955911: | cmd( 720):92.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255:
Oct 31 15:24:35.955913: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Onta:
Oct 31 15:24:35.955915: | cmd( 880):rio, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca:
Oct 31 15:24:35.955916: | cmd( 960):, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_C:
Oct 31 15:24:35.955918: | cmd(1040):ONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO:
Oct 31 15:24:35.955920: | cmd(1120):+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_:
Oct 31 15:24:35.955922: | cmd(1200):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=':
Oct 31 15:24:35.955924: | cmd(1280):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG:
Oct 31 15:24:35.955925: | cmd(1360):URED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_:
Oct 31 15:24:35.955927: | cmd(1440):SHARED='no' SPI_IN=0x3e9a0d8e SPI_OUT=0xdf167b2b ipsec _updown 2>&1:
Oct 31 15:24:35.973697: | route_and_eroute: firewall_notified: true
Oct 31 15:24:35.973710: | running updown command "ipsec _updown" for verb prepare 
Oct 31 15:24:35.973714: | command executing prepare-client
Oct 31 15:24:35.973722: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:35.973744: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:35.973782: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.973789: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.973805: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' P...
Oct 31 15:24:35.973810: | popen cmd is 1512 chars long
Oct 31 15:24:35.973812: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn:
Oct 31 15:24:35.973814: | cmd(  80):ets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='':
Oct 31 15:24:35.973815: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari:
Oct 31 15:24:35.973816: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E:
Oct 31 15:24:35.973818: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN:
Oct 31 15:24:35.973819: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M:
Oct 31 15:24:35.973821: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23:
Oct 31 15:24:35.973822: | cmd( 560):' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, C:
Oct 31 15:24:35.973823: | cmd( 640):N=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIE:
Oct 31 15:24:35.973825: | cmd( 720):NT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='25:
Oct 31 15:24:35.973826: | cmd( 800):5.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST:
Oct 31 15:24:35.973827: | cmd( 880):=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for m:
Oct 31 15:24:35.973829: | cmd( 960):ainca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PL:
Oct 31 15:24:35.973830: | cmd(1040):UTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+E:
Oct 31 15:24:35.973831: | cmd(1120):SN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' X:
Oct 31 15:24:35.973833: | cmd(1200):AUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_I:
Oct 31 15:24:35.973834: | cmd(1280):NFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_C:
Oct 31 15:24:35.973835: | cmd(1360):ONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no':
Oct 31 15:24:35.973837: | cmd(1440): VTI_SHARED='no' SPI_IN=0x3e9a0d8e SPI_OUT=0xdf167b2b ipsec _updown 2>&1:
Oct 31 15:24:35.985810: | running updown command "ipsec _updown" for verb route 
Oct 31 15:24:35.985900: | command executing route-client
Oct 31 15:24:35.985908: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:35.985928: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:35.986050: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.986066: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:35.986092: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO...
Oct 31 15:24:35.986096: | popen cmd is 1510 chars long
Oct 31 15:24:35.986103: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet:
Oct 31 15:24:35.986106: | cmd(  80):s/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P:
Oct 31 15:24:35.986166: | cmd( 160):LUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario,:
Oct 31 15:24:35.986171: | cmd( 240): L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=u:
Oct 31 15:24:35.986173: | cmd( 320):ser-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_:
Oct 31 15:24:35.986179: | cmd( 400):NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_:
Oct 31 15:24:35.986182: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' :
Oct 31 15:24:35.986184: | cmd( 560):PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=:
Oct 31 15:24:35.986187: | cmd( 640):east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT:
Oct 31 15:24:35.986189: | cmd( 720):='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.:
Oct 31 15:24:35.986191: | cmd( 800):255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=O:
Oct 31 15:24:35.986193: | cmd( 880):ntario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mai:
Oct 31 15:24:35.986196: | cmd( 960):nca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUT:
Oct 31 15:24:35.986286: | cmd(1040):O_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN:
Oct 31 15:24:35.986294: | cmd(1120):_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU:
Oct 31 15:24:35.986297: | cmd(1200):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF:
Oct 31 15:24:35.986299: | cmd(1280):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON:
Oct 31 15:24:35.986302: | cmd(1360):FIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' V:
Oct 31 15:24:35.986305: | cmd(1440):TI_SHARED='no' SPI_IN=0x3e9a0d8e SPI_OUT=0xdf167b2b ipsec _updown 2>&1:
Oct 31 15:24:36.005186: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005243: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005254: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005259: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005264: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005269: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005275: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005281: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005292: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005307: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005320: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005339: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005353: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005368: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005382: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005397: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005412: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005450: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005464: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005470: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005548: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005559: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005564: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005568: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005572: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005577: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005583: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005587: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005591: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005671: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005685: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005720: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005745: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005753: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005774: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005786: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005808: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005826: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005839: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005852: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005866: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005882: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005902: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005925: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005948: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.005965: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006131: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006144: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006162: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006177: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006196: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006218: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006248: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006315: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006361: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.006373: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:36.011495: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x556b663fb848,sr=0x556b663fb848} to #3 (was #0) (newest_ipsec_sa=#0)
Oct 31 15:24:36.011564: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1
Oct 31 15:24:36.011573: | delref logger@0x556b6640ad48(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:36.011576: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:36.011579: | delref fd@0x556b6640b548(2->1) (in free_logger() at log.c:854)
Oct 31 15:24:36.011588: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:36.011593: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1
Oct 31 15:24:36.011597: | transitioning from state STATE_V2_NEW_CHILD_I1 to state STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:24:36.011599: | Message ID: updating counters for #3
Oct 31 15:24:36.011608: | Message ID: CHILD #1.#3 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744550.347993 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:36.011615: | Message ID: CHILD #1.#3 updating initiator received message response 2: ike.initiator.sent=2 ike.initiator.recv=1->2 ike.initiator.last_contact=744550.347993->744550.444398 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=2->-1 child.wip.responder=-1
Oct 31 15:24:36.011621: | Message ID: CHILD #1.#3 skipping update_send as nothing to send: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:36.011628: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:36.011632: | child state #3: V2_NEW_CHILD_I1(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA)
Oct 31 15:24:36.011635: | pstats #3 ikev2.child established
Oct 31 15:24:36.011638: | announcing the state transition
Oct 31 15:24:36.011647: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0]
Oct 31 15:24:36.011660: | NAT-T: encaps is 'auto'
Oct 31 15:24:36.011666: "northnet-eastnets/0x2" #3: IPsec SA established tunnel mode {ESP=>0x3e9a0d8e <0xdf167b2b xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive}
Oct 31 15:24:36.011671: | releasing #3's fd-fd@0x556b6640b548 because IKEv2 transitions finished
Oct 31 15:24:36.011674: | delref fd@0x556b6640b548(1->0) (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:24:36.011680: | freeref fd-fd@0x556b6640b548 (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:24:36.011683: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:24:36.011686: | unpending #3's IKE SA #1
Oct 31 15:24:36.011688: | unpending state #1 connection "northnet-eastnets/0x2"
Oct 31 15:24:36.011691: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA
Oct 31 15:24:36.011694: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:24:36.011699: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:24:36.012180: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key)
Oct 31 15:24:36.012186: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:36.012192: | libevent_free: delref ptr-libevent@0x7f6fd8001868
Oct 31 15:24:36.012196: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b6642b0f8
Oct 31 15:24:36.012221: | event_schedule: newref EVENT_SA_REKEY-pe@0x556b6642b0f8
Oct 31 15:24:36.012229: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3
Oct 31 15:24:36.012233: | libevent_malloc: newref ptr-libevent@0x556b66424ee8 size 128
Oct 31 15:24:36.012239: | delref mdp@0x556b6640e158(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:36.012242: | delref logger@0x556b6640bce8(1->0) (in resume_handler() at server.c:743)
Oct 31 15:24:36.012245: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:36.012248: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:36.012258: | #3 spent 2.28 (57.1) milliseconds in resume sending helper answer back to state
Oct 31 15:24:36.012263: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:24:36.012267: | libevent_free: delref ptr-libevent@0x7f6fd0001fb8
Oct 31 15:24:36.012279: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:36.012284: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:36.012289: | spent 0.0048 (0.0047) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:36.012292: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:36.012295: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:36.012299: | spent 0.00342 (0.00345) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:36.012301: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:36.012305: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:36.012309: | spent 0.00329 (0.00349) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:36.083413: | newref struct fd@0x556b663dfcb8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:36.083427: | fd_accept: new fd-fd@0x556b663dfcb8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:36.083447: | whack: status
Oct 31 15:24:36.083630: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:36.083634: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:36.083851: | FOR_EACH_STATE_... in show_states (sort_states)
Oct 31 15:24:36.083855: | FOR_EACH_STATE_... in sort_states
Oct 31 15:24:36.083866: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:36.083887: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:36.083911: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:36.083921: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:36.083942: | delref fd@0x556b663dfcb8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:36.083948: | freeref fd-fd@0x556b663dfcb8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:36.083956: | spent 0.546 (0.552) milliseconds in whack
Oct 31 15:24:38.346458: | newref struct fd@0x556b66424df8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:38.346481: | fd_accept: new fd-fd@0x556b66424df8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:38.346498: | whack: traffic_status
Oct 31 15:24:38.346502: | FOR_EACH_STATE_... in show_traffic_status (sort_states)
Oct 31 15:24:38.346505: | FOR_EACH_STATE_... in sort_states
Oct 31 15:24:38.346516: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:38.346536: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:38.346571: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:38.346583: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:38.346610: | delref fd@0x556b66424df8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:38.346618: | freeref fd-fd@0x556b66424df8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:38.346627: | spent 0.18 (0.18) milliseconds in whack
Oct 31 15:24:39.309859: | newref struct fd@0x556b66424df8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:39.309877: | fd_accept: new fd-fd@0x556b66424df8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:39.309890: | whack: status
Oct 31 15:24:39.310089: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:39.310096: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:24:39.310313: | FOR_EACH_STATE_... in show_states (sort_states)
Oct 31 15:24:39.310324: | FOR_EACH_STATE_... in sort_states
