Oct 31 15:24:33.000148: | newref logger@0x55ca48881bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:33.000250: | delref logger@0x55ca48881bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:33.000257: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:33.000259: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:33.000265: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:33.000762: Initializing NSS Oct 31 15:24:33.000769: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:33.063795: FIPS Mode: NO Oct 31 15:24:33.063811: NSS crypto library initialized Oct 31 15:24:33.063870: FIPS mode disabled for pluto daemon Oct 31 15:24:33.063875: FIPS HMAC integrity support [disabled] Oct 31 15:24:33.063962: libcap-ng support [enabled] Oct 31 15:24:33.063974: Linux audit support [enabled] Oct 31 15:24:33.064483: Linux audit activated Oct 31 15:24:33.064497: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2128810 Oct 31 15:24:33.064500: core dump dir: /tmp Oct 31 15:24:33.064503: secrets file: /etc/ipsec.secrets Oct 31 15:24:33.064505: leak-detective enabled Oct 31 15:24:33.064507: NSS crypto [enabled] Oct 31 15:24:33.064509: XAUTH PAM support [enabled] Oct 31 15:24:33.064579: | libevent is using pluto's memory allocator Oct 31 15:24:33.064586: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:33.064604: | libevent_malloc: newref ptr-libevent@0x55ca48896998 size 40 Oct 31 15:24:33.064607: | libevent_malloc: newref ptr-libevent@0x55ca488fb2d8 size 40 Oct 31 15:24:33.064611: | libevent_malloc: newref ptr-libevent@0x55ca48907848 size 40 Oct 31 15:24:33.064613: | creating event base Oct 31 15:24:33.064616: | libevent_malloc: newref ptr-libevent@0x55ca48907488 size 56 Oct 31 15:24:33.064619: | libevent_malloc: newref ptr-libevent@0x55ca488fde58 size 664 Oct 31 15:24:33.064633: | libevent_malloc: newref ptr-libevent@0x55ca489347f8 size 24 Oct 31 15:24:33.064636: | libevent_malloc: newref ptr-libevent@0x55ca488fb528 size 384 Oct 31 15:24:33.064650: | libevent_malloc: newref ptr-libevent@0x55ca48934848 size 16 Oct 31 15:24:33.064653: | libevent_malloc: newref ptr-libevent@0x55ca489077c8 size 40 Oct 31 15:24:33.064655: | libevent_malloc: newref ptr-libevent@0x55ca48907748 size 48 Oct 31 15:24:33.064662: | libevent_realloc: newref ptr-libevent@0x55ca4892afc8 size 256 Oct 31 15:24:33.064665: | libevent_malloc: newref ptr-libevent@0x55ca48934888 size 16 Oct 31 15:24:33.064672: | libevent_free: delref ptr-libevent@0x55ca48907488 Oct 31 15:24:33.064674: | libevent initialized Oct 31 15:24:33.064679: | libevent_realloc: newref ptr-libevent@0x55ca48907488 size 64 Oct 31 15:24:33.064683: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:33.064690: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:33.064692: NAT-Traversal support [enabled] Oct 31 15:24:33.064695: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:33.064769: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:33.064777: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:33.064796: | checking IKEv1 state table Oct 31 15:24:33.064806: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.064811: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:33.064817: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.064820: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:33.064823: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:33.064825: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:33.064827: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.064829: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.064832: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:33.064840: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:33.064843: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.064845: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:33.064848: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:33.064850: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:33.064852: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:33.064855: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:33.064857: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:33.064860: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:33.064862: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:33.064864: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:33.064867: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:33.064869: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:33.064872: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:33.064874: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:33.064876: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.064879: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:33.064881: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.064883: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:33.064885: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:33.064888: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:33.064890: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:33.064892: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:33.064895: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:33.064898: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:33.064900: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:33.064902: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:33.064905: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:33.064908: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:33.064910: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:33.064912: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:33.064915: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:33.064917: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:33.064920: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:33.064923: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:33.064926: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:33.064928: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:33.064930: | INFO: category: informational; flags: 0: Oct 31 15:24:33.064933: | -> INFO EVENT_NULL (informational) Oct 31 15:24:33.064936: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:33.064938: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:33.064941: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.064943: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:33.064946: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:33.064948: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:33.064951: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:33.064953: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:33.064956: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:33.064958: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:33.064961: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:33.064963: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:33.064966: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.064969: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:33.064972: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.064974: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:33.064980: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.064982: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:33.064989: | checking IKEv2 state table Oct 31 15:24:33.064993: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.064996: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:33.065001: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.065004: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:33.065007: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:33.065009: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:33.065012: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:33.065014: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:33.065017: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.065020: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:33.065027: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:33.065030: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:33.065033: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:33.065035: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:33.065038: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:33.065040: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:33.065042: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:33.065045: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:33.065047: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:33.065049: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:33.065053: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.065055: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:33.065058: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:33.065061: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:33.065063: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:33.065066: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:33.065068: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:33.065071: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.065073: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:33.065076: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.065078: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:33.065081: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:33.065084: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:33.065087: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.065089: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:33.065092: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:33.065096: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:33.065099: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:33.065101: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:33.065104: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:33.065106: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:33.065108: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:33.065111: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:33.065113: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:33.065116: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:33.065119: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:33.065122: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:33.065127: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:33.065130: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:33.065329: Encryption algorithms: Oct 31 15:24:33.065344: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:33.065351: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:33.065356: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:33.065362: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:33.065366: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:33.065371: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:33.065376: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:33.065381: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:33.065387: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:33.065418: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:33.065424: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:33.065429: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:33.065433: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:33.065437: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:33.065440: Hash algorithms: Oct 31 15:24:33.065451: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:33.065455: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:33.065459: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:33.065463: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:33.065466: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:33.065468: PRF algorithms: Oct 31 15:24:33.065471: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:33.065475: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:33.065480: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:33.065488: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:33.065493: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:33.065496: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:33.065499: Integrity algorithms: Oct 31 15:24:33.065503: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:33.065508: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:33.065512: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:33.065517: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:33.065522: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:33.065526: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:33.065531: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:33.065536: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:33.065540: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:33.065542: DH algorithms: Oct 31 15:24:33.065547: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:33.065550: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:33.065554: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:33.065557: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:33.065561: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:33.065565: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:33.065568: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:33.065573: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:33.065577: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:33.065581: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:33.065584: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:33.065587: testing CAMELLIA_CBC: Oct 31 15:24:33.065590: Camellia: 16 bytes with 128-bit key Oct 31 15:24:33.065684: Camellia: 16 bytes with 128-bit key Oct 31 15:24:33.065721: Camellia: 16 bytes with 256-bit key Oct 31 15:24:33.065838: Camellia: 16 bytes with 256-bit key Oct 31 15:24:33.065882: testing AES_GCM_16: Oct 31 15:24:33.065888: empty string Oct 31 15:24:33.065923: one block Oct 31 15:24:33.065956: two blocks Oct 31 15:24:33.065990: two blocks with associated data Oct 31 15:24:33.066023: testing AES_CTR: Oct 31 15:24:33.066027: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:33.066061: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:33.066096: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:33.066137: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:33.066175: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:33.066216: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:33.066259: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:33.066298: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:33.066344: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:33.066391: testing AES_CBC: Oct 31 15:24:33.066395: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:33.066436: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:33.066479: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:33.066522: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:33.066572: testing AES_XCBC: Oct 31 15:24:33.066577: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:33.066799: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:33.066935: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:33.067047: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:33.067186: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:33.067324: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:33.067487: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:33.067779: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:33.067935: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:33.068102: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:33.068333: testing HMAC_MD5: Oct 31 15:24:33.068341: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:33.068527: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:33.068757: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:33.069004: 8 CPU cores online Oct 31 15:24:33.069010: starting up 7 helper threads Oct 31 15:24:33.069045: started thread for helper 0 Oct 31 15:24:33.069073: started thread for helper 1 Oct 31 15:24:33.069100: started thread for helper 2 Oct 31 15:24:33.069126: started thread for helper 3 Oct 31 15:24:33.069150: started thread for helper 4 Oct 31 15:24:33.069177: started thread for helper 5 Oct 31 15:24:33.069211: started thread for helper 6 Oct 31 15:24:33.069241: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:33.069296: | Hard-wiring algorithms Oct 31 15:24:33.069300: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:33.069307: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:33.069309: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:33.069311: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:33.069314: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:33.069316: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:33.069318: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:33.069320: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:33.069322: | adding AES_CTR to kernel algorithm db Oct 31 15:24:33.069324: | adding AES_CBC to kernel algorithm db Oct 31 15:24:33.069326: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:33.069328: | adding NULL to kernel algorithm db Oct 31 15:24:33.069331: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:33.069333: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:33.069335: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:33.069337: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:33.069340: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:33.069342: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:33.069344: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:33.069346: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:33.069348: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:33.069347: | starting helper thread 4 Oct 31 15:24:33.069351: | adding NONE to kernel algorithm db Oct 31 15:24:33.069391: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:33.069405: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:33.069407: | setup kernel fd callback Oct 31 15:24:33.069411: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55ca4893dfd8 Oct 31 15:24:33.069414: | libevent_malloc: newref ptr-libevent@0x55ca48905188 size 128 Oct 31 15:24:33.069418: | libevent_malloc: newref ptr-libevent@0x55ca489385e8 size 16 Oct 31 15:24:33.069424: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55ca489419e8 Oct 31 15:24:33.069428: | libevent_malloc: newref ptr-libevent@0x55ca48905288 size 128 Oct 31 15:24:33.069431: | libevent_malloc: newref ptr-libevent@0x55ca48937fa8 size 16 Oct 31 15:24:33.069432: seccomp security disabled for crypto helper 4 Oct 31 15:24:33.069440: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:33.069446: | helper thread 4 has nothing to do Oct 31 15:24:33.069658: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:33.069841: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:33.069978: | starting helper thread 1 Oct 31 15:24:33.069985: seccomp security disabled for crypto helper 1 Oct 31 15:24:33.069990: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:33.069993: | helper thread 1 has nothing to do Oct 31 15:24:33.070002: | starting helper thread 2 Oct 31 15:24:33.070005: seccomp security disabled for crypto helper 2 Oct 31 15:24:33.070008: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:33.070010: | helper thread 2 has nothing to do Oct 31 15:24:33.070018: | starting helper thread 3 Oct 31 15:24:33.070021: seccomp security disabled for crypto helper 3 Oct 31 15:24:33.070024: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:33.070026: | helper thread 3 has nothing to do Oct 31 15:24:33.070034: | starting helper thread 5 Oct 31 15:24:33.070036: | unbound context created - setting debug level to 5 Oct 31 15:24:33.070043: | starting helper thread 7 Oct 31 15:24:33.070046: seccomp security disabled for crypto helper 7 Oct 31 15:24:33.070049: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:33.070051: | helper thread 7 has nothing to do Oct 31 15:24:33.070037: seccomp security disabled for crypto helper 5 Oct 31 15:24:33.070059: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:33.070062: | helper thread 5 has nothing to do Oct 31 15:24:33.070081: | /etc/hosts lookups activated Oct 31 15:24:33.070101: | /etc/resolv.conf usage activated Oct 31 15:24:33.070156: | outgoing-port-avoid set 0-65535 Oct 31 15:24:33.070179: | outgoing-port-permit set 32768-60999 Oct 31 15:24:33.070183: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:33.070186: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:33.070190: | Setting up events, loop start Oct 31 15:24:33.070193: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55ca48944f48 Oct 31 15:24:33.070197: | libevent_malloc: newref ptr-libevent@0x55ca48941b08 size 128 Oct 31 15:24:33.070228: | libevent_malloc: newref ptr-libevent@0x55ca489389c8 size 16 Oct 31 15:24:33.070238: | libevent_realloc: newref ptr-libevent@0x55ca48944fb8 size 256 Oct 31 15:24:33.070241: | libevent_malloc: newref ptr-libevent@0x55ca48938628 size 8 Oct 31 15:24:33.070244: | libevent_realloc: newref ptr-libevent@0x55ca48939028 size 144 Oct 31 15:24:33.070247: | libevent_malloc: newref ptr-libevent@0x55ca48899b68 size 152 Oct 31 15:24:33.070251: | libevent_malloc: newref ptr-libevent@0x55ca489387d8 size 16 Oct 31 15:24:33.070256: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:33.070259: | libevent_malloc: newref ptr-libevent@0x55ca489450e8 size 8 Oct 31 15:24:33.070262: | libevent_malloc: newref ptr-libevent@0x55ca48886278 size 152 Oct 31 15:24:33.070264: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:33.070271: | libevent_malloc: newref ptr-libevent@0x55ca48945128 size 8 Oct 31 15:24:33.070273: | libevent_malloc: newref ptr-libevent@0x55ca48945168 size 152 Oct 31 15:24:33.070276: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:33.070279: | libevent_malloc: newref ptr-libevent@0x55ca48945238 size 8 Oct 31 15:24:33.070282: | libevent_realloc: delref ptr-libevent@0x55ca48939028 Oct 31 15:24:33.070285: | libevent_realloc: newref ptr-libevent@0x55ca48945278 size 256 Oct 31 15:24:33.070287: | libevent_malloc: newref ptr-libevent@0x55ca489453a8 size 152 Oct 31 15:24:33.070290: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:33.070781: | created addconn helper (pid:2128902) using fork+execve Oct 31 15:24:33.070801: | forked child 2128902 Oct 31 15:24:33.070816: seccomp security disabled Oct 31 15:24:33.070863: | newref struct fd@0x55ca48945508(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.070867: | fd_accept: new fd-fd@0x55ca48945508 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.070892: | whack: options (impair|debug) Oct 31 15:24:33.070900: | old debugging base+cpu-usage + none Oct 31 15:24:33.070903: | new debugging = base+cpu-usage Oct 31 15:24:33.070911: | delref fd@0x55ca48945508(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.071019: | freeref fd-fd@0x55ca48945508 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.071031: | spent 0.0741 (0.175) milliseconds in whack Oct 31 15:24:33.071398: | starting helper thread 6 Oct 31 15:24:33.071409: seccomp security disabled for crypto helper 6 Oct 31 15:24:33.071415: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:33.071419: | helper thread 6 has nothing to do Oct 31 15:24:33.081581: | newref struct fd@0x55ca48945548(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.081670: | fd_accept: new fd-fd@0x55ca48945548 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.081695: | whack: listen Oct 31 15:24:33.081700: listening for IKE messages Oct 31 15:24:33.082848: | Inspecting interface lo Oct 31 15:24:33.082869: | found lo with address 127.0.0.1 Oct 31 15:24:33.082874: | Inspecting interface eth0 Oct 31 15:24:33.082879: | found eth0 with address 192.0.2.254 Oct 31 15:24:33.082884: | Inspecting interface eth0 Oct 31 15:24:33.082888: | found eth0 with address 192.0.22.254 Oct 31 15:24:33.082891: | Inspecting interface eth1 Oct 31 15:24:33.082895: | found eth1 with address 192.1.2.23 Oct 31 15:24:33.082907: | newref struct iface_dev@0x55ca48945ae8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.082929: Kernel supports NIC esp-hw-offload Oct 31 15:24:33.082955: | iface: marking eth1 add Oct 31 15:24:33.082961: | newref struct iface_dev@0x55ca48945bd8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.082966: | iface: marking eth0 add Oct 31 15:24:33.082971: | newref struct iface_dev@0x55ca48945ca8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.082975: | iface: marking eth0 add Oct 31 15:24:33.082978: | newref struct iface_dev@0x55ca48945d78(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:33.082983: | iface: marking lo add Oct 31 15:24:33.083056: | no interfaces to sort Oct 31 15:24:33.083081: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:33.083100: | addref ifd@0x55ca48945ae8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083106: adding UDP interface eth1 192.1.2.23:500 Oct 31 15:24:33.083137: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:33.083148: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.083153: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.083156: | addref ifd@0x55ca48945ae8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083162: adding UDP interface eth1 192.1.2.23:4500 Oct 31 15:24:33.083188: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:33.083220: | addref ifd@0x55ca48945bd8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083228: adding UDP interface eth0 192.0.22.254:500 Oct 31 15:24:33.083251: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:33.083265: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.083269: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.083272: | addref ifd@0x55ca48945bd8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083276: adding UDP interface eth0 192.0.22.254:4500 Oct 31 15:24:33.083298: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:33.083308: | addref ifd@0x55ca48945ca8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083315: adding UDP interface eth0 192.0.2.254:500 Oct 31 15:24:33.083342: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:33.083352: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.083356: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.083359: | addref ifd@0x55ca48945ca8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083364: adding UDP interface eth0 192.0.2.254:4500 Oct 31 15:24:33.083389: | MSG_ERRQUEUE enabled on fd 24 Oct 31 15:24:33.083401: | addref ifd@0x55ca48945d78(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083406: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:33.083430: | MSG_ERRQUEUE enabled on fd 25 Oct 31 15:24:33.083439: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:33.083443: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:33.083447: | addref ifd@0x55ca48945d78(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:33.083452: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:33.083466: | updating interfaces - listing interfaces that are going down Oct 31 15:24:33.083470: | updating interfaces - checking orientation Oct 31 15:24:33.083473: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:33.083506: | libevent_malloc: newref ptr-libevent@0x55ca48941a58 size 128 Oct 31 15:24:33.083513: | libevent_malloc: newref ptr-libevent@0x55ca48945e48 size 16 Oct 31 15:24:33.083529: | setup callback for interface lo 127.0.0.1:4500 fd 25 on UDP Oct 31 15:24:33.083535: | libevent_malloc: newref ptr-libevent@0x55ca48905388 size 128 Oct 31 15:24:33.083541: | libevent_malloc: newref ptr-libevent@0x55ca48945e88 size 16 Oct 31 15:24:33.083548: | setup callback for interface lo 127.0.0.1:500 fd 24 on UDP Oct 31 15:24:33.083551: | libevent_malloc: newref ptr-libevent@0x55ca48905588 size 128 Oct 31 15:24:33.083554: | libevent_malloc: newref ptr-libevent@0x55ca48945ec8 size 16 Oct 31 15:24:33.083559: | setup callback for interface eth0 192.0.2.254:4500 fd 23 on UDP Oct 31 15:24:33.083562: | libevent_malloc: newref ptr-libevent@0x55ca48905488 size 128 Oct 31 15:24:33.083565: | libevent_malloc: newref ptr-libevent@0x55ca48946948 size 16 Oct 31 15:24:33.083571: | setup callback for interface eth0 192.0.2.254:500 fd 22 on UDP Oct 31 15:24:33.083575: | libevent_malloc: newref ptr-libevent@0x55ca48901e38 size 128 Oct 31 15:24:33.083578: | libevent_malloc: newref ptr-libevent@0x55ca48946988 size 16 Oct 31 15:24:33.083583: | setup callback for interface eth0 192.0.22.254:4500 fd 21 on UDP Oct 31 15:24:33.083586: | libevent_malloc: newref ptr-libevent@0x55ca48901d38 size 128 Oct 31 15:24:33.083589: | libevent_malloc: newref ptr-libevent@0x55ca489469c8 size 16 Oct 31 15:24:33.083595: | setup callback for interface eth0 192.0.22.254:500 fd 20 on UDP Oct 31 15:24:33.083598: | libevent_malloc: newref ptr-libevent@0x55ca48946a08 size 128 Oct 31 15:24:33.083600: | libevent_malloc: newref ptr-libevent@0x55ca48946ab8 size 16 Oct 31 15:24:33.083606: | setup callback for interface eth1 192.1.2.23:4500 fd 19 on UDP Oct 31 15:24:33.083611: | libevent_malloc: newref ptr-libevent@0x55ca48946af8 size 128 Oct 31 15:24:33.083615: | libevent_malloc: newref ptr-libevent@0x55ca48946ba8 size 16 Oct 31 15:24:33.083622: | setup callback for interface eth1 192.1.2.23:500 fd 18 on UDP Oct 31 15:24:33.086754: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:33.086771: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:33.086777: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:33.086815: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:33.086864: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:33.086883: | old food groups: Oct 31 15:24:33.086886: | new food groups: Oct 31 15:24:33.086892: | delref fd@0x55ca48945548(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.086899: | freeref fd-fd@0x55ca48945548 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.086906: | spent 1.1 (6.72) milliseconds in whack Oct 31 15:24:33.087476: | processing signal PLUTO_SIGCHLD Oct 31 15:24:33.087498: | waitpid returned pid 2128902 (exited with status 0) Oct 31 15:24:33.087503: | reaped addconn helper child (status 0) Oct 31 15:24:33.087509: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:33.087515: | spent 0.0236 (0.0235) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:33.145516: | newref struct fd@0x55ca48945b78(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.145531: | fd_accept: new fd-fd@0x55ca48945b78 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.145543: | whack: delete 'northnet-eastnets/0x1' Oct 31 15:24:33.145547: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.145550: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.145552: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.145555: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.145558: | whack: connection 'northnet-eastnets/0x1' Oct 31 15:24:33.145562: | addref fd@0x55ca48945b78(1->2) (in string_logger() at log.c:838) Oct 31 15:24:33.145568: | newref string logger@0x55ca48938d88(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:33.145573: | Connection DB: adding connection "northnet-eastnets/0x1" $1 Oct 31 15:24:33.145579: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.145593: | added new connection northnet-eastnets/0x1 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.145669: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:33.145672: | from whack: got --esp= Oct 31 15:24:33.145720: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:33.146853: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.146871: | loading left certificate 'north' pubkey Oct 31 15:24:33.146975: | newref struct pubkey@0x55ca4894d938(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.146998: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca489477c8 Oct 31 15:24:33.147003: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca4894e328 Oct 31 15:24:33.147005: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca4894e378 Oct 31 15:24:33.147060: | newref struct pubkey@0x55ca4894e4c8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.147113: | newref struct pubkey@0x55ca4894ea88(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.147165: | newref struct pubkey@0x55ca48949428(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.147173: | delref pkp@0x55ca4894d938(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.147178: | preload cert/secret for connection: north Oct 31 15:24:33.147235: | adding RSA secret for certificate: north Oct 31 15:24:33.147327: | spent 0.137 (0.14) milliseconds in preload_private_key_by_cert() loading private key north Oct 31 15:24:33.147332: | no private key matching left certificate north: NSS: cert private key not found Oct 31 15:24:33.147349: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Oct 31 15:24:33.147838: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.147846: | loading right certificate 'east' pubkey Oct 31 15:24:33.147932: | newref struct pubkey@0x55ca4894ed28(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.147948: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca4894e328 Oct 31 15:24:33.147952: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca489477c8 Oct 31 15:24:33.147954: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca489491c8 Oct 31 15:24:33.147956: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48949218 Oct 31 15:24:33.147958: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca4894ef28 Oct 31 15:24:33.148013: | newref struct pubkey@0x55ca4894f228(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.148066: | newref struct pubkey@0x55ca48953a88(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.148123: | newref struct pubkey@0x55ca48953328(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.148175: | newref struct pubkey@0x55ca489537b8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.148235: | newref struct pubkey@0x55ca48953f18(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.148246: | delref pkp@0x55ca4894ed28(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.148251: | preload cert/secret for connection: east Oct 31 15:24:33.148300: | adding RSA secret for certificate: east Oct 31 15:24:33.148412: | copying key using reference slot Oct 31 15:24:33.151256: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:33.151274: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:33.151286: | spent 2.95 (3.03) milliseconds in preload_private_key_by_cert() loading private key east Oct 31 15:24:33.151291: connection "northnet-eastnets/0x1": loaded private key matching right certificate 'east' Oct 31 15:24:33.151303: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Oct 31 15:24:33.151310: | updating connection from left.host_addr Oct 31 15:24:33.151314: | left host_port 500 Oct 31 15:24:33.151316: | updating connection from right.host_addr Oct 31 15:24:33.151319: | right host_port 500 Oct 31 15:24:33.151324: | orienting northnet-eastnets/0x1 Oct 31 15:24:33.151330: | northnet-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:33.151334: | northnet-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:33.151338: | northnet-eastnets/0x1 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:33.151342: | northnet-eastnets/0x1 doesn't match 192.0.2.254:500 at all Oct 31 15:24:33.151345: | northnet-eastnets/0x1 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:33.151349: | northnet-eastnets/0x1 doesn't match 192.0.22.254:500 at all Oct 31 15:24:33.151353: | northnet-eastnets/0x1 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:33.151355: | oriented northnet-eastnets/0x1's that Oct 31 15:24:33.151357: | swapping ends so that that is this Oct 31 15:24:33.151364: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Oct 31 15:24:33.151372: | newref hp@0x55ca489541f8(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:33.151376: added IKEv2 connection "northnet-eastnets/0x1" Oct 31 15:24:33.151415: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.151447: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Oct 31 15:24:33.151457: | delref logger@0x55ca48938d88(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:33.151461: | delref fd@0x55ca48945b78(2->1) (in free_logger() at log.c:853) Oct 31 15:24:33.151463: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:33.151469: | delref fd@0x55ca48945b78(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.151522: | freeref fd-fd@0x55ca48945b78 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.151530: | spent 5.65 (6.03) milliseconds in whack Oct 31 15:24:33.151546: | newref struct fd@0x55ca4894e328(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.151550: | fd_accept: new fd-fd@0x55ca4894e328 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.151563: | whack: delete 'northnet-eastnets/0x2' Oct 31 15:24:33.151567: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.151569: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.151572: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.151574: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:33.151576: | whack: connection 'northnet-eastnets/0x2' Oct 31 15:24:33.151579: | addref fd@0x55ca4894e328(1->2) (in string_logger() at log.c:838) Oct 31 15:24:33.151583: | newref string logger@0x55ca489474c8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:33.151586: | Connection DB: adding connection "northnet-eastnets/0x2" $2 Oct 31 15:24:33.151591: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:33.151598: | added new connection northnet-eastnets/0x2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.151668: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:33.151673: | from whack: got --esp= Oct 31 15:24:33.151721: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:33.151890: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.151899: | loading left certificate 'north' pubkey Oct 31 15:24:33.151958: | newref struct pubkey@0x55ca48948f18(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.151968: | delref pkp@0x55ca48949428(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.151983: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48948bb8 Oct 31 15:24:33.151987: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48948c08 Oct 31 15:24:33.151989: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48948c58 Oct 31 15:24:33.152042: | newref struct pubkey@0x55ca48959358(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152049: | delref pkp@0x55ca4894e4c8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152102: | newref struct pubkey@0x55ca48958d88(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152109: | delref pkp@0x55ca4894ea88(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152164: | newref struct pubkey@0x55ca48958f48(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152171: | delref pkp@0x55ca48948f18(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152176: | preload cert/secret for connection: north Oct 31 15:24:33.152238: | trying secret PKK_RSA:AwEAAeu8z Oct 31 15:24:33.152247: | adding RSA secret for certificate: north Oct 31 15:24:33.152339: | spent 0.149 (0.152) milliseconds in preload_private_key_by_cert() loading private key north Oct 31 15:24:33.152344: | no private key matching left certificate north: NSS: cert private key not found Oct 31 15:24:33.152354: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Oct 31 15:24:33.152455: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:33.152461: | loading right certificate 'east' pubkey Oct 31 15:24:33.152516: | newref struct pubkey@0x55ca48959058(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152524: | delref pkp@0x55ca48953f18(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152538: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48958ed8 Oct 31 15:24:33.152542: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48953f18 Oct 31 