Oct 31 15:24:35.036007: | newref logger@0x5587b7346bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:35.036074: | delref logger@0x5587b7346bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:35.036081: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.036084: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.036089: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:35.036258: Initializing NSS Oct 31 15:24:35.036266: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:35.075130: FIPS Mode: NO Oct 31 15:24:35.075375: NSS crypto library initialized Oct 31 15:24:35.075419: FIPS mode disabled for pluto daemon Oct 31 15:24:35.075424: FIPS HMAC integrity support [disabled] Oct 31 15:24:35.075504: libcap-ng support [enabled] Oct 31 15:24:35.075517: Linux audit support [enabled] Oct 31 15:24:35.075542: Linux audit activated Oct 31 15:24:35.075550: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2131625 Oct 31 15:24:35.075553: core dump dir: /tmp Oct 31 15:24:35.075555: secrets file: /etc/ipsec.secrets Oct 31 15:24:35.075557: leak-detective enabled Oct 31 15:24:35.075559: NSS crypto [enabled] Oct 31 15:24:35.075561: XAUTH PAM support [enabled] Oct 31 15:24:35.075621: | libevent is using pluto's memory allocator Oct 31 15:24:35.075627: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:35.075639: | libevent_malloc: newref ptr-libevent@0x5587b735b998 size 40 Oct 31 15:24:35.075645: | libevent_malloc: newref ptr-libevent@0x5587b73c02d8 size 40 Oct 31 15:24:35.075649: | libevent_malloc: newref ptr-libevent@0x5587b73cc848 size 40 Oct 31 15:24:35.075651: | creating event base Oct 31 15:24:35.075654: | libevent_malloc: newref ptr-libevent@0x5587b73cc488 size 56 Oct 31 15:24:35.075658: | libevent_malloc: newref ptr-libevent@0x5587b73c2e58 size 664 Oct 31 15:24:35.075669: | libevent_malloc: newref ptr-libevent@0x5587b73f97f8 size 24 Oct 31 15:24:35.075671: | libevent_malloc: newref ptr-libevent@0x5587b73c0528 size 384 Oct 31 15:24:35.075680: | libevent_malloc: newref ptr-libevent@0x5587b73f9848 size 16 Oct 31 15:24:35.075681: | libevent_malloc: newref ptr-libevent@0x5587b73cc7c8 size 40 Oct 31 15:24:35.075683: | libevent_malloc: newref ptr-libevent@0x5587b73cc748 size 48 Oct 31 15:24:35.075694: | libevent_realloc: newref ptr-libevent@0x5587b73effc8 size 256 Oct 31 15:24:35.075699: | libevent_malloc: newref ptr-libevent@0x5587b73f9888 size 16 Oct 31 15:24:35.075705: | libevent_free: delref ptr-libevent@0x5587b73cc488 Oct 31 15:24:35.075708: | libevent initialized Oct 31 15:24:35.075714: | libevent_realloc: newref ptr-libevent@0x5587b73cc488 size 64 Oct 31 15:24:35.075717: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:35.075724: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:35.075727: NAT-Traversal support [enabled] Oct 31 15:24:35.075730: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:35.075735: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:35.075739: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:35.075753: | checking IKEv1 state table Oct 31 15:24:35.075764: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:35.075769: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:35.075773: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:35.075776: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:35.075779: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:35.075781: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:35.075784: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:35.075786: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:35.075789: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:35.075797: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:35.075800: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:35.075802: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:35.075805: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:35.075808: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:35.075814: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:35.075875: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:35.075879: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:35.075882: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:35.075884: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:35.075887: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:35.075890: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:35.075915: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:35.075922: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:35.075925: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:35.075928: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:35.075931: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:35.075934: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:35.075936: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:35.075939: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:35.075942: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:35.075944: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:35.075947: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:35.075950: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:35.075953: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:35.075956: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:35.075959: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:35.075962: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:35.075965: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:35.075967: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:35.075969: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:35.075971: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:35.075972: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:35.075974: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:35.075976: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:35.075977: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:35.075979: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:35.075980: | INFO: category: informational; flags: 0: Oct 31 15:24:35.075982: | -> INFO EVENT_NULL (informational) Oct 31 15:24:35.075984: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:35.075985: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:35.075987: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:35.075988: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:35.075990: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:35.075991: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:35.075994: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:35.075996: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:35.076001: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:35.076005: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:35.076008: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:35.076010: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:35.076013: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:35.076015: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:35.076018: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:35.076021: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:35.076027: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:35.076030: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:35.076037: | checking IKEv2 state table Oct 31 15:24:35.076041: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:35.076044: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:35.076048: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:35.076050: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:35.076052: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:35.076054: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:35.076056: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:35.076057: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:35.076059: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:35.076061: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:35.076063: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:35.076064: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:35.076066: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:35.076068: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:35.076069: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:35.076071: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:35.076073: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:35.076074: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:35.076076: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:35.076077: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:35.076079: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:35.076081: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:35.076083: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:35.076084: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:35.076086: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:35.076087: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:35.076089: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:35.076091: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:35.076092: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:35.076094: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:35.076095: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:35.076097: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:35.076099: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:35.076100: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:35.076102: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:35.076104: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:35.076108: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:35.076111: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:35.076116: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:35.076120: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:35.076122: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:35.076125: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:35.076128: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:35.076130: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:35.076134: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:35.076136: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:35.076140: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:35.076145: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:35.076148: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:35.076324: Encryption algorithms: Oct 31 15:24:35.076335: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:35.076338: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:35.076342: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:35.076348: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:35.076355: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:35.076361: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:35.076367: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:35.076373: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:35.076379: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:35.076385: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:35.076391: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:35.076395: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:35.076397: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:35.076400: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:35.076402: Hash algorithms: Oct 31 15:24:35.076405: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:35.076407: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:35.076410: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:35.076412: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:35.076414: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:35.076416: PRF algorithms: Oct 31 15:24:35.076418: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:35.076421: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:35.076423: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:35.076428: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:35.076431: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:35.076433: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:35.076434: Integrity algorithms: Oct 31 15:24:35.076437: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:35.076440: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:35.076443: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:35.076446: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:35.076449: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:35.076451: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:35.076454: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:35.076456: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:35.076459: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:35.076460: DH algorithms: Oct 31 15:24:35.076463: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:35.076465: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:35.076468: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:35.076470: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:35.076472: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:35.076474: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:35.076476: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:35.076479: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:35.076481: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:35.076484: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:35.076486: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:35.076487: testing CAMELLIA_CBC: Oct 31 15:24:35.076489: Camellia: 16 bytes with 128-bit key Oct 31 15:24:35.076548: Camellia: 16 bytes with 128-bit key Oct 31 15:24:35.076582: Camellia: 16 bytes with 256-bit key Oct 31 15:24:35.076616: Camellia: 16 bytes with 256-bit key Oct 31 15:24:35.076638: testing AES_GCM_16: Oct 31 15:24:35.076641: empty string Oct 31 15:24:35.076664: one block Oct 31 15:24:35.076690: two blocks Oct 31 15:24:35.076711: two blocks with associated data Oct 31 15:24:35.076745: testing AES_CTR: Oct 31 15:24:35.076751: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:35.076781: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:35.076825: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:35.076871: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:35.076918: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:35.076968: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:35.077011: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:35.077049: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:35.077085: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:35.077113: testing AES_CBC: Oct 31 15:24:35.077116: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:35.077143: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:35.077187: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:35.077234: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:35.077298: testing AES_XCBC: Oct 31 15:24:35.077303: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:35.077452: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:35.077589: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:35.077708: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:35.077845: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:35.077990: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:35.078148: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:35.078440: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:35.078539: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:35.078640: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:35.078776: testing HMAC_MD5: Oct 31 15:24:35.078778: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:35.078883: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:35.078985: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:35.079112: 8 CPU cores online Oct 31 15:24:35.079116: starting up 7 helper threads Oct 31 15:24:35.079145: started thread for helper 0 Oct 31 15:24:35.079158: | starting helper thread 1 Oct 31 15:24:35.079165: seccomp security disabled for crypto helper 1 Oct 31 15:24:35.079171: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:35.079171: started thread for helper 1 Oct 31 15:24:35.079179: | starting helper thread 2 Oct 31 15:24:35.079174: | helper thread 1 has nothing to do Oct 31 15:24:35.079187: seccomp security disabled for crypto helper 2 Oct 31 15:24:35.079208: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:35.079214: | helper thread 2 has nothing to do Oct 31 15:24:35.079215: | starting helper thread 3 Oct 31 15:24:35.079209: started thread for helper 2 Oct 31 15:24:35.079223: seccomp security disabled for crypto helper 3 Oct 31 15:24:35.079234: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:35.079238: | helper thread 3 has nothing to do Oct 31 15:24:35.079250: started thread for helper 3 Oct 31 15:24:35.079255: | starting helper thread 4 Oct 31 15:24:35.079258: seccomp security disabled for crypto helper 4 Oct 31 15:24:35.079267: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:35.079272: | helper thread 4 has nothing to do Oct 31 15:24:35.079275: started thread for helper 4 Oct 31 15:24:35.079283: | starting helper thread 5 Oct 31 15:24:35.079288: seccomp security disabled for crypto helper 5 Oct 31 15:24:35.079292: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:35.079295: | helper thread 5 has nothing to do Oct 31 15:24:35.079302: started thread for helper 5 Oct 31 15:24:35.079309: | starting helper thread 6 Oct 31 15:24:35.079319: seccomp security disabled for crypto helper 6 Oct 31 15:24:35.079323: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:35.079325: | helper thread 6 has nothing to do Oct 31 15:24:35.079327: started thread for helper 6 Oct 31 15:24:35.079350: | starting helper thread 7 Oct 31 15:24:35.079353: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:35.079361: seccomp security disabled for crypto helper 7 Oct 31 15:24:35.079374: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:35.079377: | helper thread 7 has nothing to do Oct 31 15:24:35.079410: | Hard-wiring algorithms Oct 31 