Oct 31 15:24:39.310336: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:39.310362: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:39.310388: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:39.310397: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:39.310412: | delref fd@0x556b66424df8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:39.310417: | freeref fd-fd@0x556b66424df8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:24:39.310422: | spent 0.554 (0.574) milliseconds in whack
Oct 31 15:24:39.526379: | spent 0.00193 (0.00195) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:39.526397: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:39.526400: | newref alloc logger@0x556b6640ad48(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:39.526405: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:39.526407: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.526409: |   2e 20 25 00  00 00 00 00  00 00 00 45  2a 00 00 29
Oct 31 15:24:39.526410: |   16 f6 57 96  ca db 04 94  dc e7 ff 5f  40 8f d7 29
Oct 31 15:24:39.526411: |   8b c7 f7 ea  b3 45 8f db  6e 11 85 b1  c4 f8 c7 29
Oct 31 15:24:39.526413: |   be 36 8b 1f  f3
Oct 31 15:24:39.526416: | **parse ISAKMP Message:
Oct 31 15:24:39.526419: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:39.526421: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.526423: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:24:39.526425: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.526427: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:39.526428: |    flags: none (0x0)
Oct 31 15:24:39.526431: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:39.526433: |    length: 69 (00 00 00 45)
Oct 31 15:24:39.526435: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Oct 31 15:24:39.526437: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request 
Oct 31 15:24:39.526441: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa)
Oct 31 15:24:39.526447: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:39.526449: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Oct 31 15:24:39.526451: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Oct 31 15:24:39.526453: | #1 is idle
Oct 31 15:24:39.526457: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:39.526460: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:39.526462: | unpacking clear payload
Oct 31 15:24:39.526464: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:24:39.526466: | ***parse IKEv2 Encryption Payload:
Oct 31 15:24:39.526468: |    next payload type: ISAKMP_NEXT_v2D (0x2a)
Oct 31 15:24:39.526469: |    flags: none (0x0)
Oct 31 15:24:39.526471: |    length: 41 (00 29)
Oct 31 15:24:39.526473: | processing payload: ISAKMP_NEXT_v2SK (len=37)
Oct 31 15:24:39.526475: | #1 in state ESTABLISHED_IKE_SA: established IKE SA
Oct 31 15:24:39.526489: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Oct 31 15:24:39.526491: | Now let's proceed with payload (ISAKMP_NEXT_v2D)
Oct 31 15:24:39.526496: | **parse IKEv2 Delete Payload:
Oct 31 15:24:39.526498: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.526499: |    flags: none (0x0)
Oct 31 15:24:39.526501: |    length: 12 (00 0c)
Oct 31 15:24:39.526503: |    protocol ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.526505: |    SPI size: 4 (04)
Oct 31 15:24:39.526506: |    number of SPIs: 1 (00 01)
Oct 31 15:24:39.526508: | processing payload: ISAKMP_NEXT_v2D (len=4)
Oct 31 15:24:39.526510: | selected state microcode Informational Request
Oct 31 15:24:39.526514: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=-1->0
Oct 31 15:24:39.526516: | calling processor Informational Request
Oct 31 15:24:39.526518: | an informational request should send a response 
Oct 31 15:24:39.526522: | opening output PBS information exchange reply packet
Oct 31 15:24:39.526523: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Oct 31 15:24:39.526525: | **emit ISAKMP Message:
Oct 31 15:24:39.526528: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:39.526530: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.526531: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:39.526533: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.526534: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:39.526536: |    flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28)
Oct 31 15:24:39.526538: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:39.526540: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:39.526542: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:39.526544: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.526545: |    flags: none (0x0)
Oct 31 15:24:39.526547: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:39.526548: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:24:39.526550: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:39.526556: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI
Oct 31 15:24:39.526557: | SPI
Oct 31 15:24:39.526559: |   3e 9a 0d 8e
Oct 31 15:24:39.526560: | delete IKEv2_SEC_PROTO_ESP SA(0x3e9a0d8e)
Oct 31 15:24:39.526563: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:24:39.526564: | State DB: found IKEv2 state #3 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi)
Oct 31 15:24:39.526566: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x3e9a0d8e)
Oct 31 15:24:39.526568: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now
Oct 31 15:24:39.526570: | #3 requesting EVENT_SA_REKEY-pe@0x556b6642b0f8 be deleted
Oct 31 15:24:39.526573: | libevent_free: delref ptr-libevent@0x556b66424ee8
Oct 31 15:24:39.526575: | free_event_entry: delref EVENT_SA_REKEY-pe@0x556b6642b0f8
Oct 31 15:24:39.526577: | event_schedule: newref EVENT_SA_REPLACE-pe@0x556b6640bce8
Oct 31 15:24:39.526581: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3
Oct 31 15:24:39.526587: | libevent_malloc: newref ptr-libevent@0x7f6fd0001fb8 size 128
Oct 31 15:24:39.526590: | ****emit IKEv2 Delete Payload:
Oct 31 15:24:39.526593: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.526596: |    flags: none (0x0)
Oct 31 15:24:39.526598: |    protocol ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.526601: |    SPI size: 4 (04)
Oct 31 15:24:39.526604: |    number of SPIs: 1 (00 01)
Oct 31 15:24:39.526607: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Oct 31 15:24:39.526612: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:24:39.526615: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload
Oct 31 15:24:39.526619: | local SPIs: df 16 7b 2b
Oct 31 15:24:39.526621: | emitting length of IKEv2 Delete Payload: 12
Oct 31 15:24:39.526624: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:39.526627: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:39.526631: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:39.526633: | emitting length of IKEv2 Encryption Payload: 41
Oct 31 15:24:39.526636: | emitting length of ISAKMP Message: 69
Oct 31 15:24:39.526649: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:39.526652: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.526653: |   2e 20 25 28  00 00 00 00  00 00 00 45  2a 00 00 29
Oct 31 15:24:39.526655: |   86 66 af 92  eb ab a1 89  15 96 e5 1f  d0 26 86 29
Oct 31 15:24:39.526656: |   fd dc a8 b2  03 0f dc 3b  f8 76 10 e8  12 6c 45 c3
Oct 31 15:24:39.526657: |   ad e9 e8 e7  15
Oct 31 15:24:39.526689: | sent 1 messages
Oct 31 15:24:39.526694: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=0
Oct 31 15:24:39.526699: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744550.06318 ike.wip.initiator=-1 ike.wip.responder=0
Oct 31 15:24:39.526704: |   #1 spent 0.166 (0.185) milliseconds in processing: Informational Request in v2_dispatch()
Oct 31 15:24:39.526708: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:39.526711: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1
Oct 31 15:24:39.526716: | Message ID: updating counters for #1
Oct 31 15:24:39.526726: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744550.06318->744553.959517 ike.wip.initiator=-1 ike.wip.responder=0->-1
Oct 31 15:24:39.526733: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.959517 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:39.526739: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.959517 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:39.526742: | announcing the state transition
Oct 31 15:24:39.526745: "northnet-eastnets/0x2" #1: established IKE SA
Oct 31 15:24:39.526752: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:39.526756: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.526758: |   2e 20 25 28  00 00 00 00  00 00 00 45  2a 00 00 29
Oct 31 15:24:39.526760: |   86 66 af 92  eb ab a1 89  15 96 e5 1f  d0 26 86 29
Oct 31 15:24:39.526763: |   fd dc a8 b2  03 0f dc 3b  f8 76 10 e8  12 6c 45 c3
Oct 31 15:24:39.526767: |   ad e9 e8 e7  15
Oct 31 15:24:39.526785: | sent 1 messages
Oct 31 15:24:39.526790: | #1 is retaining EVENT_SA_REKEY with is previously set timeout
Oct 31 15:24:39.526795: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:39.526801: | #1 spent 0.403 (0.428) milliseconds in ikev2_process_packet()
Oct 31 15:24:39.526804: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:39.526807: | delref mdp@0x556b6640e158(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:39.526810: | delref logger@0x556b6640ad48(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:39.526813: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.526816: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.526822: | spent 0.424 (0.449) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:39.526829: | timer_event_cb: processing event@0x556b6640bce8
Oct 31 15:24:39.526832: | handling event EVENT_SA_REPLACE for child state #3
Oct 31 15:24:39.526835: | libevent_free: delref ptr-libevent@0x7f6fd0001fb8
Oct 31 15:24:39.526838: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x556b6640bce8
Oct 31 15:24:39.526843: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188)
Oct 31 15:24:39.526847: | picked newest_ipsec_sa #3 for #3
Oct 31 15:24:39.526850: | replacing stale CHILD SA
Oct 31 15:24:39.526854: | FOR_EACH_STATE_... in find_phase1_state
Oct 31 15:24:39.526858: | FOR_EACH_STATE_... in find_pending_phase2
Oct 31 15:24:39.526864: | newref alloc logger@0x556b6642b0f8(0->1) (in new_state() at state.c:576)
Oct 31 15:24:39.526867: | addref fd@NULL (in new_state() at state.c:577)
Oct 31 15:24:39.526869: | creating state object #4 at 0x556b66423d18
Oct 31 15:24:39.526871: | State DB: adding IKEv2 state #4 in UNDEFINED
Oct 31 15:24:39.526880: | pstats #4 ikev2.child started
Oct 31 15:24:39.526883: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA
Oct 31 15:24:39.526889: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581)
Oct 31 15:24:39.526898: | Message ID: CHILD #1.#4 initializing (CHILD SA): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.959517 child.wip.initiator=0->-1 child.wip.responder=0->-1
Oct 31 15:24:39.526903: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA)
Oct 31 15:24:39.526907: | #4.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666)
Oct 31 15:24:39.526912: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960)
Oct 31 15:24:39.526916: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960)
Oct 31 15:24:39.526930: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:39.526937: | #4 schedule rekey initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 to replace #3 using IKE# 1 pfs=MODP2048
Oct 31 15:24:39.526941: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x556b6640bce8
Oct 31 15:24:39.526944: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4
Oct 31 15:24:39.526947: | libevent_malloc: newref ptr-libevent@0x556b66424ee8 size 128
Oct 31 15:24:39.526952: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035)
Oct 31 15:24:39.526956: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x556b664249b8
Oct 31 15:24:39.526960: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3
Oct 31 15:24:39.526963: | libevent_malloc: newref ptr-libevent@0x7f6fdc006108 size 128
Oct 31 15:24:39.526969: | #3 spent 0.138 (0.138) milliseconds in timer_event_cb() EVENT_SA_REPLACE
Oct 31 15:24:39.526971: | processing: STOP state #0 (in timer_event_cb() at timer.c:447)
Oct 31 15:24:39.526976: | timer_event_cb: processing event@0x556b6640bce8
Oct 31 15:24:39.526979: | handling event EVENT_v2_INITIATE_CHILD for child state #4
Oct 31 15:24:39.526982: | libevent_free: delref ptr-libevent@0x556b66424ee8
Oct 31 15:24:39.526984: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x556b6640bce8
Oct 31 15:24:39.526989: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188)
Oct 31 15:24:39.526995: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:39.526997: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:39.527001: | newref clone logger@0x556b6640ad48(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:39.527004: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue
Oct 31 15:24:39.527007: | state #4 has no .st_event to delete
Oct 31 15:24:39.527009: | #4 STATE_V2_REKEY_CHILD_I0: retransmits: cleared
Oct 31 15:24:39.527013: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b6640bce8
Oct 31 15:24:39.527015: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4
Oct 31 15:24:39.527018: | libevent_malloc: newref ptr-libevent@0x556b66424ee8 size 128
Oct 31 15:24:39.527028: | #4 spent 0.0496 (0.0497) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD
Oct 31 15:24:39.527033: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447)
Oct 31 15:24:39.527037: | timer_event_cb: processing event@0x556b664249b8
Oct 31 15:24:39.527039: | handling event EVENT_SA_EXPIRE for child state #3
Oct 31 15:24:39.527040: | libevent_free: delref ptr-libevent@0x7f6fdc006108
Oct 31 15:24:39.527040: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 2 starting job
Oct 31 15:24:39.527043: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x556b664249b8
Oct 31 15:24:39.527055: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188)
Oct 31 15:24:39.527058: | picked newest_ipsec_sa #3 for #3
Oct 31 15:24:39.527060: | un-established partial CHILD SA timeout (SA expired)
Oct 31 15:24:39.527061: | pstats #3 ikev2.child re-failed exchange-timeout
Oct 31 15:24:39.527063: | should_send_delete: no, just because
Oct 31 15:24:39.527065: | pstats #3 ikev2.child deleted completed
Oct 31 15:24:39.527068: | #3 main thread spent 2.82 (57.7) milliseconds helper thread spent 2.65 (3.49) milliseconds in total
Oct 31 15:24:39.527070: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.527072: | should_send_delete: no, just because
Oct 31 15:24:39.527074: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.611751s and NOT sending notification
Oct 31 15:24:39.527077: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete
Oct 31 15:24:39.527080: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:39.527092: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:39.527097: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B
Oct 31 15:24:39.527100: | unsuspending #3 MD (nil)
Oct 31 15:24:39.527101: | should_send_delete: no, just because
Oct 31 15:24:39.527103: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational)
Oct 31 15:24:39.527105: | state #3 has no .st_event to delete
Oct 31 15:24:39.527106: | #3 STATE_CHILDSA_DEL: retransmits: cleared
Oct 31 15:24:39.527366: | running updown command "ipsec _updown" for verb down 
Oct 31 15:24:39.527375: | command executing down-client
Oct 31 15:24:39.527384: | get_sa_info esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:39.527395: | get_sa_info esp.df167b2b@192.1.3.33
Oct 31 15:24:39.527453: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:39.527467: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:39.527491: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_S...