15:24:33.152544: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48953f68 Oct 31 15:24:33.152547: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48953fb8 Oct 31 15:24:33.152550: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55ca48959c78 Oct 31 15:24:33.152604: | newref struct pubkey@0x55ca4895a5d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152611: | delref pkp@0x55ca4894f228(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152667: | newref struct pubkey@0x55ca4895a6e8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152674: | delref pkp@0x55ca48953a88(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152727: | newref struct pubkey@0x55ca4895a7f8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152734: | delref pkp@0x55ca48953328(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152790: | newref struct pubkey@0x55ca48953328(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152797: | delref pkp@0x55ca489537b8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152848: | newref struct pubkey@0x55ca489537b8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:33.152853: | delref pkp@0x55ca48959058(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:33.152858: | preload cert/secret for connection: east Oct 31 15:24:33.152907: | trying secret PKK_RSA:AwEAAeu8z Oct 31 15:24:33.152912: | matched Oct 31 15:24:33.152914: | secrets entry for certificate already exists: east Oct 31 15:24:33.152921: | spent 0.0574 (0.0574) milliseconds in preload_private_key_by_cert() loading private key east Oct 31 15:24:33.152931: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Oct 31 15:24:33.152936: | updating connection from left.host_addr Oct 31 15:24:33.152939: | left host_port 500 Oct 31 15:24:33.152941: | updating connection from right.host_addr Oct 31 15:24:33.152943: | right host_port 500 Oct 31 15:24:33.152947: | orienting northnet-eastnets/0x2 Oct 31 15:24:33.152952: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:33.152956: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:33.152960: | northnet-eastnets/0x2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:33.152964: | northnet-eastnets/0x2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:33.152967: | northnet-eastnets/0x2 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:33.152971: | northnet-eastnets/0x2 doesn't match 192.0.22.254:500 at all Oct 31 15:24:33.152975: | northnet-eastnets/0x2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:33.152977: | oriented northnet-eastnets/0x2's that Oct 31 15:24:33.152979: | swapping ends so that that is this Oct 31 15:24:33.152990: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:33.152995: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55ca489541f8: northnet-eastnets/0x1 Oct 31 15:24:33.152998: added IKEv2 connection "northnet-eastnets/0x2" Oct 31 15:24:33.153033: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:33.153065: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Oct 31 15:24:33.153070: | delref logger@0x55ca489474c8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:33.153073: | delref fd@0x55ca4894e328(2->1) (in free_logger() at log.c:853) Oct 31 15:24:33.153076: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:33.153081: | delref fd@0x55ca4894e328(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.153913: | freeref fd-fd@0x55ca4894e328 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.153929: | spent 1.55 (2.39) milliseconds in whack Oct 31 15:24:33.221063: | newref struct fd@0x55ca4894f008(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.221079: | fd_accept: new fd-fd@0x55ca4894f008 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.221092: | whack: status Oct 31 15:24:33.221318: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:33.221325: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:33.221839: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:33.221855: | delref fd@0x55ca4894f008(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.221863: | freeref fd-fd@0x55ca4894f008 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.221871: | spent 0.52 (0.817) milliseconds in whack Oct 31 15:24:33.286758: | newref struct fd@0x55ca4894dd38(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.286774: | fd_accept: new fd-fd@0x55ca4894dd38 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:33.286788: | whack: options (impair|debug) Oct 31 15:24:33.286794: | old debugging base+cpu-usage + none Oct 31 15:24:33.286796: | new debugging = base+cpu-usage Oct 31 15:24:33.286799: | suppress-retransmits:yes Oct 31 15:24:33.286802: | delref fd@0x55ca4894dd38(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.286809: | freeref fd-fd@0x55ca4894dd38 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:33.286817: | spent 0.0709 (0.0704) milliseconds in whack Oct 31 15:24:35.438993: | spent 0.00407 (0.00399) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.439023: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.439028: | newref alloc logger@0x55ca489549a8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.439035: | *received 842 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.439039: | fb 8d aa 53 8c db 80 3b 00 00 00 00 00 00 00 00 Oct 31 15:24:35.439041: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:35.439043: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:35.439045: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:35.439047: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:35.439049: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:35.439052: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:35.439054: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:35.439056: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:35.439058: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:35.439066: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:35.439068: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:35.439071: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:35.439073: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:35.439075: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:35.439077: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:35.439079: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:35.439082: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:35.439084: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:35.439086: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:35.439089: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:35.439091: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:35.439093: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:35.439095: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:35.439097: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:35.439099: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:35.439102: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:35.439104: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:35.439106: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:35.439108: | 28 00 01 08 00 0e 00 00 25 ff 75 db 61 4e ae 2c Oct 31 15:24:35.439110: | 77 13 f9 ad 47 2b 72 b8 37 c6 a3 61 d8 1d 4a 84 Oct 31 15:24:35.439113: | 3f 43 f5 ec 7d 4f 4d 02 0a ed 20 89 bc df 9c 05 Oct 31 15:24:35.439115: | 96 a6 7d a4 45 84 0a 94 2b 50 b0 09 84 1b 67 3d Oct 31 15:24:35.439117: | 55 e3 d8 8c 7a aa f1 04 10 f5 a6 d6 5d 5d 74 7c Oct 31 15:24:35.439119: | c2 91 50 b2 34 f2 aa 77 cc 91 fe 8b 35 b5 be 75 Oct 31 15:24:35.439121: | 60 4f 7a 1c 24 d1 c3 c4 7e 5f 5a a9 5e 58 1b 3c Oct 31 15:24:35.439123: | a7 72 c5 35 c4 a8 c2 a6 a1 72 95 ff 5d 96 de 3a Oct 31 15:24:35.439125: | 9f 1a 8b aa 13 dc c8 b8 30 c7 4e c3 fb e5 0b 86 Oct 31 15:24:35.439127: | 86 60 59 ce b1 2c 13 b1 16 68 09 f2 f1 06 6e 9e Oct 31 15:24:35.439129: | 34 fe a5 13 12 a4 01 6c 44 3a 24 6e 3f 90 22 6d Oct 31 15:24:35.439131: | 86 0a 02 42 71 4e 04 a8 e8 c1 2f e2 e9 75 47 d3 Oct 31 15:24:35.439133: | c3 87 9a d5 2f 82 ba ca 3f c1 16 40 5b fe e4 27 Oct 31 15:24:35.439135: | 7a ae aa f7 12 ab fb fd 23 4d 2c fa c6 88 91 3d Oct 31 15:24:35.439137: | 2b a2 c3 4e 94 9b 09 5a 9e e6 89 b5 84 e2 c8 cd Oct 31 15:24:35.439139: | 09 5a 40 af 40 a2 22 d0 21 1a 74 45 64 d3 13 57 Oct 31 15:24:35.439141: | 88 09 89 b9 38 3a a5 21 29 00 00 24 e4 60 c0 0c Oct 31 15:24:35.439143: | 31 2e 40 f5 80 2c c0 96 0a f2 66 d1 2f a8 db 4d Oct 31 15:24:35.439145: | 46 75 da f2 a6 0e 53 39 0c 2d 9a 05 29 00 00 08 Oct 31 15:24:35.439147: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:35.439149: | 00 04 29 00 00 1c 00 00 40 04 2b 74 12 c2 e9 f2 Oct 31 15:24:35.439151: | aa 87 ea 35 d2 e0 41 b9 39 23 d4 32 6e 1b 00 00 Oct 31 15:24:35.439153: | 00 1c 00 00 40 05 18 52 32 2c fe f5 4a cb 6d 9a Oct 31 15:24:35.439155: | e3 69 60 e2 4b 1f 8f 4a ae f6 Oct 31 15:24:35.439163: | **parse ISAKMP Message: Oct 31 15:24:35.439168: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.439172: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:35.439175: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.439178: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.439180: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:35.439184: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.439188: | Message ID: 0 (00 00 00 00) Oct 31 15:24:35.439191: | length: 842 (00 00 03 4a) Oct 31 15:24:35.439194: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:35.439207: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Oct 31 15:24:35.439215: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:35.439218: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.439222: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:35.439224: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:35.439227: | flags: none (0x0) Oct 31 15:24:35.439230: | length: 436 (01 b4) Oct 31 15:24:35.439232: | processing payload: ISAKMP_NEXT_v2SA (len=432) Oct 31 15:24:35.439234: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:35.439237: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:35.439240: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:35.439242: | flags: none (0x0) Oct 31 15:24:35.439244: | length: 264 (01 08) Oct 31 15:24:35.439247: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.439249: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:35.439251: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.439253: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:35.439256: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.439258: | flags: none (0x0) Oct 31 15:24:35.439260: | length: 36 (00 24) Oct 31 15:24:35.439262: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:35.439264: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.439267: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.439269: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.439271: | flags: none (0x0) Oct 31 15:24:35.439274: | length: 8 (00 08) Oct 31 15:24:35.439276: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.439279: | SPI size: 0 (00) Oct 31 15:24:35.439281: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:35.439284: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:35.439286: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.439289: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.439291: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.439293: | flags: none (0x0) Oct 31 15:24:35.439296: | length: 14 (00 0e) Oct 31 15:24:35.439298: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.439301: | SPI size: 0 (00) Oct 31 15:24:35.439303: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:35.439306: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:35.439308: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.439310: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.439312: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.439314: | flags: none (0x0) Oct 31 15:24:35.439317: | length: 28 (00 1c) Oct 31 15:24:35.439319: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.439321: | SPI size: 0 (00) Oct 31 15:24:35.439323: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:35.439325: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:35.439327: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.439329: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.439331: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.439333: | flags: none (0x0) Oct 31 15:24:35.439336: | length: 28 (00 1c) Oct 31 15:24:35.439338: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.439340: | SPI size: 0 (00) Oct 31 15:24:35.439343: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:35.439345: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:35.439347: | DDOS disabled and no cookie sent, continuing Oct 31 15:24:35.439355: | looking for message matching transition from STATE_PARENT_R0 Oct 31 15:24:35.439358: | trying Respond to IKE_SA_INIT Oct 31 15:24:35.439360: | matched unencrypted message Oct 31 15:24:35.439366: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Oct 31 15:24:35.439376: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:35.439379: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:35.439382: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (northnet-eastnets/0x2) Oct 31 15:24:35.439384: | find_next_host_connection returns "northnet-eastnets/0x2" Oct 31 15:24:35.439386: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:35.439389: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (northnet-eastnets/0x1) Oct 31 15:24:35.439391: | find_next_host_connection returns "northnet-eastnets/0x1" Oct 31 15:24:35.439394: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:35.439396: | find_next_host_connection returns Oct 31 15:24:35.439399: | found connection: "northnet-eastnets/0x2" with policy ECDSA+IKEV2_ALLOW Oct 31 15:24:35.439430: | newref alloc logger@0x55ca48938a08(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.439433: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:35.439436: | creating state object #1 at 0x55ca4895c118 Oct 31 15:24:35.439439: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:35.439450: | pstats #1 ikev2.ike started Oct 31 15:24:35.439454: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Oct 31 15:24:35.439459: | #1.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:35.439469: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744549.872258 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744549.872258 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:35.439474: | orienting northnet-eastnets/0x2 Oct 31 15:24:35.439479: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:35.439483: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:35.439486: | northnet-eastnets/0x2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:35.439490: | northnet-eastnets/0x2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:35.439493: | northnet-eastnets/0x2 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:35.439497: | northnet-eastnets/0x2 doesn't match 192.0.22.254:500 at all Oct 31 15:24:35.439501: | northnet-eastnets/0x2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:35.439503: | oriented northnet-eastnets/0x2's this Oct 31 15:24:35.439511: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1758) Oct 31 15:24:35.439518: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.872258 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:35.439520: | calling processor Respond to IKE_SA_INIT Oct 31 15:24:35.439531: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:35.439534: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA responder matching remote proposals) Oct 31 15:24:35.439544: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.439553: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439558: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.439563: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439568: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.439576: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439579: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.439585: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439588: "northnet-eastnets/0x2": local IKE proposals (IKE SA responder matching remote proposals): Oct 31 15:24:35.439593: "northnet-eastnets/0x2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439598: "northnet-eastnets/0x2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439603: "northnet-eastnets/0x2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439609: "northnet-eastnets/0x2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.439611: | comparing remote proposals against IKE responder 4 local proposals Oct 31 15:24:35.439616: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.439618: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:35.439620: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.439622: | local proposal 1 type DH has 8 transforms Oct 31 15:24:35.439624: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:35.439628: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:35.439630: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.439632: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:35.439634: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.439636: | local proposal 2 type DH has 8 transforms Oct 31 15:24:35.439638: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:35.439641: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:35.439643: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.439645: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:35.439647: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.439650: | local proposal 3 type DH has 8 transforms Oct 31 15:24:35.439652: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:35.439655: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:35.439657: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.439659: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:35.439662: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.439664: | local proposal 4 type DH has 8 transforms Oct 31 15:24:35.439666: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:35.439669: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:35.439672: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.439675: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.439679: | length: 100 (00 64) Oct 31 15:24:35.439681: | prop #: 1 (01) Oct 31 15:24:35.439684: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.439686: | spi size: 0 (00) Oct 31 15:24:35.439689: | # transforms: 11 (0b) Oct 31 15:24:35.439692: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:35.439696: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439698: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439701: | length: 12 (00 0c) Oct 31 15:24:35.439705: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.439707: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.439710: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.439712: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.439716: | length/value: 256 (01 00) Oct 31 15:24:35.439720: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.439723: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439729: | length: 8 (00 08) Oct 31 15:24:35.439731: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.439733: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.439737: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:35.439740: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Oct 31 15:24:35.439743: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Oct 31 15:24:35.439746: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Oct 31 15:24:35.439748: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439754: | length: 8 (00 08) Oct 31 15:24:35.439756: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.439758: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.439761: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439764: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439766: | length: 8 (00 08) Oct 31 15:24:35.439769: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439771: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.439774: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:35.439777: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Oct 31 15:24:35.439779: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Oct 31 15:24:35.439782: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Oct 31 15:24:35.439785: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439787: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439790: | length: 8 (00 08) Oct 31 15:24:35.439792: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439794: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.439797: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439801: | length: 8 (00 08) Oct 31 15:24:35.439804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439806: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.439808: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439811: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439814: | length: 8 (00 08) Oct 31 15:24:35.439816: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439818: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.439821: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439825: | length: 8 (00 08) Oct 31 15:24:35.439827: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439830: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.439833: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439837: | length: 8 (00 08) Oct 31 15:24:35.439839: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439846: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.439849: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439851: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439853: | length: 8 (00 08) Oct 31 15:24:35.439855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439857: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.439860: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439862: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.439865: | length: 8 (00 08) Oct 31 15:24:35.439867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439869: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.439872: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:35.439877: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:35.439879: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.439882: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.439885: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.439887: | length: 100 (00 64) Oct 31 15:24:35.439890: | prop #: 2 (02) Oct 31 15:24:35.439892: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.439895: | spi size: 0 (00) Oct 31 15:24:35.439897: | # transforms: 11 (0b) Oct 31 15:24:35.439900: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.439903: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439905: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439907: | length: 12 (00 0c) Oct 31 15:24:35.439909: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.439911: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.439914: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.439916: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.439919: | length/value: 128 (00 80) Oct 31 15:24:35.439922: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439924: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439927: | length: 8 (00 08) Oct 31 15:24:35.439929: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.439932: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.439934: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439939: | length: 8 (00 08) Oct 31 15:24:35.439941: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.439943: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.439946: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439951: | length: 8 (00 08) Oct 31 15:24:35.439954: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439956: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.439959: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439964: | length: 8 (00 08) Oct 31 15:24:35.439966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439968: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.439971: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439975: | length: 8 (00 08) Oct 31 15:24:35.439978: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439980: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.439983: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.439985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.439988: | length: 8 (00 08) Oct 31 15:24:35.439992: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.439994: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.439997: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440002: | length: 8 (00 08) Oct 31 15:24:35.440004: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440006: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.440009: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440014: | length: 8 (00 08) Oct 31 15:24:35.440016: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440018: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.440021: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440023: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440026: | length: 8 (00 08) Oct 31 15:24:35.440028: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440030: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.440033: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440035: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.440038: | length: 8 (00 08) Oct 31 15:24:35.440040: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440042: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.440046: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Oct 31 15:24:35.440049: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Oct 31 15:24:35.440052: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.440054: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.440057: | length: 116 (00 74) Oct 31 15:24:35.440059: | prop #: 3 (03) Oct 31 15:24:35.440062: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.440065: | spi size: 0 (00) Oct 31 15:24:35.440067: | # transforms: 13 (0d) Oct 31 15:24:35.440070: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.440073: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440078: | length: 12 (00 0c) Oct 31 15:24:35.440080: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.440082: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.440084: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.440087: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.440090: | length/value: 256 (01 00) Oct 31 15:24:35.440093: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440095: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440097: | length: 8 (00 08) Oct 31 15:24:35.440100: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.440102: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.440104: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440109: | length: 8 (00 08) Oct 31 15:24:35.440111: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.440114: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.440116: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440119: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440121: | length: 8 (00 08) Oct 31 15:24:35.440124: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.440126: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.440129: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440131: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440134: | length: 8 (00 08) Oct 31 15:24:35.440136: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.440140: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.440143: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440145: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440148: | length: 8 (00 08) Oct 31 15:24:35.440150: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440153: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.440156: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440161: | length: 8 (00 08) Oct 31 15:24:35.440163: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440166: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.440169: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440171: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440174: | length: 8 (00 08) Oct 31 15:24:35.440177: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440179: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.440182: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440187: | length: 8 (00 08) Oct 31 15:24:35.440190: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440192: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.440195: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440197: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440225: | length: 8 (00 08) Oct 31 15:24:35.440228: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440230: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.440234: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440239: | length: 8 (00 08) Oct 31 15:24:35.440241: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440244: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.440246: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440249: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440252: | length: 8 (00 08) Oct 31 15:24:35.440255: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440257: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.440259: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440262: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.440264: | length: 8 (00 08) Oct 31 15:24:35.440266: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440268: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.440272: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:35.440274: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:35.440277: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.440279: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.440281: | length: 116 (00 74) Oct 31 15:24:35.440284: | prop #: 4 (04) Oct 31 15:24:35.440286: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.440288: | spi size: 0 (00) Oct 31 15:24:35.440291: | # transforms: 13 (0d) Oct 31 15:24:35.440294: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.440296: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440299: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440301: | length: 12 (00 0c) Oct 31 15:24:35.440303: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.440306: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.440308: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.440311: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.440314: | length/value: 128 (00 80) Oct 31 15:24:35.440319: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440324: | length: 8 (00 08) Oct 31 15:24:35.440326: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.440328: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.440330: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440335: | length: 8 (00 08) Oct 31 15:24:35.440337: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.440339: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.440342: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440347: | length: 8 (00 08) Oct 31 15:24:35.440349: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.440351: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.440354: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440359: | length: 8 (00 08) Oct 31 15:24:35.440361: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.440363: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.440366: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440368: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440371: | length: 8 (00 08) Oct 31 15:24:35.440373: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440375: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.440378: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440383: | length: 8 (00 08) Oct 31 15:24:35.440385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440387: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.440390: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440393: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440395: | length: 8 (00 08) Oct 31 15:24:35.440398: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440400: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.440403: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440405: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440408: | length: 8 (00 08) Oct 31 15:24:35.440410: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440413: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.440415: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440418: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440421: | length: 8 (00 08) Oct 31 15:24:35.440423: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440425: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.440428: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440434: | length: 8 (00 08) Oct 31 15:24:35.440436: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440439: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.440442: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440444: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.440447: | length: 8 (00 08) Oct 31 15:24:35.440449: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440451: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.440454: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.440456: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.440459: | length: 8 (00 08) Oct 31 15:24:35.440461: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.440464: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.440470: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:35.440473: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:35.440480: "northnet-eastnets/0x2" #1: proposal 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Oct 31 15:24:35.440485: | accepted IKE proposal ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 Oct 31 15:24:35.440488: | converting proposal to internal trans attrs Oct 31 15:24:35.440495: | nat: IKE.SPIr is zero Oct 31 15:24:35.440511: | natd_hash: hasher=0x55ca485fbf80(20) Oct 31 15:24:35.440514: | natd_hash: icookie= Oct 31 15:24:35.440516: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.440518: | natd_hash: rcookie= Oct 31 15:24:35.440520: | 00 00 00 00 00 00 00 00 Oct 31 15:24:35.440522: | natd_hash: ip= Oct 31 15:24:35.440524: | c0 01 02 17 Oct 31 15:24:35.440526: | natd_hash: port= Oct 31 15:24:35.440528: | 01 f4 Oct 31 15:24:35.440530: | natd_hash: hash= Oct 31 15:24:35.440532: | 18 52 32 2c fe f5 4a cb 6d 9a e3 69 60 e2 4b 1f Oct 31 15:24:35.440534: | 8f 4a ae f6 Oct 31 15:24:35.440536: | nat: IKE.SPIr is zero Oct 31 15:24:35.440544: | natd_hash: hasher=0x55ca485fbf80(20) Oct 31 15:24:35.440546: | natd_hash: icookie= Oct 31 15:24:35.440549: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.440551: | natd_hash: rcookie= Oct 31 15:24:35.440553: | 00 00 00 00 00 00 00 00 Oct 31 15:24:35.440555: | natd_hash: ip= Oct 31 15:24:35.440557: | c0 01 03 21 Oct 31 15:24:35.440559: | natd_hash: port= Oct 31 15:24:35.440561: | 01 f4 Oct 31 15:24:35.440563: | natd_hash: hash= Oct 31 15:24:35.440565: | 2b 74 12 c2 e9 f2 aa 87 ea 35 d2 e0 41 b9 39 23 Oct 31 15:24:35.440567: | d4 32 6e 1b Oct 31 15:24:35.440570: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:35.440572: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:35.440574: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:35.440578: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Oct 31 15:24:35.440581: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.440583: | hash algorithm identifier (network ordered) Oct 31 15:24:35.440585: | 00 02 Oct 31 15:24:35.440587: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:35.440589: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.440591: | hash algorithm identifier (network ordered) Oct 31 15:24:35.440593: | 00 03 Oct 31 15:24:35.440595: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:35.440597: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.440599: | hash algorithm identifier (network ordered) Oct 31 15:24:35.440601: | 00 04 Oct 31 15:24:35.440603: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:35.440613: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.440616: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.440619: | newref clone logger@0x55ca48938d18(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.440622: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): adding job to queue Oct 31 15:24:35.440626: | state #1 has no .st_event to delete Oct 31 15:24:35.440629: | #1 STATE_PARENT_R0: retransmits: cleared Oct 31 15:24:35.440632: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55ca48958ed8 Oct 31 15:24:35.440635: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.440639: | libevent_malloc: newref ptr-libevent@0x55ca4894e6f8 size 128 Oct 31 15:24:35.440657: | #1 spent 1.11 (1.13) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch() Oct 31 15:24:35.440664: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.440668: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Oct 31 15:24:35.440670: | suspending state #1 and saving MD 0x55ca4895a908 Oct 31 15:24:35.440673: | addref md@0x55ca4895a908(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.440675: | #1 is busy; has suspended MD 0x55ca4895a908 Oct 31 15:24:35.440680: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1760) Oct 31 15:24:35.440685: | #1 spent 1.68 (1.71) milliseconds in ikev2_process_packet() Oct 31 15:24:35.440688: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.440690: | delref mdp@0x55ca4895a908(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.440694: | spent 1.69 (1.72) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.440714: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper 4 starting job Oct 31 15:24:35.442510: | "northnet-eastnets/0x2" #1: spent 1.78 (1.79) milliseconds in helper 4 processing job 1 for state #1: ikev2_inI1outR1 KE (pcr) Oct 31 15:24:35.442525: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper thread 4 sending result back to state Oct 31 15:24:35.442528: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.442532: | libevent_malloc: newref ptr-libevent@0x7efd98006108 size 128 Oct 31 15:24:35.442543: | helper thread 4 has nothing to do Oct 31 15:24:35.442562: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.442576: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.442582: | unsuspending #1 MD 0x55ca4895a908 Oct 31 15:24:35.442586: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): processing response from helper 4 Oct 31 15:24:35.442589: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): calling continuation function 0x55ca48509fe7 Oct 31 15:24:35.442592: | ikev2_parent_inI1outR1_continue() for #1 STATE_PARENT_R0: calculated ke+nonce, sending R1 Oct 31 15:24:35.442625: | opening output PBS reply packet Oct 31 15:24:35.442629: | **emit ISAKMP Message: Oct 31 15:24:35.442634: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.442638: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.442641: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.442644: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.442646: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:35.442649: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.442653: | Message ID: 0 (00 00 00 00) Oct 31 15:24:35.442656: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.442660: | emitting ikev2_proposal ... Oct 31 15:24:35.442663: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:35.442665: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.442668: | flags: none (0x0) Oct 31 15:24:35.442671: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.442673: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.442681: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.442683: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.442686: | prop #: 1 (01) Oct 31 15:24:35.442689: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.442692: | spi size: 0 (00) Oct 31 15:24:35.442694: | # transforms: 3 (03) Oct 31 15:24:35.442697: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.442700: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.442703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.442705: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.442707: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.442710: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.442713: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.442715: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.442718: | length/value: 256 (01 00) Oct 31 15:24:35.442721: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.442724: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.442726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.442728: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.442731: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.442733: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.442736: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.442738: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.442741: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.442743: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.442745: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.442748: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.442751: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.442753: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.442755: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.442758: | emitting length of IKEv2 Proposal Substructure Payload: 36 Oct 31 15:24:35.442760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.442762: | emitting length of IKEv2 Security Association Payload: 40 Oct 31 15:24:35.442765: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.442769: | DH secret MODP2048@0x7efd98006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:35.442778: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:35.442781: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.442783: | flags: none (0x0) Oct 31 15:24:35.442786: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.442788: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:35.442791: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.442794: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:35.442797: | ikev2 g^x: Oct 31 15:24:35.442799: | 33 4c 92 54 18 f4 e6 5a a7 55 e5 ed 65 da 5d dd Oct 31 15:24:35.442803: | 07 05 89 8c 18 0d 79 9e cf 6a f3 7d 8e b7 df 6a Oct 31 15:24:35.442805: | 23 4d d6 e7 5b 93 a3 c1 ae 38 db 98 07 4e d1 55 Oct 31 15:24:35.442807: | 63 a0 06 a9 00 03 b1 0f 96 40 a6 09 17 bc 25 68 Oct 31 15:24:35.442810: | 5b cf cd 55 9b 59 5a 81 68 18 1b 91 cd 89 ec c8 Oct 31 15:24:35.442812: | 7b 77 eb 3b 9a 4f 76 24 9e 90 fd 68 a6 e2 66 ee Oct 31 15:24:35.442814: | 04 03 9d c9 1b 08 ea 09 ea 22 ac 7b b6 1a 60 e9 Oct 31 15:24:35.442816: | 54 e6 49 81 3b 78 63 19 15 ee 8f 1a 20 4e 01 ff Oct 31 15:24:35.442818: | 5e 06 44 13 b6 a0 28 ad a2 2e b8 19 11 97 a4 09 Oct 31 15:24:35.442820: | 5f 6b c4 c5 d8 05 e1 75 09 8a 73 91 46 37 31 d4 Oct 31 15:24:35.442823: | 84 05 c2 ac 6b ff 4d e9 6f c3 20 7f d4 27 b6 f4 Oct 31 15:24:35.442825: | c1 43 7f 5e 68 45 bb df 49 f5 c1 8e ea 8b 0b 13 Oct 31 15:24:35.442827: | bf 24 6f 23 fd 8d 07 f4 1e 40 00 fe 6b cd 46 13 Oct 31 15:24:35.442829: | 0b 67 68 14 c9 72 ba 8f 12 d8 50 5b df 05 4c 4d Oct 31 15:24:35.442831: | a6 cd c8 64 de 37 3d 59 38 91 4f ae 17 f6 be 28 Oct 31 15:24:35.442833: | 82 ea 6a 41 e4 32 38 65 35 52 e3 64 82 99 a5 f7 Oct 31 15:24:35.442836: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:35.442838: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:35.442841: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.442843: | flags: none (0x0) Oct 31 15:24:35.442846: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.442848: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.442851: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:35.442853: | IKEv2 nonce: Oct 31 15:24:35.442856: | 83 4d 65 4c 55 4b b2 69 40 a1 fc b1 e2 f1 50 bb Oct 31 15:24:35.442858: | 86 31 05 4c 66 25 aa c8 6b 65 08 21 7e 81 03 2f Oct 31 15:24:35.442860: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:35.442865: | adding a v2N Payload Oct 31 15:24:35.442867: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.442870: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.442872: | flags: none (0x0) Oct 31 15:24:35.442874: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.442877: | SPI size: 0 (00) Oct 31 15:24:35.442880: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:35.442883: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.442885: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.442888: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:35.442890: | adding a v2N Payload Oct 31 15:24:35.442892: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.442895: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.442897: | flags: none (0x0) Oct 31 15:24:35.442899: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.442902: | SPI size: 0 (00) Oct 31 15:24:35.442904: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:35.442907: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.442909: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.442912: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:35.442915: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:35.442918: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:35.442920: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:35.442923: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:35.442927: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:35.442930: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:35.442933: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:35.442952: | natd_hash: hasher=0x55ca485fbf80(20) Oct 31 15:24:35.442955: | natd_hash: icookie= Oct 31 15:24:35.442957: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.442959: | natd_hash: rcookie= Oct 31 15:24:35.442961: | 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.442963: | natd_hash: ip= Oct 31 15:24:35.442965: | c0 01 02 17 Oct 31 15:24:35.442967: | natd_hash: port= Oct 31 15:24:35.442970: | 01 f4 Oct 31 15:24:35.442972: | natd_hash: hash= Oct 31 15:24:35.442974: | 60 a0 c7 d4 7c de b2 2a b8 e3 8e 68 d4 76 0e e7 Oct 31 15:24:35.442976: | cd 7c 70 73 Oct 31 15:24:35.442978: | adding a v2N Payload Oct 31 15:24:35.442980: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.442983: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.442985: | flags: none (0x0) Oct 31 15:24:35.442988: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.442991: | SPI size: 0 (00) Oct 31 15:24:35.442993: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:35.442996: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.442998: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.443001: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:35.443003: | Notify data: Oct 31 15:24:35.443005: | 60 a0 c7 d4 7c de b2 2a b8 e3 8e 68 d4 76 0e e7 Oct 31 15:24:35.443008: | cd 7c 70 73 Oct 31 15:24:35.443010: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:35.443018: | natd_hash: hasher=0x55ca485fbf80(20) Oct 31 15:24:35.443020: | natd_hash: icookie= Oct 31 15:24:35.443022: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.443024: | natd_hash: rcookie= Oct 31 15:24:35.443027: | 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.443029: | natd_hash: ip= Oct 31 15:24:35.443031: | c0 01 03 21 Oct 31 15:24:35.443033: | natd_hash: port= Oct 31 15:24:35.443035: | 01 f4 Oct 31 15:24:35.443037: | natd_hash: hash= Oct 31 15:24:35.443039: | 5a dc 90 99 63 31 98 99 e3 56 22 cf a9 97 be 5d Oct 31 15:24:35.443041: | d7 fc 4b f6 Oct 31 15:24:35.443043: | adding a v2N Payload Oct 31 15:24:35.443046: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.443048: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.443050: | flags: none (0x0) Oct 31 15:24:35.443052: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.443055: | SPI size: 0 (00) Oct 31 15:24:35.443057: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:35.443060: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.443063: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.443065: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:35.443068: | Notify data: Oct 31 15:24:35.443070: | 5a dc 90 99 63 31 98 99 e3 56 22 cf a9 97 be 5d Oct 31 15:24:35.443072: | d7 fc 4b f6 Oct 31 15:24:35.443074: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:35.443076: | going to send a certreq Oct 31 15:24:35.443079: | connection->kind is CK_PERMANENT so send CERTREQ Oct 31 15:24:35.443081: | ***emit IKEv2 Certificate Request Payload: Oct 31 15:24:35.443084: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.443086: | flags: none (0x0) Oct 31 15:24:35.443089: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.443091: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Oct 31 15:24:35.443094: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.443965: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Oct 31 15:24:35.443985: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Oct 31 15:24:35.443989: | CA cert public key hash: Oct 31 15:24:35.443991: | de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 Oct 31 15:24:35.443993: | d1 1f d2 d2 Oct 31 15:24:35.443996: | emitting length of IKEv2 Certificate Request Payload: 25 Oct 31 15:24:35.443999: | emitting length of ISAKMP Message: 471 Oct 31 15:24:35.444007: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.444013: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Oct 31 15:24:35.444015: | transitioning from state STATE_PARENT_R0 to state STATE_PARENT_R1 Oct 31 15:24:35.444018: | Message ID: updating counters for #1 Oct 31 15:24:35.444028: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=-1 ike.responder.recv=-1->0 ike.responder.last_contact=744549.872258->744549.876817 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:35.444034: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=-1->0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.444041: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.444045: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Oct 31 15:24:35.444047: | announcing the state transition Oct 31 15:24:35.444053: "northnet-eastnets/0x2" #1: sent IKE_SA_INIT reply {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:35.444065: | sending 471 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.444067: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.444070: | 21 20 22 20 00 00 00 00 00 00 01 d7 22 00 00 28 Oct 31 15:24:35.444072: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:35.444074: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:35.444076: | 04 00 00 0e 28 00 01 08 00 0e 00 00 33 4c 92 54 Oct 31 15:24:35.444078: | 18 f4 e6 5a a7 55 e5 ed 65 da 5d dd 07 05 89 8c Oct 31 15:24:35.444081: | 18 0d 79 9e cf 6a f3 7d 8e b7 df 6a 23 4d d6 e7 Oct 31 15:24:35.444083: | 5b 93 a3 c1 ae 38 db 98 07 4e d1 55 63 a0 06 a9 Oct 31 15:24:35.444085: | 00 03 b1 0f 96 40 a6 09 17 bc 25 68 5b cf cd 55 Oct 31 15:24:35.444087: | 9b 59 5a 81 68 18 1b 91 cd 89 ec c8 7b 77 eb 3b Oct 31 15:24:35.444089: | 9a 4f 76 24 9e 90 fd 68 a6 e2 66 ee 04 03 9d c9 Oct 31 15:24:35.444091: | 1b 08 ea 09 ea 22 ac 7b b6 1a 60 e9 54 e6 49 81 Oct 31 15:24:35.444093: | 3b 78 63 19 15 ee 8f 1a 20 4e 01 ff 5e 06 44 13 Oct 31 15:24:35.444095: | b6 a0 28 ad a2 2e b8 19 11 97 a4 09 5f 6b c4 c5 Oct 31 15:24:35.444098: | d8 05 e1 75 09 8a 73 91 46 37 31 d4 84 05 c2 ac Oct 31 15:24:35.444100: | 6b ff 4d e9 6f c3 20 7f d4 27 b6 f4 c1 43 7f 5e Oct 31 15:24:35.444102: | 68 45 bb df 49 f5 c1 8e ea 8b 0b 13 bf 24 6f 23 Oct 31 15:24:35.444104: | fd 8d 07 f4 1e 40 00 fe 6b cd 46 13 0b 67 68 14 Oct 31 15:24:35.444106: | c9 72 ba 8f 12 d8 50 5b df 05 4c 4d a6 cd c8 64 Oct 31 15:24:35.444109: | de 37 3d 59 38 91 4f ae 17 f6 be 28 82 ea 6a 41 Oct 31 15:24:35.444111: | e4 32 38 65 35 52 e3 64 82 99 a5 f7 29 00 00 24 Oct 31 15:24:35.444115: | 83 4d 65 4c 55 4b b2 69 40 a1 fc b1 e2 f1 50 bb Oct 31 15:24:35.444118: | 86 31 05 4c 66 25 aa c8 6b 65 08 21 7e 81 03 2f Oct 31 15:24:35.444120: | 29 00 00 08 00 00 40 2e 29 00 00 0e 00 00 40 2f Oct 31 15:24:35.444122: | 00 02 00 03 00 04 29 00 00 1c 00 00 40 04 60 a0 Oct 31 15:24:35.444124: | c7 d4 7c de b2 2a b8 e3 8e 68 d4 76 0e e7 cd 7c Oct 31 15:24:35.444126: | 70 73 26 00 00 1c 00 00 40 05 5a dc 90 99 63 31 Oct 31 15:24:35.444128: | 98 99 e3 56 22 cf a9 97 be 5d d7 fc 4b f6 00 00 Oct 31 15:24:35.444130: | 00 19 04 de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 Oct 31 15:24:35.444132: | c3 15 48 d1 1f d2 d2 Oct 31 15:24:35.444197: | sent 1 messages Oct 31 15:24:35.444210: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.444216: | libevent_free: delref ptr-libevent@0x55ca4894e6f8 Oct 31 15:24:35.444219: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55ca48958ed8 Oct 31 15:24:35.444222: | event_schedule: newref EVENT_SO_DISCARD-pe@0x55ca4894e6f8 Oct 31 15:24:35.444225: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Oct 31 15:24:35.444228: | libevent_malloc: newref ptr-libevent@0x55ca48962538 size 128 Oct 31 15:24:35.444233: | delref logger@0x55ca48938d18(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.444235: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.444238: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.444241: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:35.444244: | delref mdp@0x55ca4895a908(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.444247: | delref logger@0x55ca489549a8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.444249: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.445257: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.445270: | #1 spent 1.59 (2.69) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.445277: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.445282: | libevent_free: delref ptr-libevent@0x7efd98006108 Oct 31 15:24:35.471326: | spent 0.0025 (0.00251) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.471345: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.471350: | newref alloc logger@0x55ca48938d18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.471357: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.471360: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471363: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Oct 31 15:24:35.471365: | 00 01 00 06 8c 68 f1 53 39 c9 66 36 89 13 09 a9 Oct 31 15:24:35.471367: | e8 1c e7 22 70 b0 b8 bc 3a 6a 47 06 32 57 db b3 Oct 31 15:24:35.471369: | d1 54 49 39 2b fe 58 cc 26 4c 4b a9 b9 0c db bd Oct 31 15:24:35.471372: | ca 86 0a 05 6a c7 22 6a fe 5a 9f fe a3 b8 c5 3d Oct 31 15:24:35.471374: | 8b 48 2c c6 09 2d 00 fa 1f 30 8a 05 86 f0 81 73 Oct 31 15:24:35.471376: | ee 34 26 68 ca 40 b9 66 f8 ed 9e 92 93 e5 ab 6b Oct 31 15:24:35.471378: | e0 73 ca 22 b0 70 a0 2b b3 49 d2 8f d2 17 7c 5e Oct 31 15:24:35.471380: | af 09 32 10 cc 61 b7 60 72 b8 3a 54 cc dd 1e 8b Oct 31 15:24:35.471383: | b0 64 97 38 3e 7b 3e b2 db 22 7f 48 d1 dd b0 ca Oct 31 15:24:35.471385: | 6f 54 b8 bd 7c 25 7e 0e 04 37 20 c2 b9 88 45 d2 Oct 31 15:24:35.471387: | ae 1c 40 86 29 9f 1f 6f d7 a9 d8 4e 38 88 32 06 Oct 31 15:24:35.471389: | 92 80 a0 3b bb 24 93 1e 44 79 27 66 a1 ae a8 05 Oct 31 15:24:35.471391: | 62 fc a1 d4 8f 74 38 37 f2 be 48 48 db 58 e0 08 Oct 31 15:24:35.471394: | 3f cb be a3 1d f7 83 25 b3 03 e9 ca ff 9b f9 df Oct 31 15:24:35.471396: | 16 14 92 74 f6 11 df 63 a3 46 fd 6a b0 4c 2d 2e Oct 31 15:24:35.471400: | 72 33 f8 fc 26 db a4 b8 2f 15 7e 1a 25 f3 4d c2 Oct 31 15:24:35.471402: | 08 2e ea 9c c3 08 9c ad 2a 43 8a 55 10 18 46 65 Oct 31 15:24:35.471405: | 8e f4 22 da 9c b6 f9 2b 07 e2 3d 9b 17 93 61 ff Oct 31 15:24:35.471407: | 30 f1 d9 d0 c5 75 5a fc 32 a4 80 59 2c 6e 5e 91 Oct 31 15:24:35.471409: | 6b b9 0e 93 aa cf 9c d6 54 8e e2 b1 5e 09 3e 3e Oct 31 15:24:35.471411: | b3 7d 11 7a 41 79 14 fc 32 c7 c3 d3 a8 56 a7 77 Oct 31 15:24:35.471413: | 4d 0e b6 11 cc be 58 7c b6 ae a4 d0 8d 6e 79 e1 Oct 31 15:24:35.471416: | 49 22 0f e9 7d 86 3e e8 1b 87 61 a1 1d b1 ad c2 Oct 31 15:24:35.471418: | 46 57 74 2f 55 d3 e9 ac 32 4d be 62 fe 7d 35 f1 Oct 31 15:24:35.471420: | 7a 98 bb 2f e1 60 39 72 da 95 10 c0 23 fb 2d fe Oct 31 15:24:35.471421: | 8e 7e 9b 47 87 1d 7b 19 94 30 d7 93 97 a9 36 11 Oct 31 15:24:35.471423: | 35 29 3c f0 14 16 2b dd 23 07 ff da 12 a9 5d 0c Oct 31 15:24:35.471425: | c8 56 82 ea f9 c4 6a 95 07 37 0d 06 54 38 69 f8 Oct 31 15:24:35.471427: | 65 e9 4d 02 40 4f 81 ef d5 42 8b 91 5d b4 96 fd Oct 31 15:24:35.471429: | a6 e1 97 8c 55 df 5a ca 08 e0 1a dd 88 50 c8 cf Oct 31 15:24:35.471431: | 71 bd 1e 03 dd 68 6c 89 c4 a6 8c d1 74 b4 a8 ef Oct 31 15:24:35.471433: | f8 ed d6 92 7e 63 3f a3 a5 94 c2 Oct 31 15:24:35.471437: | **parse ISAKMP Message: Oct 31 15:24:35.471442: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.471445: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471448: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.471451: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.471453: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.471455: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.471460: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.471463: | length: 539 (00 00 02 1b) Oct 31 15:24:35.471466: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.471470: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.471475: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.471483: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.471487: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.471490: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.471493: | #1 is idle Oct 31 15:24:35.471499: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.471505: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.471507: | unpacking clear payload Oct 31 15:24:35.471510: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.471513: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.471516: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:35.471519: | flags: none (0x0) Oct 31 15:24:35.471522: | length: 511 (01 ff) Oct 31 15:24:35.471525: | fragment number: 1 (00 01) Oct 31 15:24:35.471528: | total fragments: 6 (00 06) Oct 31 15:24:35.471531: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.471534: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.471537: | received IKE encrypted fragment number '1', total number '6', next payload '35' Oct 31 15:24:35.471544: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.471551: | #1 spent 0.234 (0.233) milliseconds in ikev2_process_packet() Oct 31 15:24:35.471554: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.471558: | delref mdp@0x55ca4895a908(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.471563: | delref logger@0x55ca48938d18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.471566: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.471568: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.471574: | spent 0.258 (0.257) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.471586: | spent 0.00176 (0.00173) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.471593: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.471597: | newref alloc logger@0x55ca48938d18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.471603: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.471606: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471608: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.471611: | 00 02 00 06 c4 8f 18 d3 84 75 7e 93 2b 9f 35 b1 Oct 31 15:24:35.471613: | f6 27 18 17 00 19 c4 81 9f c6 67 a2 78 b8 04 76 Oct 31 15:24:35.471615: | fb 5e 33 75 13 53 8c 63 1e 20 6b 6a 21 09 1a 43 Oct 31 15:24:35.471617: | cc c2 e4 08 9c e8 fd ee 64 f6 7b 83 9b e1 c1 ff Oct 31 15:24:35.471620: | 02 5b a5 63 77 94 81 c5 2e 3e 67 6a f0 aa 88 c5 Oct 31 15:24:35.471622: | b0 39 63 cd 4f c5 9b ff eb 06 a4 6e 70 9b 09 01 Oct 31 15:24:35.471624: | 90 2d 6f 07 b5 dc 33 90 ee 6f a5 ae 17 fe 05 4a Oct 31 15:24:35.471626: | 60 fd 9e ef b0 e3 e9 40 ef 94 46 72 a1 1e 55 a2 Oct 31 15:24:35.471628: | d3 d9 45 0e 52 d9 f9 eb 43 6d 4b f5 8d db 51 07 Oct 31 15:24:35.471630: | c7 4f 4d 0f d7 1b 65 19 cd 28 ae 15 bc 61 11 c3 Oct 31 15:24:35.471632: | 3b 8a 3e de f5 eb be 5b 6e e6 a7 c1 eb 9a d2 3e Oct 31 15:24:35.471634: | 1e 66 f6 88 50 95 1f ca 46 9a 1d 84 55 78 8f dc Oct 31 15:24:35.471636: | ae 65 ba d8 28 35 72 a3 25 e1 ed d5 16 2b 34 87 Oct 31 15:24:35.471638: | dc 0c c0 da 39 c5 2c 0b 53 ea c5 2c 6b 61 c7 2d Oct 31 15:24:35.471640: | 10 22 8c 42 4e 7b 8e a2 8b 11 f3 2c 35 15 fb 53 Oct 31 15:24:35.471642: | 23 29 70 74 3a a7 36 2c 6c 4f b9 25 5a ed 2e 76 Oct 31 15:24:35.471644: | b7 d1 c0 71 77 2a a2 cc 3a 22 af fb 2a 5a 8f 80 Oct 31 15:24:35.471647: | 44 fc 15 7b d2 08 04 28 7c a0 97 e6 44 44 84 81 Oct 31 15:24:35.471649: | b8 58 8e 79 b3 35 44 db 6d da ab 8f 7a eb 98 3a Oct 31 15:24:35.471651: | f5 cd f6 2e c6 07 d0 ba 28 dc f7 01 99 17 d5 91 Oct 31 15:24:35.471654: | d9 08 bb 55 e1 0b d8 67 cf cd 08 68 83 99 0c ca Oct 31 15:24:35.471655: | 8b e1 2d 64 b7 a6 20 af da 46 b1 32 dc 95 b2 67 Oct 31 15:24:35.471657: | d0 36 dd 9f 60 d1 46 d7 09 fe 71 70 19 d0 01 cd Oct 31 15:24:35.471660: | 01 2d 4c 56 b3 f9 c3 c4 c7 43 e6 25 ec 80 87 5a Oct 31 15:24:35.471662: | 04 b1 c0 a7 64 82 ea 61 c8 45 9c 47 a7 93 b4 84 Oct 31 15:24:35.471664: | b4 ba c7 a4 e5 6d 2b 6f d3 cc 5f a8 02 da 13 40 Oct 31 15:24:35.471666: | 79 3c 2e f4 b9 2b 82 dc 77 58 f9 be f6 b5 d2 13 Oct 31 15:24:35.471669: | 04 d8 c1 1f 91 db 71 85 ed 41 d0 53 f1 01 88 99 Oct 31 15:24:35.471671: | 56 9c 63 f2 47 b7 a0 fd 90 61 a3 2e 33 9b d8 ed Oct 31 15:24:35.471673: | c4 d6 81 84 cd c1 53 3e 31 8d 98 26 7e e2 91 bb Oct 31 15:24:35.471676: | 0c bb 7a df ca 4a ca 38 a5 f2 e2 33 48 37 84 6c Oct 31 15:24:35.471678: | 67 77 b2 4b 29 a5 ef fd 9a 8d 09 Oct 31 15:24:35.471681: | **parse ISAKMP Message: Oct 31 15:24:35.471685: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.471689: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471692: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.471694: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.471697: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.471699: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.471703: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.471706: | length: 539 (00 00 02 1b) Oct 31 15:24:35.471711: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.471714: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.471718: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.471724: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.471728: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.471731: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.471733: | #1 is idle Oct 31 15:24:35.471740: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.471745: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.471747: | unpacking clear payload Oct 31 15:24:35.471750: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.471753: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.471756: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.471758: | flags: none (0x0) Oct 31 15:24:35.471761: | length: 511 (01 ff) Oct 31 15:24:35.471764: | fragment number: 2 (00 02) Oct 31 15:24:35.471767: | total fragments: 6 (00 06) Oct 31 15:24:35.471770: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.471772: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.471776: | received IKE encrypted fragment number '2', total number '6', next payload '0' Oct 31 15:24:35.471782: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.471787: | #1 spent 0.203 (0.203) milliseconds in ikev2_process_packet() Oct 31 15:24:35.471790: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.471793: | delref mdp@0x55ca4895a908(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.471796: | delref logger@0x55ca48938d18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.471798: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.471800: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.471805: | spent 0.222 (0.222) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.471815: | spent 0.00164 (0.00165) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.471822: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.471825: | newref alloc logger@0x55ca48938d18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.471831: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.471834: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471836: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.471838: | 00 03 00 06 a5 90 dc 22 b4 8f bd e7 bc a8 7d 7f Oct 31 15:24:35.471841: | ee e1 b4 b4 15 d7 b5 d3 6c ff 0b ce 6c f8 05 7f Oct 31 15:24:35.471843: | 33 bc 67 66 62 ee 20 0f 25 b9 32 62 c5 98 9a 65 Oct 31 15:24:35.471845: | af 09 5b fb 9e 06 03 b1 0f 56 0c a5 cd e4 41 89 Oct 31 15:24:35.471847: | cd 1b 88 91 0b ed 3d 9b 6f b3 cf 43 88 76 84 d0 Oct 31 15:24:35.471849: | 84 92 ab c9 11 2b 3e c8 d3 cc 33 dd 4f 28 9d 04 Oct 31 15:24:35.471851: | fc f5 76 9c f8 4f 35 f5 94 24 1c 53 8d 48 5a dd Oct 31 15:24:35.471854: | 00 87 32 e7 de be ba d3 c6 8c da b2 ea 43 e0 94 Oct 31 15:24:35.471856: | 20 f9 a0 dd ea 91 0e 07 4f f9 b4 67 77 4e c3 1f Oct 31 15:24:35.471858: | d2 3a d9 80 2d e2 5d 4f e2 59 b5 5e f1 50 d1 24 Oct 31 15:24:35.471860: | b9 93 14 10 cf d9 cb c4 9a 60 2e f6 20 a8 75 3a Oct 31 15:24:35.471864: | 7b 65 cc 89 92 fb 03 51 48 df 04 c8 1b ac c6 55 Oct 31 15:24:35.471867: | 79 4a 28 e0 3f 76 14 a4 e9 38 6b 27 83 1f b3 91 Oct 31 15:24:35.471869: | b4 15 1a 07 c7 c5 37 39 bf 04 7b 49 ba 78 07 0c Oct 31 15:24:35.471871: | c6 a8 f4 79 16 69 f6 fd ca 88 0a 74 a2 96 7f b2 Oct 31 15:24:35.471873: | 29 0b 82 8c 08 a0 a5 6b f3 2c f6 a7 06 a5 16 68 Oct 31 15:24:35.471875: | db cf 42 9a 2d ef 1e 25 dc 2d 3a 42 57 9a 4e 59 Oct 31 15:24:35.471877: | 49 97 15 3d 71 7b 3b 95 31 35 66 78 33 d0 db d0 Oct 31 15:24:35.471880: | b4 42 29 6c 70 ad 72 25 c7 1c 9d e8 e8 10 9c 5f Oct 31 15:24:35.471881: | 75 2b bb 3c 17 22 81 12 3c 8a 87 13 2a 83 5d c4 Oct 31 15:24:35.471884: | 22 0b 28 4b d1 c8 2b e2 57 b8 ec 6b 81 c7 f2 ac Oct 31 15:24:35.471886: | de 21 a3 83 63 04 a7 84 83 57 7b 97 15 6e 55 d5 Oct 31 15:24:35.471887: | 64 68 f8 c9 3b 73 af 01 87 09 bc 9d 2e 92 06 d6 Oct 31 15:24:35.471889: | 3a 54 04 14 a8 f2 59 00 da bf 14 ef 66 8f 79 63 Oct 31 15:24:35.471891: | f2 b2 b0 95 4e da e5 dd dc 3b c3 4a c2 2b 1e 8d Oct 31 15:24:35.471893: | 9a 7e ac be 77 63 fd 63 7d cf af e2 71 af a4 11 Oct 31 15:24:35.471895: | 23 31 a9 ba 9e 5c dc 75 35 e2 7a 65 e0 e5 8b 9d Oct 31 15:24:35.471897: | a4 8d 8a d2 ca 26 13 15 c0 61 c6 e0 a8 6c 92 46 Oct 31 15:24:35.471899: | 48 11 7f 73 b9 5e a0 06 33 59 8b 67 42 d5 38 6b Oct 31 15:24:35.471901: | 98 e7 82 01 2e 98 36 c4 c3 89 68 ad b9 06 b0 2b Oct 31 15:24:35.471903: | 96 9d 2c 08 f1 6d 9c 7e 28 69 a4 f7 1a 92 4e 88 Oct 31 15:24:35.471905: | ac 11 19 ef 14 76 49 dc 24 2e a9 Oct 31 15:24:35.471908: | **parse ISAKMP Message: Oct 31 15:24:35.471912: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.471916: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471918: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.471921: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.471923: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.471925: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.471929: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.471932: | length: 539 (00 00 02 1b) Oct 31 15:24:35.471935: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.471938: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.471942: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.471948: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.471951: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.471953: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.471956: | #1 is idle Oct 31 15:24:35.471961: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.471967: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.471969: | unpacking clear payload Oct 31 15:24:35.471971: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.471974: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.471976: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.471979: | flags: none (0x0) Oct 31 15:24:35.471981: | length: 511 (01 ff) Oct 31 15:24:35.471984: | fragment number: 3 (00 03) Oct 31 15:24:35.471987: | total fragments: 6 (00 06) Oct 31 15:24:35.471989: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.471991: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.471994: | received IKE encrypted fragment number '3', total number '6', next payload '0' Oct 31 15:24:35.472001: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.472006: | #1 spent 0.193 (0.193) milliseconds in ikev2_process_packet() Oct 31 15:24:35.472008: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.472011: | delref mdp@0x55ca4895a908(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.472014: | delref logger@0x55ca48938d18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.472016: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.472019: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.472024: | spent 0.211 (0.211) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.472033: | spent 0.00163 (0.00159) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.472040: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.472043: | newref alloc logger@0x55ca48938d18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.472048: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.472051: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472053: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.472055: | 00 04 00 06 1a f4 a8 25 97 23 b0 4e ed 79 af ba Oct 31 15:24:35.472057: | 73 f7 16 37 cc bc 47 37 46 7f 57 63 96 32 da c5 Oct 31 15:24:35.472059: | ac 1d 2d e7 11 a6 59 15 75 f8 27 b9 62 1a 57 f1 Oct 31 15:24:35.472061: | 53 d9 1c 4e e6 0b 64 4d f9 66 c2 65 a7 05 5e 4e Oct 31 15:24:35.472063: | e2 8e 19 92 20 33 0c 77 aa 2e e5 91 2d d3 39 5d Oct 31 15:24:35.472065: | ef a7 be 5b 99 6a 8f c6 07 cc c5 8e ed af 51 64 Oct 31 15:24:35.472067: | 81 f2 cc 53 e3 43 95 6e 97 09 e5 bd 7d 9f 50 2b Oct 31 15:24:35.472069: | 38 bb 02 da 99 50 83 94 80 7b 2b e0 bb 09 3e fd Oct 31 15:24:35.472070: | 73 dc 74 db e6 9a 79 1f c4 d9 09 7a df 0b a2 3d Oct 31 15:24:35.472072: | 46 e7 56 09 89 67 cd e5 d3 50 eb 4a ca 74 f3 02 Oct 31 15:24:35.472074: | cf 0f 59 92 94 aa b2 d1 db 64 8d cc 12 30 9a e3 Oct 31 15:24:35.472076: | e2 b6 64 f7 12 ed 68 a9 b6 21 45 b7 83 88 10 b2 Oct 31 15:24:35.472078: | 81 ab cb 8d 1a 1d a6 ff 73 0a f0 e2 f1 3f 7d 37 Oct 31 15:24:35.472080: | 83 b9 af 1e be 36 c0 58 bb a3 77 e4 e2 e5 67 d2 Oct 31 15:24:35.472082: | 3e e1 93 7f 8d a0 28 ee b3 5b 33 a3 34 7b 53 d7 Oct 31 15:24:35.472084: | 82 02 56 fd 15 15 45 6f d0 40 a9 ad 0c a6 45 0a Oct 31 15:24:35.472086: | 49 b8 6a 07 b8 1f be c8 b5 74 7a 3f e1 24 cf 93 Oct 31 15:24:35.472088: | cf 70 75 d0 ec 80 37 31 69 b2 da 7d 10 c8 7a 16 Oct 31 15:24:35.472090: | 2e ce a7 27 f5 38 88 ab c4 db d3 13 13 40 21 ac Oct 31 15:24:35.472092: | 91 ef 82 51 61 9f 7c c4 23 47 3a 46 c5 d1 ef ec Oct 31 15:24:35.472094: | ae 58 7b 1a 98 0e 30 6e ff 91 db 59 d0 c5 8e d1 Oct 31 15:24:35.472096: | 9a 7d bb 32 c5 c0 0a 10 a5 26 ff 58 96 ec b9 42 Oct 31 15:24:35.472098: | 32 2a b0 8e 69 d0 af 35 78 97 0d 27 39 db 0f 1a Oct 31 15:24:35.472100: | ae e2 e9 2f 90 7b 4d 7f 96 64 73 c8 5f 9e bb ec Oct 31 15:24:35.472103: | da 53 aa 00 d7 40 4b 22 82 f6 7e d8 17 56 5e a9 Oct 31 15:24:35.472105: | 0b d3 84 b7 0d 40 88 9b 88 b2 2c fc 9d b8 e8 58 Oct 31 15:24:35.472107: | b8 46 73 03 04 ce 37 19 7a b2 1e 67 ca 7e 03 19 Oct 31 15:24:35.472109: | ba 2b 9a f5 68 74 40 15 95 a1 c1 4d 38 12 ea de Oct 31 15:24:35.472111: | bb 54 2f 84 bd 7c 33 2f 64 a7 d6 3b 51 c9 1f 1a Oct 31 15:24:35.472113: | 92 da 9f a0 1e a4 43 31 a7 10 bb b0 9b 46 b7 52 Oct 31 15:24:35.472115: | 74 4f 0f fb a7 33 49 e9 4c fd 6f 43 90 06 e5 b3 Oct 31 15:24:35.472117: | 85 45 b0 bd a2 e9 3d 2b ca f1 b8 Oct 31 15:24:35.472121: | **parse ISAKMP Message: Oct 31 15:24:35.472125: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.472129: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472132: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.472138: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.472141: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.472143: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.472147: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.472151: | length: 539 (00 00 02 1b) Oct 31 15:24:35.472154: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.472157: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.472160: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.472167: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.472170: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.472173: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.472175: | #1 is idle Oct 31 15:24:35.472182: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.472187: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.472189: | unpacking clear payload Oct 31 15:24:35.472192: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.472195: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.472202: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.472208: | flags: none (0x0) Oct 31 15:24:35.472211: | length: 511 (01 ff) Oct 31 15:24:35.472214: | fragment number: 4 (00 04) Oct 31 15:24:35.472217: | total fragments: 6 (00 06) Oct 31 15:24:35.472219: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.472222: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.472225: | received IKE encrypted fragment number '4', total number '6', next payload '0' Oct 31 15:24:35.472230: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.472236: | #1 spent 0.202 (0.205) milliseconds in ikev2_process_packet() Oct 31 15:24:35.472239: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.472241: | delref mdp@0x55ca4895a908(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.472244: | delref logger@0x55ca48938d18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.472247: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.472249: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.472254: | spent 0.22 (0.223) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.472595: | spent 0.00184 (0.00184) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.472605: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.472609: | newref alloc logger@0x55ca48938d18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.472616: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.472618: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472621: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.472623: | 00 05 00 06 68 57 be dc 4d f7 c2 4f 81 49 22 e1 Oct 31 15:24:35.472625: | 9d 7c df 2d f7 d3 98 11 c7 b0 ef bf 79 e2 c7 58 Oct 31 15:24:35.472627: | c7 69 dd 6b 8a 5f 77 ab 30 13 52 f7 d8 a0 9b 7e Oct 31 15:24:35.472629: | 13 15 a1 88 95 23 2c 88 2d 46 29 93 87 6e 13 51 Oct 31 15:24:35.472631: | c2 1e 70 4d e6 af 6d 22 ee cf 9c ec c9 48 a5 12 Oct 31 15:24:35.472633: | b6 91 c1 c5 cb 23 1d 28 e9 25 3f 2a ff 85 46 9d Oct 31 15:24:35.472635: | d3 2d 27 87 7a 39 ce 9a f6 ec bd 2d 9e ca 36 16 Oct 31 15:24:35.472640: | 02 ad 6e 3b 74 3d 7d 58 87 13 33 57 28 e6 00 68 Oct 31 15:24:35.472642: | 8a d2 13 9a 8c d2 5f ff 76 0f f4 19 97 8e 4b ca Oct 31 15:24:35.472644: | 2b a6 e0 4a f8 bc c2 88 b2 54 d0 95 72 d7 2e 2b Oct 31 15:24:35.472646: | 32 41 d0 20 ca 7d 33 0c d2 71 7d de f8 bf a3 94 Oct 31 15:24:35.472648: | 32 47 34 46 64 62 61 e2 56 cd 7d ac bf e5 de 9d Oct 31 15:24:35.472650: | f9 5b f7 52 86 58 d7 5f 99 67 d8 de af 7e 25 27 Oct 31 15:24:35.472652: | 85 31 86 c6 39 0f 08 e3 e0 f1 12 34 f0 32 e3 f7 Oct 31 15:24:35.472654: | ad fa 83 e0 59 59 77 80 fa 78 64 99 c4 70 3c 23 Oct 31 15:24:35.472656: | 9f 6c d2 df e7 25 25 24 93 3e 4a 1d 1a 0d 76 a6 Oct 31 15:24:35.472659: | 55 03 00 e8 01 bd b7 07 93 89 00 21 af cb 49 6d Oct 31 15:24:35.472661: | f2 a1 55 76 31 e4 37 33 b8 fa 15 ff 7c 51 62 55 Oct 31 15:24:35.472663: | 4b 82 3d 96 8d 6c 5f 85 ab bd e1 b2 89 01 9d 3d Oct 31 15:24:35.472665: | c0 5a 2d a1 b1 cb e3 0e 72 c3 87 c8 bd 48 ed 4a Oct 31 15:24:35.472667: | 25 19 c6 5a 8f 1c e8 7f 22 85 84 0b 6c 88 99 fa Oct 31 15:24:35.472669: | 37 ea f8 0a 43 ab b5 bc ed 88 13 5c c8 1c fd a0 Oct 31 15:24:35.472672: | 65 26 80 00 72 b2 de 57 31 b3 7d b5 42 91 e5 80 Oct 31 15:24:35.472674: | 6f a9 77 cb ec 8e fe ed 28 c5 29 44 19 13 e1 ca Oct 31 15:24:35.472676: | 1e 0c 10 38 8e 3c b7 5b eb 96 f7 8f ff 74 8a d1 Oct 31 15:24:35.472678: | 1a 93 ef ab a9 0f d5 23 51 f7 48 79 12 a5 48 af Oct 31 15:24:35.472680: | f6 da 9c d1 6b 96 45 c3 aa 18 31 14 ea bb fa a4 Oct 31 15:24:35.472682: | 6e 26 f4 30 3d 0d f3 87 b6 6a 3c b2 ec 2a eb 0f Oct 31 15:24:35.472684: | c5 30 d4 f4 8b fa 55 59 f0 f2 72 5e 0b 18 26 59 Oct 31 15:24:35.472686: | a9 5a 55 df 16 a9 5e ff b7 6f 5d 52 ab 56 63 80 Oct 31 15:24:35.472688: | fb 0f e1 32 8d de e4 94 0f 3f 22 05 74 0f 09 28 Oct 31 15:24:35.472690: | ba 75 48 c2 86 ec 00 02 6f 09 d0 Oct 31 15:24:35.472694: | **parse ISAKMP Message: Oct 31 15:24:35.472698: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.472702: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472705: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.472708: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.472710: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.472713: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.472717: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.472720: | length: 539 (00 00 02 1b) Oct 31 15:24:35.472722: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.472725: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.472728: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.472734: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.472737: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.472740: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.472742: | #1 is idle Oct 31 15:24:35.472748: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.472753: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.472755: | unpacking clear payload Oct 31 15:24:35.472757: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.472760: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.472763: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.472765: | flags: none (0x0) Oct 31 15:24:35.472768: | length: 511 (01 ff) Oct 31 15:24:35.472773: | fragment number: 5 (00 05) Oct 31 15:24:35.472776: | total fragments: 6 (00 06) Oct 31 15:24:35.472779: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.472781: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.472784: | received IKE encrypted fragment number '5', total number '6', next payload '0' Oct 31 15:24:35.472790: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.472796: | #1 spent 0.206 (0.206) milliseconds in ikev2_process_packet() Oct 31 15:24:35.472799: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.472802: | delref mdp@0x55ca4895a908(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.472805: | delref