15:24:35.079413: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:35.079418: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:35.079420: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:35.079422: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:35.079423: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:35.079425: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:35.079427: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:35.079428: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:35.079430: | adding AES_CTR to kernel algorithm db Oct 31 15:24:35.079431: | adding AES_CBC to kernel algorithm db Oct 31 15:24:35.079433: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:35.079434: | adding NULL to kernel algorithm db Oct 31 15:24:35.079436: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:35.079438: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:35.079439: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:35.079441: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:35.079443: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:35.079444: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:35.079446: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:35.079447: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:35.079449: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:35.079450: | adding NONE to kernel algorithm db Oct 31 15:24:35.079476: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:35.079481: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:35.079483: | setup kernel fd callback Oct 31 15:24:35.079485: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x5587b7402fd8 Oct 31 15:24:35.079488: | libevent_malloc: newref ptr-libevent@0x5587b73ca188 size 128 Oct 31 15:24:35.079490: | libevent_malloc: newref ptr-libevent@0x5587b73fd5e8 size 16 Oct 31 15:24:35.079495: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x5587b74069e8 Oct 31 15:24:35.079497: | libevent_malloc: newref ptr-libevent@0x5587b73ca288 size 128 Oct 31 15:24:35.079498: | libevent_malloc: newref ptr-libevent@0x5587b73fcfa8 size 16 Oct 31 15:24:35.079635: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:35.079715: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:35.079849: | unbound context created - setting debug level to 5 Oct 31 15:24:35.079874: | /etc/hosts lookups activated Oct 31 15:24:35.079889: | /etc/resolv.conf usage activated Oct 31 15:24:35.079921: | outgoing-port-avoid set 0-65535 Oct 31 15:24:35.079938: | outgoing-port-permit set 32768-60999 Oct 31 15:24:35.079940: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:35.079942: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:35.079944: | Setting up events, loop start Oct 31 15:24:35.079947: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x5587b7409f48 Oct 31 15:24:35.079948: | libevent_malloc: newref ptr-libevent@0x5587b7406b08 size 128 Oct 31 15:24:35.079950: | libevent_malloc: newref ptr-libevent@0x5587b73fd9c8 size 16 Oct 31 15:24:35.079955: | libevent_realloc: newref ptr-libevent@0x5587b7409fb8 size 256 Oct 31 15:24:35.079957: | libevent_malloc: newref ptr-libevent@0x5587b73fd628 size 8 Oct 31 15:24:35.079959: | libevent_realloc: newref ptr-libevent@0x5587b73fe028 size 144 Oct 31 15:24:35.079960: | libevent_malloc: newref ptr-libevent@0x5587b735eb68 size 152 Oct 31 15:24:35.079963: | libevent_malloc: newref ptr-libevent@0x5587b73fd7d8 size 16 Oct 31 15:24:35.079966: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:35.079970: | libevent_malloc: newref ptr-libevent@0x5587b740a0e8 size 8 Oct 31 15:24:35.079972: | libevent_malloc: newref ptr-libevent@0x5587b734b278 size 152 Oct 31 15:24:35.079974: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:35.079976: | libevent_malloc: newref ptr-libevent@0x5587b740a128 size 8 Oct 31 15:24:35.079978: | libevent_malloc: newref ptr-libevent@0x5587b740a168 size 152 Oct 31 15:24:35.079979: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:35.079981: | libevent_malloc: newref ptr-libevent@0x5587b740a238 size 8 Oct 31 15:24:35.079983: | libevent_realloc: delref ptr-libevent@0x5587b73fe028 Oct 31 15:24:35.079985: | libevent_realloc: newref ptr-libevent@0x5587b740a278 size 256 Oct 31 15:24:35.079986: | libevent_malloc: newref ptr-libevent@0x5587b740a3a8 size 152 Oct 31 15:24:35.079988: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:35.080306: | created addconn helper (pid:2131677) using fork+execve Oct 31 15:24:35.080332: | forked child 2131677 Oct 31 15:24:35.080348: seccomp security disabled Oct 31 15:24:35.097174: | newref struct fd@0x5587b740a508(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.097190: | fd_accept: new fd-fd@0x5587b740a508 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.097213: | whack: listen Oct 31 15:24:35.097220: listening for IKE messages Oct 31 15:24:35.097630: | Inspecting interface lo Oct 31 15:24:35.097639: | found lo with address 127.0.0.1 Oct 31 15:24:35.097642: | Inspecting interface eth0 Oct 31 15:24:35.097645: | found eth0 with address 192.0.3.254 Oct 31 15:24:35.097647: | Inspecting interface eth1 Oct 31 15:24:35.097650: | found eth1 with address 192.1.3.33 Oct 31 15:24:35.097659: | newref struct iface_dev@0x5587b740aa28(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:35.097676: Kernel supports NIC esp-hw-offload Oct 31 15:24:35.097683: | iface: marking eth1 add Oct 31 15:24:35.097686: | newref struct iface_dev@0x5587b740ab58(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:35.097688: | iface: marking eth0 add Oct 31 15:24:35.097691: | newref struct iface_dev@0x5587b740ac28(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:35.097693: | iface: marking lo add Oct 31 15:24:35.097751: | no interfaces to sort Oct 31 15:24:35.097763: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:35.097774: | addref ifd@0x5587b740aa28(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:35.097778: adding UDP interface eth1 192.1.3.33:500 Oct 31 15:24:35.097791: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:35.097824: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:35.097829: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:35.097832: | addref ifd@0x5587b740aa28(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:35.097837: adding UDP interface eth1 192.1.3.33:4500 Oct 31 15:24:35.097853: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:35.097861: | addref ifd@0x5587b740ab58(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:35.097864: adding UDP interface eth0 192.0.3.254:500 Oct 31 15:24:35.097874: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:35.097878: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:35.097881: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:35.097883: | addref ifd@0x5587b740ab58(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:35.097885: adding UDP interface eth0 192.0.3.254:4500 Oct 31 15:24:35.097894: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:35.097900: | addref ifd@0x5587b740ac28(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:35.097902: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:35.097912: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:35.097916: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:35.097919: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:35.097920: | addref ifd@0x5587b740ac28(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:35.097923: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:35.097930: | updating interfaces - listing interfaces that are going down Oct 31 15:24:35.097932: | updating interfaces - checking orientation Oct 31 15:24:35.097933: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:35.097949: | libevent_malloc: newref ptr-libevent@0x5587b7406a58 size 128 Oct 31 15:24:35.097952: | libevent_malloc: newref ptr-libevent@0x5587b740ae98 size 16 Oct 31 15:24:35.097959: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP Oct 31 15:24:35.097962: | libevent_malloc: newref ptr-libevent@0x5587b73ca388 size 128 Oct 31 15:24:35.097964: | libevent_malloc: newref ptr-libevent@0x5587b740b608 size 16 Oct 31 15:24:35.097967: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP Oct 31 15:24:35.097969: | libevent_malloc: newref ptr-libevent@0x5587b73ca588 size 128 Oct 31 15:24:35.097971: | libevent_malloc: newref ptr-libevent@0x5587b740b648 size 16 Oct 31 15:24:35.097974: | setup callback for interface eth0 192.0.3.254:4500 fd 21 on UDP Oct 31 15:24:35.097975: | libevent_malloc: newref ptr-libevent@0x5587b73ca488 size 128 Oct 31 15:24:35.097977: | libevent_malloc: newref ptr-libevent@0x5587b740b688 size 16 Oct 31 15:24:35.097980: | setup callback for interface eth0 192.0.3.254:500 fd 20 on UDP Oct 31 15:24:35.097983: | libevent_malloc: newref ptr-libevent@0x5587b73c6e38 size 128 Oct 31 15:24:35.097984: | libevent_malloc: newref ptr-libevent@0x5587b740b6c8 size 16 Oct 31 15:24:35.097987: | setup callback for interface eth1 192.1.3.33:4500 fd 19 on UDP Oct 31 15:24:35.097989: | libevent_malloc: newref ptr-libevent@0x5587b73c6d38 size 128 Oct 31 15:24:35.097991: | libevent_malloc: newref ptr-libevent@0x5587b740b708 size 16 Oct 31 15:24:35.097994: | setup callback for interface eth1 192.1.3.33:500 fd 18 on UDP Oct 31 15:24:35.100564: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:35.100583: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:35.100586: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:35.100615: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:35.100659: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:35.100675: | old food groups: Oct 31 15:24:35.100679: | new food groups: Oct 31 15:24:35.100687: | delref fd@0x5587b740a508(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.100693: | freeref fd-fd@0x5587b740a508 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.100701: | spent 1.03 (3.54) milliseconds in whack Oct 31 15:24:35.101302: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.101323: | waitpid returned pid 2131677 (exited with status 0) Oct 31 15:24:35.101335: | reaped addconn helper child (status 0) Oct 31 15:24:35.101341: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.101348: | spent 0.0319 (0.0318) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.107831: | newref struct fd@0x5587b740aaf8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.107842: | fd_accept: new fd-fd@0x5587b740aaf8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.107895: | whack: options (impair|debug) Oct 31 15:24:35.107902: | old debugging base+cpu-usage + none Oct 31 15:24:35.107905: | new debugging = base+cpu-usage Oct 31 15:24:35.107911: | delref fd@0x5587b740aaf8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.107917: | freeref fd-fd@0x5587b740aaf8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.107924: | spent 0.063 (0.101) milliseconds in whack Oct 31 15:24:35.172393: | newref struct fd@0x5587b740a548(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.172409: | fd_accept: new fd-fd@0x5587b740a548 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.172421: | whack: options (impair|debug) Oct 31 15:24:35.172426: | old debugging base+cpu-usage + none Oct 31 15:24:35.172429: | new debugging = base+cpu-usage Oct 31 15:24:35.172432: | suppress-retransmits:yes Oct 31 15:24:35.172438: | delref fd@0x5587b740a548(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.172450: | freeref fd-fd@0x5587b740a548 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.172458: | spent 0.0738 (0.0735) milliseconds in whack Oct 31 15:24:35.237325: | newref struct fd@0x5587b740a588(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.237345: | fd_accept: new fd-fd@0x5587b740a588 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.237355: | whack: options (impair|debug) Oct 31 15:24:35.237361: | old debugging base+cpu-usage + none Oct 31 15:24:35.237363: | new debugging = base+cpu-usage Oct 31 15:24:35.237367: | suppress-retransmits:yes Oct 31 15:24:35.237372: | delref fd@0x5587b740a588(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.237378: | freeref fd-fd@0x5587b740a588 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.237386: | spent 0.069 (0.0687) milliseconds in whack Oct 31 15:24:35.411340: | newref struct fd@0x5587b740a5c8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.411360: | fd_accept: new fd-fd@0x5587b740a5c8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.411373: | whack: delete 'northnet-eastnets/0x1' Oct 31 15:24:35.411378: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:35.411381: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:35.411383: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:35.411386: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:35.411389: | whack: connection 'northnet-eastnets/0x1' Oct 31 15:24:35.411397: | addref fd@0x5587b740a5c8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:35.411405: | newref string logger@0x5587b73fdd88(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:35.411410: | Connection DB: adding connection "northnet-eastnets/0x1" $1 Oct 31 15:24:35.411416: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:35.411430: | added new connection northnet-eastnets/0x1 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:35.411508: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:35.411513: | from whack: got --esp= Oct 31 15:24:35.411561: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:35.412173: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:35.412190: | loading left certificate 'north' pubkey Oct 31 15:24:35.412325: | newref struct pubkey@0x5587b74122e8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.412359: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b740dfd8 Oct 31 15:24:35.412365: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b740e028 Oct 31 15:24:35.412367: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b740e078 Oct 31 15:24:35.412422: | newref struct pubkey@0x5587b740e378(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.412473: | newref struct pubkey@0x5587b740e618(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.412522: | newref struct pubkey@0x5587b7413908(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.412529: | delref pkp@0x5587b74122e8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.412536: | preload cert/secret for connection: north Oct 31 15:24:35.412582: | adding RSA secret for certificate: north Oct 31 15:24:35.412691: | copying key using reference slot Oct 31 15:24:35.415408: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:35.415427: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:35.415448: | spent 2.89 (2.9) milliseconds in preload_private_key_by_cert() loading private key north Oct 31 15:24:35.415454: connection "northnet-eastnets/0x1": loaded private key matching left certificate 'north' Oct 31 15:24:35.415466: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Oct 31 15:24:35.416238: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:35.416252: | loading right certificate 'east' pubkey Oct 31 15:24:35.416345: | newref struct pubkey@0x5587b74165f8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.416363: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b74146b8 Oct 31 15:24:35.416368: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b7414708 Oct 31 15:24:35.416371: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b7414758 Oct 31 15:24:35.416373: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b74147a8 Oct 31 15:24:35.416376: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b74157d8 Oct 31 15:24:35.416428: | newref struct pubkey@0x5587b7415ad8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.416482: | newref struct pubkey@0x5587b741b638(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.416535: | newref struct pubkey@0x5587b741b9d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.416591: | newref struct pubkey@0x5587b741afa8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.416642: | newref struct pubkey@0x5587b741c3d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.416648: | delref pkp@0x5587b74165f8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.416654: | preload cert/secret for connection: east Oct 31 15:24:35.416705: | trying secret PKK_RSA:AwEAAcIgy Oct 31 15:24:35.416710: | adding RSA secret for certificate: east Oct 31 15:24:35.416790: | spent 0.128 (0.127) milliseconds in preload_private_key_by_cert() loading private key east Oct 31 15:24:35.416795: | no private key matching right certificate east: NSS: cert private key not found Oct 31 15:24:35.416806: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Oct 31 15:24:35.416812: | updating connection from left.host_addr Oct 31 15:24:35.416816: | left host_port 500 Oct 31 15:24:35.416819: | updating connection from right.host_addr Oct 31 15:24:35.416821: | right host_port 500 Oct 31 15:24:35.416828: | orienting northnet-eastnets/0x1 Oct 31 15:24:35.416834: | northnet-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:35.416839: | northnet-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:35.416842: | northnet-eastnets/0x1 doesn't match 192.0.3.254:4500 at all Oct 31 15:24:35.416846: | northnet-eastnets/0x1 doesn't match 192.0.3.254:500 at all Oct 31 15:24:35.416850: | northnet-eastnets/0x1 doesn't match 192.1.3.33:4500 at all Oct 31 15:24:35.416853: | oriented northnet-eastnets/0x1's this Oct 31 15:24:35.416859: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Oct 31 15:24:35.416866: | newref hp@0x5587b7412088(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:35.416869: added IKEv2 connection "northnet-eastnets/0x1" Oct 31 15:24:35.417081: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:35.417117: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Oct 31 15:24:35.417128: | delref logger@0x5587b73fdd88(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:35.417132: | delref fd@0x5587b740a5c8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:35.417134: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.417141: | delref fd@0x5587b740a5c8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.417152: | freeref fd-fd@0x5587b740a5c8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.417158: | spent 5.6 (5.83) milliseconds in whack Oct 31 15:24:35.417363: | newref struct fd@0x5587b74157d8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.417372: | fd_accept: new fd-fd@0x5587b74157d8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.417384: | whack: delete 'northnet-eastnets/0x2' Oct 31 