Oct 31 15:24:39.527495: | popen cmd is 1513 chars long
Oct 31 15:24:39.527498: | cmd(   0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets:
Oct 31 15:24:39.527501: | cmd(  80):/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL:
Oct 31 15:24:39.527503: | cmd( 160):UTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, :
Oct 31 15:24:39.527506: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=us:
Oct 31 15:24:39.527508: | cmd( 320):er-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_N:
Oct 31 15:24:39.527510: | cmd( 400):ET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_P:
Oct 31 15:24:39.527512: | cmd( 480):ROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' P:
Oct 31 15:24:39.527514: | cmd( 560):LUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e:
Oct 31 15:24:39.527517: | cmd( 640):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT=:
Oct 31 15:24:39.527519: | cmd( 720):'192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.2:
Oct 31 15:24:39.527521: | cmd( 800):55.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=On:
Oct 31 15:24:39.527523: | cmd( 880):tario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for main:
Oct 31 15:24:39.527526: | cmd( 960):ca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO:
Oct 31 15:24:39.527528: | cmd(1040):_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_:
Oct 31 15:24:39.527531: | cmd(1120):NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUT:
Oct 31 15:24:39.527533: | cmd(1200):H_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO:
Oct 31 15:24:39.527535: | cmd(1280):='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF:
Oct 31 15:24:39.527537: | cmd(1360):IGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES='168' VTI_IFACE='' VTI_ROUTING='no:
Oct 31 15:24:39.527540: | cmd(1440):' VTI_SHARED='no' SPI_IN=0x3e9a0d8e SPI_OUT=0xdf167b2b ipsec _updown 2>&1:
Oct 31 15:24:39.529326: | "northnet-eastnets/0x2" #4: spent 1.68 (2.28) milliseconds in helper 2 processing job 7 for state #4: Child Rekey Initiator KE and nonce ni (pcr)
Oct 31 15:24:39.529342: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 2 sending result back to state
Oct 31 15:24:39.529350: | scheduling resume sending helper answer back to state for #4
Oct 31 15:24:39.529355: | libevent_malloc: newref ptr-libevent@0x7f6fd4006108 size 128
Oct 31 15:24:39.529363: | helper thread 2 has nothing to do
Oct 31 15:24:39.538830: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0
Oct 31 15:24:39.538844: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0
Oct 31 15:24:39.538848: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce)
Oct 31 15:24:39.538853: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:39.538878: | delete esp.3e9a0d8e@192.1.2.23
Oct 31 15:24:39.538883: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:24:39.538898: | netlink response for Del SA esp.3e9a0d8e@192.1.2.23 included non-error error
Oct 31 15:24:39.538901: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce)
Oct 31 15:24:39.538907: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50
Oct 31 15:24:39.538930: | raw_eroute result=success
Oct 31 15:24:39.538935: | delete esp.df167b2b@192.1.3.33
Oct 31 15:24:39.538938: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:24:39.538950: | netlink response for Del SA esp.df167b2b@192.1.3.33 included non-error error
Oct 31 15:24:39.538954: | in connection_discard for connection northnet-eastnets/0x2
Oct 31 15:24:39.538957: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL
Oct 31 15:24:39.538962: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore)
Oct 31 15:24:39.538965: | releasing #3's fd-fd@(nil) because deleting state
Oct 31 15:24:39.538968: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.538970: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.538973: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:24:39.538991: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.539000: | delref logger@0x556b66401c48(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:39.539003: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.539005: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.539009: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa)
Oct 31 15:24:39.539012: | can't expire unused IKE SA #1; it has the child #4
Oct 31 15:24:39.539015: | in statetime_stop() and could not find #3
Oct 31 15:24:39.539018: | processing: STOP state #0 (in timer_event_cb() at timer.c:447)
Oct 31 15:24:39.539040: | spent 0.00194 (0.0019) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:39.539049: | newref struct msg_digest@0x556b6640e158(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:39.539053: | newref alloc logger@0x556b664249b8(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:39.539060: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:39.539062: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.539065: |   2e 20 25 00  00 00 00 01  00 00 00 45  2a 00 00 29
Oct 31 15:24:39.539067: |   f9 3e 9b 38  5e 2f e5 92  5b 10 0f 66  bd 7f 5c ef
Oct 31 15:24:39.539069: |   05 6a 25 91  f4 78 c1 33  76 32 37 10  54 2c 15 18
Oct 31 15:24:39.539071: |   3b ca 96 2e  4e
Oct 31 15:24:39.539076: | **parse ISAKMP Message:
Oct 31 15:24:39.539080: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:39.539084: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.539087: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:24:39.539090: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.539092: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:39.539095: |    flags: none (0x0)
Oct 31 15:24:39.539099: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:39.539102: |    length: 69 (00 00 00 45)
Oct 31 15:24:39.539107: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Oct 31 15:24:39.539111: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request 
Oct 31 15:24:39.539114: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa)
Oct 31 15:24:39.539122: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:39.539125: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Oct 31 15:24:39.539128: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Oct 31 15:24:39.539131: | #1 is idle
Oct 31 15:24:39.539139: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.959517 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:39.539145: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:39.539147: | unpacking clear payload
Oct 31 15:24:39.539150: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:24:39.539154: | ***parse IKEv2 Encryption Payload:
Oct 31 15:24:39.539157: |    next payload type: ISAKMP_NEXT_v2D (0x2a)
Oct 31 15:24:39.539160: |    flags: none (0x0)
Oct 31 15:24:39.539163: |    length: 41 (00 29)
Oct 31 15:24:39.539166: | processing payload: ISAKMP_NEXT_v2SK (len=37)
Oct 31 15:24:39.539169: | #1 in state ESTABLISHED_IKE_SA: established IKE SA
Oct 31 15:24:39.539184: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Oct 31 15:24:39.539187: | Now let's proceed with payload (ISAKMP_NEXT_v2D)
Oct 31 15:24:39.539190: | **parse IKEv2 Delete Payload:
Oct 31 15:24:39.539193: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.539195: |    flags: none (0x0)
Oct 31 15:24:39.539217: |    length: 12 (00 0c)
Oct 31 15:24:39.539224: |    protocol ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.539227: |    SPI size: 4 (04)
Oct 31 15:24:39.539229: |    number of SPIs: 1 (00 01)
Oct 31 15:24:39.539232: | processing payload: ISAKMP_NEXT_v2D (len=4)
Oct 31 15:24:39.539234: | selected state microcode Informational Request
Oct 31 15:24:39.539239: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.959517 ike.wip.initiator=-1 ike.wip.responder=-1->1
Oct 31 15:24:39.539241: | calling processor Informational Request
Oct 31 15:24:39.539243: | an informational request should send a response 
Oct 31 15:24:39.539247: | opening output PBS information exchange reply packet
Oct 31 15:24:39.539248: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Oct 31 15:24:39.539250: | **emit ISAKMP Message:
Oct 31 15:24:39.539253: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:39.539255: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.539257: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:39.539258: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.539260: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:39.539262: |    flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28)
Oct 31 15:24:39.539264: |    Message ID: 1 (00 00 00 01)
Oct 31 15:24:39.539266: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:39.539268: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:39.539269: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.539271: |    flags: none (0x0)
Oct 31 15:24:39.539273: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:39.539274: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:24:39.539278: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:39.539285: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI
Oct 31 15:24:39.539287: | SPI
Oct 31 15:24:39.539288: |   c3 17 78 87
Oct 31 15:24:39.539294: | delete IKEv2_SEC_PROTO_ESP SA(0xc3177887)
Oct 31 15:24:39.539297: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:24:39.539298: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi)
Oct 31 15:24:39.539300: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0xc3177887)
Oct 31 15:24:39.539303: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now
Oct 31 15:24:39.539305: | #2 requesting EVENT_SA_REKEY-pe@0x556b663f86f8 be deleted
Oct 31 15:24:39.539307: | libevent_free: delref ptr-libevent@0x556b66416378
Oct 31 15:24:39.539309: | free_event_entry: delref EVENT_SA_REKEY-pe@0x556b663f86f8
Oct 31 15:24:39.539311: | event_schedule: newref EVENT_SA_REPLACE-pe@0x556b66401c48
Oct 31 15:24:39.539313: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2
Oct 31 15:24:39.539315: | libevent_malloc: newref ptr-libevent@0x7f6fdc0038b8 size 128
Oct 31 15:24:39.539318: | ****emit IKEv2 Delete Payload:
Oct 31 15:24:39.539322: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.539326: |    flags: none (0x0)
Oct 31 15:24:39.539328: |    protocol ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.539331: |    SPI size: 4 (04)
Oct 31 15:24:39.539334: |    number of SPIs: 1 (00 01)
Oct 31 15:24:39.539337: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Oct 31 15:24:39.539340: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:24:39.539343: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload
Oct 31 15:24:39.539346: | local SPIs: b0 82 2f 84
Oct 31 15:24:39.539349: | emitting length of IKEv2 Delete Payload: 12
Oct 31 15:24:39.539351: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:39.539354: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:39.539358: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:39.539360: | emitting length of IKEv2 Encryption Payload: 41
Oct 31 15:24:39.539363: | emitting length of ISAKMP Message: 69
Oct 31 15:24:39.539382: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:39.539387: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.539391: |   2e 20 25 28  00 00 00 01  00 00 00 45  2a 00 00 29
Oct 31 15:24:39.539395: |   9b 02 7f 9b  06 a4 65 50  b4 b1 27 c3  1e d2 aa 72
Oct 31 15:24:39.539398: |   44 2a eb 8f  31 11 03 f2  2b a6 07 59  03 37 fe 06
Oct 31 15:24:39.539400: |   cc 7b 77 f3  b5
Oct 31 15:24:39.539432: | sent 1 messages
Oct 31 15:24:39.539441: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.959517 ike.wip.initiator=-1 ike.wip.responder=1
Oct 31 15:24:39.539449: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744553.959517 ike.wip.initiator=-1 ike.wip.responder=1
Oct 31 15:24:39.539454: |   #1 spent 0.193 (0.21) milliseconds in processing: Informational Request in v2_dispatch()
Oct 31 15:24:39.539458: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:39.539463: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1
Oct 31 15:24:39.539465: | Message ID: updating counters for #1
Oct 31 15:24:39.539470: | Message ID: IKE #1 updating responder received message request 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=0->1 ike.responder.last_contact=744553.959517->744553.972264 ike.wip.initiator=-1 ike.wip.responder=1->-1
Oct 31 15:24:39.539473: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:39.539477: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:39.539479: | announcing the state transition
Oct 31 15:24:39.539484: "northnet-eastnets/0x2" #1: established IKE SA
Oct 31 15:24:39.539492: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:39.539495: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.539498: |   2e 20 25 28  00 00 00 01  00 00 00 45  2a 00 00 29
Oct 31 15:24:39.539500: |   9b 02 7f 9b  06 a4 65 50  b4 b1 27 c3  1e d2 aa 72
Oct 31 15:24:39.539503: |   44 2a eb 8f  31 11 03 f2  2b a6 07 59  03 37 fe 06
Oct 31 15:24:39.539505: |   cc 7b 77 f3  b5
Oct 31 15:24:39.539521: | sent 1 messages
Oct 31 15:24:39.539526: | #1 is retaining EVENT_SA_REKEY with is previously set timeout
Oct 31 15:24:39.539531: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:39.539536: | #1 spent 0.461 (0.501) milliseconds in ikev2_process_packet()
Oct 31 15:24:39.539538: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:39.539540: | delref mdp@0x556b6640e158(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:39.539542: | delref logger@0x556b664249b8(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:39.539544: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.539545: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.539549: | spent 0.474 (0.515) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:39.539552: | processing resume sending helper answer back to state for #4
Oct 31 15:24:39.539555: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:39.539557: | unsuspending #4 MD (nil)
Oct 31 15:24:39.539560: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 2
Oct 31 15:24:39.539561: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x556b65737fe7
Oct 31 15:24:39.539563: | ikev2_child_outI_continue() for #4 STATE_V2_REKEY_CHILD_I0
Oct 31 15:24:39.539566: | DH secret MODP2048@0x7f6fd4006ba8: transferring ownership from helper KE to state #4
Oct 31 15:24:39.539568: | adding CHILD SA #4 to IKE SA #1 message initiator queue
Oct 31 15:24:39.539572: | Message ID: CHILD #1.#4 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:39.539574: | scheduling callback v2_msgid_schedule_next_initiator (#1)
Oct 31 15:24:39.539575: | libevent_malloc: newref ptr-libevent@0x556b66416378 size 128
Oct 31 15:24:39.539579: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:39.539583: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 with status STF_SUSPEND
Oct 31 15:24:39.539584: | no MD to suspend
Oct 31 15:24:39.539586: | delref logger@0x556b6640ad48(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:39.539588: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.539590: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.539592: | resume sending helper answer back to state for #4 suppresed complete_v2_state_transition()
Oct 31 15:24:39.539594: | delref mdp@NULL (in resume_handler() at server.c:743)
Oct 31 15:24:39.539597: | #4 spent 0.0389 (0.0389) milliseconds in resume sending helper answer back to state
Oct 31 15:24:39.539600: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:24:39.539602: | libevent_free: delref ptr-libevent@0x7f6fd4006108
Oct 31 15:24:39.539604: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:39.539608: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:39.539610: | spent 0.00383 (0.00382) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:39.539615: | timer_event_cb: processing event@0x556b66401c48
Oct 31 15:24:39.539617: | handling event EVENT_SA_REPLACE for child state #2
Oct 31 15:24:39.539622: | libevent_free: delref ptr-libevent@0x7f6fdc0038b8
Oct 31 15:24:39.539626: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x556b66401c48
Oct 31 15:24:39.539632: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188)
Oct 31 15:24:39.539637: | picked newest_ipsec_sa #2 for #2
Oct 31 15:24:39.539640: | replacing stale CHILD SA
Oct 31 15:24:39.539643: | FOR_EACH_STATE_... in find_phase1_state
Oct 31 15:24:39.539647: | FOR_EACH_STATE_... in find_pending_phase2
Oct 31 15:24:39.539653: | newref alloc logger@0x556b663f86f8(0->1) (in new_state() at state.c:576)
Oct 31 15:24:39.539656: | addref fd@NULL (in new_state() at state.c:577)
Oct 31 15:24:39.539659: | creating state object #5 at 0x556b6642bc98
Oct 31 15:24:39.539662: | State DB: adding IKEv2 state #5 in UNDEFINED
Oct 31 15:24:39.539670: | pstats #5 ikev2.child started
Oct 31 15:24:39.539673: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA
Oct 31 15:24:39.539676: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581)
Oct 31 15:24:39.539689: | Message ID: CHILD #1.#5 initializing (CHILD SA): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 child.wip.initiator=0->-1 child.wip.responder=0->-1
Oct 31 15:24:39.539694: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA)
Oct 31 15:24:39.539698: | #5.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666)
Oct 31 15:24:39.539701: | in connection_discard for connection northnet-eastnets/0x2
Oct 31 15:24:39.539707: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960)
Oct 31 15:24:39.539712: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960)
Oct 31 15:24:39.539716: | create child proposal's DH changed from no-PFS to MODP2048, flushing
Oct 31 15:24:39.539720: | constructing ESP/AH proposals with default DH MODP2048  for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals)
Oct 31 15:24:39.539725: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Oct 31 15:24:39.539732: | ...  ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED
Oct 31 15:24:39.539734: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Oct 31 15:24:39.539737: | ...  ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED
Oct 31 15:24:39.539741: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:39.539744: | ...  ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:39.539745: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:24:39.539748: | ...  ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:39.539750: "northnet-eastnets/0x1": local ESP/AH proposals (ESP/AH initiator emitting proposals): 
Oct 31 15:24:39.539753: "northnet-eastnets/0x1":   1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED
Oct 31 15:24:39.539755: "northnet-eastnets/0x1":   2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED
Oct 31 15:24:39.539757: "northnet-eastnets/0x1":   3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:39.539760: "northnet-eastnets/0x1":   4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED
Oct 31 15:24:39.539764: | #5 schedule rekey initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 to replace #2 using IKE# 1 pfs=MODP2048
Oct 31 15:24:39.539766: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x556b663dfeb8
Oct 31 15:24:39.539768: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5
Oct 31 15:24:39.539770: | libevent_malloc: newref ptr-libevent@0x7f6fd4006108 size 128
Oct 31 15:24:39.539773: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035)
Oct 31 15:24:39.539775: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x556b6640ad48
Oct 31 15:24:39.539777: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2
Oct 31 15:24:39.539778: | libevent_malloc: newref ptr-libevent@0x7f6fdc006108 size 128
Oct 31 15:24:39.539782: | #2 spent 0.163 (0.167) milliseconds in timer_event_cb() EVENT_SA_REPLACE
Oct 31 15:24:39.539784: | processing: STOP state #0 (in timer_event_cb() at timer.c:447)
Oct 31 15:24:39.539786: | libevent_free: delref ptr-libevent@0x556b66416378
Oct 31 15:24:39.539788: | processing callback v2_msgid_schedule_next_initiator for #1
Oct 31 15:24:39.539791: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:828)
Oct 31 15:24:39.539795: | Message ID: CHILD #1.#4 resuming SA using IKE SA (unack 0): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:24:39.539798: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675)
Oct 31 15:24:39.539801: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675)
Oct 31 15:24:39.539803: | unsuspending #4 MD (nil)
Oct 31 15:24:39.539809: | opening output PBS reply packet
Oct 31 15:24:39.539813: | **emit ISAKMP Message:
Oct 31 15:24:39.539817: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:39.539821: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.539824: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:39.539826: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.539829: |    exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24)
Oct 31 15:24:39.539832: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:39.539836: |    Message ID: 3 (00 00 00 03)
Oct 31 15:24:39.539839: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:39.539842: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:39.539845: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.539848: |    flags: none (0x0)
Oct 31 15:24:39.539851: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:39.539854: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.539859: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:39.539874: | netlink_get_spi: allocated 0x6a7bb589 for esp.0@192.1.3.33
Oct 31 15:24:39.539876: | Emitting ikev2_proposals ...