logger@0x55ca48938d18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.472807: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.472810: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.472814: | spent 0.225 (0.225) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.472824: | spent 0.00162 (0.00163) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.472830: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.472834: | newref alloc logger@0x55ca48938d18(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.472840: | *received 113 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.472843: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472845: | 35 20 23 08 00 00 00 01 00 00 00 71 00 00 00 55 Oct 31 15:24:35.472847: | 00 06 00 06 95 15 02 16 e4 45 79 ef 5c 67 f4 71 Oct 31 15:24:35.472849: | 58 58 f5 e2 ff e3 43 8c 19 47 70 70 b1 c5 b2 cc Oct 31 15:24:35.472851: | fc ed 65 c8 2a fd 23 2f bf 11 99 e3 03 0e 11 38 Oct 31 15:24:35.472853: | 7f 29 85 d9 9a 91 3d ca d1 09 ff 94 b2 15 49 11 Oct 31 15:24:35.472855: | 5d bf 62 64 3f 0f 27 3f ec 1f c5 db cf 4b 16 a7 Oct 31 15:24:35.472857: | f6 Oct 31 15:24:35.472860: | **parse ISAKMP Message: Oct 31 15:24:35.472865: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.472869: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472871: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.472873: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.472876: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.472878: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.472882: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.472885: | length: 113 (00 00 00 71) Oct 31 15:24:35.472888: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.472891: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:35.472894: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:35.472900: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.472903: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:35.472905: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.472908: | #1 is idle Oct 31 15:24:35.472914: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.472919: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.472921: | unpacking clear payload Oct 31 15:24:35.472924: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.472927: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.472929: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.472934: | flags: none (0x0) Oct 31 15:24:35.472937: | length: 85 (00 55) Oct 31 15:24:35.472940: | fragment number: 6 (00 06) Oct 31 15:24:35.472943: | total fragments: 6 (00 06) Oct 31 15:24:35.472945: | processing payload: ISAKMP_NEXT_v2SKF (len=77) Oct 31 15:24:35.472948: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.472951: | received IKE encrypted fragment number '6', total number '6', next payload '0' Oct 31 15:24:35.472954: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:35.472956: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:35.472960: | ikev2 parent ikev2_ike_sa_process_auth_request_no_skeyid(): calculating g^{xy} in order to decrypt I2 Oct 31 15:24:35.472967: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:35.472971: | DH secret MODP2048@0x7efd98006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:35.472976: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.472978: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.472981: | newref clone logger@0x55ca48958ed8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.472984: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:35.472987: | state #1 deleting .st_event EVENT_SO_DISCARD Oct 31 15:24:35.472991: | libevent_free: delref ptr-libevent@0x55ca48962538 Oct 31 15:24:35.472994: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x55ca4894e6f8 Oct 31 15:24:35.472997: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:35.473000: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55ca4894f008 Oct 31 15:24:35.473003: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.473006: | libevent_malloc: newref ptr-libevent@0x55ca48962538 size 128 Oct 31 15:24:35.473018: | #1 spent 0.0564 (0.0564) milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in v2_dispatch() Oct 31 15:24:35.473023: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.473028: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:35.473031: | suspending state #1 and saving MD 0x55ca4895a908 Oct 31 15:24:35.473034: | addref md@0x55ca4895a908(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.473036: | #1 is busy; has suspended MD 0x55ca4895a908 Oct 31 15:24:35.473041: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.473046: | #1 spent 0.225 (0.225) milliseconds in ikev2_process_packet() Oct 31 15:24:35.473048: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.473051: | delref mdp@0x55ca4895a908(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.473055: | spent 0.234 (0.234) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.473071: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper 1 starting job Oct 31 15:24:35.474036: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:35.474217: | "northnet-eastnets/0x2" #1: spent 1.08 (1.14) milliseconds in helper 1 processing job 2 for state #1: ikev2_inI2outR2 KE (pcr) Oct 31 15:24:35.474226: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper thread 1 sending result back to state Oct 31 15:24:35.474229: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.474233: | libevent_malloc: newref ptr-libevent@0x7efd9000cc18 size 128 Oct 31 15:24:35.474242: | helper thread 1 has nothing to do Oct 31 15:24:35.474254: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.474262: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.474271: | unsuspending #1 MD 0x55ca4895a908 Oct 31 15:24:35.474274: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): processing response from helper 1 Oct 31 15:24:35.474277: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): calling continuation function 0x55ca48509fe7 Oct 31 15:24:35.474280: | ikev2_ike_sa_process_auth_request_no_skeyid_continue() for #1 STATE_PARENT_R1: calculating g^{xy}, sending R2 Oct 31 15:24:35.474283: | DH secret MODP2048@0x7efd98006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:35.474286: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:35.474289: | already have all fragments, skipping fragment collection Oct 31 15:24:35.474291: | already have all fragments, skipping fragment collection Oct 31 15:24:35.474318: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:35.474322: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Oct 31 15:24:35.474326: | **parse IKEv2 Identification - Initiator - Payload: Oct 31 15:24:35.474329: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Oct 31 15:24:35.474332: | flags: none (0x0) Oct 31 15:24:35.474397: | length: 193 (00 c1) Oct 31 15:24:35.474403: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.474407: | reserved: 00 00 00 Oct 31 15:24:35.474411: | processing payload: ISAKMP_NEXT_v2IDi (len=185) Oct 31 15:24:35.474413: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Oct 31 15:24:35.474417: | **parse IKEv2 Certificate Payload: Oct 31 15:24:35.474419: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Oct 31 15:24:35.474422: | flags: none (0x0) Oct 31 15:24:35.474426: | length: 1361 (05 51) Oct 31 15:24:35.474428: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.474431: | processing payload: ISAKMP_NEXT_v2CERT (len=1356) Oct 31 15:24:35.474433: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Oct 31 15:24:35.474436: | **parse IKEv2 Certificate Request Payload: Oct 31 15:24:35.474439: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:35.474441: | flags: none (0x0) Oct 31 15:24:35.474445: | length: 25 (00 19) Oct 31 15:24:35.474447: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.474450: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Oct 31 15:24:35.474452: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:35.474455: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:35.474458: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:35.474460: | flags: none (0x0) Oct 31 15:24:35.474463: | length: 191 (00 bf) Oct 31 15:24:35.474466: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.474469: | reserved: 00 00 00 Oct 31 15:24:35.474472: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Oct 31 15:24:35.474474: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:35.474477: | **parse IKEv2 Authentication Payload: Oct 31 15:24:35.474480: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.474482: | flags: none (0x0) Oct 31 15:24:35.474485: | length: 460 (01 cc) Oct 31 15:24:35.474488: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:35.474491: | processing payload: ISAKMP_NEXT_v2AUTH (len=452) Oct 31 15:24:35.474493: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.474496: | **parse IKEv2 Security Association Payload: Oct 31 15:24:35.474498: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:35.474501: | flags: none (0x0) Oct 31 15:24:35.474504: | length: 164 (00 a4) Oct 31 15:24:35.474507: | processing payload: ISAKMP_NEXT_v2SA (len=160) Oct 31 15:24:35.474509: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.474512: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.474514: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:35.474517: | flags: none (0x0) Oct 31 15:24:35.474520: | length: 24 (00 18) Oct 31 15:24:35.474523: | number of TS: 1 (01) Oct 31 15:24:35.474525: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:35.474530: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.474533: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.474535: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.474538: | flags: none (0x0) Oct 31 15:24:35.474541: | length: 24 (00 18) Oct 31 15:24:35.474544: | number of TS: 1 (01) Oct 31 15:24:35.474546: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:35.474549: | selected state microcode Responder: process IKE_AUTH request Oct 31 15:24:35.474557: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:24:35.474560: | calling processor Responder: process IKE_AUTH request Oct 31 15:24:35.474568: "northnet-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,IDr,AUTH,SA,TSi,TSr} Oct 31 15:24:35.474573: | addref md@0x55ca4895a908(1->2) (in submit_cert_decode() at cert_decode_helper.c:81) Oct 31 15:24:35.474577: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Oct 31 15:24:35.474580: loading root certificate cache Oct 31 15:24:35.474585: | newref struct root_certs@0x55ca48958b68(0->1) (in submit_cert_decode() at cert_decode_helper.c:80) Oct 31 15:24:35.474588: | addref root_certs@0x55ca48958b68(1->2) (in submit_cert_decode() at cert_decode_helper.c:80) Oct 31 15:24:35.479113: | spent 3.67 (4.51) milliseconds in root_certs_addref() calling PK11_ListCertsInSlot() Oct 31 15:24:35.479137: | adding the CA+root cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479142: | discarding non-CA cert E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479147: | discarding non-CA cert E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479150: | discarding non-CA cert E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479152: | discarding non-CA cert E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479155: | discarding non-CA cert E=user-hashsha1@testing.libreswan.org,CN=hashsha1.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479165: | discarding non-CA cert E=testing@libreswan.org,CN=west-ec.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479168: | discarding non-CA cert E=user-nic@testing.libreswan.org,CN=nic.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479197: | spent 0.0596 (0.0596) milliseconds in root_certs_addref() filtering CAs Oct 31 15:24:35.479215: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.479218: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.479222: | newref clone logger@0x55ca489549a8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.479225: | job 3 for #1: responder decoding certificates (decode certificate payload): adding job to queue Oct 31 15:24:35.479228: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.479233: | libevent_free: delref ptr-libevent@0x55ca48962538 Oct 31 15:24:35.479237: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55ca4894f008 Oct 31 15:24:35.479240: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:35.479243: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55ca4892cc88 Oct 31 15:24:35.479246: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.479249: | libevent_malloc: newref ptr-libevent@0x55ca48962538 size 128 Oct 31 15:24:35.479279: | job 3 for #1: responder decoding certificates (decode certificate payload): helper 2 starting job Oct 31 15:24:35.479285: | checking for known CERT payloads Oct 31 15:24:35.479288: | saving certificate of type 'X509_SIGNATURE' Oct 31 15:24:35.479349: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479358: | "northnet-eastnets/0x2" #1: spent 0.0706 (0.0708) milliseconds in find_and_verify_certs() calling decode_cert_payloads() Oct 31 15:24:35.479363: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479424: | "northnet-eastnets/0x2" #1: spent 0.0597 (0.0599) milliseconds in find_and_verify_certs() calling crl_update_check() Oct 31 15:24:35.479429: | missing or expired CRL Oct 31 15:24:35.479432: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Oct 31 15:24:35.479435: | verify_end_cert verifying E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA using: Oct 31 15:24:35.479437: | trusted CA: E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.479440: | verify_end_cert trying profile IPsec Oct 31 15:24:35.479629: | certificate is valid (profile IPsec) Oct 31 15:24:35.479639: | "northnet-eastnets/0x2" #1: spent 0.144 (0.205) milliseconds in find_and_verify_certs() calling verify_end_cert() Oct 31 15:24:35.479714: | newref struct pubkey@0x7efd940034d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.479729: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7efd94002268 Oct 31 15:24:35.479733: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7efd94002588 Oct 31 15:24:35.479735: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7efd94001088 Oct 31 15:24:35.479792: | newref struct pubkey@0x7efd94000c88(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.479842: | newref struct pubkey@0x7efd94002628(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.479892: | newref struct pubkey@0x7efd94005a78(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.479898: | delref pkp@0x7efd940034d8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.479906: | "northnet-eastnets/0x2" #1: spent 0.261 (0.261) milliseconds in find_and_verify_certs() calling add_pubkey_from_nss_cert() Oct 31 15:24:35.479911: | "northnet-eastnets/0x2" #1: spent 0.572 (0.632) milliseconds in helper 2 processing job 3 for state #1: responder decoding certificates (decode certificate payload) Oct 31 15:24:35.479914: | job 3 for #1: responder decoding certificates (decode certificate payload): helper thread 2 sending result back to state Oct 31 15:24:35.479917: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.479920: | libevent_malloc: newref ptr-libevent@0x7efd94001868 size 128 Oct 31 15:24:35.479926: | helper thread 2 has nothing to do Oct 31 15:24:35.479934: | ikev2_parent_inI2outR2_continue_tail returned STF_SUSPEND Oct 31 15:24:35.479941: | #1 spent 3.86 (5.38) milliseconds in processing: Responder: process IKE_AUTH request in v2_dispatch() Oct 31 15:24:35.479949: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.479954: | #1 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:35.479957: | suspending state #1 and saving MD 0x55ca4895a908 Oct 31 15:24:35.479960: | addref md@0x55ca4895a908(2->3) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.479962: | #1 is busy; has suspended MD 0x55ca4895a908 Oct 31 15:24:35.479966: | delref logger@0x55ca48958ed8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.479972: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.479974: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.479978: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:35.479981: | delref mdp@0x55ca4895a908(3->2) (in resume_handler() at server.c:743) Oct 31 15:24:35.479986: | #1 spent 4.15 (5.71) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.479991: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.479994: | libevent_free: delref ptr-libevent@0x7efd9000cc18 Oct 31 15:24:35.480004: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.480010: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.480013: | unsuspending #1 MD 0x55ca4895a908 Oct 31 15:24:35.480017: | job 3 for #1: responder decoding certificates (decode certificate payload): processing response from helper 2 Oct 31 15:24:35.480019: | job 3 for #1: responder decoding certificates (decode certificate payload): calling continuation function 0x55ca484f40d4 Oct 31 15:24:35.480022: | delref mdp@0x55ca4895a908(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:215) Oct 31 15:24:35.480026: | delref root_certs@0x55ca48958b68(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:216) Oct 31 15:24:35.480030: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.480037: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:35.480041: | DER ASN1 DN: Oct 31 15:24:35.480043: | 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.480045: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.480047: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.480049: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.480052: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.480054: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.480056: | 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Oct 31 15:24:35.480058: | 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Oct 31 15:24:35.480060: | 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Oct 31 15:24:35.480062: | 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Oct 31 15:24:35.480064: | 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.480066: | 65 73 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.480068: | received IDr payload - extracting our alleged ID Oct 31 15:24:35.480070: | DER ASN1 DN: Oct 31 15:24:35.480072: | 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.480074: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.480076: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.480079: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.480081: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.480083: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.480085: | 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Oct 31 15:24:35.480088: | 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.480090: | 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Oct 31 15:24:35.480092: | 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Oct 31 15:24:35.480094: | 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.480096: | 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.480120: | comparing ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' to certificate derSubject='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' (subjectName='E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA') Oct 31 15:24:35.480134: | ID_DER_ASN1_DN 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Oct 31 15:24:35.480137: | X509: CERT and ID matches current connection Oct 31 15:24:35.480139: | CERT_X509_SIGNATURE CR: Oct 31 15:24:35.480142: | de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 Oct 31 15:24:35.480144: | d1 1f d2 d2 Oct 31 15:24:35.480146: | cert blob content is not binary ASN.1 Oct 31 15:24:35.480149: | refine_host_connection for IKEv2: starting with "northnet-eastnets/0x2" Oct 31 15:24:35.480162: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.480174: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.480177: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Oct 31 15:24:35.480205: "northnet-eastnets/0x2" #1: certificate subjectAltName extension does not match ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Oct 31 15:24:35.480214: | the remote specified our ID in its IDr payload Oct 31 15:24:35.480227: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.480237: "northnet-eastnets/0x2" #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Oct 31 15:24:35.480273: | received CERTREQ payload; going to decode it Oct 31 15:24:35.480278: | CERT_X509_SIGNATURE CR: Oct 31 15:24:35.480280: | de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 Oct 31 15:24:35.480282: | d1 1f d2 d2 Oct 31 15:24:35.480285: | cert blob content is not binary ASN.1 Oct 31 15:24:35.480287: | verifying AUTH payload Oct 31 15:24:35.480291: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:35.480295: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:35.480297: | ASN.1 blob for hash algo Oct 31 15:24:35.480299: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:35.480302: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:35.480304: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:35.480306: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:35.480308: | 03 02 01 40 Oct 31 15:24:35.480337: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.480347: | trying all remote certificates public keys for RSA key that matches ID: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.480358: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.480369: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.480385: | trying 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.480394: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:35.480396: | b8 43 f8 12 31 a1 c8 b7 38 6a ba 85 ab c1 b5 f8 Oct 31 15:24:35.480399: | 8f 10 e7 00 53 86 52 46 99 00 b0 c8 b7 94 7f 77 Oct 31 15:24:35.480401: | 95 92 ee 59 72 32 ee 30 61 ca c8 6d 2f 34 89 ee Oct 31 15:24:35.480403: | 4b c4 dc ef 56 c0 f2 15 89 84 1e b4 9b 36 d2 76 Oct 31 15:24:35.480573: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:35.480579: | addref pk@0x7efd94005a78(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:35.480582: | an RSA Sig check passed with *AwEAAcIgy [remote certificates] Oct 31 15:24:35.480589: | #1 spent 0.188 (0.193) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:35.480592: "northnet-eastnets/0x2" #1: authenticated using RSA with SHA2_512 Oct 31 15:24:35.480597: | #1 spent 0.278 (0.283) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:35.480619: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:35.480641: | get_connection_private_key() using certificate east to find private key for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind RSA Oct 31 15:24:35.480711: | trying secret PKK_RSA:AwEAAeu8z Oct 31 15:24:35.480716: | matched Oct 31 15:24:35.480718: | secrets entry for certificate already exists: east Oct 31 15:24:35.480721: | connection northnet-eastnets/0x2's RSA private key found in NSS DB using cert Oct 31 15:24:35.480728: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.480730: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.480733: | newref clone logger@0x55ca4894f008(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.480736: | job 4 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:35.480739: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.480743: | libevent_free: delref ptr-libevent@0x55ca48962538 Oct 31 15:24:35.480746: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55ca4892cc88 Oct 31 15:24:35.480749: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:35.480752: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55ca48958ed8 Oct 31 15:24:35.480756: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.480759: | libevent_malloc: newref ptr-libevent@0x7efd9000cc18 size 128 Oct 31 15:24:35.480768: | delref logger@0x55ca489549a8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.480770: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.480773: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.480780: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.480781: | job 4 for #1: computing responder signature (signature): helper 3 starting job Oct 31 15:24:35.480795: | hash to sign Oct 31 15:24:35.480800: | a4 17 e2 11 b8 79 bf ff dc 8d bf 38 f1 77 39 91 Oct 31 15:24:35.480805: | 2b 02 ac a3 71 74 09 eb 41 c3 6d 3a f7 32 ea d2 Oct 31 15:24:35.480807: | 03 42 4b bc a9 1e 75 de d4 b2 9e 8b db 81 e8 cd Oct 31 15:24:35.480809: | 60 22 22 07 f1 31 1b b5 44 fd 62 4e 76 fe f1 78 Oct 31 15:24:35.480784: | #1 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:35.480817: | suspending state #1 and saving MD 0x55ca4895a908 Oct 31 15:24:35.480821: | addref md@0x55ca4895a908(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.480825: | #1 is busy; has suspended MD 0x55ca4895a908 Oct 31 15:24:35.480829: | delref mdp@0x55ca4895a908(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:35.480812: | RSA_sign_hash: Started using NSS Oct 31 15:24:35.480837: | #1 spent 0.802 (0.822) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.480844: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.480848: | libevent_free: delref ptr-libevent@0x7efd94001868 Oct 31 15:24:35.498658: | RSA_sign_hash: Ended using NSS Oct 31 15:24:35.498683: | "northnet-eastnets/0x2" #1: spent 16.2 (17.9) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:35.498689: | "northnet-eastnets/0x2" #1: spent 16.3 (17.9) milliseconds in v2_auth_signature() Oct 31 15:24:35.498694: | "northnet-eastnets/0x2" #1: spent 16.3 (17.9) milliseconds in helper 3 processing job 4 for state #1: computing responder signature (signature) Oct 31 15:24:35.498698: | job 4 for #1: computing responder signature (signature): helper thread 3 sending result back to state Oct 31 15:24:35.498702: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.498706: | libevent_malloc: newref ptr-libevent@0x7efd88000da8 size 128 Oct 31 15:24:35.498718: | helper thread 3 has nothing to do Oct 31 15:24:35.498731: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.498745: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.498749: | unsuspending #1 MD 0x55ca4895a908 Oct 31 15:24:35.498752: | job 4 for #1: computing responder signature (signature): processing response from helper 3 Oct 31 15:24:35.498753: | job 4 for #1: computing responder signature (signature): calling continuation function 0x55ca4843877f Oct 31 15:24:35.498757: | parent state #1: PARENT_R1(half-open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:35.498760: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:35.498762: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.498765: | libevent_free: delref ptr-libevent@0x7efd9000cc18 Oct 31 15:24:35.498767: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55ca48958ed8 Oct 31 15:24:35.498770: | event_schedule: newref EVENT_SA_REKEY-pe@0x55ca48958ed8 Oct 31 15:24:35.498772: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Oct 31 15:24:35.498774: | libevent_malloc: newref ptr-libevent@0x7efd94001868 size 128 Oct 31 15:24:35.499001: | pstats #1 ikev2.ike established Oct 31 15:24:35.499008: | opening output PBS reply packet Oct 31 15:24:35.499011: | **emit ISAKMP Message: Oct 31 15:24:35.499015: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.499017: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.499020: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.499024: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.499029: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.499032: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.499037: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.499041: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.499044: | IKEv2 CERT: send a certificate? Oct 31 15:24:35.499047: | IKEv2 CERT: OK to send a certificate (always) Oct 31 15:24:35.499050: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:35.499053: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.499056: | flags: none (0x0) Oct 31 15:24:35.499059: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:35.499063: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.499067: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:35.499079: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:35.499082: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:35.499085: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.499089: | flags: none (0x0) Oct 31 15:24:35.499092: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.499095: | reserved: 00 00 00 Oct 31 15:24:35.499098: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:35.499100: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.499103: | emitting 183 raw bytes of my identity into IKEv2 Identification - Responder - Payload Oct 31 15:24:35.499105: | my identity: Oct 31 15:24:35.499107: | 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.499109: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.499111: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.499113: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.499115: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.499117: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.499119: | 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Oct 31 15:24:35.499121: | 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.499123: | 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Oct 31 15:24:35.499125: | 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Oct 31 15:24:35.499127: | 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.499129: | 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.499132: | emitting length of IKEv2 Identification - Responder - Payload: 191 Oct 31 15:24:35.499134: | added IDr payload to packet Oct 31 15:24:35.499136: | sending [CERT] of certificate: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.499139: | ****emit IKEv2 Certificate Payload: Oct 31 15:24:35.499141: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.499143: | flags: none (0x0) Oct 31 15:24:35.499145: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.499147: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Oct 31 15:24:35.499149: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.499152: | emitting 1389 raw bytes of CERT into IKEv2 Certificate Payload Oct 31 15:24:35.499154: | CERT: Oct 31 15:24:35.499156: | 30 82 05 69 30 82 04 51 a0 03 02 01 02 02 01 03 Oct 31 15:24:35.499158: | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Oct 31 15:24:35.499159: | 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Oct 31 15:24:35.499161: | 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Oct 31 15:24:35.499163: | 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Oct 31 15:24:35.499165: | 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Oct 31 15:24:35.499167: | 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Oct 31 15:24:35.499168: | 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Oct 31 15:24:35.499171: | 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Oct 31 15:24:35.499173: | 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Oct 31 15:24:35.499175: | 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Oct 31 15:24:35.499177: | 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Oct 31 15:24:35.499179: | 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Oct 31 15:24:35.499181: | 18 0f 32 30 32 30 31 30 32 32 31 37 33 37 30 38 Oct 31 15:24:35.499183: | 5a 18 0f 32 30 32 33 31 30 32 32 31 37 33 37 30 Oct 31 15:24:35.499185: | 38 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Oct 31 15:24:35.499187: | 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Oct 31 15:24:35.499188: | 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Oct 31 15:24:35.499190: | 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Oct 31 15:24:35.499192: | 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Oct 31 15:24:35.499196: | 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Oct 31 15:24:35.499223: | 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Oct 31 15:24:35.499229: | 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.499231: | 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Oct 31 15:24:35.499234: | 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Oct 31 15:24:35.499236: | 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.499238: | 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Oct 31 15:24:35.499240: | 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Oct 31 15:24:35.499242: | 00 30 82 01 8a 02 82 01 81 00 eb bc ce ff 0a 47 Oct 31 15:24:35.499244: | 60 9e bc 18 46 34 c6 58 c1 df 93 27 35 c9 86 c1 Oct 31 15:24:35.499246: | 72 52 01 36 2b 3b 20 98 ac 04 0e cf da 16 a2 99 Oct 31 15:24:35.499248: | eb c1 15 ca 19 56 08 90 b3 60 24 c6 e6 cd 4c 3b Oct 31 15:24:35.499250: | 88 d2 36 0c 38 95 de bc da 2c 95 d7 4b 37 eb f8 Oct 31 15:24:35.499252: | 80 6f a0 54 62 31 b5 3c 7d 7b e5 25 1d 59 76 2c Oct 31 15:24:35.499254: | 62 40 76 48 74 44 d0 d8 35 4d 22 9b 54 d7 fb 4e Oct 31 15:24:35.499256: | a3 5a 0c 8e 1b f6 6d 70 5d 34 33 f1 22 38 38 21 Oct 31 15:24:35.499258: | 21 9f 82 0e 7f 6d 3f 86 b0 0c ad 9f c0 a9 0f 54 Oct 31 15:24:35.499260: | e7 53 95 80 b7 ae 48 f8 1a 23 7f de e4 e2 60 4a Oct 31 15:24:35.499262: | b1 d9 0b 02 11 a5 06 6c 9b ac b3 f1 88 c3 52 33 Oct 31 15:24:35.499264: | 76 d6 4a dc 64 81 ec 2c 37 d6 f2 04 db e4 75 3e Oct 31 15:24:35.499266: | 04 2c 95 a7 d2 0b 83 82 38 5a f4 95 39 14 a4 92 Oct 31 15:24:35.499269: | de f8 ac 93 07 e0 37 14 97 16 c6 76 ac f1 7f dd Oct 31 15:24:35.499271: | c0 b4 d4 f5 7d 50 59 78 78 fa 1c 7c 1d 43 ed 2c Oct 31 15:24:35.499273: | 32 27 62 b9 77 51 73 7b e8 cf d8 6b 4e 1e 8c 37 Oct 31 15:24:35.499275: | 85 98 30 24 bc 5d 85 7b 10 fe 7a f1 e0 b8 56 a7 Oct 31 15:24:35.499277: | fb 4a 9c 02 ca 9c 80 1b e9 bf 71 1b c8 c3 2c a1 Oct 31 15:24:35.499279: | 80 ec a9 72 4f b9 b0 af 2b c6 66 26 8a 85 ce 67 Oct 31 15:24:35.499281: | df a1 38 66 de a1 54 14 0e ef 2e fe f9 b8 6c 18 Oct 31 15:24:35.499284: | cb fe f8 15 c8 10 36 bf bf 86 a3 f8 2b 6a 03 3f Oct 31 15:24:35.499286: | f8 2d fa f4 e9 eb 09 5b 84 e3 76 7c c9 9c ec 30 Oct 31 15:24:35.499288: | 05 34 de 55 3e fd 59 4e 77 0d d9 ad 01 2f e3 b5 Oct 31 15:24:35.499290: | 63 6f b7 5d e6 99 d8 af 7c 3b ea 53 8b eb 19 4f Oct 31 15:24:35.499292: | b9 7f 23 ce a1 6c 7b 6f 34 8f 02 03 01 00 01 a3 Oct 31 15:24:35.499295: | 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Oct 31 15:24:35.499297: | 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Oct 31 15:24:35.499299: | 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.499301: | 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Oct 31 15:24:35.499303: | 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Oct 31 15:24:35.499306: | 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Oct 31 15:24:35.499307: | 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Oct 31 15:24:35.499310: | 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Oct 31 15:24:35.499312: | 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Oct 31 15:24:35.499314: | 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Oct 31 15:24:35.499316: | 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Oct 31 15:24:35.499318: | 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Oct 31 15:24:35.499320: | 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Oct 31 15:24:35.499322: | 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Oct 31 15:24:35.499324: | 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Oct 31 15:24:35.499326: | 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Oct 31 15:24:35.499328: | 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Oct 31 15:24:35.499330: | 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 ad 23 06 Oct 31 15:24:35.499336: | cc a8 df 90 99 31 6c 1d 00 8c e5 bd cb 27 96 e3 Oct 31 15:24:35.499339: | 4d 46 ba 35 6a b2 cc e4 70 06 97 a6 fb b9 40 08 Oct 31 15:24:35.499341: | 7a e0 c6 52 ff a2 59 b6 10 ef b0 79 71 9b ed e2 Oct 31 15:24:35.499343: | 65 ec 33 4d cb 79 bd de ec 5e a8 e0 d6 b7 93 e5 Oct 31 15:24:35.499345: | 06 27 5b 8a bd bb 77 03 af 06 93 bc 58 d5 02 43 Oct 31 15:24:35.499347: | 60 ed b8 3f 53 06 63 17 0b 89 a1 58 b7 97 07 53 Oct 31 15:24:35.499349: | a4 ba f5 ca ca 77 26 b2 64 f8 b6 08 cb fd 80 7a Oct 31 15:24:35.499351: | 3d 40 15 ea 71 87 b6 ad 57 7a 3f ee 77 22 65 ca Oct 31 15:24:35.499354: | 42 6a 3a 4f 7f 09 d1 6a 3a f4 96 ff 60 54 99 34 Oct 31 15:24:35.499356: | 80 98 82 bb c6 ad c4 6d fd a4 ba c6 ee eb 77 74 Oct 31 15:24:35.499358: | e0 71 4d 7f 87 7b d1 97 9f 66 af e6 96 82 dc e8 Oct 31 15:24:35.499360: | d5 19 f2 1b e8 84 ee ff 5b 0c c6 bb 09 cd 7d a4 Oct 31 15:24:35.499362: | 68 9c 14 80 1d 81 2c d1 f7 ba 90 03 a8 c0 9e c4 Oct 31 15:24:35.499364: | 4c 5b d8 c4 4e db 8e 42 00 20 87 6b 6e 8a 2f 7f Oct 31 15:24:35.499366: | 4e 33 07 96 48 c5 32 0d b3 8a 16 3f ce c1 18 09 Oct 31 15:24:35.499369: | 33 28 10 27 1f b9 4a 93 0c 33 f4 e9 74 Oct 31 15:24:35.499371: | emitting length of IKEv2 Certificate Payload: 1394 Oct 31 15:24:35.499374: | CHILD SA proposals received Oct 31 15:24:35.499377: | going to assemble AUTH payload Oct 31 15:24:35.499380: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:35.499383: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.499385: | flags: none (0x0) Oct 31 15:24:35.499388: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:35.499391: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:35.499394: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.499397: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:35.499400: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:35.499402: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:35.499405: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:35.499407: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:35.499410: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:35.499412: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:35.499414: | 03 02 01 40 Oct 31 15:24:35.499417: | emitting 384 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:35.499419: | signature: Oct 31 15:24:35.499421: | 07 ac 5e a5 19 23 a5 f5 48 99 94 45 e7 49 1e 59 Oct 31 15:24:35.499423: | 02 03 f7 12 a8 7d 59 cd db 92 0e 20 88 48 18 61 Oct 31 15:24:35.499425: | 72 bb 22 b5 6d e0 1f 99 d4 4e 64 e1 d1 c1 63 83 Oct 31 15:24:35.499428: | 90 c7 21 aa ec 94 d7 4c c5 c0 e0 22 e8 9c 46 3f Oct 31 15:24:35.499430: | 17 6d 91 79 d8 af c6 08 a0 24 fd 41 97 79 75 61 Oct 31 15:24:35.499432: | c1 69 4f a0 29 a8 38 e0 0f b2 ef b4 97 06 66 12 Oct 31 15:24:35.499434: | 21 e9 30 90 92 c3 49 57 f9 e0 6b 21 0a 41 f8 e2 Oct 31 15:24:35.499436: | 45 9d 9f 03 cb 9a 4f 20 f7 bd a6 32 42 48 ec e8 Oct 31 15:24:35.499438: | da c7 7f 9c c5 d0 a2 7a 2e c1 f7 7d 1a 6f 68 d4 Oct 31 15:24:35.499505: | 42 f7 b8 59 de 07 d7 2f 7e c7 fb cf c9 de fa 55 Oct 31 15:24:35.499510: | cc bc 76 ed 84 79 da 9a eb bd c8 69 cd fe ae 55 Oct 31 15:24:35.499513: | 0c 0b fe 26 23 b6 b8 62 32 fe a7 a6 1b 47 d8 12 Oct 31 15:24:35.499515: | 14 f5 24 a8 35 b8 15 4a 03 8e 17 64 3e 7c 07 c0 Oct 31 15:24:35.499517: | 70 1d 90 a5 df 6b 74 8b 68 30 04 04 52 a4 20 78 Oct 31 15:24:35.499519: | c3 f0 7c 3d 2e 80 dd 99 81 26 06 73 35 26 3c 9f Oct 31 15:24:35.499522: | 27 8b f4 64 d6 72 3a f5 61 9c 9b 04 4c cc b4 c7 Oct 31 15:24:35.499524: | 93 9e 57 f9 bc 6d 5e e2 43 92 89 56 6e 70 f8 a1 Oct 31 15:24:35.499526: | 5c a5 20 ef 2e 27 ba f3 ae ef cf 5a 97 e4 a1 01 Oct 31 15:24:35.499531: | a7 75 82 83 50 ab ad 65 d5 55 85 25 de 41 2a 7b Oct 31 15:24:35.499533: | 0c 19 83 08 11 1e 6e 9a e4 f1 4c 72 dd d5 3d 61 Oct 31 15:24:35.499535: | 70 e1 85 37 2b c2 29 5b eb 3e 61 76 b3 36 d5 87 Oct 31 15:24:35.499537: | 06 42 e7 10 0d 61 ca 6f 3b c5 e7 99 3b 85 99 ed Oct 31 15:24:35.499539: | a1 92 4e ad ef 99 1a 4b f1 e1 1b 6f 76 81 ef 6c Oct 31 15:24:35.499542: | ee 82 4c c1 fe 6e 4c 1c a9 d5 e4 ba 35 5d 76 89 Oct 31 15:24:35.499544: | emitting length of IKEv2 Authentication Payload: 460 Oct 31 15:24:35.499551: | newref alloc logger@0x55ca489549a8(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.499554: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:35.499557: | creating state object #2 at 0x55ca489728f8 Oct 31 15:24:35.499560: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:35.499569: | pstats #2 ikev2.child started Oct 31 15:24:35.499572: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Oct 31 15:24:35.499579: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:35.499590: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:35.499595: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_R0(ignore) Oct 31 15:24:35.499599: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:35.499605: | Message ID: IKE #1 switching from IKE SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:24:35.499612: | Message ID: CHILD #1.#2 switching to CHILD SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744549.876817 child.wip.initiator=-1 child.wip.responder=-1->1 Oct 31 15:24:35.499616: | switching IKEv2 MD.ST from IKE #1 ESTABLISHED_IKE_SA to CHILD #2 V2_IKE_AUTH_CHILD_R0 (in ike_auth_child_responder() at ikev2_parent.c:3282) Oct 31 15:24:35.499618: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:35.499621: | TSi: parsing 1 traffic selectors Oct 31 15:24:35.499626: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.499628: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.499631: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.499635: | length: 16 (00 10) Oct 31 15:24:35.499638: | start port: 0 (00 00) Oct 31 15:24:35.499641: | end port: 65535 (ff ff) Oct 31 15:24:35.499643: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.499646: | TS low Oct 31 15:24:35.499711: | c0 00 03 00 Oct 31 15:24:35.499715: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.499718: | TS high Oct 31 15:24:35.499720: | c0 00 03 ff Oct 31 15:24:35.499723: | TSi: parsed 1 traffic selectors Oct 31 15:24:35.499726: | TSr: parsing 1 traffic selectors Oct 31 15:24:35.499729: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.499732: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.499735: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.499740: | length: 16 (00 10) Oct 31 15:24:35.499745: | start port: 0 (00 00) Oct 31 15:24:35.499749: | end port: 65535 (ff ff) Oct 31 15:24:35.499751: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.499754: | TS low Oct 31 15:24:35.499756: | c0 00 02 00 Oct 31 15:24:35.499759: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.499761: | TS high Oct 31 15:24:35.499763: | c0 00 02 ff Oct 31 15:24:35.499766: | TSr: parsed 1 traffic selectors Oct 31 15:24:35.499770: | looking for best SPD in current connection Oct 31 15:24:35.499778: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.499783: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.499792: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.499796: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.499798: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.499801: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.499804: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.499809: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.499816: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Oct 31 15:24:35.499819: | looking for better host pair Oct 31 15:24:35.499824: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:35.499829: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Oct 31 15:24:35.499832: | investigating connection "northnet-eastnets/0x2" as a better match Oct 31 15:24:35.499845: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.499853: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.499856: | results matched Oct 31 15:24:35.499868: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.499880: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.499887: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.499892: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.499899: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.499903: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.499905: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.499908: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.499911: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.499917: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.499923: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Oct 31 15:24:35.499926: | investigating connection "northnet-eastnets/0x1" as a better match Oct 31 15:24:35.499936: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.499944: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.499946: | results matched Oct 31 15:24:35.499958: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.499970: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.499977: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:35.499981: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.499988: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.499992: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.499995: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.499998: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.500001: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.500005: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.500011: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:35.500014: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.500016: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.500018: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.500020: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.500022: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.500023: | protocol fitness found better match d northnet-eastnets/0x1, TSi[0],TSr[0] Oct 31 15:24:35.500026: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:35.500028: | printing contents struct traffic_selector Oct 31 15:24:35.500030: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.500032: | ipprotoid: 0 Oct 31 15:24:35.500034: | port range: 0-65535 Oct 31 15:24:35.500038: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:35.500040: | printing contents struct traffic_selector Oct 31 15:24:35.500042: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.500044: | ipprotoid: 0 Oct 31 15:24:35.500046: | port range: 0-65535 Oct 31 15:24:35.500049: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:35.500053: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Oct 31 15:24:35.500059: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:35.500067: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:35.500070: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:35.500074: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:35.500077: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.500081: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.500084: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.500088: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.500091: "northnet-eastnets/0x1": local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): Oct 31 15:24:35.500096: "northnet-eastnets/0x1": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:35.500101: "northnet-eastnets/0x1": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:35.500105: "northnet-eastnets/0x1": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.500109: "northnet-eastnets/0x1": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.500112: | comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Oct 31 15:24:35.500117: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.500119: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:35.500122: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.500124: | local proposal 1 type DH has 1 transforms Oct 31 15:24:35.500126: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:35.500130: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:35.500132: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.500134: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:35.500136: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.500139: | local proposal 2 type DH has 1 transforms Oct 31 15:24:35.500141: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:35.500147: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:35.500149: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.500151: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:35.500154: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.500156: | local proposal 3 type DH has 1 transforms Oct 31 15:24:35.500159: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:35.500161: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:35.500163: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.500166: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:35.500168: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.500170: | local proposal 4 type DH has 1 transforms Oct 31 15:24:35.500172: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:35.500175: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:35.500179: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.500183: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.500186: | length: 32 (00 20) Oct 31 15:24:35.500189: | prop #: 1 (01) Oct 31 15:24:35.500192: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.500195: | spi size: 4 (04) Oct 31 15:24:35.500197: | # transforms: 2 (02) Oct 31 15:24:35.500208: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.500211: | remote SPI Oct 31 15:24:35.500213: | 8c 58 fb a8 Oct 31 15:24:35.500215: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:35.500218: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500220: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500223: | length: 12 (00 0c) Oct 31 15:24:35.500224: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.500227: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.500229: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.500231: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.500234: | length/value: 256 (01 00) Oct 31 15:24:35.500239: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.500242: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500245: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.500248: | length: 8 (00 08) Oct 31 15:24:35.500251: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.500253: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.500256: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:35.500259: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Oct 31 15:24:35.500262: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Oct 31 15:24:35.500265: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Oct 31 15:24:35.500268: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:35.500273: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:35.500275: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.500279: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.500281: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.500285: | length: 32 (00 20) Oct 31 15:24:35.500288: | prop #: 2 (02) Oct 31 15:24:35.500290: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.500293: | spi size: 4 (04) Oct 31 15:24:35.500295: | # transforms: 2 (02) Oct 31 15:24:35.500298: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.500300: | remote SPI Oct 31 15:24:35.500302: | 8c 58 fb a8 Oct 31 15:24:35.500305: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.500310: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500316: | length: 12 (00 0c) Oct 31 15:24:35.500318: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.500320: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.500323: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.500325: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.500328: | length/value: 128 (00 80) Oct 31 15:24:35.500332: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500334: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.500337: | length: 8 (00 08) Oct 31 15:24:35.500339: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.500342: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.500347: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Oct 31 15:24:35.500349: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Oct 31 15:24:35.500352: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.500355: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.500358: | length: 48 (00 30) Oct 31 15:24:35.500360: | prop #: 3 (03) Oct 31 15:24:35.500363: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.500366: | spi size: 4 (04) Oct 31 15:24:35.500368: | # transforms: 4 (04) Oct 31 15:24:35.500371: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.500374: | remote SPI Oct 31 15:24:35.500376: | 8c 58 fb a8 Oct 31 15:24:35.500378: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.500381: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500387: | length: 12 (00 0c) Oct 31 15:24:35.500389: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.500391: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.500393: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.500395: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.500398: | length/value: 256 (01 00) Oct 31 15:24:35.500402: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500404: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500407: | length: 8 (00 08) Oct 31 15:24:35.500410: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.500412: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.500415: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500417: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500421: | length: 8 (00 08) Oct 31 15:24:35.500423: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.500426: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.500429: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500431: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.500434: | length: 8 (00 08) Oct 31 15:24:35.500437: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.500439: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.500443: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:35.500446: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:35.500449: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.500451: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.500454: | length: 48 (00 30) Oct 31 15:24:35.500456: | prop #: 4 (04) Oct 31 15:24:35.500459: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.500462: | spi size: 4 (04) Oct 31 15:24:35.500464: | # transforms: 4 (04) Oct 31 15:24:35.500467: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.500472: | remote SPI Oct 31 15:24:35.500474: | 8c 58 fb a8 Oct 31 15:24:35.500482: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.500485: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500487: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500490: | length: 12 (00 0c) Oct 31 15:24:35.500492: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.500495: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.500497: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.500499: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.500502: | length/value: 128 (00 80) Oct 31 15:24:35.500505: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500508: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500510: | length: 8 (00 08) Oct 31 15:24:35.500513: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.500515: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.500518: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500523: | length: 8 (00 08) Oct 31 15:24:35.500525: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.500527: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.500530: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500532: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.500535: | length: 8 (00 08) Oct 31 15:24:35.500537: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.500539: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.500543: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:35.500546: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:35.500552: "northnet-eastnets/0x1" #2: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=8c58fba8 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Oct 31 15:24:35.500558: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=8c58fba8 Oct 31 15:24:35.500561: | converting proposal to internal trans attrs Oct 31 15:24:35.500584: | netlink_get_spi: allocated 0xc10d190 for esp.0@192.1.2.23 Oct 31 15:24:35.500588: | emitting ikev2_proposal ... Oct 31 15:24:35.500590: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:35.500593: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.500596: | flags: none (0x0) Oct 31 15:24:35.500599: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.500602: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.500607: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.500609: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.500613: | prop #: 1 (01) Oct 31 15:24:35.500615: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.500618: | spi size: 4 (04) Oct 31 15:24:35.500621: | # transforms: 2 (02) Oct 31 15:24:35.500623: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.500627: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.500631: | our spi: 0c 10 d1 90 Oct 31 15:24:35.500633: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500638: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.500643: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.500645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.500649: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.500651: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.500655: | length/value: 256 (01 00) Oct 31 15:24:35.500658: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.500661: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.500663: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.500665: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.500668: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.500671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.500673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.500676: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.500678: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:35.500680: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.500743: | emitting length of IKEv2 Security Association Payload: 36 Oct 31 15:24:35.500747: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.500751: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.500754: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.500757: | flags: none (0x0) Oct 31 15:24:35.500760: | number of TS: 1 (01) Oct 31 15:24:35.500763: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.500766: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.500769: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.500771: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.500774: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.500777: | start port: 0 (00 00) Oct 31 15:24:35.500780: | end port: 65535 (ff ff) Oct 31 15:24:35.500784: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.500787: | IP start: c0 00 03 00 Oct 31 15:24:35.500790: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.500793: | IP end: c0 00 03 ff Oct 31 15:24:35.500795: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.500798: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:35.500800: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.500803: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.500805: | flags: none (0x0) Oct 31 15:24:35.500808: | number of TS: 1 (01) Oct 31 15:24:35.500810: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.500812: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.500815: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.500818: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.500821: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.500824: | start port: 0 (00 00) Oct 31 15:24:35.500827: | end port: 65535 (ff ff) Oct 31 15:24:35.500831: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.500834: | IP start: c0 00 02 00 Oct 31 15:24:35.500839: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.500842: | IP end: c0 00 02 ff Oct 31 15:24:35.500845: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.500847: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:35.500849: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:35.500852: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:35.500929: | FOR_EACH_CONNECTION_... in IKE_SA_established Oct 31 15:24:35.500934: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:24:35.500937: | could_route called for northnet-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:35.500939: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.500942: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.500945: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.500947: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.500950: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.500953: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.500957: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.500960: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.500963: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.500965: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.500969: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.500972: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Oct 31 15:24:35.500975: | netlink: enabling tunnel mode Oct 31 15:24:35.500978: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:35.500980: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.500983: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.501235: | netlink response for Add SA esp.8c58fba8@192.1.3.33 included non-error error Oct 31 15:24:35.501245: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:35.501248: | set up outgoing SA, ref=0/0 Oct 31 15:24:35.501251: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.501254: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.501257: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.501259: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.501264: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.501267: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Oct 31 15:24:35.501271: | netlink: enabling tunnel mode Oct 31 15:24:35.501273: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:35.501276: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.501279: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.501405: | netlink response for Add SA esp.c10d190@192.1.2.23 included non-error error Oct 31 15:24:35.501412: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:35.501414: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:35.501417: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:35.501419: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:35.501421: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:35.501424: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:35.501433: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:35.501437: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.501629: | raw_eroute result=success Oct 31 15:24:35.501636: | set up incoming SA, ref=0/0 Oct 31 15:24:35.501642: | sr for #2: unrouted Oct 31 15:24:35.501646: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:35.501649: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.501652: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.501654: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.501657: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.501660: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.501663: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.501667: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:24:35.501670: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:35.501680: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:35.501684: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.501862: | raw_eroute result=success Oct 31 15:24:35.501869: | running updown command "ipsec _updown" for verb up Oct 31 15:24:35.501872: | command executing up-client Oct 31 15:24:35.501877: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:35.501889: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:35.502318: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.502338: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.502363: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='... Oct 31 15:24:35.502367: | popen cmd is 1501 chars long Oct 31 15:24:35.502370: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Oct 31 15:24:35.502372: | cmd( 80):x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:35.502375: | cmd( 160):O_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=: Oct 31 15:24:35.502377: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-: Oct 31 15:24:35.502379: | cmd( 320):east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET=': Oct 31 15:24:35.502381: | cmd( 400):192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: Oct 31 15:24:35.502384: | cmd( 480):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO: Oct 31 15:24:35.502386: | cmd( 560):_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north: Oct 31 15:24:35.502389: | cmd( 640):.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='1: Oct 31 15:24:35.502391: | cmd( 720):92.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.2: Oct 31 15:24:35.502393: | cmd( 800):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontari: Oct 31 15:24:35.502399: | cmd( 880):o, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, : Oct 31 15:24:35.502402: | cmd( 960):E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CON: Oct 31 15:24:35.502404: | cmd(1040):N_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSAS: Oct 31 15:24:35.502406: | cmd(1120):IG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILE: Oct 31 15:24:35.502408: | cmd(1200):D=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLU: Oct 31 15:24:35.502411: | cmd(1280):TO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=: Oct 31 15:24:35.502413: | cmd(1360):'0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE: Oct 31 15:24:35.502415: | cmd(1440):D='no' SPI_IN=0x8c58fba8 SPI_OUT=0xc10d190 ipsec _updown 2>&1: Oct 31 15:24:35.520747: | route_and_eroute: firewall_notified: true Oct 31 15:24:35.520763: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:35.520768: | command executing prepare-client Oct 31 15:24:35.520775: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:35.520797: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:35.520857: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.520870: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.520896: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLU... Oct 31 15:24:35.520900: | popen cmd is 1506 chars long Oct 31 15:24:35.520903: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:35.520906: | cmd( 80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:35.520908: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:35.520910: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=: Oct 31 15:24:35.520913: | cmd( 320):user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_: Oct 31 15:24:35.520915: | cmd( 400):NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Oct 31 15:24:35.520917: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' : Oct 31 15:24:35.520919: | cmd( 560):PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Oct 31 15:24:35.520922: | cmd( 640):north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIE: Oct 31 15:24:35.520924: | cmd( 720):NT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.: Oct 31 15:24:35.520926: | cmd( 800):255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=O: Oct 31 15:24:35.520930: | cmd( 880):ntario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mai: Oct 31 15:24:35.520933: | cmd( 960):nca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUT: Oct 31 15:24:35.520935: | cmd(1040):O_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO: Oct 31 15:24:35.520937: | cmd(1120):+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: Oct 31 15:24:35.520939: | cmd(1200):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': Oct 31 15:24:35.520942: | cmd(1280):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: Oct 31 15:24:35.520944: | cmd(1360):URED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_: Oct 31 15:24:35.520946: | cmd(1440):SHARED='no' SPI_IN=0x8c58fba8 SPI_OUT=0xc10d190 ipsec _updown 2>&1: Oct 31 15:24:35.546525: | running updown command "ipsec _updown" for verb route Oct 31 15:24:35.546538: | command executing route-client Oct 31 15:24:35.546546: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:35.546563: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:35.546628: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.546643: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.546670: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_S... Oct 31 15:24:35.546674: | popen cmd is 1504 chars long Oct 31 15:24:35.546677: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Oct 31 15:24:35.546680: | cmd( 80):s/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P: Oct 31 15:24:35.546682: | cmd( 160):LUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario,: Oct 31 15:24:35.546685: | cmd( 240): L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=us: Oct 31 15:24:35.546688: | cmd( 320):er-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NE: Oct 31 15:24:35.546690: | cmd( 400):T='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PR: Oct 31 15:24:35.546693: | cmd( 480):OTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PL: Oct 31 15:24:35.546695: | cmd( 560):UTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Oct 31 15:24:35.546698: | cmd( 640):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT: Oct 31 15:24:35.546700: | cmd( 720):='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.25: Oct 31 15:24:35.546703: | cmd( 800):5.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ont: Oct 31 15:24:35.546705: | cmd( 880):ario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainc: Oct 31 15:24:35.546708: | cmd( 960):a, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_: Oct 31 15:24:35.546714: | cmd(1040):CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+R: Oct 31 15:24:35.546717: | cmd(1120):SASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Oct 31 15:24:35.546719: | cmd(1200):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Oct 31 15:24:35.546721: | cmd(1280):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Oct 31 15:24:35.546724: | cmd(1360):ED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: Oct 31 15:24:35.546726: | cmd(1440):ARED='no' SPI_IN=0x8c58fba8 SPI_OUT=0xc10d190 ipsec _updown 2>&1: Oct 31 15:24:35.581227: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581252: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581256: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581260: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581276: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581291: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581307: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581322: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581336: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581351: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581366: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581383: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581399: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581414: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581428: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581443: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581459: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581474: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581489: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581504: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581519: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581535: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581549: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581564: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581844: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581858: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581875: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581891: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581906: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581921: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581937: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581954: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581970: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.581985: "northnet-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.607050: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55ca48946db8,sr=0x55ca48946db8} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:35.607483: | ISAKMP_v2_IKE_AUTH: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:24:35.607494: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.607499: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:35.607502: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:35.607506: | emitting length of IKEv2 Encryption Payload: 2158 Oct 31 15:24:35.607509: | emitting length of ISAKMP Message: 2186 Oct 31 15:24:35.607517: | **parse ISAKMP Message: Oct 31 15:24:35.607522: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.607527: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.607530: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:35.607533: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.607536: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.607539: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.607543: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.607547: | length: 2186 (00 00 08 8a) Oct 31 15:24:35.607551: | **parse IKEv2 Encryption Payload: Oct 31 15:24:35.607554: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:35.607556: | flags: none (0x0) Oct 31 15:24:35.607559: | length: 2158 (08 6e) Oct 31 15:24:35.607562: | opening output PBS reply frag packet Oct 31 15:24:35.607565: | **emit ISAKMP Message: Oct 31 15:24:35.607569: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.607573: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.607575: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.607578: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.607580: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.607583: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.607587: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.607590: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.607593: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.607596: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:35.607598: | flags: none (0x0) Oct 31 15:24:35.607601: | fragment number: 1 (00 01) Oct 31 15:24:35.607605: | total fragments: 5 (00 05) Oct 31 15:24:35.607607: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 36:ISAKMP_NEXT_v2IDr Oct 31 15:24:35.607610: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.607613: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.607616: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.607625: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.607628: | cleartext fragment: Oct 31 15:24:35.607631: | 25 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 06 Oct 31 15:24:35.607633: | 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Oct 31 15:24:35.607636: | 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Oct 31 15:24:35.607638: | 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Oct 31 15:24:35.607644: | 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.607646: | 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Oct 31 15:24:35.607648: | 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Oct 31 15:24:35.607651: | 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Oct 31 15:24:35.607653: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Oct 31 15:24:35.607655: | 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Oct 31 15:24:35.607657: | 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Oct 31 15:24:35.607660: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 27 Oct 31 15:24:35.607662: | 00 05 72 04 30 82 05 69 30 82 04 51 a0 03 02 01 Oct 31 15:24:35.607664: | 02 02 01 03 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Oct 31 15:24:35.607666: | 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 06 13 Oct 31 15:24:35.607668: | 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e Oct 31 15:24:35.607671: | 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 Oct 31 15:24:35.607673: | 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a Oct 31 15:24:35.607675: | 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 Oct 31 15:24:35.607677: | 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 Oct 31 15:24:35.607679: | 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 0c 1c Oct 31 15:24:35.607681: | 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 20 43 Oct 31 15:24:35.607684: | 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 Oct 31 15:24:35.607686: | 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 65 73 Oct 31 15:24:35.607688: | 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f Oct 31 15:24:35.607690: | 72 67 30 22 18 0f 32 30 32 30 31 30 32 32 31 37 Oct 31 15:24:35.607692: | 33 37 30 38 5a 18 0f 32 30 32 33 31 30 32 32 31 Oct 31 15:24:35.607694: | 37 33 37 30 38 5a 30 81 b4 31 0b 30 09 06 03 55 Oct 31 15:24:35.607696: | 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c Oct 31 15:24:35.607699: | 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Oct 31 15:24:35.607701: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.607704: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.607707: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.607710: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.607712: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.607729: | recording fragment 1 Oct 31 15:24:35.607733: | opening output PBS reply frag packet Oct 31 15:24:35.607736: | **emit ISAKMP Message: Oct 31 15:24:35.607740: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.607743: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.607746: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.607748: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.607751: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.607753: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.607757: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.607759: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.607762: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.607765: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.607767: | flags: none (0x0) Oct 31 15:24:35.607770: | fragment number: 2 (00 02) Oct 31 15:24:35.607773: | total fragments: 5 (00 05) Oct 31 15:24:35.607776: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.607779: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.607781: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.607784: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.607789: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.607794: | cleartext fragment: Oct 31 15:24:35.607797: | 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Oct 31 15:24:35.607799: | 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.607802: | 