Oct 31 15:24:39.539878: | ****emit IKEv2 Security Association Payload:
Oct 31 15:24:39.539880: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.539881: |    flags: none (0x0)
Oct 31 15:24:39.539883: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:24:39.539885: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.539888: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:39.539890: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.539891: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.539893: |    prop #: 1 (01)
Oct 31 15:24:39.539895: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.539897: |    spi size: 4 (04)
Oct 31 15:24:39.539898: |    # transforms: 3 (03)
Oct 31 15:24:39.539900: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.539902: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:39.539904: | our spi: 6a 7b b5 89
Oct 31 15:24:39.539906: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.539908: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.539909: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.539911: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:39.539912: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.539914: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.539916: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.539918: |    length/value: 256 (01 00)
Oct 31 15:24:39.539919: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.539921: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:39.539923: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.539924: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.539926: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.539927: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.539929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.539931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.539932: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.539934: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.539935: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.539937: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:39.539938: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:39.539940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.539941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.539943: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.539944: | emitting length of IKEv2 Proposal Substructure Payload: 40
Oct 31 15:24:39.539946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.539951: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:39.539952: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.539954: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.539956: |    prop #: 2 (02)
Oct 31 15:24:39.539957: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.539959: |    spi size: 4 (04)
Oct 31 15:24:39.539960: |    # transforms: 3 (03)
Oct 31 15:24:39.539962: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.539964: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.539965: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:39.539967: | our spi: 6a 7b b5 89
Oct 31 15:24:39.539969: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.539970: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.539972: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.539973: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:39.539975: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.539976: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.539978: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.539980: |    length/value: 128 (00 80)
Oct 31 15:24:39.539981: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.539983: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:39.539984: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.539986: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.539987: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.539989: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.539990: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.539992: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.539993: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.539995: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.539996: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.539998: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:39.539999: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:39.540001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540004: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540005: | emitting length of IKEv2 Proposal Substructure Payload: 40
Oct 31 15:24:39.540006: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.540008: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.540010: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.540011: |    prop #: 3 (03)
Oct 31 15:24:39.540013: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.540014: |    spi size: 4 (04)
Oct 31 15:24:39.540016: |    # transforms: 5 (05)
Oct 31 15:24:39.540018: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.540020: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.540022: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:39.540024: | our spi: 6a 7b b5 89
Oct 31 15:24:39.540025: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540027: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540028: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.540030: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:39.540034: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540038: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.540041: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.540044: |    length/value: 256 (01 00)
Oct 31 15:24:39.540047: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.540050: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540052: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540055: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.540057: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:39.540059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540062: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540065: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540068: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540071: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540073: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.540076: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:39.540078: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540081: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540084: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540086: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540087: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540089: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.540090: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.540092: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540093: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540095: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540096: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540098: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.540099: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:39.540101: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:39.540102: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540104: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540105: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540107: | emitting length of IKEv2 Proposal Substructure Payload: 56
Oct 31 15:24:39.540110: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.540112: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.540118: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:39.540121: |    prop #: 4 (04)
Oct 31 15:24:39.540124: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:24:39.540127: |    spi size: 4 (04)
Oct 31 15:24:39.540130: |    # transforms: 5 (05)
Oct 31 15:24:39.540133: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.540136: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.540139: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:24:39.540142: | our spi: 6a 7b b5 89
Oct 31 15:24:39.540145: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540148: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540151: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.540153: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:39.540156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540159: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.540162: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.540165: |    length/value: 128 (00 80)
Oct 31 15:24:39.540167: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.540169: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540171: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540172: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.540173: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:39.540175: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540177: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540178: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540180: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540181: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540183: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.540184: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:39.540186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540187: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540189: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540190: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540191: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540193: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.540194: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.540196: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540247: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540251: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.540256: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.540259: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:24:39.540262: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:24:39.540265: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.540268: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.540271: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.540273: | emitting length of IKEv2 Proposal Substructure Payload: 56
Oct 31 15:24:39.540279: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.540282: | emitting length of IKEv2 Security Association Payload: 196
Oct 31 15:24:39.540285: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:24:39.540289: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange
Oct 31 15:24:39.540292: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR
Oct 31 15:24:39.540297: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:39.540301: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 with status STF_INTERNAL_ERROR
Oct 31 15:24:39.540409: "northnet-eastnets/0x2" #4: state transition function for STATE_V2_REKEY_CHILD_I0 had internal error
Oct 31 15:24:39.540422: | release_pending_whacks: state #4 has no whack fd
Oct 31 15:24:39.540426: | delref mdp@NULL (in initiate_next() at ikev2_msgid.c:705)
Oct 31 15:24:39.540432: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707)
Oct 31 15:24:39.540437: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707)
Oct 31 15:24:39.540441: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:832)
Oct 31 15:24:39.540447: | spent 0.559 (0.655) milliseconds in callback v2_msgid_schedule_next_initiator
Oct 31 15:24:39.540453: | timer_event_cb: processing event@0x556b663dfeb8
Oct 31 15:24:39.540456: | handling event EVENT_v2_INITIATE_CHILD for child state #5
Oct 31 15:24:39.540458: | libevent_free: delref ptr-libevent@0x7f6fd4006108
Oct 31 15:24:39.540461: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x556b663dfeb8
Oct 31 15:24:39.540466: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188)
Oct 31 15:24:39.540473: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:39.540476: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:39.540480: | newref clone logger@0x556b66401c48(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:39.540482: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue
Oct 31 15:24:39.540484: | state #5 has no .st_event to delete
Oct 31 15:24:39.540486: | #5 STATE_V2_REKEY_CHILD_I0: retransmits: cleared
Oct 31 15:24:39.540488: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b664249b8
Oct 31 15:24:39.540490: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5
Oct 31 15:24:39.540492: | libevent_malloc: newref ptr-libevent@0x7f6fd4006108 size 128
Oct 31 15:24:39.540503: | #5 spent 0.0468 (0.0468) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD
Oct 31 15:24:39.540507: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 3 starting job
Oct 31 15:24:39.540557: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447)
Oct 31 15:24:39.540566: | timer_event_cb: processing event@0x556b6640ad48
Oct 31 15:24:39.540571: | handling event EVENT_SA_EXPIRE for child state #2
Oct 31 15:24:39.540574: | libevent_free: delref ptr-libevent@0x7f6fdc006108
Oct 31 15:24:39.540577: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x556b6640ad48
Oct 31 15:24:39.540581: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188)
Oct 31 15:24:39.540584: | picked newest_ipsec_sa #2 for #2
Oct 31 15:24:39.540587: | un-established partial CHILD SA timeout (SA expired)
Oct 31 15:24:39.540589: | pstats #2 ikev2.child re-failed exchange-timeout
Oct 31 15:24:39.540592: | should_send_delete: no, just because
Oct 31 15:24:39.540594: | pstats #2 ikev2.child deleted completed
Oct 31 15:24:39.540599: | #2 main thread spent 7.59 (122) milliseconds helper thread spent 0.613 (0.613) milliseconds in total
Oct 31 15:24:39.540604: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.540606: | should_send_delete: no, just because
Oct 31 15:24:39.540610: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.877457s and NOT sending notification
Oct 31 15:24:39.540613: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete
Oct 31 15:24:39.540618: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:39.540632: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:39.540641: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B
Oct 31 15:24:39.540645: | unsuspending #2 MD (nil)
Oct 31 15:24:39.540652: | should_send_delete: no, just because
Oct 31 15:24:39.540655: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational)
Oct 31 15:24:39.540658: | state #2 has no .st_event to delete
Oct 31 15:24:39.540660: | #2 STATE_CHILDSA_DEL: retransmits: cleared
Oct 31 15:24:39.540765: | running updown command "ipsec _updown" for verb down 
Oct 31 15:24:39.540771: | command executing down-client
Oct 31 15:24:39.540777: | get_sa_info esp.c3177887@192.1.2.23
Oct 31 15:24:39.540788: | get_sa_info esp.b0822f84@192.1.3.33
Oct 31 15:24:39.540900: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:39.540914: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org'
Oct 31 15:24:39.540937: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STA...
Oct 31 15:24:39.540940: | popen cmd is 1511 chars long
Oct 31 15:24:39.540943: | cmd(   0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets:
Oct 31 15:24:39.540946: | cmd(  80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL:
Oct 31 15:24:39.540948: | cmd( 160):UTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, :
Oct 31 15:24:39.540950: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=us:
Oct 31 15:24:39.540955: | cmd( 320):er-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_N:
Oct 31 15:24:39.540958: | cmd( 400):ET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_P:
Oct 31 15:24:39.540961: | cmd( 480):ROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' P:
Oct 31 15:24:39.540963: | cmd( 560):LUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e:
Oct 31 15:24:39.540965: | cmd( 640):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT=:
Oct 31 15:24:39.540967: | cmd( 720):'192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255:
Oct 31 15:24:39.540969: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Onta:
Oct 31 15:24:39.540971: | cmd( 880):rio, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca:
Oct 31 15:24:39.540974: | cmd( 960):, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_C:
Oct 31 15:24:39.540976: | cmd(1040):ONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO:
Oct 31 15:24:39.540979: | cmd(1120):+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_:
Oct 31 15:24:39.540981: | cmd(1200):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=':
Oct 31 15:24:39.540983: | cmd(1280):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG:
Oct 31 15:24:39.540985: | cmd(1360):URED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES='168' VTI_IFACE='' VTI_ROUTING='no' :
Oct 31 15:24:39.540987: | cmd(1440):VTI_SHARED='no' SPI_IN=0xc3177887 SPI_OUT=0xb0822f84 ipsec _updown 2>&1:
Oct 31 15:24:39.542209: | "northnet-eastnets/0x1" #5: spent 1.51 (1.7) milliseconds in helper 3 processing job 8 for state #5: Child Rekey Initiator KE and nonce ni (pcr)
Oct 31 15:24:39.542224: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 3 sending result back to state
Oct 31 15:24:39.542229: | scheduling resume sending helper answer back to state for #5
Oct 31 15:24:39.542233: | libevent_malloc: newref ptr-libevent@0x7f6fe8007658 size 128
Oct 31 15:24:39.542240: | helper thread 3 has nothing to do
Oct 31 15:24:39.553349: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0
Oct 31 15:24:39.553366: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0
Oct 31 15:24:39.553370: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce)
Oct 31 15:24:39.553374: | IPsec SA SPD priority set to 2084814
Oct 31 15:24:39.553411: | delete esp.c3177887@192.1.2.23
Oct 31 15:24:39.553417: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:24:39.553451: | netlink response for Del SA esp.c3177887@192.1.2.23 included non-error error
Oct 31 15:24:39.553456: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce)
Oct 31 15:24:39.553465: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50
Oct 31 15:24:39.553500: | raw_eroute result=success
Oct 31 15:24:39.553507: | delete esp.b0822f84@192.1.3.33
Oct 31 15:24:39.553509: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:24:39.553518: | netlink response for Del SA esp.b0822f84@192.1.3.33 included non-error error
Oct 31 15:24:39.553525: | in connection_discard for connection northnet-eastnets/0x1
Oct 31 15:24:39.553528: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL
Oct 31 15:24:39.553532: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore)
Oct 31 15:24:39.553534: | releasing #2's fd-fd@(nil) because deleting state
Oct 31 15:24:39.553536: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.553537: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.553539: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:24:39.553547: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.553552: | delref logger@0x556b663eba08(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:39.553554: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.553555: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.553559: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa)
Oct 31 15:24:39.553560: | can't expire unused IKE SA #1; it has the child #5
Oct 31 15:24:39.553562: | in statetime_stop() and could not find #2