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Oct 31 15:24:35.607804: | 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 03 Oct 31 15:24:35.607806: | 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 6e Oct 31 15:24:35.607808: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 Oct 31 15:24:35.607809: | 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 1f Oct 31 15:24:35.607811: | 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 6e Oct 31 15:24:35.607812: | 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 Oct 31 15:24:35.607813: | 82 01 a2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 Oct 31 15:24:35.607815: | 05 00 03 82 01 8f 00 30 82 01 8a 02 82 01 81 00 Oct 31 15:24:35.607816: | eb bc ce ff 0a 47 60 9e bc 18 46 34 c6 58 c1 df Oct 31 15:24:35.607817: | 93 27 35 c9 86 c1 72 52 01 36 2b 3b 20 98 ac 04 Oct 31 15:24:35.607819: | 0e cf da 16 a2 99 eb c1 15 ca 19 56 08 90 b3 60 Oct 31 15:24:35.607820: | 24 c6 e6 cd 4c 3b 88 d2 36 0c 38 95 de bc da 2c Oct 31 15:24:35.607821: | 95 d7 4b 37 eb f8 80 6f a0 54 62 31 b5 3c 7d 7b Oct 31 15:24:35.607823: | e5 25 1d 59 76 2c 62 40 76 48 74 44 d0 d8 35 4d Oct 31 15:24:35.607824: | 22 9b 54 d7 fb 4e a3 5a 0c 8e 1b f6 6d 70 5d 34 Oct 31 15:24:35.607825: | 33 f1 22 38 38 21 21 9f 82 0e 7f 6d 3f 86 b0 0c Oct 31 15:24:35.607827: | ad 9f c0 a9 0f 54 e7 53 95 80 b7 ae 48 f8 1a 23 Oct 31 15:24:35.607828: | 7f de e4 e2 60 4a b1 d9 0b 02 11 a5 06 6c 9b ac Oct 31 15:24:35.607829: | b3 f1 88 c3 52 33 76 d6 4a dc 64 81 ec 2c 37 d6 Oct 31 15:24:35.607831: | f2 04 db e4 75 3e 04 2c 95 a7 d2 0b 83 82 38 5a Oct 31 15:24:35.607832: | f4 95 39 14 a4 92 de f8 ac 93 07 e0 37 14 97 16 Oct 31 15:24:35.607833: | c6 76 ac f1 7f dd c0 b4 d4 f5 7d 50 59 78 78 fa Oct 31 15:24:35.607835: | 1c 7c 1d 43 ed 2c 32 27 62 b9 77 51 73 7b e8 cf Oct 31 15:24:35.607836: | d8 6b 4e 1e 8c 37 85 98 30 24 bc 5d 85 7b 10 fe Oct 31 15:24:35.607837: | 7a f1 e0 b8 56 a7 fb 4a 9c 02 ca 9c 80 1b e9 bf Oct 31 15:24:35.607839: | 71 1b c8 c3 2c a1 80 ec a9 72 4f b9 b0 af 2b c6 Oct 31 15:24:35.607840: | 66 26 8a 85 ce 67 df a1 38 66 de a1 54 14 Oct 31 15:24:35.607842: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.607843: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.607845: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.607847: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.607848: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.607854: | recording fragment 2 Oct 31 15:24:35.607856: | opening output PBS reply frag packet Oct 31 15:24:35.607858: | **emit ISAKMP Message: Oct 31 15:24:35.607862: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.607869: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.607872: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.607874: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.607876: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.607879: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.607882: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.607885: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.607888: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.607891: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.607894: | flags: none (0x0) Oct 31 15:24:35.607897: | fragment number: 3 (00 03) Oct 31 15:24:35.607900: | total fragments: 5 (00 05) Oct 31 15:24:35.607903: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.607910: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.607913: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.607917: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.607920: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.607922: | cleartext fragment: Oct 31 15:24:35.607923: | 0e ef 2e fe f9 b8 6c 18 cb fe f8 15 c8 10 36 bf Oct 31 15:24:35.607925: | bf 86 a3 f8 2b 6a 03 3f f8 2d fa f4 e9 eb 09 5b Oct 31 15:24:35.607926: | 84 e3 76 7c c9 9c ec 30 05 34 de 55 3e fd 59 4e Oct 31 15:24:35.607927: | 77 0d d9 ad 01 2f e3 b5 63 6f b7 5d e6 99 d8 af Oct 31 15:24:35.607929: | 7c 3b ea 53 8b eb 19 4f b9 7f 23 ce a1 6c 7b 6f Oct 31 15:24:35.607930: | 34 8f 02 03 01 00 01 a3 82 01 06 30 82 01 02 30 Oct 31 15:24:35.607931: | 09 06 03 55 1d 13 04 02 30 00 30 47 06 03 55 1d Oct 31 15:24:35.607933: | 11 04 40 30 3e 82 1a 65 61 73 74 2e 74 65 73 74 Oct 31 15:24:35.607934: | 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Oct 31 15:24:35.607935: | 67 81 1a 65 61 73 74 40 74 65 73 74 69 6e 67 2e Oct 31 15:24:35.607937: | 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 87 04 c0 Oct 31 15:24:35.607938: | 01 02 17 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 Oct 31 15:24:35.607939: | 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 Oct 31 15:24:35.607941: | 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 Oct 31 15:24:35.607942: | 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 Oct 31 15:24:35.607943: | 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 Oct 31 15:24:35.607945: | 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Oct 31 15:24:35.607946: | 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 Oct 31 15:24:35.607948: | 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 Oct 31 15:24:35.607949: | 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e Oct 31 15:24:35.607950: | 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Oct 31 15:24:35.607952: | 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 Oct 31 15:24:35.607953: | 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 Oct 31 15:24:35.607954: | 03 82 01 01 00 ad 23 06 cc a8 df 90 99 31 6c 1d Oct 31 15:24:35.607956: | 00 8c e5 bd cb 27 96 e3 4d 46 ba 35 6a b2 cc e4 Oct 31 15:24:35.607960: | 70 06 97 a6 fb b9 40 08 7a e0 c6 52 ff a2 59 b6 Oct 31 15:24:35.607964: | 10 ef b0 79 71 9b ed e2 65 ec 33 4d cb 79 bd de Oct 31 15:24:35.607966: | ec 5e a8 e0 d6 b7 93 e5 06 27 5b 8a bd bb 77 03 Oct 31 15:24:35.607969: | af 06 93 bc 58 d5 02 43 60 ed b8 3f 53 06 63 17 Oct 31 15:24:35.607971: | 0b 89 a1 58 b7 97 07 53 a4 ba f5 ca ca 77 Oct 31 15:24:35.607973: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.607976: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.607979: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.607982: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.607984: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.607994: | recording fragment 3 Oct 31 15:24:35.607999: | opening output PBS reply frag packet Oct 31 15:24:35.608002: | **emit ISAKMP Message: Oct 31 15:24:35.608006: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.608010: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608012: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.608015: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.608017: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.608020: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.608024: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.608027: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.608033: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.608036: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.608038: | flags: none (0x0) Oct 31 15:24:35.608045: | fragment number: 4 (00 04) Oct 31 15:24:35.608050: | total fragments: 5 (00 05) Oct 31 15:24:35.608055: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.608057: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.608060: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.608063: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.608071: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.608074: | cleartext fragment: Oct 31 15:24:35.608077: | 26 b2 64 f8 b6 08 cb fd 80 7a 3d 40 15 ea 71 87 Oct 31 15:24:35.608079: | b6 ad 57 7a 3f ee 77 22 65 ca 42 6a 3a 4f 7f 09 Oct 31 15:24:35.608081: | d1 6a 3a f4 96 ff 60 54 99 34 80 98 82 bb c6 ad Oct 31 15:24:35.608084: | c4 6d fd a4 ba c6 ee eb 77 74 e0 71 4d 7f 87 7b Oct 31 15:24:35.608086: | d1 97 9f 66 af e6 96 82 dc e8 d5 19 f2 1b e8 84 Oct 31 15:24:35.608089: | ee ff 5b 0c c6 bb 09 cd 7d a4 68 9c 14 80 1d 81 Oct 31 15:24:35.608091: | 2c d1 f7 ba 90 03 a8 c0 9e c4 4c 5b d8 c4 4e db Oct 31 15:24:35.608094: | 8e 42 00 20 87 6b 6e 8a 2f 7f 4e 33 07 96 48 c5 Oct 31 15:24:35.608096: | 32 0d b3 8a 16 3f ce c1 18 09 33 28 10 27 1f b9 Oct 31 15:24:35.608098: | 4a 93 0c 33 f4 e9 74 21 00 01 cc 0e 00 00 00 43 Oct 31 15:24:35.608103: | 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 a0 Oct 31 15:24:35.608107: | 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 Oct 31 15:24:35.608110: | a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 30 Oct 31 15:24:35.608112: | 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 03 Oct 31 15:24:35.608115: | 02 01 40 07 ac 5e a5 19 23 a5 f5 48 99 94 45 e7 Oct 31 15:24:35.608117: | 49 1e 59 02 03 f7 12 a8 7d 59 cd db 92 0e 20 88 Oct 31 15:24:35.608119: | 48 18 61 72 bb 22 b5 6d e0 1f 99 d4 4e 64 e1 d1 Oct 31 15:24:35.608122: | c1 63 83 90 c7 21 aa ec 94 d7 4c c5 c0 e0 22 e8 Oct 31 15:24:35.608125: | 9c 46 3f 17 6d 91 79 d8 af c6 08 a0 24 fd 41 97 Oct 31 15:24:35.608127: | 79 75 61 c1 69 4f a0 29 a8 38 e0 0f b2 ef b4 97 Oct 31 15:24:35.608129: | 06 66 12 21 e9 30 90 92 c3 49 57 f9 e0 6b 21 0a Oct 31 15:24:35.608132: | 41 f8 e2 45 9d 9f 03 cb 9a 4f 20 f7 bd a6 32 42 Oct 31 15:24:35.608134: | 48 ec e8 da c7 7f 9c c5 d0 a2 7a 2e c1 f7 7d 1a Oct 31 15:24:35.608136: | 6f 68 d4 42 f7 b8 59 de 07 d7 2f 7e c7 fb cf c9 Oct 31 15:24:35.608138: | de fa 55 cc bc 76 ed 84 79 da 9a eb bd c8 69 cd Oct 31 15:24:35.608141: | fe ae 55 0c 0b fe 26 23 b6 b8 62 32 fe a7 a6 1b Oct 31 15:24:35.608143: | 47 d8 12 14 f5 24 a8 35 b8 15 4a 03 8e 17 64 3e Oct 31 15:24:35.608146: | 7c 07 c0 70 1d 90 a5 df 6b 74 8b 68 30 04 04 52 Oct 31 15:24:35.608148: | a4 20 78 c3 f0 7c 3d 2e 80 dd 99 81 26 06 73 35 Oct 31 15:24:35.608151: | 26 3c 9f 27 8b f4 64 d6 72 3a f5 61 9c 9b Oct 31 15:24:35.608153: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.608156: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.608159: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.608162: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.608164: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.608173: | recording fragment 4 Oct 31 15:24:35.608178: | opening output PBS reply frag packet Oct 31 15:24:35.608181: | **emit ISAKMP Message: Oct 31 15:24:35.608186: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.608191: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608197: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.608207: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.608209: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.608212: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.608215: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.608218: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.608221: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.608224: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.608226: | flags: none (0x0) Oct 31 15:24:35.608229: | fragment number: 5 (00 05) Oct 31 15:24:35.608232: | total fragments: 5 (00 05) Oct 31 15:24:35.608234: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.608237: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.608239: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.608242: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.608247: | emitting 217 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.608249: | cleartext fragment: Oct 31 15:24:35.608251: | 04 4c cc b4 c7 93 9e 57 f9 bc 6d 5e e2 43 92 89 Oct 31 15:24:35.608253: | 56 6e 70 f8 a1 5c a5 20 ef 2e 27 ba f3 ae ef cf Oct 31 15:24:35.608255: | 5a 97 e4 a1 01 a7 75 82 83 50 ab ad 65 d5 55 85 Oct 31 15:24:35.608257: | 25 de 41 2a 7b 0c 19 83 08 11 1e 6e 9a e4 f1 4c Oct 31 15:24:35.608259: | 72 dd d5 3d 61 70 e1 85 37 2b c2 29 5b eb 3e 61 Oct 31 15:24:35.608261: | 76 b3 36 d5 87 06 42 e7 10 0d 61 ca 6f 3b c5 e7 Oct 31 15:24:35.608263: | 99 3b 85 99 ed a1 92 4e ad ef 99 1a 4b f1 e1 1b Oct 31 15:24:35.608265: | 6f 76 81 ef 6c ee 82 4c c1 fe 6e 4c 1c a9 d5 e4 Oct 31 15:24:35.608267: | ba 35 5d 76 89 2c 00 00 24 00 00 00 20 01 03 04 Oct 31 15:24:35.608269: | 02 0c 10 d1 90 03 00 00 0c 01 00 00 14 80 0e 01 Oct 31 15:24:35.608271: | 00 00 00 00 08 05 00 00 00 2d 00 00 18 01 00 00 Oct 31 15:24:35.608273: | 00 07 00 00 10 00 00 ff ff c0 00 03 00 c0 00 03 Oct 31 15:24:35.608276: | ff 00 00 00 18 01 00 00 00 07 00 00 10 00 00 ff Oct 31 15:24:35.608278: | ff c0 00 02 00 c0 00 02 ff Oct 31 15:24:35.608280: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.608283: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.608285: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.608288: | emitting length of IKEv2 Encrypted Fragment: 250 Oct 31 15:24:35.608290: | emitting length of ISAKMP Message: 278 Oct 31 15:24:35.608300: | recording fragment 5 Oct 31 15:24:35.608305: | delref logger@0x55ca4894f008(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.608308: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.608310: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.608314: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:24:35.608322: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.608326: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.608332: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_R0 PARENT_R1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:35.608335: | transitioning from state STATE_PARENT_R1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:35.608338: | Message ID: updating counters for #2 Oct 31 15:24:35.608347: | Message ID: CHILD #1.#2 updating responder received message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0 ike.responder.recv=0->1 ike.responder.last_contact=744549.876817->744550.041137 child.wip.initiator=-1 child.wip.responder=1->-1 Oct 31 15:24:35.608356: | Message ID: CHILD #1.#2 updating responder sent message response 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=0->1 ike.responder.recv=1 ike.responder.last_contact=744550.041137 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.608362: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.041137 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.608366: | child state #2: V2_IKE_AUTH_CHILD_R0(ignore) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:35.608369: | pstats #2 ikev2.child established Oct 31 15:24:35.608372: | announcing the state transition Oct 31 15:24:35.608505: "northnet-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:35.608514: | NAT-T: encaps is 'auto' Oct 31 15:24:35.608521: "northnet-eastnets/0x1" #2: IPsec SA established tunnel mode {ESP=>0x8c58fba8 <0x0c10d190 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:35.608529: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.608532: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608535: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Oct 31 15:24:35.608537: | 00 01 00 05 5b e6 4b 86 6c 84 25 bc f6 1f 97 44 Oct 31 15:24:35.608539: | ed 3f 95 c0 96 c0 e7 33 71 d3 4a 2c 21 52 8f e4 Oct 31 15:24:35.608542: | b9 35 a9 2a b4 5b 3c 11 a7 a8 17 53 ef 66 07 24 Oct 31 15:24:35.608544: | 50 2a 16 a1 96 e1 7b ec e2 6f d9 de 8c 04 60 62 Oct 31 15:24:35.608546: | c3 e3 86 60 c6 24 c2 8b 10 38 ec d1 d6 9b 5c f6 Oct 31 15:24:35.608549: | f7 fc 8a 7e ef fb 5b 34 b2 d0 b6 b3 9c 7c 53 da Oct 31 15:24:35.608551: | aa b0 6c 54 3b 63 a5 01 d4 89 a2 44 80 5f 1a 85 Oct 31 15:24:35.608553: | 62 ef 3b d6 b5 fa 05 b4 62 58 85 f1 c0 c0 d5 17 Oct 31 15:24:35.608555: | c0 b7 b4 86 02 7d dc 3b dd 20 db fd 69 cc f5 0d Oct 31 15:24:35.608558: | 4e ab 40 35 2a 5b 47 37 2e 22 7f d2 3b c1 02 c9 Oct 31 15:24:35.608560: | f2 fb c8 87 c6 38 76 3b 3d c9 56 4c b9 39 47 85 Oct 31 15:24:35.608563: | d6 1d d8 f7 f6 f7 8f 24 2a f7 05 0d 77 23 2f ba Oct 31 15:24:35.608565: | d5 63 fc c2 44 68 ca 15 b8 1f 0b 0a 5a ca 84 1e Oct 31 15:24:35.608567: | 6f 91 a3 fa 82 18 6d 86 28 7a 24 b8 60 37 09 7a Oct 31 15:24:35.608570: | d4 71 01 f4 9a 63 d3 df 15 4f 6a d2 e0 a6 b1 6d Oct 31 15:24:35.608572: | f8 fc e3 5d 14 da 4c b2 da 76 52 89 06 33 b9 7d Oct 31 15:24:35.608575: | 0e e4 52 b9 97 4b 58 a2 31 99 7e ac 64 ac 55 b5 Oct 31 15:24:35.608577: | cf 00 09 a7 55 fc 36 17 58 51 2b bc 65 07 01 ec Oct 31 15:24:35.608579: | d3 ae 0f 13 46 24 76 27 55 d6 d8 a9 7a 61 3a a5 Oct 31 15:24:35.608581: | 72 b1 ac e4 9a 1e d7 fe d9 0b c8 0e 4a cc 89 ea Oct 31 15:24:35.608584: | fc 56 c9 ea b7 12 fe a6 55 e7 96 da 75 41 af 10 Oct 31 15:24:35.608586: | 83 aa c7 c4 7f fa d8 fd 85 47 3c 02 14 6e 15 2d Oct 31 15:24:35.608588: | 7a 05 66 7e 93 67 82 34 96 c1 d6 84 18 88 38 c3 Oct 31 15:24:35.608590: | ed c8 d1 bd a2 ed bd 6e c9 03 9f 19 7f 4b 5d 28 Oct 31 15:24:35.608592: | 04 73 6e 73 34 e8 e2 3c 04 e0 e1 6b ee fe ab f6 Oct 31 15:24:35.608595: | ea c9 37 bf 61 80 e6 d8 f4 f4 3d 09 46 1c 08 6a Oct 31 15:24:35.608597: | 69 3b 3b b2 98 22 3a c0 07 48 db 26 f7 90 0f 02 Oct 31 15:24:35.608599: | bf 70 c8 65 3e 0b ca 8c 89 49 69 f4 84 cf 62 10 Oct 31 15:24:35.608601: | 66 fb bc 1a 25 69 a3 e7 f1 b6 24 15 81 6c 13 63 Oct 31 15:24:35.608603: | ae 65 b0 6b d2 89 a2 30 84 b5 45 7a 54 3c 60 0e Oct 31 15:24:35.608608: | 26 80 96 19 d8 14 42 6d 2b 64 88 dc 20 b0 c3 7d Oct 31 15:24:35.608610: | e3 7a 5f 63 90 8a c4 b1 39 54 4f Oct 31 15:24:35.608672: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.608676: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608679: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.608681: | 00 02 00 05 fb 7c 7c ac c4 57 e2 2b 9f 2d 33 e4 Oct 31 15:24:35.608683: | 78 8d d2 5c db 71 3a e3 05 a1 da 39 42 11 49 f4 Oct 31 15:24:35.608686: | c1 cd b5 b0 cb 2c 1c 32 54 41 e0 81 62 eb ec eb Oct 31 15:24:35.608688: | c2 77 d5 d0 69 ba c2 ba 7e a6 78 a3 92 7b a0 58 Oct 31 15:24:35.608690: | 81 a9 4a eb 05 cb 21 b6 07 7d 94 da 92 80 4d 0a Oct 31 15:24:35.608692: | 2c ad 55 f0 80 e7 da 50 a8 52 96 3a fa 80 c6 4e Oct 31 15:24:35.608695: | ce 4c 9f 88 3e 4b 34 14 8a b5 ae ef b5 e6 24 92 Oct 31 15:24:35.608697: | 1a 47 e6 bf 9c 39 c3 f8 68 a1 ca c3 3d bb f3 7e Oct 31 15:24:35.608699: | 13 58 56 cf 92 2e 9d f8 1e 87 fe 07 82 2e 5a 49 Oct 31 15:24:35.608701: | 24 d4 b0 3a 48 f6 7a 5a 53 31 73 d7 3b ca f2 9f Oct 31 15:24:35.608704: | bc 37 1a 21 78 85 61 24 a0 c7 aa dc d9 e7 dd 87 Oct 31 15:24:35.608706: | 1e 92 af 26 e6 ef 68 46 eb d0 de a3 04 28 f4 d1 Oct 31 15:24:35.608708: | d7 01 fe ef a0 fb 4d 53 f5 64 98 99 40 7e 12 24 Oct 31 15:24:35.608710: | a2 af 12 24 c0 14 d2 67 06 74 fe bd 5e 49 72 ca Oct 31 15:24:35.608712: | 4f 32 d3 60 80 b7 cb a3 c4 a7 cb b9 f4 3d dd c3 Oct 31 15:24:35.608715: | 3c e1 7e 79 43 22 fd 2a 3c 9f 6b 0d e5 4f 2f 1b Oct 31 15:24:35.608717: | cb a0 d2 4a f5 e4 95 60 90 07 e7 9d 1d 3b 92 2d Oct 31 15:24:35.608719: | a7 74 fd 1a 20 56 81 9e 25 79 31 1b d6 b1 d7 77 Oct 31 15:24:35.608721: | 38 7a 76 e8 7e cd d5 93 35 af 52 c4 ef 93 17 ac Oct 31 15:24:35.608724: | 9c 96 f2 81 3f 18 8a 08 9d be b2 96 67 ee 5e c1 Oct 31 15:24:35.608726: | a5 64 e0 6a 96 a4 65 e5 23 d0 a6 ea d3 42 3c e5 Oct 31 15:24:35.608728: | 2c 93 9c bd 2a e6 1c 6c a1 80 1f 9b ae e9 e8 c5 Oct 31 15:24:35.608730: | 05 18 1c 69 2e a1 c7 c3 5d b5 b6 3c 5a 76 2c 71 Oct 31 15:24:35.608733: | a0 98 63 b4 41 89 44 61 ff a6 08 2e cb 7b 36 93 Oct 31 15:24:35.608735: | bb d1 f6 c7 ba 39 c7 b7 f3 ac 82 49 ac 93 fa 7d Oct 31 15:24:35.608737: | c6 2c 45 19 55 09 7e e7 7a 47 85 58 05 fc 57 f6 Oct 31 15:24:35.608739: | 99 b1 ac d9 af b2 99 42 59 02 47 00 3f b4 78 d9 Oct 31 15:24:35.608741: | 4b c1 07 04 75 9a 8e c3 82 5b 0d b1 ab 97 c5 d3 Oct 31 15:24:35.608742: | 53 4d 6e 64 a3 23 dd 05 cb 37 41 9b 37 41 76 b2 Oct 31 15:24:35.608745: | e9 72 dd b6 17 d9 f5 d0 70 6b 19 9b ee 0d 19 3f Oct 31 15:24:35.608747: | a8 f0 a7 ec 27 9b 6f 91 20 60 15 34 da da 7c ea Oct 31 15:24:35.608749: | d1 fa 9e 20 57 84 c2 ec fc 14 9d Oct 31 15:24:35.608769: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.608773: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608775: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.608777: | 00 03 00 05 8d e3 ed 8d 4a a2 17 8b 8a 1b 85 44 Oct 31 15:24:35.608779: | d5 bd f8 92 65 ab 6a f7 35 5a 04 91 3b 3e f9 17 Oct 31 15:24:35.608781: | d3 a3 0d 31 b4 9e c6 ab 31 32 0f 2c 1b 62 ee d6 Oct 31 15:24:35.608783: | 83 8c 02 40 72 6c 67 49 b7 c0 4f 94 1d 2d 90 33 Oct 31 15:24:35.608785: | 58 49 37 1d 44 1e d8 79 94 34 74 8e 5f f6 92 f0 Oct 31 15:24:35.608788: | d3 05 c0 e7 91 93 38 8c 14 bc 0d f7 63 db e2 1d Oct 31 15:24:35.608790: | a1 d9 db 18 09 25 98 29 ca cc 7d 1c d8 25 3d bd Oct 31 15:24:35.608792: | 45 2e 28 df 18 a9 11 e7 fe e3 30 3f a8 ac a0 ed Oct 31 15:24:35.608794: | 08 9f 2f ef 02 66 83 26 3f 8b 8c e9 e8 12 31 0e Oct 31 15:24:35.608796: | 83 4b 49 39 91 a8 e4 28 98 c8 d8 18 0d 22 91 6b Oct 31 15:24:35.608798: | 70 1f 6d f3 1a 94 fe ab ea cd f0 0d b1 1e dc 90 Oct 31 15:24:35.608803: | 88 2c 2f 3b 58 3c dc 26 f2 e3 97 27 96 a3 b8 2b Oct 31 15:24:35.608805: | 00 c6 78 48 07 b7 ca f5 42 53 52 0b 62 ca de 39 Oct 31 15:24:35.608807: | fc a2 55 75 3d 49 07 61 e0 1d 94 22 6a 98 ae fb Oct 31 15:24:35.608809: | 13 bf fc 1e 03 c0 98 88 1f 70 49 26 99 f3 cf 38 Oct 31 15:24:35.608811: | 30 d1 16 c9 36 0c 32 7b ba 0b 53 88 de af da ae Oct 31 15:24:35.608813: | 24 35 8d 66 2a db a8 7f 55 69 0d f2 56 67 fb 71 Oct 31 15:24:35.608815: | ee 6d 62 ff c3 88 ae d6 3e c0 70 2e 2c 1e cc 1c Oct 31 15:24:35.608817: | ec f6 22 76 52 e7 f8 4e 74 57 83 9d be 84 35 73 Oct 31 15:24:35.608819: | 7f 2e 1a ad 1f cc 66 68 a4 1e f7 ed c3 1b 44 b2 Oct 31 15:24:35.608821: | ee ac b7 d4 04 8c 7e e8 bb 49 92 8e a7 16 13 c4 Oct 31 15:24:35.608823: | 2d 14 20 df 7a 20 9f 30 f4 de eb aa fb 03 20 38 Oct 31 15:24:35.608825: | 43 c4 48 13 2d e3 65 0e 3e 96 d9 e0 73 88 b8 ab Oct 31 15:24:35.608827: | 63 9c 59 42 b4 00 73 25 f6 f8 7c 7f 31 b9 fb 04 Oct 31 15:24:35.608829: | 73 a9 0b a8 c6 37 01 19 ee 74 14 c0 d1 08 56 35 Oct 31 15:24:35.608831: | 8c 08 52 95 83 3d 06 74 a4 b9 ad 0a 59 51 f2 1e Oct 31 15:24:35.608834: | 60 43 a2 72 23 60 dd 3e 38 5a 30 0b 53 c0 25 d8 Oct 31 15:24:35.608836: | 8f 86 5e 7f 5d 99 59 2d 64 30 00 01 e5 f3 d8 8f Oct 31 15:24:35.608838: | 4d b5 31 53 fb 69 4a 96 8d 54 cb 91 16 f1 28 3c Oct 31 15:24:35.608840: | 4f d2 ce af c1 3c f7 72 11 3e ab 1d 82 23 5b ac Oct 31 15:24:35.608843: | f0 52 af 05 23 44 0c b3 f6 7d 90 df f9 bb 6e 38 Oct 31 15:24:35.608845: | d4 60 e0 b4 46 ab 86 91 71 3f d2 Oct 31 15:24:35.608862: | sending 539 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.608866: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608868: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.608871: | 00 04 00 05 a1 7d bf db e1 0a c5 5f ae 59 eb ac Oct 31 15:24:35.608873: | 3b 90 fd 5d 97 2a 11 f1 91 3d 33 f8 9d 54 79 bf Oct 31 15:24:35.608875: | be 4d b7 0d 85 21 ec a4 5e 50 82 5a 65 64 2a 5a Oct 31 15:24:35.608877: | f9 70 29 bd 25 9a f4 b6 2b 83 0b 04 61 ca 28 24 Oct 31 15:24:35.608879: | 12 d6 24 94 5b 24 32 cd 1e af 0d 90 f2 b5 93 08 Oct 31 15:24:35.608881: | ef fd 64 c0 10 5d 29 f7 4d 32 ef f1 69 a5 e3 96 Oct 31 15:24:35.608883: | 45 17 95 f0 9e b8 f9 70 49 b9 29 c3 8f 6f 5b 25 Oct 31 15:24:35.608885: | ff b1 3c 7f e0 9d 20 2a 16 01 5e 26 fd 7b 83 8a Oct 31 15:24:35.608887: | 15 bb 16 62 1c 12 8a b4 54 fe 8f bc 40 34 4b 95 Oct 31 15:24:35.608890: | 05 55 2c 91 77 8c 77 8e f0 b8 10 e7 76 88 d3 54 Oct 31 15:24:35.608892: | 00 a6 f0 fc 03 9d 0a ac a3 64 14 5c ea 03 11 b9 Oct 31 15:24:35.608894: | 0e 9f 69 83 5f 90 4a a8 31 3c 87 37 ba 80 15 a8 Oct 31 15:24:35.608896: | 42 b4 39 d4 ed 2e 21 63 2f b6 03 33 ae 6d 7f 47 Oct 31 15:24:35.608899: | 04 a3 5b ec 35 1b da c2 95 20 e4 b8 92 be 85 b1 Oct 31 15:24:35.608904: | b7 59 dc bf 62 fc 7e ee e7 6d 16 19 83 b4 a4 d9 Oct 31 15:24:35.608906: | 89 1e 83 97 0f 2f fc ce 71 0a 29 bc e2 84 e7 7c Oct 31 15:24:35.608908: | 40 d7 53 42 f2 21 41 e3 43 82 da 02 40 e0 54 b4 Oct 31 15:24:35.608911: | 82 06 fc 29 6e f8 5c 4f 20 ef 54 5a be cd e6 37 Oct 31 15:24:35.608913: | 4a 14 43 fd 4f a0 b8 8b f6 58 ce 5a 3c 89 a7 e3 Oct 31 15:24:35.608915: | 27 24 77 fb 09 3c 28 94 e9 ce 1a 79 8a ac 5c c9 Oct 31 15:24:35.608917: | 17 93 17 62 28 7b d8 92 c7 36 d4 fa 9a bf 01 47 Oct 31 15:24:35.608919: | 25 65 e1 af c7 36 db 70 a9 ec dc 09 36 f8 7e ca Oct 31 15:24:35.608922: | c1 38 65 c6 73 d0 8d 20 38 6a fd 5d dc ae 2e c9 Oct 31 15:24:35.608924: | aa ca a3 d6 46 58 ad e9 fd 78 47 b3 88 6b e9 a6 Oct 31 15:24:35.608926: | 73 db 39 13 82 59 80 8a d3 db 58 0c 1f 5d c5 46 Oct 31 15:24:35.608928: | 94 4d bc 41 6e eb 6c d0 9c 27 80 4a 88 2e 87 f8 Oct 31 15:24:35.608931: | b2 eb 44 9d 0a 9a a9 8d 6f 90 36 cb 3b f7 2c 87 Oct 31 15:24:35.608936: | b4 cc e3 93 3e 6d bd 22 be ea 98 97 9a 90 a0 d1 Oct 31 15:24:35.608938: | 5a 86 8b 06 5a 53 92 66 4d 71 f0 ae 43 be d9 a7 Oct 31 15:24:35.608941: | ae 7a 5c 64 bb 22 16 88 5b 16 55 eb 93 27 40 78 Oct 31 15:24:35.608943: | 90 9c 4f 97 cd 20 15 15 ff 70 b9 e0 f3 ec 23 2b Oct 31 15:24:35.608945: | 02 17 99 89 61 af 2b 79 3f a2 8f Oct 31 15:24:35.608969: | sending 278 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.608974: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608977: | 35 20 23 20 00 00 00 01 00 00 01 16 00 00 00 fa Oct 31 15:24:35.608979: | 00 05 00 05 e5 cd d6 f8 3e a0 18 37 62 26 5f 13 Oct 31 15:24:35.608982: | f7 50 19 87 62 ec 36 9c fd 66 d8 2b 22 cc a9 66 Oct 31 15:24:35.608984: | ba 99 7c a8 ba e0 7b 95 77 6c 9c b7 1e ee 09 e0 Oct 31 15:24:35.608987: | 9f 03 34 34 ac 71 58 d2 f3 7d 36 48 0d 49 a0 05 Oct 31 15:24:35.608989: | c5 5c 20 aa f4 87 bc 26 6c fa 59 c6 51 cf ab ce Oct 31 15:24:35.608991: | 5c 3a 17 e4 4a 33 c2 ad a8 2a ec 7d 48 c0 ef ef Oct 31 15:24:35.608994: | b2 f5 69 69 e1 fc 1b ce e0 96 d5 ea 0f c7 a4 38 Oct 31 15:24:35.608996: | d3 0e f2 a7 17 95 c6 45 a0 05 12 0b d3 c8 3b 79 Oct 31 15:24:35.608999: | 55 f7 fa 4e c5 aa f4 b3 98 4c ce fd 75 f7 83 85 Oct 31 15:24:35.609001: | c1 86 9e 11 3c f5 10 38 c7 c5 36 32 a0 0e e8 93 Oct 31 15:24:35.609003: | be bd a5 b6 26 de 38 6a 4a d6 b8 7c fb f1 00 c1 Oct 31 15:24:35.609005: | 80 db 10 9c d4 be 54 e8 3d 60 7e cd 7b 9f 94 fb Oct 31 15:24:35.609008: | 5f bf 0a 7c 42 93 37 db 56 04 c6 d5 cd 63 4f e5 Oct 31 15:24:35.609010: | 7b 39 fc 1e da d8 5f 5b 5b fd 4a 9b 9c 6f 3f 47 Oct 31 15:24:35.609013: | 0f f4 6f b2 dc 3e e6 24 9e 4c 0a ca c3 e4 4a da Oct 31 15:24:35.609015: | 25 90 73 01 c3 01 Oct 31 15:24:35.609032: | sent 5 messages Oct 31 15:24:35.609038: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:35.609040: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.609043: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.609046: | unpending #2's IKE SA #1 Oct 31 15:24:35.609049: | unpending state #1 connection "northnet-eastnets/0x1" Oct 31 15:24:35.609052: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:35.609054: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.609057: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.609061: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:35.609064: | state #2 has no .st_event to delete Oct 31 15:24:35.609068: | event_schedule: newref EVENT_SA_REKEY-pe@0x55ca4894f008 Oct 31 15:24:35.609071: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Oct 31 15:24:35.609075: | libevent_malloc: newref ptr-libevent@0x55ca48962538 size 128 Oct 31 15:24:35.609085: | delref mdp@0x55ca4895a908(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.609092: | delref logger@0x55ca48938d18(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.609095: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.609098: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.609107: | #1 spent 4.89 (110) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.609112: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.609117: | libevent_free: delref ptr-libevent@0x7efd88000da8 Oct 31 15:24:35.609128: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.609136: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.609144: | spent 0.00919 (0.00921) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.609147: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.609151: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.609158: | spent 0.0058 (0.0058) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.609160: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.609165: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.609169: | spent 0.00431 (0.0043) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.729788: | spent 0.00279 (0.00274) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.729809: | newref struct msg_digest@0x55ca4895a908(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.729814: | newref alloc logger@0x55ca4896d5a8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.729822: | *received 601 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:35.729825: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.729827: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Oct 31 15:24:35.729830: | cb f2 d1 29 e5 5a e8 57 70 32 82 32 84 b1 7e 40 Oct 31 15:24:35.729832: | d9 10 4e 35 5b 69 bf b7 42 b9 b8 1f 59 ad f6 46 Oct 31 15:24:35.729834: | b5 2b a1 fc 8e b7 7e ec 34 b3 a3 39 02 ec c2 5f Oct 31 15:24:35.729837: | 6d 6a d1 59 6a 18 e2 0a 34 61 e1 f9 00 e0 3d 3d Oct 31 15:24:35.729839: | f4 dd b1 f9 71 65 e1 10 f2 78 e6 e5 48 1f d3 19 Oct 31 15:24:35.729842: | fc 75 b8 e0 cd 7e 81 96 c4 92 c3 a2 e6 00 13 2b Oct 31 15:24:35.729844: | 40 56 ba e7 a1 e8 9b 45 65 92 d2 54 07 d0 8a 1d Oct 31 15:24:35.729846: | 5e d3 0a bd 3d 57 25 94 a9 94 c2 60 20 99 cf 95 Oct 31 15:24:35.729849: | e7 88 40 25 36 a6 2a 3e 52 cc 01 c0 8c 3a bd 7b Oct 31 15:24:35.729851: | 9b f0 94 74 22 09 1b 9c 77 2b 2b 96 98 ab 20 70 Oct 31 15:24:35.729854: | 81 d4 03 f4 a2 dd 8e c7 ef 4d 53 f8 81 11 86 12 Oct 31 15:24:35.729856: | 39 d2 29 58 b4 e0 09 2f 8b dc 27 32 1a b6 29 7b Oct 31 15:24:35.729858: | fb 1e 3e 8d a8 01 85 5f 5b c6 f1 8e 86 c5 b0 f6 Oct 31 15:24:35.729861: | 1f 79 ef 0a d4 07 72 05 e5 8d d5 ba fe 4f 64 10 Oct 31 15:24:35.729863: | db 46 1a 88 2a 1b a2 c5 33 ae c5 c6 b5 43 45 9c Oct 31 15:24:35.729866: | 97 71 71 05 9c c5 5a d7 cb 36 21 1f 4e 75 93 4c Oct 31 15:24:35.729868: | c5 55 2c 10 96 f6 94 3a f6 4f d9 e5 b4 07 ec 4f Oct 31 15:24:35.729871: | 0f 58 55 d2 ec a9 62 68 df 1a c0 16 d6 20 c1 91 Oct 31 15:24:35.729873: | 3d e9 ae 2c c8 70 61 7d c3 ac 91 ba 1c 21 59 47 Oct 31 15:24:35.729875: | 65 0c d3 ae 43 6a 5f e3 50 b5 52 36 bb be 72 83 Oct 31 15:24:35.729878: | 23 d6 b8 11 79 7b 37 e1 eb 58 b1 40 1f cc 47 6a Oct 31 15:24:35.729880: | 4a 5a e7 d3 de f8 c6 ac 81 81 14 30 e8 ea 23 ba Oct 31 15:24:35.729883: | a9 0f 8f 01 59 de 74 52 e0 ee ca 51 3d d0 01 5a Oct 31 15:24:35.729885: | 1a b3 56 c6 42 25 a4 c6 de c4 6a 9b a2 05 8d 1a Oct 31 15:24:35.729887: | 42 5d 5d 82 39 ce ca 4e 44 7e 75 2e 57 03 71 1e Oct 31 15:24:35.729890: | 03 f0 d9 b0 05 a1 67 35 96 37 1e 19 5a f6 9c 0c Oct 31 15:24:35.729892: | c9 76 96 b2 0a e4 74 6e 37 ca be 3f cc 4e 3c 25 Oct 31 15:24:35.729895: | 17 5f 58 08 45 1c 71 0d 7e d5 14 54 03 48 1b fd Oct 31 15:24:35.729897: | 93 cc 49 9c 84 2f f7 f6 2f 51 1e f7 b8 02 ea 4b Oct 31 15:24:35.729899: | b7 c3 a1 42 7d 36 4c 14 32 43 e9 a4 75 b0 bf da Oct 31 15:24:35.729902: | ea a6 a3 d4 46 9b 7b 34 39 98 67 e3 1a 27 38 2f Oct 31 15:24:35.729904: | c2 34 35 26 27 45 b9 d9 c5 cf 89 a4 98 7e a2 0c Oct 31 15:24:35.729907: | 74 e5 27 ec f9 ea f2 bf d4 0e d2 13 57 bb 74 ba Oct 31 15:24:35.729909: | 66 54 d8 29 00 e3 41 7a 23 73 97 71 b1 67 c0 28 Oct 31 15:24:35.729911: | 24 2e 3d 8c 4b e1 2a 22 5e a0 4a 81 84 12 48 34 Oct 31 15:24:35.729914: | 91 3d cd e1 64 18 8d cd 58 Oct 31 15:24:35.729919: | **parse ISAKMP Message: Oct 31 15:24:35.729924: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.729929: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.729932: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:35.729935: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.729940: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:35.729943: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.729947: | Message ID: 2 (00 00 00 02) Oct 31 15:24:35.729951: | length: 601 (00 00 02 59) Oct 31 15:24:35.729954: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:24:35.729958: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:24:35.729964: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:35.729972: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.729976: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:24:35.729979: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:35.729982: | #1 is idle Oct 31 15:24:35.729990: | Message ID: IKE #1 not a duplicate - message request 2 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.041137 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.729995: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.729998: | unpacking clear payload Oct 31 15:24:35.730001: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:35.730004: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:35.730007: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.730010: | flags: none (0x0) Oct 31 15:24:35.730013: | length: 573 (02 3d) Oct 31 15:24:35.730016: | processing payload: ISAKMP_NEXT_v2SK (len=569) Oct 31 15:24:35.730019: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:35.730037: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:24:35.730040: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.730043: | **parse IKEv2 Security Association Payload: Oct 31 15:24:35.730046: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:35.730049: | flags: none (0x0) Oct 31 15:24:35.730052: | length: 196 (00 c4) Oct 31 15:24:35.730055: | processing payload: ISAKMP_NEXT_v2SA (len=192) Oct 31 15:24:35.730057: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.730060: | **parse IKEv2 Nonce Payload: Oct 31 15:24:35.730062: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:35.730065: | flags: none (0x0) Oct 31 15:24:35.730068: | length: 36 (00 24) Oct 31 15:24:35.730070: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:35.730073: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:35.730076: | **parse IKEv2 Key Exchange Payload: Oct 31 15:24:35.730078: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:35.730081: | flags: none (0x0) Oct 31 15:24:35.730084: | length: 264 (01 08) Oct 31 15:24:35.730087: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.730089: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:35.730092: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.730094: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.730097: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:35.730100: | flags: none (0x0) Oct 31 15:24:35.730103: | length: 24 (00 18) Oct 31 15:24:35.730106: | number of TS: 1 (01) Oct 31 15:24:35.730108: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:35.730111: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.730113: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.730116: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.730119: | flags: none (0x0) Oct 31 15:24:35.730122: | length: 24 (00 18) Oct 31 15:24:35.730125: | number of TS: 1 (01) Oct 31 15:24:35.730127: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:35.730131: | state #1 forced to match CREATE_CHILD_SA from STATE_V2_NEW_CHILD_R0->STATE_V2_ESTABLISHED_CHILD_SA by ignoring from state Oct 31 15:24:35.730135: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:24:35.730142: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:35.730147: | newref alloc logger@0x55ca4894e6f8(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.730150: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:35.730153: | creating state object #3 at 0x55ca48973808 Oct 31 15:24:35.730155: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:24:35.730161: | pstats #3 ikev2.child started Oct 31 15:24:35.730164: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Oct 31 15:24:35.730170: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:35.730180: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.041137 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:35.730183: | child state #3: UNDEFINED(ignore) => V2_NEW_CHILD_R0(established IKE SA) Oct 31 15:24:35.730194: | #3.st_v2_transition NULL -> V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA (in new_v2_child_state() at state.c:1666) Oct 31 15:24:35.730197: | "northnet-eastnets/0x2" #1 received Respond to CREATE_CHILD_SA IPsec SA Request CREATE_CHILD_SA Child "northnet-eastnets/0x2" #3 in STATE_V2_NEW_CHILD_R0 will process it further Oct 31 15:24:35.730219: | forcing ST #1 to CHILD #1.#3 in FSM processor Oct 31 15:24:35.730227: | Message ID: CHILD #1.