Oct 31 15:24:39.553564: | processing: STOP state #0 (in timer_event_cb() at timer.c:447)
Oct 31 15:24:39.553582: | spent 0.00167 (0.00167) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:24:39.553589: | newref struct msg_digest@0x556b6641a3c8(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:39.553592: | newref alloc logger@0x556b663dfeb8(0->1) (in read_message() at demux.c:103)
Oct 31 15:24:39.553596: | *received 65 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:24:39.553598: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.553599: |   2e 20 25 00  00 00 00 02  00 00 00 41  2a 00 00 25
Oct 31 15:24:39.553600: |   1a 4d e5 db  64 57 19 28  67 7a fe 16  b7 22 23 4b
Oct 31 15:24:39.553602: |   f6 54 17 7e  44 20 11 a5  c1 49 ec b8  00 61 c5 ce
Oct 31 15:24:39.553603: |   64
Oct 31 15:24:39.553607: | **parse ISAKMP Message:
Oct 31 15:24:39.553610: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:39.553612: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.553614: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:24:39.553616: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.553618: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:39.553619: |    flags: none (0x0)
Oct 31 15:24:39.553622: |    Message ID: 2 (00 00 00 02)
Oct 31 15:24:39.553624: |    length: 65 (00 00 00 41)
Oct 31 15:24:39.553626: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Oct 31 15:24:39.553628: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request 
Oct 31 15:24:39.553631: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa)
Oct 31 15:24:39.553636: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:24:39.553638: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002
Oct 31 15:24:39.553640: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Oct 31 15:24:39.553642: | #1 is idle
Oct 31 15:24:39.553647: | Message ID: IKE #1 not a duplicate - message request 2 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:24:39.553652: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:24:39.553654: | unpacking clear payload
Oct 31 15:24:39.553657: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:24:39.553660: | ***parse IKEv2 Encryption Payload:
Oct 31 15:24:39.553663: |    next payload type: ISAKMP_NEXT_v2D (0x2a)
Oct 31 15:24:39.553666: |    flags: none (0x0)
Oct 31 15:24:39.553669: |    length: 37 (00 25)
Oct 31 15:24:39.553671: | processing payload: ISAKMP_NEXT_v2SK (len=33)
Oct 31 15:24:39.553674: | #1 in state ESTABLISHED_IKE_SA: established IKE SA
Oct 31 15:24:39.553695: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Oct 31 15:24:39.553698: | Now let's proceed with payload (ISAKMP_NEXT_v2D)
Oct 31 15:24:39.553701: | **parse IKEv2 Delete Payload:
Oct 31 15:24:39.553703: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.553705: |    flags: none (0x0)
Oct 31 15:24:39.553708: |    length: 8 (00 08)
Oct 31 15:24:39.553711: |    protocol ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:39.553715: |    SPI size: 0 (00)
Oct 31 15:24:39.553718: |    number of SPIs: 0 (00 00)
Oct 31 15:24:39.553721: | processing payload: ISAKMP_NEXT_v2D (len=0)
Oct 31 15:24:39.553723: | selected state microcode Informational Request
Oct 31 15:24:39.553730: | Message ID: IKE #1 responder starting message request 2: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 ike.wip.initiator=-1 ike.wip.responder=-1->2
Oct 31 15:24:39.553732: | calling processor Informational Request
Oct 31 15:24:39.553736: | an informational request should send a response 
Oct 31 15:24:39.553741: | opening output PBS information exchange reply packet
Oct 31 15:24:39.553743: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Oct 31 15:24:39.553746: | **emit ISAKMP Message:
Oct 31 15:24:39.553750: |    initiator SPI: 34 d5 c0 79  f1 ec a3 66
Oct 31 15:24:39.553753: |    responder SPI: e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.553755: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:39.553758: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.553760: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:24:39.553763: |    flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28)
Oct 31 15:24:39.553766: |    Message ID: 2 (00 00 00 02)
Oct 31 15:24:39.553769: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:39.553772: | ***emit IKEv2 Encryption Payload:
Oct 31 15:24:39.553774: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.553776: |    flags: none (0x0)
Oct 31 15:24:39.553779: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:24:39.553781: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:24:39.553785: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:24:39.553795: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:24:39.553799: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:24:39.553801: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:24:39.553803: | emitting length of IKEv2 Encryption Payload: 29
Oct 31 15:24:39.553806: | emitting length of ISAKMP Message: 57
Oct 31 15:24:39.553820: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:24:39.553824: |   34 d5 c0 79  f1 ec a3 66  e1 72 c0 b4  b2 8f d6 b3
Oct 31 15:24:39.553826: |   2e 20 25 28  00 00 00 02  00 00 00 39  00 00 00 1d
Oct 31 15:24:39.553828: |   78 94 43 bc  91 9a 23 06  ba 2d e5 b0  76 0e 59 43
Oct 31 15:24:39.553830: |   c8 9d 64 8a  17 8a 4e 60  c6
Oct 31 15:24:39.553881: | sent 1 messages
Oct 31 15:24:39.553888: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.972264 ike.wip.initiator=-1 ike.wip.responder=2
Oct 31 15:24:39.553895: | Message ID: IKE #1 updating responder sent message response 2: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.444398 ike.responder.sent=1->2 ike.responder.recv=1 ike.responder.last_contact=744553.972264 ike.wip.initiator=-1 ike.wip.responder=2
Oct 31 15:24:39.553900: | pstats #5 ikev2.child deleted other
Oct 31 15:24:39.553905: | #5 main thread spent 0.0468 (0.0468) milliseconds helper thread spent 0 (0) milliseconds in total
Oct 31 15:24:39.553911: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.553918: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.553922: | should_send_delete: no, just because
Oct 31 15:24:39.553927: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_V2_REKEY_CHILD_I0) "northnet-eastnets/0x1" aged 0.014273s and NOT sending notification
Oct 31 15:24:39.553930: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => delete
Oct 31 15:24:39.553934: | unsuspending #5 MD (nil)
Oct 31 15:24:39.553936: | should_send_delete: no, just because
Oct 31 15:24:39.553939: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational)
Oct 31 15:24:39.553942: | state #5 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:39.553947: | libevent_free: delref ptr-libevent@0x7f6fd4006108
Oct 31 15:24:39.553951: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b664249b8
Oct 31 15:24:39.553953: | #5 STATE_CHILDSA_DEL: retransmits: cleared
Oct 31 15:24:39.553957: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce)
Oct 31 15:24:39.553964: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50
Oct 31 15:24:39.553980: | raw_eroute result=success
Oct 31 15:24:39.553983: | in connection_discard for connection northnet-eastnets/0x1
Oct 31 15:24:39.553985: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL
Oct 31 15:24:39.553987: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore)
Oct 31 15:24:39.553989: | releasing #5's fd-fd@(nil) because deleting state
Oct 31 15:24:39.553991: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.553992: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.553994: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:24:39.553998: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.554002: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.554006: | delref logger@0x556b663f86f8(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:39.554008: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.554010: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.554013: | pstats #4 ikev2.child deleted other
Oct 31 15:24:39.554017: | #4 main thread spent 0.0886 (0.0886) milliseconds helper thread spent 1.68 (2.28) milliseconds in total
Oct 31 15:24:39.554020: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.554024: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.554026: | should_send_delete: no, just because
Oct 31 15:24:39.554029: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_V2_REKEY_CHILD_I0) aged 0.027166s and NOT sending notification
Oct 31 15:24:39.554032: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => delete
Oct 31 15:24:39.554034: | unsuspending #4 MD (nil)
Oct 31 15:24:39.554036: | should_send_delete: no, just because
Oct 31 15:24:39.554038: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational)
Oct 31 15:24:39.554041: | state #4 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:39.554044: | libevent_free: delref ptr-libevent@0x556b66424ee8
Oct 31 15:24:39.554046: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b6640bce8
Oct 31 15:24:39.554049: | #4 STATE_CHILDSA_DEL: retransmits: cleared
Oct 31 15:24:39.554052: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce)
Oct 31 15:24:39.554058: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50
Oct 31 15:24:39.554068: | raw_eroute result=success
Oct 31 15:24:39.554071: | in connection_discard for connection northnet-eastnets/0x2
Oct 31 15:24:39.554073: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL
Oct 31 15:24:39.554078: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore)
Oct 31 15:24:39.554081: | releasing #4's fd-fd@(nil) because deleting state
Oct 31 15:24:39.554083: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.554085: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.554087: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:24:39.554102: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.554107: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.554112: | delref logger@0x556b6642b0f8(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:39.554115: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.554117: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.554120: | State DB: IKEv2 state not found (delete_ike_family)
Oct 31 15:24:39.554123: | pstats #1 ikev2.ike deleted completed
Oct 31 15:24:39.554127: | #1 main thread spent 13.7 (17.7) milliseconds helper thread spent 18.3 (22.3) milliseconds in total
Oct 31 15:24:39.554132: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.554135: | should_send_delete: no, just because
Oct 31 15:24:39.554138: "northnet-eastnets/0x2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 3.923791s and NOT sending notification
Oct 31 15:24:39.554141: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete
Oct 31 15:24:39.554905: | unsuspending #1 MD (nil)
Oct 31 15:24:39.554917: | should_send_delete: no, just because
Oct 31 15:24:39.554920: | state #1 deleting .st_event EVENT_SA_REKEY
Oct 31 15:24:39.554924: | libevent_free: delref ptr-libevent@0x556b6642e8b8
Oct 31 15:24:39.554927: | free_event_entry: delref EVENT_SA_REKEY-pe@0x556b664038b8
Oct 31 15:24:39.554930: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared
Oct 31 15:24:39.554934: | State DB: IKEv2 state not found (flush_incomplete_children)
Oct 31 15:24:39.554936: | picked newest_isakmp_sa #0 for #1
Oct 31 15:24:39.554942: "northnet-eastnets/0x2" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS
Oct 31 15:24:39.554946: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds
Oct 31 15:24:39.554949: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds
Oct 31 15:24:39.554954: | in connection_discard for connection northnet-eastnets/0x2
Oct 31 15:24:39.554956: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA
Oct 31 15:24:39.554960: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore)
Oct 31 15:24:39.554963: | releasing #1's fd-fd@(nil) because deleting state
Oct 31 15:24:39.554966: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.554970: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.554973: | delref pkp@0x7f6fd80042a8(2->1) (in delete_state() at state.c:1202)
Oct 31 15:24:39.554992: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.554997: | delref pkp@0x7f6fd80042a8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.555002: | delref pkp@0x7f6fd80011d8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.555006: | delref pkp@0x7f6fd8000e38(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.555010: | delref pkp@0x7f6fd8003f58(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.555013: | delref pkp@0x7f6fd8003bb8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.555031: | delref logger@0x556b663ebd88(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:39.555035: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.555037: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.555041: | in statetime_stop() and could not find #1
Oct 31 15:24:39.555047: | XXX: processor 'Informational Request' for #1 deleted state MD.ST
Oct 31 15:24:39.555050: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:24:39.555053: | in statetime_stop() and could not find #1
Oct 31 15:24:39.555055: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:24:39.555058: | delref mdp@0x556b6641a3c8(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:39.555062: | delref logger@0x556b663dfeb8(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:24:39.555064: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.555067: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.555074: | spent 0.758 (1.5) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:24:39.555083: | processing resume sending helper answer back to state for #5
Oct 31 15:24:39.555088: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 3
Oct 31 15:24:39.555091: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): was cancelled; ignoring respose
Oct 31 15:24:39.555101: | delref logger@0x556b66401c48(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:39.555104: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.555106: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.555111: | (#5) spent 0.0225 (0.0226) milliseconds in resume sending helper answer back to state
Oct 31 15:24:39.555114: | libevent_free: delref ptr-libevent@0x7f6fe8007658
Oct 31 15:24:39.555117: | processing signal PLUTO_SIGCHLD
Oct 31 15:24:39.555122: | waitpid returned ECHILD (no child processes left)
Oct 31 15:24:39.555126: | spent 0.00479 (0.00477) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:24:39.555133: | processing global timer EVENT_REVIVE_CONNS
Oct 31 15:24:39.555136: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:24:39.555139: "northnet-eastnets/0x2": initiating connection which received a Delete/Notify but must remain up per local policy
Oct 31 15:24:39.555144: | connection 'northnet-eastnets/0x2' +POLICY_UP
Oct 31 15:24:39.555146: | FOR_EACH_STATE_... in find_phase1_state
Oct 31 15:24:39.555157: | newref alloc logger@0x556b664249b8(0->1) (in new_state() at state.c:576)
Oct 31 15:24:39.555160: | addref fd@NULL (in new_state() at state.c:577)
Oct 31 15:24:39.555163: | creating state object #6 at 0x556b6642bc98
Oct 31 15:24:39.555165: | State DB: adding IKEv2 state #6 in UNDEFINED
Oct 31 15:24:39.555172: | pstats #6 ikev2.ike started
Oct 31 15:24:39.555176: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore)
Oct 31 15:24:39.555180: | #6.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620)
Oct 31 15:24:39.555189: | Message ID: IKE #6 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744553.987979 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744553.987979 ike.wip.initiator=0->-1 ike.wip.responder=0->-1
Oct 31 15:24:39.555278: | orienting northnet-eastnets/0x2
Oct 31 15:24:39.555286: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all
Oct 31 15:24:39.555291: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all
Oct 31 15:24:39.555296: | northnet-eastnets/0x2 doesn't match 192.0.3.254:4500 at all
Oct 31 15:24:39.555300: | northnet-eastnets/0x2 doesn't match 192.0.3.254:500 at all
Oct 31 15:24:39.555304: | northnet-eastnets/0x2 doesn't match 192.1.3.33:4500 at all
Oct 31 15:24:39.555306: | oriented northnet-eastnets/0x2's this
Oct 31 15:24:39.555315: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544)
Oct 31 15:24:39.555321: | addref fd@NULL (in add_pending() at pending.c:86)
Oct 31 15:24:39.555325: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #6 "northnet-eastnets/0x2"
Oct 31 15:24:39.555329: "northnet-eastnets/0x2" #6: initiating IKEv2 connection
Oct 31 15:24:39.555351: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:39.555359: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:39.555362: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:39.555366: | newref clone logger@0x556b6642dc08(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:39.555369: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): adding job to queue
Oct 31 15:24:39.555371: | state #6 has no .st_event to delete
Oct 31 15:24:39.555374: | #6 STATE_PARENT_I0: retransmits: cleared
Oct 31 15:24:39.555378: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x556b6640ad48
Oct 31 15:24:39.555381: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6
Oct 31 15:24:39.555384: | libevent_malloc: newref ptr-libevent@0x7f6fdc006108 size 128
Oct 31 15:24:39.555397: | #6 spent 0.177 (0.252) milliseconds in ikev2_parent_outI1()
Oct 31 15:24:39.555403: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640)
Oct 31 15:24:39.555409: | spent 0.196 (0.271) milliseconds in global timer EVENT_REVIVE_CONNS
Oct 31 15:24:39.555422: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): helper 1 starting job
Oct 31 15:24:39.556747: | "northnet-eastnets/0x2" #6: spent 1.32 (1.32) milliseconds in helper 1 processing job 9 for state #6: ikev2_outI1 KE (pcr)
Oct 31 15:24:39.556757: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state
Oct 31 15:24:39.556760: | scheduling resume sending helper answer back to state for #6
Oct 31 15:24:39.556763: | libevent_malloc: newref ptr-libevent@0x7f6fe000cc18 size 128
Oct 31 15:24:39.556773: | helper thread 1 has nothing to do
Oct 31 15:24:39.556786: | processing resume sending helper answer back to state for #6
Oct 31 15:24:39.556798: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:24:39.556803: | unsuspending #6 MD (nil)
Oct 31 15:24:39.556806: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): processing response from helper 1
Oct 31 15:24:39.556809: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x556b65737fe7
Oct 31 15:24:39.556812: | ikev2_parent_outI1_continue() for #6 STATE_PARENT_I0
Oct 31 15:24:39.556816: | DH secret MODP2048@0x7f6fe000e908: transferring ownership from helper KE to state #6
Oct 31 15:24:39.556821: | opening output PBS reply packet
Oct 31 15:24:39.556824: | **emit ISAKMP Message:
Oct 31 15:24:39.556828: |    initiator SPI: 8a 4f c9 90  ed a8 f0 2c
Oct 31 15:24:39.556832: |    responder SPI: 00 00 00 00  00 00 00 00
Oct 31 15:24:39.556835: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:24:39.556838: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:24:39.556840: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Oct 31 15:24:39.556843: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:24:39.556847: |    Message ID: 0 (00 00 00 00)
Oct 31 15:24:39.556850: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:24:39.556868: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:24:39.556874: | Emitting ikev2_proposals ...