#3 responder starting message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744550.041137 child.wip.initiator=-1 child.wip.responder=-1->2 Oct 31 15:24:35.730229: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:24:35.730235: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:24:35.730239: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Oct 31 15:24:35.730245: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:35.730252: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:35.730255: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:35.730259: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:35.730263: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.730268: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.730271: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.730276: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.730279: "northnet-eastnets/0x2": local ESP/AH proposals (CREATE_CHILD_SA responder matching remote ESP/AH proposals): Oct 31 15:24:35.730284: "northnet-eastnets/0x2": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:35.730288: "northnet-eastnets/0x2": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:35.730293: "northnet-eastnets/0x2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.730297: "northnet-eastnets/0x2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.730300: | comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 4 local proposals Oct 31 15:24:35.730304: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.730307: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:35.730310: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.730315: | local proposal 1 type DH has 1 transforms Oct 31 15:24:35.730317: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:35.730321: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:24:35.730324: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.730326: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:35.730329: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.730332: | local proposal 2 type DH has 1 transforms Oct 31 15:24:35.730334: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:35.730337: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:24:35.730340: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.730343: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:35.730345: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.730348: | local proposal 3 type DH has 1 transforms Oct 31 15:24:35.730350: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:35.730354: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:35.730356: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.730359: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:35.730361: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.730364: | local proposal 4 type DH has 1 transforms Oct 31 15:24:35.730367: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:35.730370: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:35.730373: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.730376: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.730380: | length: 40 (00 28) Oct 31 15:24:35.730383: | prop #: 1 (01) Oct 31 15:24:35.730385: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.730388: | spi size: 4 (04) Oct 31 15:24:35.730391: | # transforms: 3 (03) Oct 31 15:24:35.730395: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.730397: | remote SPI Oct 31 15:24:35.730400: | a1 2c 88 5a Oct 31 15:24:35.730403: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:35.730406: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730409: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730412: | length: 12 (00 0c) Oct 31 15:24:35.730414: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.730417: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.730420: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.730423: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.730426: | length/value: 256 (01 00) Oct 31 15:24:35.730431: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.730434: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730437: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730440: | length: 8 (00 08) Oct 31 15:24:35.730442: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.730445: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.730449: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:35.730452: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Oct 31 15:24:35.730455: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Oct 31 15:24:35.730458: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Oct 31 15:24:35.730461: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730464: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.730467: | length: 8 (00 08) Oct 31 15:24:35.730470: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.730472: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.730477: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:35.730481: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Oct 31 15:24:35.730484: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Oct 31 15:24:35.730487: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Oct 31 15:24:35.730492: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Oct 31 15:24:35.730497: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Oct 31 15:24:35.730499: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.730503: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.730505: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.730508: | length: 40 (00 28) Oct 31 15:24:35.730511: | prop #: 2 (02) Oct 31 15:24:35.730514: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.730517: | spi size: 4 (04) Oct 31 15:24:35.730520: | # transforms: 3 (03) Oct 31 15:24:35.730523: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.730526: | remote SPI Oct 31 15:24:35.730528: | a1 2c 88 5a Oct 31 15:24:35.730531: | Comparing remote proposal 2 containing 3 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.730534: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730536: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730539: | length: 12 (00 0c) Oct 31 15:24:35.730542: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.730544: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.730547: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.730550: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.730553: | length/value: 128 (00 80) Oct 31 15:24:35.730556: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730559: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730562: | length: 8 (00 08) Oct 31 15:24:35.730564: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.730567: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.730570: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730573: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.730576: | length: 8 (00 08) Oct 31 15:24:35.730578: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.730581: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.730585: | remote proposal 2 proposed transforms: ENCR+DH+ESN; matched: none; unmatched: ENCR+DH+ESN Oct 31 15:24:35.730588: | remote proposal 2 does not match; unmatched remote transforms: ENCR+DH+ESN Oct 31 15:24:35.730591: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.730593: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.730596: | length: 56 (00 38) Oct 31 15:24:35.730599: | prop #: 3 (03) Oct 31 15:24:35.730602: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.730605: | spi size: 4 (04) Oct 31 15:24:35.730608: | # transforms: 5 (05) Oct 31 15:24:35.730611: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.730613: | remote SPI Oct 31 15:24:35.730615: | a1 2c 88 5a Oct 31 15:24:35.730618: | Comparing remote proposal 3 containing 5 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.730621: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730623: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730626: | length: 12 (00 0c) Oct 31 15:24:35.730629: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.730632: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.730634: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.730637: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.730641: | length/value: 256 (01 00) Oct 31 15:24:35.730645: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730650: | length: 8 (00 08) Oct 31 15:24:35.730653: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.730655: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.730658: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730661: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730664: | length: 8 (00 08) Oct 31 15:24:35.730667: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.730669: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.730672: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730675: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730678: | length: 8 (00 08) Oct 31 15:24:35.730681: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.730683: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.730686: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730689: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.730692: | length: 8 (00 08) Oct 31 15:24:35.730694: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.730697: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.730701: | remote proposal 3 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Oct 31 15:24:35.730704: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Oct 31 15:24:35.730707: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.730710: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.730713: | length: 56 (00 38) Oct 31 15:24:35.730716: | prop #: 4 (04) Oct 31 15:24:35.730718: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.730721: | spi size: 4 (04) Oct 31 15:24:35.730724: | # transforms: 5 (05) Oct 31 15:24:35.730727: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.730730: | remote SPI Oct 31 15:24:35.730732: | a1 2c 88 5a Oct 31 15:24:35.730735: | Comparing remote proposal 4 containing 5 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:35.730738: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730740: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730743: | length: 12 (00 0c) Oct 31 15:24:35.730746: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.730748: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.730751: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.730753: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.730757: | length/value: 128 (00 80) Oct 31 15:24:35.730760: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730762: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730766: | length: 8 (00 08) Oct 31 15:24:35.730768: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.730771: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.730774: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730780: | length: 8 (00 08) Oct 31 15:24:35.730783: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.730785: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.730788: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730791: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.730794: | length: 8 (00 08) Oct 31 15:24:35.730796: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.730799: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.730802: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.730804: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.730809: | length: 8 (00 08) Oct 31 15:24:35.730811: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.730814: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.730818: | remote proposal 4 proposed transforms: ENCR+INTEG+DH+ESN; matched: none; unmatched: ENCR+INTEG+DH+ESN Oct 31 15:24:35.730821: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+DH+ESN Oct 31 15:24:35.730828: "northnet-eastnets/0x2" #3: proposal 1:ESP=AES_GCM_C_256-MODP2048-DISABLED SPI=a12c885a chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;DH=MODP2048;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;ESN=DISABLED Oct 31 15:24:35.730834: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_GCM_C_256-MODP2048-DISABLED SPI=a12c885a Oct 31 15:24:35.730837: | converting proposal to internal trans attrs Oct 31 15:24:35.730842: | updating #3's .st_oakley with preserved PRF, but why update? Oct 31 15:24:35.730846: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:35.730849: | TSi: parsing 1 traffic selectors Oct 31 15:24:35.730852: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.730854: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.730857: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.730860: | length: 16 (00 10) Oct 31 15:24:35.730864: | start port: 0 (00 00) Oct 31 15:24:35.730867: | end port: 65535 (ff ff) Oct 31 15:24:35.730870: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.730872: | TS low Oct 31 15:24:35.730875: | c0 00 03 00 Oct 31 15:24:35.730878: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.730880: | TS high Oct 31 15:24:35.730883: | c0 00 03 ff Oct 31 15:24:35.730885: | TSi: parsed 1 traffic selectors Oct 31 15:24:35.730888: | TSr: parsing 1 traffic selectors Oct 31 15:24:35.730891: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.730893: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.730896: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.730899: | length: 16 (00 10) Oct 31 15:24:35.730902: | start port: 0 (00 00) Oct 31 15:24:35.730905: | end port: 65535 (ff ff) Oct 31 15:24:35.730908: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.730910: | TS low Oct 31 15:24:35.730913: | c0 00 16 00 Oct 31 15:24:35.730915: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.730918: | TS high Oct 31 15:24:35.730920: | c0 00 16 ff Oct 31 15:24:35.730923: | TSr: parsed 1 traffic selectors Oct 31 15:24:35.730925: | looking for best SPD in current connection Oct 31 15:24:35.730933: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.730939: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.730948: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.730952: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.730955: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.730958: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.730961: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.730966: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.730973: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:24:35.730977: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.730979: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.730982: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.730985: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.730989: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.730992: | found better spd route for TSi[0],TSr[0] Oct 31 15:24:35.730994: | looking for better host pair Oct 31 15:24:35.731001: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:35.731007: | checking hostpair 192.0.22.0/24:0 -> 192.0.3.0/24:0 is found Oct 31 15:24:35.731010: | investigating connection "northnet-eastnets/0x2" as a better match Oct 31 15:24:35.731024: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.731033: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.731035: | results matched Oct 31 15:24:35.731049: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.731061: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.731068: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.731073: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.731081: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.731084: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.731086: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.731089: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.731092: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.731097: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.731104: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:24:35.731107: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.731110: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.731113: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.731116: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.731118: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.731121: | investigating connection "northnet-eastnets/0x1" as a better match Oct 31 15:24:35.731131: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.731139: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Oct 31 15:24:35.731142: | results matched Oct 31 15:24:35.731154: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.731167: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.731173: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:35.731178: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.731185: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.731188: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.731191: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.731194: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.731197: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.731215: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.731224: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Oct 31 15:24:35.731227: | did not find a better connection using host pair Oct 31 15:24:35.731230: | printing contents struct traffic_selector Oct 31 15:24:35.731233: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.731235: | ipprotoid: 0 Oct 31 15:24:35.731238: | port range: 0-65535 Oct 31 15:24:35.731243: | ip range: 192.0.22.0-192.0.22.255 Oct 31 15:24:35.731245: | printing contents struct traffic_selector Oct 31 15:24:35.731247: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.731250: | ipprotoid: 0 Oct 31 15:24:35.731252: | port range: 0-65535 Oct 31 15:24:35.731257: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:35.731263: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.731266: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.731269: | newref clone logger@0x55ca489474c8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.731272: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): adding job to queue Oct 31 15:24:35.731275: | state #3 has no .st_event to delete Oct 31 15:24:35.731278: | #3 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:24:35.731282: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55ca48938d18 Oct 31 15:24:35.731285: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:24:35.731289: | libevent_malloc: newref ptr-libevent@0x7efd98006108 size 128 Oct 31 15:24:35.731293: | libevent_realloc: delref ptr-libevent@0x55ca48907488 Oct 31 15:24:35.731295: | libevent_realloc: newref ptr-libevent@0x55ca4895e278 size 128 Oct 31 15:24:35.731309: | #3 spent 1.06 (1.07) milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in v2_dispatch() Oct 31 15:24:35.731315: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.731320: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.731320: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): helper 7 starting job Oct 31 15:24:35.733098: | "northnet-eastnets/0x2" #3: spent 1.77 (1.78) milliseconds in helper 7 processing job 5 for state #3: Child Responder KE and nonce nr (pcr) Oct 31 15:24:35.733110: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): helper thread 7 sending result back to state Oct 31 15:24:35.733113: | scheduling resume sending helper answer back to state for #3 Oct 31 15:24:35.733116: | libevent_malloc: newref ptr-libevent@0x7efd8c006108 size 128 Oct 31 15:24:35.733121: | helper thread 7 has nothing to do Oct 31 15:24:35.731329: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:24:35.733130: | suspending state #3 and saving MD 0x55ca4895a908 Oct 31 15:24:35.733133: | addref md@0x55ca4895a908(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.733138: | #3 is busy; has suspended MD 0x55ca4895a908 Oct 31 15:24:35.733147: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.733155: | #1 spent 1.55 (3.37) milliseconds in ikev2_process_packet() Oct 31 15:24:35.733158: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.733161: | delref mdp@0x55ca4895a908(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.733165: | spent 1.56 (3.39) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.733176: | processing resume sending helper answer back to state for #3 Oct 31 15:24:35.733182: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.733186: | unsuspending #3 MD 0x55ca4895a908 Oct 31 15:24:35.733190: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): processing response from helper 7 Oct 31 15:24:35.733196: | job 5 for #3: Child Responder KE and nonce nr (build KE and nonce): calling continuation function 0x55ca48509fe7 Oct 31 15:24:35.733203: | ikev2_child_inIoutR_continue() for #3 STATE_V2_NEW_CHILD_R0 Oct 31 15:24:35.733209: | DH secret MODP2048@0x7efd8c006ba8: transferring ownership from helper KE to state #3 Oct 31 15:24:35.733214: | DH secret MODP2048@0x7efd8c006ba8: transferring ownership from state #3 to helper DH Oct 31 15:24:35.733219: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.733221: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:35.733227: | newref clone logger@0x55ca48907488(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.733231: | job 6 for #3: DHv2 for child sa (dh): adding job to queue Oct 31 15:24:35.733234: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.733238: | libevent_free: delref ptr-libevent@0x7efd98006108 Oct 31 15:24:35.733242: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55ca48938d18 Oct 31 15:24:35.733245: | #3 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:24:35.733249: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55ca4892ce98 Oct 31 15:24:35.733252: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:24:35.733254: | libevent_malloc: newref ptr-libevent@0x7efd98006108 size 128 Oct 31 15:24:35.733265: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.733270: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:24:35.733273: | suspending state #3 and saving MD 0x55ca4895a908 Oct 31 15:24:35.733276: | addref md@0x55ca4895a908(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.733279: | #3 is busy; has suspended MD 0x55ca4895a908 Oct 31 15:24:35.733282: | delref logger@0x55ca489474c8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.733285: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.733287: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.733291: | resume sending helper answer back to state for #3 suppresed complete_v2_state_transition() Oct 31 15:24:35.733294: | delref mdp@0x55ca4895a908(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:35.733300: | #3 spent 0.109 (0.112) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.733305: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.733308: | libevent_free: delref ptr-libevent@0x7efd8c006108 Oct 31 15:24:35.733326: | job 6 for #3: DHv2 for child sa (dh): helper 5 starting job Oct 31 15:24:35.733949: | "northnet-eastnets/0x2" #3: spent 0.622 (0.622) milliseconds in helper 5 processing job 6 for state #3: DHv2 for child sa (dh) Oct 31 15:24:35.733955: | job 6 for #3: DHv2 for child sa (dh): helper thread 5 sending result back to state Oct 31 15:24:35.733959: | scheduling resume sending helper answer back to state for #3 Oct 31 15:24:35.733963: | libevent_malloc: newref ptr-libevent@0x7efd80001fb8 size 128 Oct 31 15:24:35.733970: | helper thread 5 has nothing to do Oct 31 15:24:35.733980: | processing resume sending helper answer back to state for #3 Oct 31 15:24:35.733985: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.733987: | unsuspending #3 MD 0x55ca4895a908 Oct 31 15:24:35.733989: | job 6 for #3: DHv2 for child sa (dh): processing response from helper 5 Oct 31 15:24:35.733991: | job 6 for #3: DHv2 for child sa (dh): calling continuation function 0x55ca4850b7cb Oct 31 15:24:35.733992: | DH secret MODP2048@0x7efd8c006ba8: transferring ownership from helper IKEv2 DH to state #3 Oct 31 15:24:35.733995: | ikev2_child_inIoutR_continue_continue() for #3 STATE_V2_NEW_CHILD_R0 Oct 31 15:24:35.733999: | opening output PBS reply packet Oct 31 15:24:35.734004: | **emit ISAKMP Message: Oct 31 15:24:35.734007: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.734009: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.734011: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.734013: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.734015: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:35.734017: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.734019: | Message ID: 2 (00 00 00 02) Oct 31 15:24:35.734022: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.734024: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:35.734025: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.734027: | flags: none (0x0) Oct 31 15:24:35.734029: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:35.734031: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.734034: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:35.734063: | netlink_get_spi: allocated 0x684bdb8 for esp.0@192.1.2.23 Oct 31 15:24:35.734067: | emitting ikev2_proposal ... Oct 31 15:24:35.734071: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:35.734074: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.734076: | flags: none (0x0) Oct 31 15:24:35.734079: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.734082: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.734087: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.734089: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.734092: | prop #: 1 (01) Oct 31 15:24:35.734094: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.734096: | spi size: 4 (04) Oct 31 15:24:35.734097: | # transforms: 3 (03) Oct 31 15:24:35.734099: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.734101: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.734103: | our spi: 06 84 bd b8 Oct 31 15:24:35.734105: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.734107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.734108: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.734110: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.734111: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.734113: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.734115: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.734117: | length/value: 256 (01 00) Oct 31 15:24:35.734119: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.734120: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.734122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.734123: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.734124: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.734126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.734128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.734130: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.734131: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.734133: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.734136: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.734138: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.734139: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.734141: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.734142: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.734144: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:35.734145: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.734147: | emitting length of IKEv2 Security Association Payload: 44 Oct 31 15:24:35.734148: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.734150: | ****emit IKEv2 Nonce Payload: Oct 31 15:24:35.734151: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.734152: | flags: none (0x0) Oct 31 15:24:35.734154: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.734156: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.734158: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:35.734159: | IKEv2 nonce: Oct 31 15:24:35.734161: | a9 1d 3f 9f da 07 da 72 da 84 fe e8 0b ea b3 cc Oct 31 15:24:35.734162: | 3b ca 0f 21 eb ab 13 f6 df e9 f3 43 69 6e e2 1f Oct 31 15:24:35.734164: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:35.734166: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:24:35.734168: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.734170: | flags: none (0x0) Oct 31 15:24:35.734175: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.734179: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:35.734181: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.734184: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:35.734187: | ikev2 g^x: Oct 31 15:24:35.734189: | 85 fe 24 cc 11 51 ce c0 f2 24 38 99 0f c1 bb 06 Oct 31 15:24:35.734192: | e6 55 1d ad e0 f4 ec f0 4e a4 71 39 ba 2c 5e 5f Oct 31 15:24:35.734194: | ff cf c8 c6 3f be 2a ca 05 25 50 7a 2e fe 29 b4 Oct 31 15:24:35.734196: | 65 a1 08 d5 81 eb 9e 39 69 5c 3f eb bb 98 2c e2 Oct 31 15:24:35.734214: | 72 06 f6 ec 2f e2 ff 41 99 2d a4 f9 e0 ff ae a5 Oct 31 15:24:35.734220: | 15 e6 90 f7 a0 78 0e b4 b8 ee 2c 6c 87 00 20 99 Oct 31 15:24:35.734223: | 69 49 59 99 06 26 48 57 0f ff 50 ae be 91 14 0e Oct 31 15:24:35.734226: | 0c 5b 61 93 e5 62 3d fc 8e 11 73 c3 fc 15 78 3e Oct 31 15:24:35.734228: | 05 9c 4c fd 6d 4f b7 00 5c b0 57 4f 19 8b b7 4b Oct 31 15:24:35.734229: | c1 89 f5 20 8d cc d6 43 29 48 ee 19 c6 7b a4 43 Oct 31 15:24:35.734230: | f2 da 4f 1f 7b e4 d6 c0 6a 77 ed b3 a3 2a 1f 4f Oct 31 15:24:35.734232: | 06 d3 2c b8 9d ab 24 37 7c d7 d4 2e b0 18 06 2d Oct 31 15:24:35.734233: | ad 98 be 6a 83 b1 b5 61 f1 01 3c 1f b9 fd 6a bc Oct 31 15:24:35.734234: | 20 17 be b5 8e d3 13 40 5a 0f 16 12 56 04 91 b0 Oct 31 15:24:35.734238: | 5c 05 d6 39 34 f2 d2 d2 ed ca 08 69 15 24 5c 7f Oct 31 15:24:35.734242: | cc f9 2f 70 b4 96 c5 15 ee d9 2d fe 37 bc 49 ae Oct 31 15:24:35.734245: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:35.734248: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.734251: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.734254: | flags: none (0x0) Oct 31 15:24:35.734259: | number of TS: 1 (01) Oct 31 15:24:35.734263: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.734265: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.734269: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.734271: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.734274: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.734277: | start port: 0 (00 00) Oct 31 15:24:35.734280: | end port: 65535 (ff ff) Oct 31 15:24:35.734284: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.734288: | IP start: c0 00 03 00 Oct 31 15:24:35.734291: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.734294: | IP end: c0 00 03 ff Oct 31 15:24:35.734296: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.734298: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:35.734300: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.734302: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.734303: | flags: none (0x0) Oct 31 15:24:35.734305: | number of TS: 1 (01) Oct 31 15:24:35.734307: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.734308: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.734310: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.734311: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.734313: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.734315: | start port: 0 (00 00) Oct 31 15:24:35.734317: | end port: 65535 (ff ff) Oct 31 15:24:35.734318: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.734320: | IP start: c0 00 16 00 Oct 31 15:24:35.734322: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.734324: | IP end: c0 00 16 ff Oct 31 15:24:35.734325: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.734327: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:35.734328: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:35.734331: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:35.734383: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:24:35.734386: | could_route called for northnet-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:35.734388: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.734390: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.734391: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.734393: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.734395: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.734398: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Oct 31 15:24:35.734401: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.734403: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.734405: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.734406: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.734412: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.734416: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Oct 31 15:24:35.734420: | netlink: enabling tunnel mode Oct 31 15:24:35.734422: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:35.734424: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.734430: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.734494: | netlink response for Add SA esp.a12c885a@192.1.3.33 included non-error error Oct 31 15:24:35.734500: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:35.734503: | set up outgoing SA, ref=0/0 Oct 31 15:24:35.734507: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.734510: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.734513: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.734515: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.734518: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.734519: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Oct 31 15:24:35.734521: | netlink: enabling tunnel mode Oct 31 15:24:35.734523: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:35.734524: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.734526: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.734556: | netlink response for Add SA esp.684bdb8@192.1.2.23 included non-error error Oct 31 15:24:35.734563: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:35.734566: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:35.734569: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:35.734571: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:35.734573: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:35.734576: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:35.734585: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:35.734589: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.734642: | raw_eroute result=success Oct 31 15:24:35.734648: | set up incoming SA, ref=0/0 Oct 31 15:24:35.734651: | sr for #3: unrouted Oct 31 15:24:35.734654: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:35.734658: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.734661: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.734664: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.734667: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.734670: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.734675: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Oct 31 15:24:35.734681: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x55ca48946db8} and state: #3 Oct 31 15:24:35.734684: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:35.734693: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:35.734696: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.734722: | raw_eroute result=success Oct 31 15:24:35.734726: | running updown command "ipsec _updown" for verb up Oct 31 15:24:35.734732: | command executing up-client Oct 31 15:24:35.734738: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:35.734750: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:35.734790: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.734805: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.734830: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK... Oct 31 15:24:35.734837: | popen cmd is 1503 chars long Oct 31 15:24:35.734840: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Oct 31 15:24:35.734843: | cmd( 80):x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:35.734845: | cmd( 160):O_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=: Oct 31 15:24:35.734846: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-: Oct 31 15:24:35.734848: | cmd( 320):east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET=: Oct 31 15:24:35.734849: | cmd( 400):'192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO: Oct 31 15:24:35.734851: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLU: Oct 31 15:24:35.734852: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nor: Oct 31 15:24:35.734853: | cmd( 640):th.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT=: Oct 31 15:24:35.734855: | cmd( 720):'192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255: Oct 31 15:24:35.734856: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Onta: Oct 31 15:24:35.734857: | cmd( 880):rio, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca: Oct 31 15:24:35.734859: | cmd( 960):, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_C: Oct 31 15:24:35.734860: | cmd(1040):ONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RS: Oct 31 15:24:35.734861: | cmd(1120):ASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAI: Oct 31 15:24:35.734863: | cmd(1200):LED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' P: Oct 31 15:24:35.734864: | cmd(1280):LUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE: Oct 31 15:24:35.734865: | cmd(1360):D='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA: Oct 31 15:24:35.734867: | cmd(1440):RED='no' SPI_IN=0xa12c885a SPI_OUT=0x684bdb8 ipsec _updown 2>&1: Oct 31 15:24:35.754271: | route_and_eroute: firewall_notified: true Oct 31 15:24:35.754290: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55ca48952a28,sr=0x55ca48952a28} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:35.754557: | ISAKMP_v2_CREATE_CHILD_SA: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Oct 31 15:24:35.754567: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.754572: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:35.754576: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:35.754578: | emitting length of IKEv2 Encryption Payload: 421 Oct 31 15:24:35.754581: | emitting length of ISAKMP Message: 449 Oct 31 15:24:35.754612: "northnet-eastnets/0x2" #3: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:35.754625: | delref logger@0x55ca48907488(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.754629: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.754632: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.754641: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.754648: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_OK Oct 31 15:24:35.754652: | transitioning from state STATE_V2_NEW_CHILD_R0 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:35.754654: | Message ID: updating counters for #3 Oct 31 15:24:35.754663: | Message ID: CHILD #1.#3 updating responder received message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=1 ike.responder.recv=1->2 ike.responder.last_contact=744550.041137->744550.187453 child.wip.initiator=-1 child.wip.responder=2->-1 Oct 31 15:24:35.754670: | Message ID: CHILD #1.#3 updating responder sent message response 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=1->2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.754676: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.754680: | child state #3: V2_NEW_CHILD_R0(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:35.754684: | pstats #3 ikev2.child established Oct 31 15:24:35.754687: | announcing the state transition Oct 31 15:24:35.754696: "northnet-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:35.754704: | NAT-T: encaps is 'auto' Oct 31 15:24:35.754711: "northnet-eastnets/0x2" #3: IPsec SA established tunnel mode {ESP=>0xa12c885a <0x0684bdb8 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Oct 31 15:24:35.754719: | sending 449 bytes for STATE_V2_NEW_CHILD_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:35.754722: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.754725: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Oct 31 15:24:35.754727: | 4a 32 58 f3 f3 47 1f 00 9d 97 ee 75 b5 97 aa a0 Oct 31 15:24:35.754730: | a2 2b 9d d6 1e 8a 2b 21 28 22 7a 1c 98 ee 56 a1 Oct 31 15:24:35.754732: | 8c 0f cc 22 9b 1b 46 d0 bb 68 85 9c d0 06 1f d1 Oct 31 15:24:35.754735: | d7 ae 01 72 72 08 0b 43 84 54 d4 f5 94 38 02 77 Oct 31 15:24:35.754737: | 6f fd e3 83 3a 32 0b 6c 96 34 75 2d 2f c5 4a 48 Oct 31 15:24:35.754739: | 47 ea 13 33 ed 22 58 bf d3 49 e4 bf b3 43 c7 8b Oct 31 15:24:35.754742: | d4 9b a0 00 5a c5 44 b9 9f 13 6f e4 47 83 67 28 Oct 31 15:24:35.754746: | 9b a1 37 cf f9 8f bf 9a 46 e5 c5 26 39 8f 5c e3 Oct 31 15:24:35.754750: | b3 0b c8 de cb 87 b4 f2 91 4b 2d 30 92 39 ba 5f Oct 31 15:24:35.754752: | e0 c1 0b 85 74 e2 31 1e 63 3d 01 9f 9a 13 87 f3 Oct 31 15:24:35.754754: | 93 ea 43 10 f6 d5 ce c7 71 07 77 b5 71 f4 aa d1 Oct 31 15:24:35.754756: | 35 62 80 0f 6f 02 fc c6 94 1c 4b e3 5e da da 9a Oct 31 15:24:35.754758: | 34 d3 a2 f4 4d 24 b3 02 da f9 f5 46 c9 06 81 a7 Oct 31 15:24:35.754760: | e2 20 23 f9 4e 3d 32 f4 53 f5 c6 28 7f a2 5b f7 Oct 31 15:24:35.754762: | 45 78 5e 72 64 b6 ef ec 15 42 1c 27 f0 34 f8 2b Oct 31 15:24:35.754764: | 51 45 55 75 7f 18 e2 af c5 fe fb 50 11 3e 41 8b Oct 31 15:24:35.754767: | 12 34 6b c9 17 db f1 01 47 87 24 2c 93 ed 93 2e Oct 31 15:24:35.754769: | 06 80 c8 af 7b 2c 38 e2 11 04 62 48 54 78 00 b6 Oct 31 15:24:35.754771: | ee 11 1a 83 9e 48 33 c6 0f 74 d8 7c e9 d9 49 0f Oct 31 15:24:35.754775: | 72 96 20 9f 30 f7 46 e8 bf 8b eb fc 45 a8 05 2a Oct 31 15:24:35.754777: | d0 8f cb b5 df 66 03 ef 48 3c 96 ef 27 52 29 98 Oct 31 15:24:35.754779: | 1f 50 bb 95 23 15 b2 c3 8c db 2a 7d 3c 3a 59 bf Oct 31 15:24:35.754782: | cd 18 ad 57 f0 9e 46 f3 95 31 75 21 1c 63 0e 4c Oct 31 15:24:35.754784: | 0c 70 8e d9 8f eb 45 c4 af 88 a0 56 c2 bf 60 fb Oct 31 15:24:35.754786: | 65 35 63 71 91 2f 26 b8 6b 6a 69 4a 43 d5 3b 2c Oct 31 15:24:35.754788: | 33 db e7 16 21 d4 d6 93 fb 8f cf 44 46 90 9f 2b Oct 31 15:24:35.754790: | 2a Oct 31 15:24:35.754851: | sent 1 messages Oct 31 15:24:35.754857: | releasing #3's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:35.754860: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.754863: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.754865: | unpending #3's IKE SA #1 Oct 31 15:24:35.754868: | unpending state #1 connection "northnet-eastnets/0x2" Oct 31 15:24:35.754871: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:35.754873: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.754876: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.754879: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:35.754882: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.754888: | libevent_free: delref ptr-libevent@0x7efd98006108 Oct 31 15:24:35.754891: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55ca4892ce98 Oct 31 15:24:35.754895: | event_schedule: newref EVENT_SA_REKEY-pe@0x55ca4892ce98 Oct 31 15:24:35.754898: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Oct 31 15:24:35.754901: | libevent_malloc: newref ptr-libevent@0x7efd8c006108 size 128 Oct 31 15:24:35.754906: | delref mdp@0x55ca4895a908(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.754910: | delref logger@0x55ca4896d5a8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.754912: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.754915: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.754925: | #3 spent 1.31 (20.9) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.754931: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.754935: | libevent_free: delref ptr-libevent@0x7efd80001fb8 Oct 31 15:24:35.754947: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.754953: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.754958: | spent 0.00539 (0.00526) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:38.455766: | newref struct fd@0x55ca48963bf8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:38.455781: | fd_accept: new fd-fd@0x55ca48963bf8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:38.455793: | whack: status Oct 31 15:24:38.456308: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:38.456318: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:38.456601: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:38.456609: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:38.456617: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:38.456633: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:38.456653: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:38.456659: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:38.456675: | delref fd@0x55ca48963bf8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:38.456681: | freeref fd-fd@0x55ca48963bf8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:38.456687: | spent 0.676 (0.934) milliseconds in whack Oct 31 15:24:39.416824: | newref struct fd@0x55ca48963bf8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.416837: | fd_accept: new fd-fd@0x55ca48963bf8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.416850: shutting down Oct 31 15:24:39.416857: | leaking fd-fd@0x55ca48963bf8's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:24:39.416860: | delref fd@0x55ca48963bf8(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:39.416863: | freeref fd-fd@0x55ca48963bf8 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:39.416878: | shutting down helper thread 6 Oct 31 15:24:39.416921: | helper thread 6 exited Oct 31 15:24:39.416940: | shutting down helper thread 4 Oct 31 15:24:39.416954: | helper thread 4 exited Oct 31 15:24:39.416965: | shutting down helper thread 1 Oct 31 15:24:39.416974: | helper thread 1 exited Oct 31 15:24:39.416984: | shutting down helper thread 2 Oct 31 15:24:39.416994: | helper thread 2 exited Oct 31 15:24:39.417002: | shutting down helper thread 3 Oct 31 15:24:39.417010: | helper thread 3 exited Oct 31 15:24:39.417022: | shutting down helper thread 7 Oct 31 15:24:39.417034: | helper thread 7 exited Oct 31 15:24:39.417041: | shutting down helper thread 5 Oct 31 15:24:39.417047: | helper thread 5 exited Oct 31 15:24:39.417050: 7 helper threads shutdown Oct 31 15:24:39.417053: | delref root_certs@0x55ca48958b68(1->0) (in free_root_certs() at root_certs.c:127) Oct 31 15:24:39.417055: destroying root certificate cache Oct 31 15:24:39.417062: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:39.417064: forgetting secrets Oct 31 15:24:39.417073: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:39.417076: | delref pkp@0x55ca489537b8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417078: | delref pkp@0x55ca48953328(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417081: | delref pkp@0x55ca4895a7f8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417083: | delref pkp@0x55ca4895a6e8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417085: | delref pkp@0x55ca4895a5d8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417087: | delref pkp@0x55ca48958f48(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417089: | delref pkp@0x55ca48958d88(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417091: | delref pkp@0x55ca48959358(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.417094: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:24:39.417096: | pass 0 Oct 31 15:24:39.417097: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.417099: | state #3 Oct 31 15:24:39.417104: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:39.417106: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:39.417107: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:39.417109: | pstats #3 ikev2.child deleted completed Oct 31 15:24:39.417114: | #3 main thread spent 2.48 (22.1) milliseconds helper thread spent 2.39 (2.4) milliseconds in total Oct 31 15:24:39.417117: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:24:39.417119: | should_send_delete: yes Oct 31 15:24:39.417123: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.686975s and sending notification Oct 31 15:24:39.417125: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:24:39.417129: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:39.417142: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:39.417148: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Oct 31 15:24:39.417150: | unsuspending #3 MD (nil) Oct 31 15:24:39.417152: | should_send_delete: yes Oct 31 15:24:39.417154: | #3 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:39.417156: | opening output PBS informational exchange delete request Oct 31 15:24:39.417160: | **emit ISAKMP Message: Oct 31 15:24:39.417164: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.417166: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.417168: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.417169: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.417171: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.417173: | flags: none (0x0) Oct 31 15:24:39.417175: | Message ID: 0 (00 00 00 00) Oct 31 15:24:39.417177: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.417179: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.417181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.417183: | flags: none (0x0) Oct 31 15:24:39.417185: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.417186: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.417189: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.417195: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.417197: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.417202: | flags: none (0x0) Oct 31 15:24:39.417207: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.417209: | SPI size: 4 (04) Oct 31 15:24:39.417211: | number of SPIs: 1 (00 01) Oct 31 15:24:39.417212: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.417214: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.417216: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:24:39.417218: | local spis: 06 84 bd b8 Oct 31 15:24:39.417220: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:24:39.417221: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.417223: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.417225: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.417226: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:24:39.417228: | emitting length of ISAKMP Message: 69 Oct 31 15:24:39.417243: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:39.417245: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.417246: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.417248: | 9a bd 52 00 a9 8f 46 08 d5 80 be 69 8c 46 9a 16 Oct 31 15:24:39.417249: | c8 e1 49 bd d4 32 df d5 6a 79 38 44 0b 27 21 ec Oct 31 15:24:39.417250: | f0 4d 63 94 ab Oct 31 15:24:39.417299: | sent 1 messages Oct 31 15:24:39.417305: | Message ID: IKE #1 sender #3 in send_delete hacking around record 'n' send Oct 31 15:24:39.417314: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:39.417318: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:39.417323: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55ca48954fb8 Oct 31 15:24:39.417326: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Oct 31 15:24:39.417330: | libevent_malloc: newref ptr-libevent@0x7efd80001fb8 size 128 Oct 31 15:24:39.417334: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744553.850118 Oct 31 15:24:39.417338: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:39.417342: | state #3 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:39.417345: | libevent_free: delref ptr-libevent@0x7efd8c006108 Oct 31 15:24:39.417347: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55ca4892ce98 Oct 31 15:24:39.417348: | #3 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:24:39.417396: | running updown command "ipsec _updown" for verb down Oct 31 15:24:39.417400: | command executing down-client Oct 31 15:24:39.417404: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:39.417411: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:39.417445: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+E... Oct 31 15:24:39.417448: | popen cmd is 1391 chars long Oct 31 15:24:39.417449: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Oct 31 15:24:39.417451: | cmd( 80):/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:24:39.417452: | cmd( 160):UTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, : Oct 31 15:24:39.417454: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=use: Oct 31 15:24:39.417455: | cmd( 320):r-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NE: Oct 31 15:24:39.417457: | cmd( 400):T='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_P: Oct 31 15:24:39.417458: | cmd( 480):ROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' P: Oct 31 15:24:39.417459: | cmd( 560):LUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=n: Oct 31 15:24:39.417461: | cmd( 640):orth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIEN: Oct 31 15:24:39.417462: | cmd( 720):T='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.2: Oct 31 15:24:39.417463: | cmd( 800):55.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STA: Oct 31 15:24:39.417465: | cmd( 880):CK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUN: Oct 31 15:24:39.417466: | cmd( 960):NEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMA: Oct 31 15:24:39.417467: | cmd(1040):NENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_: Oct 31 15:24:39.417469: | cmd(1120):PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER: Oct 31 15:24:39.417470: | cmd(1200):='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTB: Oct 31 15:24:39.417471: | cmd(1280):YTES='168' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa12c885a SPI_O: Oct 31 15:24:39.417473: | cmd(1360):UT=0x684bdb8 ipsec _updown 2>&1: Oct 31 15:24:39.426713: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.426728: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.426731: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.426735: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:39.426775: | delete esp.a12c885a@192.1.3.33 Oct 31 15:24:39.426778: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.426798: | netlink response for Del SA esp.a12c885a@192.1.3.33 included non-error error Oct 31 15:24:39.426801: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.426806: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.426827: | raw_eroute result=success Oct 31 15:24:39.426831: | delete esp.684bdb8@192.1.2.23 Oct 31 15:24:39.426833: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.426845: | netlink response for Del SA esp.684bdb8@192.1.2.23 included non-error error Oct 31 15:24:39.426850: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.426853: | State DB: deleting IKEv2 state #3 in ESTABLISHED_CHILD_SA Oct 31 15:24:39.426857: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:24:39.426859: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:24:39.426861: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.426862: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.426865: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.426882: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.426889: | delref logger@0x55ca4894e6f8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.426890: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.426892: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.426894: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:39.426896: | state #2 Oct 31 15:24:39.426899: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:39.426901: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:39.426902: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:39.426904: | pstats #2 ikev2.child deleted completed Oct 31 15:24:39.426908: | #2 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:24:39.426911: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:24:39.426913: | should_send_delete: yes Oct 31 15:24:39.426916: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.927365s and sending notification Oct 31 15:24:39.426918: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:24:39.426921: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:39.426928: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:39.426933: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Oct 31 15:24:39.426936: | unsuspending #2 MD (nil) Oct 31 15:24:39.426937: | should_send_delete: yes Oct 31 15:24:39.426939: | #2 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:39.426941: | opening output PBS informational exchange delete request Oct 31 15:24:39.426943: | **emit ISAKMP Message: Oct 31 15:24:39.426946: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.426948: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.426950: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.426951: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.426953: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.426957: | flags: none (0x0) Oct 31 15:24:39.426959: | Message ID: 1 (00 00 00 01) Oct 31 15:24:39.426962: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.426964: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.426966: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.426967: | flags: none (0x0) Oct 31 15:24:39.426969: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.426971: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.426973: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.426979: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.426981: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.426982: | flags: none (0x0) Oct 31 15:24:39.426984: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.426985: | SPI size: 4 (04) Oct 31 15:24:39.426987: | number of SPIs: 1 (00 01) Oct 31 15:24:39.426989: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.426991: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.426992: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:24:39.426994: | local spis: 0c 10 d1 90 Oct 31 15:24:39.426996: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:24:39.426998: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.426999: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.427001: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.427003: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:24:39.427004: | emitting length of ISAKMP Message: 69 Oct 31 15:24:39.427019: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:39.427021: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.427023: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.427024: | d7 9f 2a 6f 41 da 1f 49 d8 e1 12 9f 61 a6 29 12 Oct 31 15:24:39.427025: | f5 d8 f5 7a 6e cb 9e b3 6f a7 a7 b3 7d af 84 40 Oct 31 15:24:39.427027: | 7d 45 1e a8 76 Oct 31 15:24:39.427070: | sent 1 messages Oct 31 15:24:39.427072: | Message ID: IKE #1 sender #2 in send_delete hacking around record 'n' send Oct 31 15:24:39.427077: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:24:39.427080: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:24:39.427084: | Message ID: IKE #1 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=0->1 ike.wip.responder=-1 Oct 31 15:24:39.427086: | state #2 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:39.427091: | libevent_free: delref ptr-libevent@0x55ca48962538 Oct 31 15:24:39.427093: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55ca4894f008 Oct 31 15:24:39.427095: | #2 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:24:39.427404: | running updown command "ipsec _updown" for verb down Oct 31 15:24:39.427413: | command executing down-client Oct 31 15:24:39.427416: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:39.427423: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:39.427456: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN... Oct 31 15:24:39.427459: | popen cmd is 1389 chars long Oct 31 15:24:39.427461: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Oct 31 15:24:39.427462: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:24:39.427464: | cmd( 160):UTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, : Oct 31 15:24:39.427465: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=use: Oct 31 15:24:39.427466: | cmd( 320):r-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET: Oct 31 15:24:39.427468: | cmd( 400):='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO: Oct 31 15:24:39.427469: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLU: Oct 31 15:24:39.427470: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nor: Oct 31 15:24:39.427472: | cmd( 640):th.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT=: Oct 31 15:24:39.427473: | cmd( 720):'192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255: Oct 31 15:24:39.427474: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK: Oct 31 15:24:39.427476: | cmd( 880):='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNE: Oct 31 15:24:39.427477: | cmd( 960):L+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANE: Oct 31 15:24:39.427478: | cmd(1040):NT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PE: Oct 31 15:24:39.427480: | cmd(1120):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=': Oct 31 15:24:39.427481: | cmd(1200):0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYT: Oct 31 15:24:39.427482: | cmd(1280):ES='168' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8c58fba8 SPI_OUT: Oct 31 15:24:39.427484: | cmd(1360):=0xc10d190 ipsec _updown 2>&1: Oct 31 15:24:39.436183: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.436195: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.436214: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.436221: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:39.436261: | delete esp.8c58fba8@192.1.3.33 Oct 31 15:24:39.436264: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.436280: | netlink response for Del SA esp.8c58fba8@192.1.3.33 included non-error error Oct 31 15:24:39.436284: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.436291: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.436312: | raw_eroute result=success Oct 31 15:24:39.436317: | delete esp.c10d190@192.1.2.23 Oct 31 15:24:39.436319: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.436327: | netlink response for Del SA esp.c10d190@192.1.2.23 included non-error error Oct 31 15:24:39.436333: | in connection_discard for connection northnet-eastnets/0x1 Oct 31 15:24:39.436337: | State DB: deleting IKEv2 state #2 in ESTABLISHED_CHILD_SA Oct 31 15:24:39.436345: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:24:39.436348: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:24:39.436351: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.436354: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.436357: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.436364: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.436371: | delref logger@0x55ca489549a8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.436374: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.436377: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.436381: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:39.436383: | state #1 Oct 31 15:24:39.436386: | pass 1 Oct 31 15:24:39.436388: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.436389: | state #1 Oct 31 15:24:39.436393: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:39.436394: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:39.436396: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:39.436398: | pstats #1 ikev2.ike deleted completed Oct 31 15:24:39.436403: | #1 main thread spent 15.9 (126) milliseconds helper thread spent 19.7 (21.5) milliseconds in total Oct 31 15:24:39.436406: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:24:39.436408: | should_send_delete: yes Oct 31 15:24:39.436411: "northnet-eastnets/0x2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 3.996981s and sending notification Oct 31 15:24:39.436413: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:24:39.436449: | unsuspending #1 MD (nil) Oct 31 15:24:39.436452: | should_send_delete: yes Oct 31 15:24:39.436454: | #1 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA Oct 31 15:24:39.436456: | opening output PBS informational exchange delete request Oct 31 15:24:39.436458: | **emit ISAKMP Message: Oct 31 15:24:39.436461: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.436464: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.436465: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.436467: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.436469: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.436471: | flags: none (0x0) Oct 31 15:24:39.436473: | Message ID: 2 (00 00 00 02) Oct 31 15:24:39.436475: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.436478: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.436483: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.436487: | flags: none (0x0) Oct 31 15:24:39.436490: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.436492: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.436499: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.436508: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.436510: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.436512: | flags: none (0x0) Oct 31 15:24:39.436513: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:39.436515: | SPI size: 0 (00) Oct 31 15:24:39.436517: | number of SPIs: 0 (00 00) Oct 31 15:24:39.436519: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.436521: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:24:39.436523: | emitting length of IKEv2 Delete Payload: 8 Oct 31 15:24:39.436524: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.436526: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.436528: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.436529: | emitting length of IKEv2 Encryption Payload: 37 Oct 31 15:24:39.436531: | emitting length of ISAKMP Message: 65 Oct 31 15:24:39.436549: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:39.436552: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.436553: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Oct 31 15:24:39.436554: | be db 59 48 25 ff f6 09 b2 7c 2e ad f4 c0 37 9e Oct 31 15:24:39.436556: | f5 41 34 c5 6b ee ee df fb 2f c9 2d bc 6f 07 51 Oct 31 15:24:39.436557: | 46 Oct 31 15:24:39.436594: | sent 1 messages Oct 31 15:24:39.436596: | Message ID: IKE #1 sender #1 in send_delete hacking around record 'n' send Oct 31 15:24:39.436601: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=2 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=2 ike.wip.responder=-1 Oct 31 15:24:39.436605: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=2 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=2 ike.wip.responder=-1 Oct 31 15:24:39.436609: | Message ID: IKE #1 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=-1 ike.initiator.last_contact=744549.872258 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744550.187453 ike.wip.initiator=1->2 ike.wip.responder=-1 Oct 31 15:24:39.436611: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:39.436615: | libevent_free: delref ptr-libevent@0x7efd94001868 Oct 31 15:24:39.436617: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55ca48958ed8 Oct 31 15:24:39.436619: | #1 requesting EVENT_RETRANSMIT-pe@0x55ca48954fb8 be deleted Oct 31 15:24:39.436621: | libevent_free: delref ptr-libevent@0x7efd80001fb8 Oct 31 15:24:39.436622: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55ca48954fb8 Oct 31 15:24:39.436624: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:24:39.436627: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:24:39.436629: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.436630: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:24:39.436634: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:24:39.436636: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:24:39.436639: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.436641: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.436644: | delref pkp@0x7efd94005a78(2->1) (in delete_state() at state.c:1202) Oct 31 15:24:39.436658: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.436662: | delref pkp@0x7efd94005a78(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.436665: | delref pkp@0x7efd94002628(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.436668: | delref pkp@0x7efd94000c88(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.436679: | delref logger@0x55ca48938a08(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.436681: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.436682: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.436685: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:39.436689: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.436693: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.436695: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.436711: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.436720: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:39.436723: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.436725: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:39.436726: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.436728: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:39.436730: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Oct 31 15:24:39.436733: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.436734: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.436736: | newref clone logger@0x55ca4896ce18(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.436738: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Oct 31 15:24:39.436740: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:39.436742: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:39.436750: | Connection DB: deleting connection $2 Oct 31 15:24:39.436752: | delref logger@0x55ca4896ce18(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:39.436754: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.436755: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.436757: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:24:39.436758: | pass 0 Oct 31 15:24:39.436760: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.436761: | pass 1 Oct 31 15:24:39.436762: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.436765: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:39.436770: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:39.436773: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.436787: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.436796: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:39.436798: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.436800: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:39.436801: | route owner of "northnet-eastnets/0x1" unrouted: NULL Oct 31 15:24:39.436803: | running updown command "ipsec _updown" for verb unroute Oct 31 15:24:39.436805: | command executing unroute-client Oct 31 15:24:39.436836: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_N... Oct 31 15:24:39.436840: | popen cmd is 1330 chars long Oct 31 15:24:39.436842: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:39.436844: | cmd( 80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:39.436845: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:39.436846: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=: Oct 31 15:24:39.436848: | cmd( 320):user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_: Oct 31 15:24:39.436849: | cmd( 400):NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Oct 31 15:24:39.436850: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33': Oct 31 15:24:39.436852: | cmd( 560): PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Oct 31 15:24:39.436853: | cmd( 640):=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLI: Oct 31 15:24:39.436855: | cmd( 720):ENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255: Oct 31 15:24:39.436856: | cmd( 800):.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_S: Oct 31 15:24:39.436857: | cmd( 880):TACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:24:39.436859: | cmd( 960):+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' P: Oct 31 15:24:39.436860: | cmd(1040):LUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Oct 31 15:24:39.436861: | cmd(1120):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Oct 31 15:24:39.436863: | cmd(1200):UTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHA: Oct 31 15:24:39.436864: | cmd(1280):RED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:39.446674: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446693: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446697: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446700: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446711: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446723: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446730: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446762: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446764: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446766: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446768: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446776: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446786: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446795: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446805: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446815: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446826: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446835: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446844: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446854: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446863: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446875: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446884: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446894: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446904: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446914: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446925: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446935: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.446945: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447153: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447164: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447176: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447186: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447196: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447215: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447225: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447240: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447259: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.447274: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.450775: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.450789: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.450793: | newref clone logger@0x55ca48938d88(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.450797: | delref hp@0x55ca489541f8(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:24:39.450799: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Oct 31 15:24:39.450802: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:39.450803: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:39.450825: | Connection DB: deleting connection $1 Oct 31 15:24:39.450828: | delref logger@0x55ca48938d88(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:39.450829: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.450831: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.450833: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:24:39.450834: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:24:39.450837: | iface: marking eth1 dead Oct 31 15:24:39.450839: | iface: marking eth0 dead Oct 31 15:24:39.450840: | iface: marking eth0 dead Oct 31 15:24:39.450841: | iface: marking lo dead Oct 31 15:24:39.450843: | updating interfaces - listing interfaces that are going down Oct 31 15:24:39.450847: shutting down interface lo 127.0.0.1:4500 Oct 31 15:24:39.450850: shutting down interface lo 127.0.0.1:500 Oct 31 15:24:39.450852: shutting down interface eth0 192.0.2.254:4500 Oct 31 15:24:39.450855: shutting down interface eth0 192.0.2.254:500 Oct 31 15:24:39.450857: shutting down interface eth0 192.0.22.254:4500 Oct 31 15:24:39.450859: shutting down interface eth0 192.0.22.254:500 Oct 31 15:24:39.450861: shutting down interface eth1 192.1.2.23:4500 Oct 31 15:24:39.450863: shutting down interface eth1 192.1.2.23:500 Oct 31 15:24:39.450868: | updating interfaces - deleting the dead Oct 31 15:24:39.450871: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:24:39.450879: | libevent_free: delref ptr-libevent@0x55ca48941a58 Oct 31 15:24:39.450881: | delref id@0x55ca48945d78(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450890: | libevent_free: delref ptr-libevent@0x55ca48905388 Oct 31 15:24:39.450892: | delref id@0x55ca48945d78(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450896: | libevent_free: delref ptr-libevent@0x55ca48905588 Oct 31 15:24:39.450898: | delref id@0x55ca48945ca8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450903: | libevent_free: delref ptr-libevent@0x55ca48905488 Oct 31 15:24:39.450904: | delref id@0x55ca48945ca8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450909: | libevent_free: delref ptr-libevent@0x55ca48901e38 Oct 31 15:24:39.450910: | delref id@0x55ca48945bd8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450914: | libevent_free: delref ptr-libevent@0x55ca48901d38 Oct 31 15:24:39.450916: | delref id@0x55ca48945bd8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450920: | libevent_free: delref ptr-libevent@0x55ca48946a08 Oct 31 15:24:39.450922: | delref id@0x55ca48945ae8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450926: | libevent_free: delref ptr-libevent@0x55ca48946af8 Oct 31 15:24:39.450928: | delref id@0x55ca48945ae8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450931: | delref id@0x55ca48945ae8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450933: | delref id@0x55ca48945bd8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450935: | delref id@0x55ca48945ca8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450937: | delref id@0x55ca48945d78(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:39.450938: | updating interfaces - checking orientation Oct 31 15:24:39.450940: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:39.453031: | libevent_free: delref ptr-libevent@0x55ca48941b08 Oct 31 15:24:39.453048: | free_event_entry: delref EVENT_NULL-pe@0x55ca48944f48 Oct 31 15:24:39.453055: | libevent_free: delref ptr-libevent@0x55ca48905288 Oct 31 15:24:39.453058: | free_event_entry: delref EVENT_NULL-pe@0x55ca489419e8 Oct 31 15:24:39.453062: | libevent_free: delref ptr-libevent@0x55ca48905188 Oct 31 15:24:39.453064: | free_event_entry: delref EVENT_NULL-pe@0x55ca4893dfd8 Oct 31 15:24:39.453069: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:24:39.453072: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:24:39.453074: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:24:39.453076: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:24:39.453079: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:24:39.453081: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:24:39.453083: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:24:39.453086: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:24:39.453088: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:24:39.453092: | libevent_free: delref ptr-libevent@0x55ca48899b68 Oct 31 15:24:39.453095: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:24:39.453098: | libevent_free: delref ptr-libevent@0x55ca48886278 Oct 31 15:24:39.453100: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:24:39.453103: | libevent_free: delref ptr-libevent@0x55ca48945168 Oct 31 15:24:39.453105: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:24:39.453108: | libevent_free: delref ptr-libevent@0x55ca489453a8 Oct 31 15:24:39.453110: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:24:39.453112: | releasing event base Oct 31 15:24:39.453128: | libevent_free: delref ptr-libevent@0x55ca48945278 Oct 31 15:24:39.453131: | libevent_free: delref ptr-libevent@0x55ca488fb528 Oct 31 15:24:39.453136: | libevent_free: delref ptr-libevent@0x55ca489347f8 Oct 31 15:24:39.453142: | libevent_free: delref ptr-libevent@0x55ca4895e278 Oct 31 15:24:39.453145: | libevent_free: delref ptr-libevent@0x55ca48934848 Oct 31 15:24:39.453148: | libevent_free: delref ptr-libevent@0x55ca489389c8 Oct 31 15:24:39.453150: | libevent_free: delref ptr-libevent@0x55ca489387d8 Oct 31 15:24:39.453152: | libevent_free: delref ptr-libevent@0x55ca48934888 Oct 31 15:24:39.453154: | libevent_free: delref ptr-libevent@0x55ca489385e8 Oct 31 15:24:39.453157: | libevent_free: delref ptr-libevent@0x55ca48937fa8 Oct 31 15:24:39.453160: | libevent_free: delref ptr-libevent@0x55ca48946ba8 Oct 31 15:24:39.453163: | libevent_free: delref ptr-libevent@0x55ca48946ab8 Oct 31 15:24:39.453165: | libevent_free: delref ptr-libevent@0x55ca489469c8 Oct 31 15:24:39.453167: | libevent_free: delref ptr-libevent@0x55ca48946988 Oct 31 15:24:39.453169: | libevent_free: delref ptr-libevent@0x55ca48946948 Oct 31 15:24:39.453172: | libevent_free: delref ptr-libevent@0x55ca48945ec8 Oct 31 15:24:39.453175: | libevent_free: delref ptr-libevent@0x55ca48945e88 Oct 31 15:24:39.453177: | libevent_free: delref ptr-libevent@0x55ca48945e48 Oct 31 15:24:39.453179: | libevent_free: delref ptr-libevent@0x55ca4892afc8 Oct 31 15:24:39.453182: | libevent_free: delref ptr-libevent@0x55ca48945128 Oct 31 15:24:39.453184: | libevent_free: delref ptr-libevent@0x55ca489450e8 Oct 31 15:24:39.453187: | libevent_free: delref ptr-libevent@0x55ca48938628 Oct 31 15:24:39.453190: | libevent_free: delref ptr-libevent@0x55ca48945238 Oct 31 15:24:39.453192: | libevent_free: delref ptr-libevent@0x55ca48944fb8 Oct 31 15:24:39.453195: | libevent_free: delref ptr-libevent@0x55ca489077c8 Oct 31 15:24:39.453197: | libevent_free: delref ptr-libevent@0x55ca48907748 Oct 31 15:24:39.453221: | libevent_free: delref ptr-libevent@0x55ca488fde58 Oct 31 15:24:39.453224: | releasing global libevent data Oct 31 15:24:39.453227: | libevent_free: delref ptr-libevent@0x55ca48896998 Oct 31 15:24:39.453230: | libevent_free: delref ptr-libevent@0x55ca488fb2d8 Oct 31 15:24:39.453233: | libevent_free: delref ptr-libevent@0x55ca48907848 Oct 31 15:24:39.453275: leak detective found no leaks