Oct 31 15:24:39.556877: | ***emit IKEv2 Security Association Payload:
Oct 31 15:24:39.556879: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.556881: |    flags: none (0x0)
Oct 31 15:24:39.556885: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:24:39.556887: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.556891: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:39.556895: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.556897: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.556900: |    prop #: 1 (01)
Oct 31 15:24:39.556903: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:39.556906: |    spi size: 0 (00)
Oct 31 15:24:39.556908: |    # transforms: 11 (0b)
Oct 31 15:24:39.556911: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.556920: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.556922: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.556924: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.556927: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:39.556929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.556932: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.556935: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.556938: |    length/value: 256 (01 00)
Oct 31 15:24:39.556941: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.556943: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.556946: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.556948: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.556950: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:39.556953: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.556955: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.556958: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.556960: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.556963: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.556965: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.556967: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:39.556970: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.556972: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.556975: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.556978: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:39.556980: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.556982: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.556985: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.556987: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.556991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.556993: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.556996: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.556998: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557001: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557003: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557005: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:39.557008: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557012: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557015: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557017: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557019: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557022: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:39.557024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557027: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557029: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557031: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557034: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557036: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557038: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:39.557041: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557046: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557048: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557050: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557053: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557055: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:39.557058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557060: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557062: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557065: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557067: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557069: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557072: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:39.557074: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557076: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557080: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557082: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557085: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557087: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557089: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:39.557092: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557097: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557099: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557102: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.557104: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557106: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:39.557108: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557111: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557113: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557116: | emitting length of IKEv2 Proposal Substructure Payload: 100
Oct 31 15:24:39.557118: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.557121: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:24:39.557125: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.557127: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.557130: |    prop #: 2 (02)
Oct 31 15:24:39.557132: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:39.557135: |    spi size: 0 (00)
Oct 31 15:24:39.557138: |    # transforms: 11 (0b)
Oct 31 15:24:39.557141: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.557143: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.557146: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557148: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557150: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.557153: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:24:39.557155: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557157: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.557160: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.557163: |    length/value: 128 (00 80)
Oct 31 15:24:39.557165: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.557168: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557170: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557172: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.557174: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:39.557177: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557179: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557184: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557186: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557188: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557190: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.557193: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:39.557195: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557197: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557216: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557219: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:24:39.557221: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557224: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557226: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557228: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.557230: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557232: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557235: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557237: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557238: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557239: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557241: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:39.557242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557245: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557247: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557248: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557250: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557251: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:39.557253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557254: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557256: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557257: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557259: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557260: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557262: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:39.557263: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557265: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557266: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557268: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557269: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557273: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557274: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:39.557276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557278: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557279: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557281: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557282: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557283: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557285: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:39.557286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557288: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557289: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557291: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557292: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557294: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557295: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:39.557297: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557298: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557300: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557301: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557303: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.557304: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557306: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:39.557307: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557309: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557310: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557312: | emitting length of IKEv2 Proposal Substructure Payload: 100
Oct 31 15:24:39.557313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.557316: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.557317: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.557319: |    prop #: 3 (03)
Oct 31 15:24:39.557321: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:39.557323: |    spi size: 0 (00)
Oct 31 15:24:39.557324: |    # transforms: 13 (0d)
Oct 31 15:24:39.557326: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.557328: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.557329: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557331: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557332: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.557334: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:39.557336: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557338: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.557340: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.557342: |    length/value: 256 (01 00)
Oct 31 15:24:39.557343: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.557345: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557346: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557348: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.557349: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:39.557351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557352: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557354: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557355: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557357: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557358: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.557359: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:39.557361: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557364: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557365: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557367: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557368: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.557370: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:39.557371: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557373: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557374: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557376: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557377: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557379: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.557380: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:39.557382: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557385: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557386: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557387: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557389: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557390: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.557392: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557396: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557397: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557402: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557408: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557411: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:39.557414: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557416: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557419: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557422: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557425: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557427: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557430: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:39.557433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557439: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557442: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557444: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557447: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557450: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:39.557452: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557456: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557458: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557459: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557461: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557462: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:39.557464: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557465: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557467: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557468: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557470: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557471: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557473: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:39.557474: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557477: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557479: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557480: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557482: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557485: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:39.557486: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557488: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557489: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557491: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557492: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.557494: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557495: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:39.557497: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557500: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557501: | emitting length of IKEv2 Proposal Substructure Payload: 116
Oct 31 15:24:39.557503: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.557505: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:24:39.557507: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:24:39.557509: |    prop #: 4 (04)
Oct 31 15:24:39.557510: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:24:39.557512: |    spi size: 0 (00)
Oct 31 15:24:39.557514: |    # transforms: 13 (0d)
Oct 31 15:24:39.557516: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:24:39.557517: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:24:39.557519: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557520: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557522: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:24:39.557523: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:24:39.557525: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557526: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:24:39.557528: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:24:39.557530: |    length/value: 128 (00 80)
Oct 31 15:24:39.557531: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:24:39.557533: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557534: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557536: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.557537: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:24:39.557539: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557542: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557543: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557545: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557546: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:24:39.557548: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:24:39.557549: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557552: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557553: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557555: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557556: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557558: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.557559: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:24:39.557561: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557564: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557565: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557567: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557568: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:24:39.557570: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:24:39.557571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557574: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557576: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557577: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557579: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557580: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.557582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557585: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557586: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557587: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557589: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557590: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:24:39.557592: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557593: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557595: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557596: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557598: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557599: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557601: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:24:39.557602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557604: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557605: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557608: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557609: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557610: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557612: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:24:39.557613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557616: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557618: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557619: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557621: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557622: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:24:39.557624: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557625: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557627: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557628: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557630: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557631: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557633: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:24:39.557634: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557637: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557639: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557640: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557641: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557643: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:24:39.557644: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557646: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557647: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557649: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:24:39.557650: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:24:39.557652: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:24:39.557653: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:24:39.557655: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:24:39.557656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:24:39.557658: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:24:39.557659: | emitting length of IKEv2 Proposal Substructure Payload: 116
Oct 31 15:24:39.557661: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:24:39.557662: | emitting length of IKEv2 Security Association Payload: 436
Oct 31 15:24:39.557664: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:24:39.557666: | ***emit IKEv2 Key Exchange Payload:
Oct 31 15:24:39.557667: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.557669: |    flags: none (0x0)
Oct 31 15:24:39.557671: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:24:39.557673: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Oct 31 15:24:39.557675: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.557677: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Oct 31 15:24:39.557678: | ikev2 g^x:
Oct 31 15:24:39.557680: |   7b 01 1f a9  ca 2b 1a 84  dc 32 71 ed  41 c0 85 60
Oct 31 15:24:39.557682: |   1b 46 70 11  ec 2b 0e ce  ee f6 47 29  2b 66 81 b0
Oct 31 15:24:39.557683: |   62 f5 e0 98  7b ab 9f 62  cb cc e6 68  95 fb 45 c6
Oct 31 15:24:39.557684: |   50 ed c4 78  50 92 4d bf  04 62 94 18  2e 22 83 76
Oct 31 15:24:39.557686: |   10 f8 15 b8  59 d7 6e 0a  5a 82 d6 c1  f9 a5 9b 4b
Oct 31 15:24:39.557687: |   a6 0a 9e fb  3c 4d 79 9c  18 83 c7 d8  d8 78 50 a1
Oct 31 15:24:39.557688: |   6b 05 1a ec  f4 ef 15 de  88 66 24 15  0c 86 27 0c
Oct 31 15:24:39.557690: |   dc 80 71 bf  9e 54 4c 9a  cf 5f c9 1a  93 5d 8a 3a
Oct 31 15:24:39.557691: |   5d a3 e2 3c  95 ea 95 ef  db a8 27 d5  4f 33 eb 27
Oct 31 15:24:39.557692: |   8b 30 27 30  c0 c8 dc 54  15 22 16 15  10 46 8c ad
Oct 31 15:24:39.557694: |   99 34 a0 bf  76 11 2f a9  05 62 a8 56  f9 d8 2f fc
Oct 31 15:24:39.557695: |   0e 6b b2 b4  4d e4 a4 61  68 44 e9 51  d2 86 f7 fe
Oct 31 15:24:39.557697: |   66 c9 10 62  8b 71 17 f3  d7 18 09 84  02 49 61 55
Oct 31 15:24:39.557698: |   2c 79 5e a9  bf 9f 44 c1  95 e4 8f da  3c 5e ae af
Oct 31 15:24:39.557699: |   e9 00 4a 2c  f2 4f 58 f9  4e 4d 55 a2  6e 26 fd 62
Oct 31 15:24:39.557701: |   75 63 ab 49  6d 1e 04 03  1a 4f 25 28  c4 af 8a a9
Oct 31 15:24:39.557702: | emitting length of IKEv2 Key Exchange Payload: 264
Oct 31 15:24:39.557704: | ***emit IKEv2 Nonce Payload:
Oct 31 15:24:39.557705: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.557707: |    flags: none (0x0)
Oct 31 15:24:39.557708: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Oct 31 15:24:39.557710: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.557712: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Oct 31 15:24:39.557713: | IKEv2 nonce:
Oct 31 15:24:39.557715: |   7e be 78 2a  a1 d5 6a 95  b8 9b 91 41  51 b7 9c 95
Oct 31 15:24:39.557716: |   04 87 5d 61  0b 46 19 7a  6a 73 24 05  f5 f3 a7 0b
Oct 31 15:24:39.557718: | emitting length of IKEv2 Nonce Payload: 36
Oct 31 15:24:39.557719: | adding a v2N Payload
Oct 31 15:24:39.557721: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:39.557722: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.557724: |    flags: none (0x0)
Oct 31 15:24:39.557725: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:39.557727: |    SPI size: 0 (00)
Oct 31 15:24:39.557729: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Oct 31 15:24:39.557731: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:39.557732: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.557734: | emitting length of IKEv2 Notify Payload: 8
Oct 31 15:24:39.557735: | adding a v2N Payload
Oct 31 15:24:39.557737: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:39.557739: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.557741: |    flags: none (0x0)
Oct 31 15:24:39.557743: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:39.557747: |    SPI size: 0 (00)
Oct 31 15:24:39.557749: |    Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
Oct 31 15:24:39.557751: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:39.557752: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.557754: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload
Oct 31 15:24:39.557756: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02
Oct 31 15:24:39.557757: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload
Oct 31 15:24:39.557759: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03
Oct 31 15:24:39.557761: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload
Oct 31 15:24:39.557762: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04
Oct 31 15:24:39.557764: | emitting length of IKEv2 Notify Payload: 14
Oct 31 15:24:39.557766: |  NAT-Traversal support  [enabled] add v2N payloads.
Oct 31 15:24:39.557767: | nat: IKE.SPIr is zero
Oct 31 15:24:39.557778: | natd_hash: hasher=0x556b65829f80(20)
Oct 31 15:24:39.557780: | natd_hash: icookie=
Oct 31 15:24:39.557781: |   8a 4f c9 90  ed a8 f0 2c
Oct 31 15:24:39.557782: | natd_hash: rcookie=
Oct 31 15:24:39.557784: |   00 00 00 00  00 00 00 00
Oct 31 15:24:39.557785: | natd_hash: ip=
Oct 31 15:24:39.557786: |   c0 01 03 21
Oct 31 15:24:39.557788: | natd_hash: port=
Oct 31 15:24:39.557789: |   01 f4
Oct 31 15:24:39.557790: | natd_hash: hash=
Oct 31 15:24:39.557792: |   63 f3 85 ec  48 49 df 1b  f7 26 b8 67  1b 93 9d a5
Oct 31 15:24:39.557793: |   9f b8 ad 30
Oct 31 15:24:39.557795: | adding a v2N Payload
Oct 31 15:24:39.557796: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:39.557801: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.557805: |    flags: none (0x0)
Oct 31 15:24:39.557807: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:39.557810: |    SPI size: 0 (00)
Oct 31 15:24:39.557813: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Oct 31 15:24:39.557816: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:39.557819: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.557822: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:24:39.557824: | Notify data:
Oct 31 15:24:39.557826: |   63 f3 85 ec  48 49 df 1b  f7 26 b8 67  1b 93 9d a5
Oct 31 15:24:39.557829: |   9f b8 ad 30
Oct 31 15:24:39.557831: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:24:39.557834: | nat: IKE.SPIr is zero
Oct 31 15:24:39.557843: | natd_hash: hasher=0x556b65829f80(20)
Oct 31 15:24:39.557846: | natd_hash: icookie=
Oct 31 15:24:39.557848: |   8a 4f c9 90  ed a8 f0 2c
Oct 31 15:24:39.557850: | natd_hash: rcookie=
Oct 31 15:24:39.557851: |   00 00 00 00  00 00 00 00
Oct 31 15:24:39.557852: | natd_hash: ip=
Oct 31 15:24:39.557854: |   c0 01 02 17
Oct 31 15:24:39.557855: | natd_hash: port=
Oct 31 15:24:39.557856: |   01 f4
Oct 31 15:24:39.557858: | natd_hash: hash=
Oct 31 15:24:39.557859: |   aa ce 21 d5  6b 49 63 e4  72 11 83 1b  3e 1c c0 37
Oct 31 15:24:39.557860: |   31 0a a4 53
Oct 31 15:24:39.557862: | adding a v2N Payload
Oct 31 15:24:39.557863: | ***emit IKEv2 Notify Payload:
Oct 31 15:24:39.557865: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:24:39.557866: |    flags: none (0x0)
Oct 31 15:24:39.557868: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:24:39.557870: |    SPI size: 0 (00)
Oct 31 15:24:39.557871: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Oct 31 15:24:39.557873: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:24:39.557878: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:24:39.557880: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:24:39.557881: | Notify data:
Oct 31 15:24:39.557883: |   aa ce 21 d5  6b 49 63 e4  72 11 83 1b  3e 1c c0 37
Oct 31 15:24:39.557888: |   31 0a a4 53
Oct 31 15:24:39.557891: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:24:39.557894: | emitting length of ISAKMP Message: 842
Oct 31 15:24:39.557902: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:24:39.557907: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK
Oct 31 15:24:39.557910: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1
Oct 31 15:24:39.557912: | Message ID: updating counters for #6
Oct 31 15:24:39.557916: | Message ID: IKE #6 skipping update_recv as MD is fake
Oct 31 15:24:39.557923: | Message ID: IKE #6 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744553.987979 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744553.987979 ike.wip.initiator=0 ike.wip.responder=-1
Oct 31 15:24:39.557928: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
Oct 31 15:24:39.557932: | event_schedule: newref EVENT_RETRANSMIT-pe@0x556b66401c48
Oct 31 15:24:39.557934: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6
Oct 31 15:24:39.557936: | libevent_malloc: newref ptr-libevent@0x556b6642dc78 size 128
Oct 31 15:24:39.557939: | #6 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744553.990727
Oct 31 15:24:39.557943: | Message ID: IKE #6 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744553.987979 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744553.987979 ike.wip.initiator=-1->0 ike.wip.responder=-1
Oct 31 15:24:39.557947: | Message ID: IKE #6 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744553.987979 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744553.987979 ike.wip.initiator=0 ike.wip.responder=-1
Oct 31 15:24:39.557950: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA)
Oct 31 15:24:39.557952: | announcing the state transition
Oct 31 15:24:39.557954: "northnet-eastnets/0x2" #6: sent IKE_SA_INIT request
Oct 31 15:24:39.557959: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #6)
Oct 31 15:24:39.557961: |   8a 4f c9 90  ed a8 f0 2c  00 00 00 00  00 00 00 00
Oct 31 15:24:39.557962: |   21 20 22 08  00 00 00 00  00 00 03 4a  22 00 01 b4
Oct 31 15:24:39.557963: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Oct 31 15:24:39.557965: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Oct 31 15:24:39.557966: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Oct 31 15:24:39.557967: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Oct 31 15:24:39.557969: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Oct 31 15:24:39.557970: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Oct 31 15:24:39.557972: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Oct 31 15:24:39.557973: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Oct 31 15:24:39.557974: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Oct 31 15:24:39.557976: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Oct 31 15:24:39.557977: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Oct 31 15:24:39.557978: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Oct 31 15:24:39.557980: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Oct 31 15:24:39.557981: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Oct 31 15:24:39.557984: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Oct 31 15:24:39.557985: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Oct 31 15:24:39.557987: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Oct 31 15:24:39.557988: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Oct 31 15:24:39.557989: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Oct 31 15:24:39.557991: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Oct 31 15:24:39.557992: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Oct 31 15:24:39.557994: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Oct 31 15:24:39.557995: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Oct 31 15:24:39.557996: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Oct 31 15:24:39.557998: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Oct 31 15:24:39.557999: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Oct 31 15:24:39.558000: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Oct 31 15:24:39.558002: |   28 00 01 08  00 0e 00 00  7b 01 1f a9  ca 2b 1a 84
Oct 31 15:24:39.558003: |   dc 32 71 ed  41 c0 85 60  1b 46 70 11  ec 2b 0e ce
Oct 31 15:24:39.558004: |   ee f6 47 29  2b 66 81 b0  62 f5 e0 98  7b ab 9f 62
Oct 31 15:24:39.558006: |   cb cc e6 68  95 fb 45 c6  50 ed c4 78  50 92 4d bf
Oct 31 15:24:39.558007: |   04 62 94 18  2e 22 83 76  10 f8 15 b8  59 d7 6e 0a
Oct 31 15:24:39.558008: |   5a 82 d6 c1  f9 a5 9b 4b  a6 0a 9e fb  3c 4d 79 9c
Oct 31 15:24:39.558010: |   18 83 c7 d8  d8 78 50 a1  6b 05 1a ec  f4 ef 15 de
Oct 31 15:24:39.558011: |   88 66 24 15  0c 86 27 0c  dc 80 71 bf  9e 54 4c 9a
Oct 31 15:24:39.558012: |   cf 5f c9 1a  93 5d 8a 3a  5d a3 e2 3c  95 ea 95 ef
Oct 31 15:24:39.558014: |   db a8 27 d5  4f 33 eb 27  8b 30 27 30  c0 c8 dc 54
Oct 31 15:24:39.558015: |   15 22 16 15  10 46 8c ad  99 34 a0 bf  76 11 2f a9
Oct 31 15:24:39.558017: |   05 62 a8 56  f9 d8 2f fc  0e 6b b2 b4  4d e4 a4 61
Oct 31 15:24:39.558018: |   68 44 e9 51  d2 86 f7 fe  66 c9 10 62  8b 71 17 f3
Oct 31 15:24:39.558019: |   d7 18 09 84  02 49 61 55  2c 79 5e a9  bf 9f 44 c1
Oct 31 15:24:39.558021: |   95 e4 8f da  3c 5e ae af  e9 00 4a 2c  f2 4f 58 f9
Oct 31 15:24:39.558022: |   4e 4d 55 a2  6e 26 fd 62  75 63 ab 49  6d 1e 04 03
Oct 31 15:24:39.558023: |   1a 4f 25 28  c4 af 8a a9  29 00 00 24  7e be 78 2a
Oct 31 15:24:39.558025: |   a1 d5 6a 95  b8 9b 91 41  51 b7 9c 95  04 87 5d 61
Oct 31 15:24:39.558026: |   0b 46 19 7a  6a 73 24 05  f5 f3 a7 0b  29 00 00 08
Oct 31 15:24:39.558027: |   00 00 40 2e  29 00 00 0e  00 00 40 2f  00 02 00 03
Oct 31 15:24:39.558029: |   00 04 29 00  00 1c 00 00  40 04 63 f3  85 ec 48 49
Oct 31 15:24:39.558030: |   df 1b f7 26  b8 67 1b 93  9d a5 9f b8  ad 30 00 00
Oct 31 15:24:39.558031: |   00 1c 00 00  40 05 aa ce  21 d5 6b 49  63 e4 72 11
Oct 31 15:24:39.558033: |   83 1b 3e 1c  c0 37 31 0a  a4 53
Oct 31 15:24:39.558075: | sent 1 messages
Oct 31 15:24:39.558078: | checking that a retransmit timeout_event was already
Oct 31 15:24:39.558079: | state #6 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:24:39.558082: | libevent_free: delref ptr-libevent@0x7f6fdc006108
Oct 31 15:24:39.558084: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x556b6640ad48
Oct 31 15:24:39.558087: | delref logger@0x556b6642dc08(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:24:39.558089: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.558091: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.558093: | resume sending helper answer back to state for #6 suppresed complete_v2_state_transition()
Oct 31 15:24:39.558095: | delref mdp@NULL (in resume_handler() at server.c:743)
Oct 31 15:24:39.558100: | #6 spent 1.26 (1.3) milliseconds in resume sending helper answer back to state
Oct 31 15:24:39.558103: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:24:39.558105: | libevent_free: delref ptr-libevent@0x7f6fe000cc18
Oct 31 15:24:39.971145: | newref struct fd@0x556b663dfc78(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:39.971166: | fd_accept: new fd-fd@0x556b663dfc78 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:24:39.971178: shutting down
Oct 31 15:24:39.971187: | leaking fd-fd@0x556b663dfc78's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889)
Oct 31 15:24:39.971191: | delref fd@0x556b663dfc78(1->0) (in whack_handle_cb() at rcv_whack.c:895)
Oct 31 15:24:39.971195: | freeref fd-fd@0x556b663dfc78 (in whack_handle_cb() at rcv_whack.c:895)
Oct 31 15:24:39.971224: | shutting down helper thread 5
Oct 31 15:24:39.971268: | helper thread 5 exited
Oct 31 15:24:39.971279: | shutting down helper thread 6
Oct 31 15:24:39.971288: | helper thread 6 exited
Oct 31 15:24:39.971298: | shutting down helper thread 7
Oct 31 15:24:39.971396: | helper thread 7 exited
Oct 31 15:24:39.971408: | shutting down helper thread 4
Oct 31 15:24:39.971433: | helper thread 4 exited
Oct 31 15:24:39.971444: | shutting down helper thread 2
Oct 31 15:24:39.971470: | helper thread 2 exited
Oct 31 15:24:39.971483: | shutting down helper thread 3
Oct 31 15:24:39.971508: | helper thread 3 exited
Oct 31 15:24:39.971518: | shutting down helper thread 1
Oct 31 15:24:39.971544: | helper thread 1 exited
Oct 31 15:24:39.971548: 7 helper threads shutdown
Oct 31 15:24:39.971553: | delref root_certs@0x556b664157d8(1->0) (in free_root_certs() at root_certs.c:127)
Oct 31 15:24:39.971555: destroying root certificate cache
Oct 31 15:24:39.971562: | certs and keys locked by 'free_preshared_secrets'
Oct 31 15:24:39.971566: forgetting secrets
Oct 31 15:24:39.971578: | certs and keys unlocked by 'free_preshared_secrets'
Oct 31 15:24:39.971583: | delref pkp@0x556b66408fa8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971587: | delref pkp@0x556b664099d8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971591: | delref pkp@0x556b66409638(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971595: | delref pkp@0x556b6640c148(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971599: | delref pkp@0x556b6640c038(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971603: | delref pkp@0x556b6640c388(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971607: | delref pkp@0x556b6640b908(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971610: | delref pkp@0x556b6640b748(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:24:39.971614: | delref fd@NULL (in delete_pending() at pending.c:218)
Oct 31 15:24:39.971616: | removing pending policy for no connection {0x556b6640bdb8}
Oct 31 15:24:39.971619: | deleting states for connection - including all other IPsec SA's of this IKE SA
Oct 31 15:24:39.971621: | pass 0
Oct 31 15:24:39.971623: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:24:39.971625: | state #6
Oct 31 15:24:39.971632: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1406)
Oct 31 15:24:39.971634: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408)
Oct 31 15:24:39.971637: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409)
Oct 31 15:24:39.971639: | pstats #6 ikev2.ike deleted other
Oct 31 15:24:39.971646: | #6 main thread spent 1.43 (1.55) milliseconds helper thread spent 1.32 (1.32) milliseconds in total
Oct 31 15:24:39.971650: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:24:39.971654: | should_send_delete: no, not established
Oct 31 15:24:39.971658: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.4165s and NOT sending notification
Oct 31 15:24:39.971662: | parent state #6: PARENT_I1(half-open IKE SA) => delete
Oct 31 15:24:39.971666: | unsuspending #6 MD (nil)
Oct 31 15:24:39.971668: | should_send_delete: no, not established
Oct 31 15:24:39.971670: | state #6 has no .st_event to delete
Oct 31 15:24:39.971675: | #6 requesting EVENT_RETRANSMIT-pe@0x556b66401c48 be deleted
Oct 31 15:24:39.971680: | libevent_free: delref ptr-libevent@0x556b6642dc78
Oct 31 15:24:39.971684: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x556b66401c48
Oct 31 15:24:39.971687: | #6 STATE_PARENT_I1: retransmits: cleared
Oct 31 15:24:39.971691: | State DB: IKEv2 state not found (flush_incomplete_children)
Oct 31 15:24:39.971694: | picked newest_isakmp_sa #0 for #6
Oct 31 15:24:39.971698: "northnet-eastnets/0x2" #6: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS
Oct 31 15:24:39.971702: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds
Oct 31 15:24:39.971705: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds
Oct 31 15:24:39.971712: | in connection_discard for connection northnet-eastnets/0x2
Oct 31 15:24:39.971715: | State DB: deleting IKEv2 state #6 in PARENT_I1
Oct 31 15:24:39.971719: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore)
Oct 31 15:24:39.971722: | releasing #6's fd-fd@(nil) because deleting state
Oct 31 15:24:39.971725: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.971727: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:24:39.971730: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:24:39.971744: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:24:39.971749: | delref logger@0x556b664249b8(1->0) (in delete_state() at state.c:1306)
Oct 31 15:24:39.971750: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.971752: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.971753: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411)
Oct 31 15:24:39.971755: | pass 1
Oct 31 15:24:39.971756: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:24:39.971761: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0
Oct 31 15:24:39.971765: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0
Oct 31 15:24:39.971768: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce)
Oct 31 15:24:39.971811: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce)
Oct 31 15:24:39.971824: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:39.971827: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:39.971829: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000
Oct 31 15:24:39.971831: |  conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:39.971833: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000
Oct 31 15:24:39.971836: | route owner of "northnet-eastnets/0x2" unrouted: NULL
Oct 31 15:24:39.971839: | running updown command "ipsec _updown" for verb unroute 
Oct 31 15:24:39.971841: | command executing unroute-client
Oct 31 15:24:39.971891: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+...
Oct 31 15:24:39.971897: | popen cmd is 1335 chars long
Oct 31 15:24:39.971900: | cmd(   0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn:
Oct 31 15:24:39.971902: | cmd(  80):ets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='':
Oct 31 15:24:39.971904: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari:
Oct 31 15:24:39.971906: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E:
Oct 31 15:24:39.971908: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN:
Oct 31 15:24:39.971910: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M:
Oct 31 15:24:39.971913: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.2:
Oct 31 15:24:39.971915: | cmd( 560):3' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, :
Oct 31 15:24:39.971917: | cmd( 640):CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLI:
Oct 31 15:24:39.971919: | cmd( 720):ENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='2:
Oct 31 15:24:39.971921: | cmd( 800):55.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO:
Oct 31 15:24:39.971923: | cmd( 880):_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+P:
Oct 31 15:24:39.971926: | cmd( 960):FS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANE:
Oct 31 15:24:39.971928: | cmd(1040):NT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PE:
Oct 31 15:24:39.971930: | cmd(1120):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=':
Oct 31 15:24:39.971932: | cmd(1200):0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT:
Oct 31 15:24:39.971934: | cmd(1280):I_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
Oct 31 15:24:39.985102: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987273: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987316: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987347: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987378: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987408: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987440: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987470: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987500: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987529: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987559: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987592: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987623: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987654: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987683: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987714: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987745: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987776: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987806: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987834: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987865: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987898: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987929: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987960: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.987989: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988016: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988043: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988133: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988171: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988203: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988238: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988269: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988297: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988325: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988354: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988382: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988413: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988442: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988472: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988501: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988531: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988564: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988596: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988629: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988791: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988825: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988860: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988889: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988916: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988945: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.988974: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.989006: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.989042: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.989075: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:39.995779: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:39.995800: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:39.995805: | newref clone logger@0x556b663e00d8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:39.995809: | flush revival: connection 'northnet-eastnets/0x2' revival flushed
Oct 31 15:24:39.995813: | delref vip@NULL (in discard_connection() at connections.c:262)
Oct 31 15:24:39.995816: | delref vip@NULL (in discard_connection() at connections.c:263)
Oct 31 15:24:39.995832: | Connection DB: deleting connection $2
Oct 31 15:24:39.995837: | delref logger@0x556b663e00d8(1->0) (in delete_connection() at connections.c:214)
Oct 31 15:24:39.995840: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:39.995843: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:39.995846: | deleting states for connection - including all other IPsec SA's of this IKE SA
Oct 31 15:24:39.995849: | pass 0
Oct 31 15:24:39.995852: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:24:39.995854: | pass 1
Oct 31 15:24:39.995856: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:24:39.995864: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0
Oct 31 15:24:39.995870: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0
Oct 31 15:24:39.995876: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce)
Oct 31 15:24:39.996001: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce)
Oct 31 15:24:39.996016: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:24:39.996020: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs
Oct 31 15:24:39.996023: |  conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000
Oct 31 15:24:39.996026: | route owner of "northnet-eastnets/0x1" unrouted: NULL
Oct 31 15:24:39.996028: | running updown command "ipsec _updown" for verb unroute 
Oct 31 15:24:39.996031: | command executing unroute-client
Oct 31 15:24:39.996081: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ES...
Oct 31 15:24:39.996085: | popen cmd is 1333 chars long
Oct 31 15:24:39.996088: | cmd(   0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn:
Oct 31 15:24:39.996090: | cmd(  80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='':
Oct 31 15:24:39.996093: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari:
Oct 31 15:24:39.996161: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E:
Oct 31 15:24:39.996166: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN:
Oct 31 15:24:39.996169: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M:
Oct 31 15:24:39.996171: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.2:
Oct 31 15:24:39.996173: | cmd( 560):3' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, :
Oct 31 15:24:39.996175: | cmd( 640):CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLI:
Oct 31 15:24:39.996178: | cmd( 720):ENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255:
Oct 31 15:24:39.996180: | cmd( 800):.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_S:
Oct 31 15:24:39.996182: | cmd( 880):TACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS:
Oct 31 15:24:39.996184: | cmd( 960):+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT:
Oct 31 15:24:39.996186: | cmd(1040):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER:
Oct 31 15:24:39.996189: | cmd(1120):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0':
Oct 31 15:24:39.996191: | cmd(1200): PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_:
Oct 31 15:24:39.996193: | cmd(1280):SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
Oct 31 15:24:40.010858: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.010948: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.010968: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011001: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011048: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011086: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011124: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011161: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011195: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011233: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011581: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011624: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011656: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011687: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011718: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011753: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011791: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011824: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011860: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.011892: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012605: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012630: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012645: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012660: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012686: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012721: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012757: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012790: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012825: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012859: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012892: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012917: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012930: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012944: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.012976: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013013: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013055: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013092: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013130: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013158: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013323: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013590: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013595: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013598: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013602: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013604: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013606: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013608: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013610: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013613: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013615: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013620: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013622: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.013625: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:24:40.019671: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:24:40.019681: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:24:40.019684: | newref clone logger@0x556b66408d48(0->1) (in clone_logger() at log.c:817)
Oct 31 15:24:40.019687: | delref hp@0x556b66400088(1->0) (in delete_oriented_hp() at hostpair.c:360)
Oct 31 15:24:40.019690: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list
Oct 31 15:24:40.019692: | delref vip@NULL (in discard_connection() at connections.c:262)
Oct 31 15:24:40.019694: | delref vip@NULL (in discard_connection() at connections.c:263)
Oct 31 15:24:40.019716: | Connection DB: deleting connection $1
Oct 31 15:24:40.019719: | delref logger@0x556b66408d48(1->0) (in delete_connection() at connections.c:214)
Oct 31 15:24:40.019720: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:24:40.019722: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:24:40.019724: | crl fetch request list locked by 'free_crl_fetch'
Oct 31 15:24:40.019725: | crl fetch request list unlocked by 'free_crl_fetch'
Oct 31 15:24:40.019729: | iface: marking eth1 dead
Oct 31 15:24:40.019730: | iface: marking eth0 dead
Oct 31 15:24:40.019731: | iface: marking lo dead
Oct 31 15:24:40.019733: | updating interfaces - listing interfaces that are going down
Oct 31 15:24:40.019737: shutting down interface lo 127.0.0.1:4500
Oct 31 15:24:40.019740: shutting down interface lo 127.0.0.1:500
Oct 31 15:24:40.019742: shutting down interface eth0 192.0.3.254:4500
Oct 31 15:24:40.019744: shutting down interface eth0 192.0.3.254:500
Oct 31 15:24:40.019746: shutting down interface eth1 192.1.3.33:4500
Oct 31 15:24:40.019748: shutting down interface eth1 192.1.3.33:500
Oct 31 15:24:40.019750: | updating interfaces - deleting the dead
Oct 31 15:24:40.019753: | FOR_EACH_STATE_... in delete_states_dead_interfaces
Oct 31 15:24:40.019759: | libevent_free: delref ptr-libevent@0x556b663f4a58
Oct 31 15:24:40.019761: | delref id@0x556b663f8c28(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019770: | libevent_free: delref ptr-libevent@0x556b663b8388
Oct 31 15:24:40.019772: | delref id@0x556b663f8c28(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019776: | libevent_free: delref ptr-libevent@0x556b663b8588
Oct 31 15:24:40.019778: | delref id@0x556b663f8b58(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019783: | libevent_free: delref ptr-libevent@0x556b663b8488
Oct 31 15:24:40.019784: | delref id@0x556b663f8b58(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019789: | libevent_free: delref ptr-libevent@0x556b663b4e38
Oct 31 15:24:40.019791: | delref id@0x556b663f8a28(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019795: | libevent_free: delref ptr-libevent@0x556b663b4d38
Oct 31 15:24:40.019797: | delref id@0x556b663f8a28(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019800: | delref id@0x556b663f8a28(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019802: | delref id@0x556b663f8b58(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019804: | delref id@0x556b663f8c28(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:24:40.019805: | updating interfaces - checking orientation
Oct 31 15:24:40.019807: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Oct 31 15:24:40.021358: | libevent_free: delref ptr-libevent@0x556b663f4b08
Oct 31 15:24:40.021371: | free_event_entry: delref EVENT_NULL-pe@0x556b663f7f48
Oct 31 15:24:40.021376: | libevent_free: delref ptr-libevent@0x556b663b8288
Oct 31 15:24:40.021377: | free_event_entry: delref EVENT_NULL-pe@0x556b663f49e8
Oct 31 15:24:40.021380: | libevent_free: delref ptr-libevent@0x556b663b8188
Oct 31 15:24:40.021382: | free_event_entry: delref EVENT_NULL-pe@0x556b663f0fd8
Oct 31 15:24:40.021387: | global timer EVENT_REINIT_SECRET uninitialized
Oct 31 15:24:40.021389: | global timer EVENT_SHUNT_SCAN uninitialized
Oct 31 15:24:40.021390: | global timer EVENT_PENDING_DDNS uninitialized
Oct 31 15:24:40.021392: | global timer EVENT_PENDING_PHASE2 uninitialized
Oct 31 15:24:40.021394: | global timer EVENT_CHECK_CRLS uninitialized
Oct 31 15:24:40.021398: | global timer EVENT_REVIVE_CONNS uninitialized
Oct 31 15:24:40.021402: | global timer EVENT_FREE_ROOT_CERTS uninitialized
Oct 31 15:24:40.021404: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized
Oct 31 15:24:40.021407: | global timer EVENT_NAT_T_KEEPALIVE uninitialized
Oct 31 15:24:40.021411: | libevent_free: delref ptr-libevent@0x556b6634cb68
Oct 31 15:24:40.021414: | signal event handler PLUTO_SIGCHLD uninstalled
Oct 31 15:24:40.021417: | libevent_free: delref ptr-libevent@0x556b66339278
Oct 31 15:24:40.021420: | signal event handler PLUTO_SIGTERM uninstalled
Oct 31 15:24:40.021423: | libevent_free: delref ptr-libevent@0x556b663f8168
Oct 31 15:24:40.021426: | signal event handler PLUTO_SIGHUP uninstalled
Oct 31 15:24:40.021429: | libevent_free: delref ptr-libevent@0x556b663f83a8
Oct 31 15:24:40.021432: | signal event handler PLUTO_SIGSYS uninstalled
Oct 31 15:24:40.021435: | releasing event base
Oct 31 15:24:40.021448: | libevent_free: delref ptr-libevent@0x556b663f8278
Oct 31 15:24:40.021452: | libevent_free: delref ptr-libevent@0x556b663ae528
Oct 31 15:24:40.021457: | libevent_free: delref ptr-libevent@0x556b663e77f8
Oct 31 15:24:40.021459: | libevent_free: delref ptr-libevent@0x556b66416148
Oct 31 15:24:40.021462: | libevent_free: delref ptr-libevent@0x556b663e7848
Oct 31 15:24:40.021464: | libevent_free: delref ptr-libevent@0x556b663eb9c8
Oct 31 15:24:40.021466: | libevent_free: delref ptr-libevent@0x556b663eb7d8
Oct 31 15:24:40.021467: | libevent_free: delref ptr-libevent@0x556b663e7888
Oct 31 15:24:40.021469: | libevent_free: delref ptr-libevent@0x556b663eb5e8
Oct 31 15:24:40.021470: | libevent_free: delref ptr-libevent@0x556b663eafa8
Oct 31 15:24:40.021471: | libevent_free: delref ptr-libevent@0x556b663f9708
Oct 31 15:24:40.021473: | libevent_free: delref ptr-libevent@0x556b663f96c8
Oct 31 15:24:40.021474: | libevent_free: delref ptr-libevent@0x556b663f9688
Oct 31 15:24:40.021476: | libevent_free: delref ptr-libevent@0x556b663f9648
Oct 31 15:24:40.021477: | libevent_free: delref ptr-libevent@0x556b663f9608
Oct 31 15:24:40.021478: | libevent_free: delref ptr-libevent@0x556b663f8e98
Oct 31 15:24:40.021480: | libevent_free: delref ptr-libevent@0x556b663ddfc8
Oct 31 15:24:40.021481: | libevent_free: delref ptr-libevent@0x556b663f8128
Oct 31 15:24:40.021482: | libevent_free: delref ptr-libevent@0x556b663f80e8
Oct 31 15:24:40.021484: | libevent_free: delref ptr-libevent@0x556b663eb628
Oct 31 15:24:40.021489: | libevent_free: delref ptr-libevent@0x556b663f8238
Oct 31 15:24:40.021492: | libevent_free: delref ptr-libevent@0x556b663f7fb8
Oct 31 15:24:40.021495: | libevent_free: delref ptr-libevent@0x556b663ba7c8
Oct 31 15:24:40.021498: | libevent_free: delref ptr-libevent@0x556b663ba748
Oct 31 15:24:40.021500: | libevent_free: delref ptr-libevent@0x556b663b0e58
Oct 31 15:24:40.021503: | releasing global libevent data
Oct 31 15:24:40.021506: | libevent_free: delref ptr-libevent@0x556b66349998
Oct 31 15:24:40.021508: | libevent_free: delref ptr-libevent@0x556b663ae2d8
Oct 31 15:24:40.021511: | libevent_free: delref ptr-libevent@0x556b663ba848
Oct 31 15:24:40.021545: leak detective found no leaks