15:24:35.417388: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:35.417391: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:35.417394: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:35.417396: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:35.417399: | whack: connection 'northnet-eastnets/0x2' Oct 31 15:24:35.417403: | addref fd@0x5587b74157d8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:35.417407: | newref string logger@0x5587b740a6f8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:35.417410: | Connection DB: adding connection "northnet-eastnets/0x2" $2 Oct 31 15:24:35.417416: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:35.417424: | added new connection northnet-eastnets/0x2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:35.417550: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:35.417555: | from whack: got --esp= Oct 31 15:24:35.417606: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:35.417744: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:35.417752: | loading left certificate 'north' pubkey Oct 31 15:24:35.417811: | newref struct pubkey@0x5587b741d268(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.417819: | delref pkp@0x5587b7413908(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.417834: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b741d1b8 Oct 31 15:24:35.417838: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b741d208 Oct 31 15:24:35.417841: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b741d5f8 Oct 31 15:24:35.417894: | newref struct pubkey@0x5587b741d748(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.417901: | delref pkp@0x5587b740e378(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.417952: | newref struct pubkey@0x5587b741d908(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.417959: | delref pkp@0x5587b740e618(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418009: | newref struct pubkey@0x5587b741e388(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.418016: | delref pkp@0x5587b741d268(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418021: | preload cert/secret for connection: north Oct 31 15:24:35.418071: | trying secret PKK_RSA:AwEAAcIgy Oct 31 15:24:35.418076: | matched Oct 31 15:24:35.418078: | secrets entry for certificate already exists: north Oct 31 15:24:35.418090: | spent 0.063 (0.0629) milliseconds in preload_private_key_by_cert() loading private key north Oct 31 15:24:35.418101: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Oct 31 15:24:35.418208: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Oct 31 15:24:35.418217: | loading right certificate 'east' pubkey Oct 31 15:24:35.418267: | newref struct pubkey@0x5587b741dca8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.418274: | delref pkp@0x5587b741c3d8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418287: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b741d548 Oct 31 15:24:35.418291: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b741d208 Oct 31 15:24:35.418293: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b7413c48 Oct 31 15:24:35.418296: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b741c3d8 Oct 31 15:24:35.418298: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5587b741c428 Oct 31 15:24:35.418351: | newref struct pubkey@0x5587b741e038(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.418357: | delref pkp@0x5587b7415ad8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418410: | newref struct pubkey@0x5587b741e148(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.418416: | delref pkp@0x5587b741b638(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418467: | newref struct pubkey@0x5587b741b638(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.418475: | delref pkp@0x5587b741b9d8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418524: | newref struct pubkey@0x5587b741b9d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.418530: | delref pkp@0x5587b741afa8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418578: | newref struct pubkey@0x5587b741afa8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.418585: | delref pkp@0x5587b741dca8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.418590: | preload cert/secret for connection: east Oct 31 15:24:35.418637: | trying secret PKK_RSA:AwEAAcIgy Oct 31 15:24:35.418642: | adding RSA secret for certificate: east Oct 31 15:24:35.418723: | spent 0.126 (0.126) milliseconds in preload_private_key_by_cert() loading private key east Oct 31 15:24:35.418727: | no private key matching right certificate east: NSS: cert private key not found Oct 31 15:24:35.418736: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Oct 31 15:24:35.418740: | updating connection from left.host_addr Oct 31 15:24:35.418742: | left host_port 500 Oct 31 15:24:35.418744: | updating connection from right.host_addr Oct 31 15:24:35.418746: | right host_port 500 Oct 31 15:24:35.418749: | orienting northnet-eastnets/0x2 Oct 31 15:24:35.418754: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:35.418758: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:35.418761: | northnet-eastnets/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:24:35.418764: | northnet-eastnets/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:24:35.418767: | northnet-eastnets/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:24:35.418769: | oriented northnet-eastnets/0x2's this Oct 31 15:24:35.418774: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Oct 31 15:24:35.418778: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x5587b7412088: northnet-eastnets/0x1 Oct 31 15:24:35.418780: added IKEv2 connection "northnet-eastnets/0x2" Oct 31 15:24:35.418795: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:35.418957: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Oct 31 15:24:35.418964: | delref logger@0x5587b740a6f8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:35.418968: | delref fd@0x5587b74157d8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:35.418971: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.418976: | delref fd@0x5587b74157d8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.418986: | freeref fd-fd@0x5587b74157d8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.418992: | spent 1.47 (1.64) milliseconds in whack Oct 31 15:24:35.430195: | newref struct fd@0x5587b741d548(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.430235: | fd_accept: new fd-fd@0x5587b741d548 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.430252: | whack: initiate Oct 31 15:24:35.430256: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:35.430260: initiating all conns with alias='northnet-eastnets' Oct 31 15:24:35.430267: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:35.430275: | connection 'northnet-eastnets/0x2' +POLICY_UP Oct 31 15:24:35.430280: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:35.430303: | newref alloc logger@0x5587b73fdd88(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.430308: | addref fd@0x5587b741d548(1->2) (in new_state() at state.c:577) Oct 31 15:24:35.430312: | creating state object #1 at 0x5587b741e498 Oct 31 15:24:35.430315: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:35.430327: | pstats #1 ikev2.ike started Oct 31 15:24:35.430331: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:35.430340: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:35.430350: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744549.863139 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744549.863139 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:35.430355: | orienting northnet-eastnets/0x2 Oct 31 15:24:35.430361: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:35.430366: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:35.430369: | northnet-eastnets/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:24:35.430373: | northnet-eastnets/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:24:35.430376: | northnet-eastnets/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:24:35.430379: | oriented northnet-eastnets/0x2's this Oct 31 15:24:35.430388: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:35.430393: | addref fd@0x5587b741d548(2->3) (in add_pending() at pending.c:86) Oct 31 15:24:35.430398: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "northnet-eastnets/0x2" Oct 31 15:24:35.430401: "northnet-eastnets/0x2" #1: initiating IKEv2 connection Oct 31 15:24:35.430407: | constructing local IKE proposals for northnet-eastnets/0x2 (IKE SA initiator selecting KE) Oct 31 15:24:35.430418: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.430432: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430436: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.430451: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430458: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.430464: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430467: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:35.430473: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430475: "northnet-eastnets/0x2": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:24:35.430480: "northnet-eastnets/0x2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430485: "northnet-eastnets/0x2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430490: "northnet-eastnets/0x2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430495: "northnet-eastnets/0x2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.430501: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.430504: | addref fd@0x5587b741d548(3->4) (in clone_logger() at log.c:810) Oct 31 15:24:35.430507: | newref clone logger@0x5587b73fda08(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.430510: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:35.430513: | state #1 has no .st_event to delete Oct 31 15:24:35.430515: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:35.430518: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b7413c48 Oct 31 15:24:35.430522: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.430526: | libevent_malloc: newref ptr-libevent@0x5587b7415728 size 128 Oct 31 15:24:35.430544: | #1 spent 0.267 (0.267) milliseconds in ikev2_parent_outI1() Oct 31 15:24:35.430550: | RESET processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:35.430551: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:35.430554: | connection 'northnet-eastnets/0x1' +POLICY_UP Oct 31 15:24:35.430634: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:35.430645: | addref fd@0x5587b741d548(4->5) (in add_pending() at pending.c:86) Oct 31 15:24:35.430651: "northnet-eastnets/0x1": queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "northnet-eastnets/0x2" Oct 31 15:24:35.430663: | delref fd@0x5587b741d548(5->4) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.430670: | spent 0.403 (0.487) milliseconds in whack Oct 31 15:24:35.432334: | "northnet-eastnets/0x2" #1: spent 1.77 (1.78) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:24:35.432352: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:35.432357: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.432362: | libevent_malloc: newref ptr-libevent@0x7f43b4006108 size 128 Oct 31 15:24:35.432374: | helper thread 1 has nothing to do Oct 31 15:24:35.432419: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.432432: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.432442: | unsuspending #1 MD (nil) Oct 31 15:24:35.432445: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:35.432448: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x5587b63bffe7 Oct 31 15:24:35.432451: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:24:35.432455: | DH secret MODP2048@0x7f43b4006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:35.432485: | opening output PBS reply packet Oct 31 15:24:35.432490: | **emit ISAKMP Message: Oct 31 15:24:35.432494: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.432499: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:35.432502: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.432505: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.432508: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:35.432512: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.432517: | Message ID: 0 (00 00 00 00) Oct 31 15:24:35.432522: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.432542: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.432546: | Emitting ikev2_proposals ... Oct 31 15:24:35.432550: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:35.432553: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.432556: | flags: none (0x0) Oct 31 15:24:35.432559: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.432562: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.432569: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.432576: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.432581: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.432584: | prop #: 1 (01) Oct 31 15:24:35.432587: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.432590: | spi size: 0 (00) Oct 31 15:24:35.432593: | # transforms: 11 (0b) Oct 31 15:24:35.432596: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.432600: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432602: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432605: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.432607: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.432610: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432614: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.432617: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.432621: | length/value: 256 (01 00) Oct 31 15:24:35.432624: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.432627: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432633: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432638: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.432642: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.432645: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432657: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432660: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432663: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432665: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.432668: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.432671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432677: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432680: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.432683: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432689: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432694: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.432698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432704: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432707: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432715: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432718: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.432721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432723: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432727: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432730: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432737: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.432740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432746: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432749: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432754: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432757: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.432760: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432763: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432771: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432775: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432777: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432780: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432782: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.432785: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432787: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432790: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432792: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432795: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432797: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432799: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.432802: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432805: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432807: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432809: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432814: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432817: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.432820: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432823: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432825: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432828: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432831: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.432833: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432835: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.432838: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432843: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432846: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:35.432849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.432852: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.432856: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.432862: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.432866: | prop #: 2 (02) Oct 31 15:24:35.432868: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.432871: | spi size: 0 (00) Oct 31 15:24:35.432874: | # transforms: 11 (0b) Oct 31 15:24:35.432877: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.432882: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.432886: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432888: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432891: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.432893: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.432896: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432899: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.432902: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.432906: | length/value: 128 (00 80) Oct 31 15:24:35.432909: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.432914: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432921: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.432923: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.432926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432929: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432932: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432936: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432941: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.432944: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.432946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432949: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432952: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432955: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.432958: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432960: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432963: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432965: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.432968: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432970: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432973: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432977: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432979: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.432984: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.432987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.432989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.432992: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.432994: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.432997: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433007: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.433010: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433016: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433019: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433021: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433024: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433026: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.433029: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433032: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433035: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433037: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433043: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433046: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.433049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433055: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433058: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433065: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433069: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.433071: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433074: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433076: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433079: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433084: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433087: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.433090: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433095: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433098: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433100: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.433103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433105: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.433109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433114: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433117: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433119: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:35.433125: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.433130: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.433133: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.433136: | prop #: 3 (03) Oct 31 15:24:35.433139: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.433143: | spi size: 0 (00) Oct 31 15:24:35.433146: | # transforms: 13 (0d) Oct 31 15:24:35.433149: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.433152: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.433155: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433157: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433160: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.433162: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.433165: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433167: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.433170: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.433174: | length/value: 256 (01 00) Oct 31 15:24:35.433177: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.433179: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433185: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.433187: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.433190: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433195: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433203: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433211: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433214: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.433217: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.433220: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433222: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433225: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433228: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433233: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.433235: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.433238: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433240: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433245: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433248: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433250: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433252: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.433255: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.433258: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433263: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433266: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433269: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433271: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433274: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.433276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433279: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433282: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433285: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433287: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433290: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433292: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.433295: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433297: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433300: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433302: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433307: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433309: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.433312: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433317: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433321: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433324: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433393: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433399: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433402: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.433405: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433407: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433410: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433413: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433418: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433423: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.433427: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433430: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433433: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433436: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433445: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433448: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.433451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433454: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433457: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433460: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433467: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.433470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433473: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433476: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433479: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433482: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.433485: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433487: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.433490: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433493: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433496: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433499: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:35.433501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.433506: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.433509: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.433512: | prop #: 4 (04) Oct 31 15:24:35.433515: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.433518: | spi size: 0 (00) Oct 31 15:24:35.433521: | # transforms: 13 (0d) Oct 31 15:24:35.433524: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.433528: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.433532: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433534: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433537: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.433539: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.433542: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433547: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.433684: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.433690: | length/value: 128 (00 80) Oct 31 15:24:35.433694: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.433697: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433703: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.433705: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.433708: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433711: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433714: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433717: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433723: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.433726: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:35.433731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433735: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433739: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433742: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433745: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433750: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.433753: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.433756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433759: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433762: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433765: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433767: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433770: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.433773: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.433775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433778: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433781: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433784: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433787: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433789: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433792: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.433795: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433798: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433805: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433811: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433814: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433816: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433819: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:35.433822: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433828: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433830: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433836: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433838: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:35.433841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433847: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433850: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433853: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433855: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433857: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:35.433860: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433863: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433865: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433868: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433870: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433876: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:35.433878: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433881: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433884: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433886: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433889: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433891: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433893: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:35.433899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433902: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433905: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433907: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433910: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433913: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433915: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:35.433920: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433923: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433926: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433929: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.433931: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.433934: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.433937: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:35.433940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.433943: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.433946: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.433949: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:35.433954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.433958: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:24:35.433961: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.433964: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:35.433967: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.433969: | flags: none (0x0) Oct 31 15:24:35.433972: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.433975: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:35.433978: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.433982: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:35.433984: | ikev2 g^x: Oct 31 15:24:35.433987: | 25 ff 75 db 61 4e ae 2c 77 13 f9 ad 47 2b 72 b8 Oct 31 15:24:35.433989: | 37 c6 a3 61 d8 1d 4a 84 3f 43 f5 ec 7d 4f 4d 02 Oct 31 15:24:35.433992: | 0a ed 20 89 bc df 9c 05 96 a6 7d a4 45 84 0a 94 Oct 31 15:24:35.433995: | 2b 50 b0 09 84 1b 67 3d 55 e3 d8 8c 7a aa f1 04 Oct 31 15:24:35.433997: | 10 f5 a6 d6 5d 5d 74 7c c2 91 50 b2 34 f2 aa 77 Oct 31 15:24:35.433999: | cc 91 fe 8b 35 b5 be 75 60 4f 7a 1c 24 d1 c3 c4 Oct 31 15:24:35.434002: | 7e 5f 5a a9 5e 58 1b 3c a7 72 c5 35 c4 a8 c2 a6 Oct 31 15:24:35.434004: | a1 72 95 ff 5d 96 de 3a 9f 1a 8b aa 13 dc c8 b8 Oct 31 15:24:35.434006: | 30 c7 4e c3 fb e5 0b 86 86 60 59 ce b1 2c 13 b1 Oct 31 15:24:35.434009: | 16 68 09 f2 f1 06 6e 9e 34 fe a5 13 12 a4 01 6c Oct 31 15:24:35.434011: | 44 3a 24 6e 3f 90 22 6d 86 0a 02 42 71 4e 04 a8 Oct 31 15:24:35.434014: | e8 c1 2f e2 e9 75 47 d3 c3 87 9a d5 2f 82 ba ca Oct 31 15:24:35.434017: | 3f c1 16 40 5b fe e4 27 7a ae aa f7 12 ab fb fd Oct 31 15:24:35.434019: | 23 4d 2c fa c6 88 91 3d 2b a2 c3 4e 94 9b 09 5a Oct 31 15:24:35.434021: | 9e e6 89 b5 84 e2 c8 cd 09 5a 40 af 40 a2 22 d0 Oct 31 15:24:35.434024: | 21 1a 74 45 64 d3 13 57 88 09 89 b9 38 3a a5 21 Oct 31 15:24:35.434027: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:35.434030: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:35.434033: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.434035: | flags: none (0x0) Oct 31 15:24:35.434038: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.434045: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.434049: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:35.434052: | IKEv2 nonce: Oct 31 15:24:35.434055: | e4 60 c0 0c 31 2e 40 f5 80 2c c0 96 0a f2 66 d1 Oct 31 15:24:35.434057: | 2f a8 db 4d 46 75 da f2 a6 0e 53 39 0c 2d 9a 05 Oct 31 15:24:35.434060: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:35.434063: | adding a v2N Payload Oct 31 15:24:35.434065: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.434068: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.434071: | flags: none (0x0) Oct 31 15:24:35.434074: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.434077: | SPI size: 0 (00) Oct 31 15:24:35.434080: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:35.434083: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.434086: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.434089: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:35.434093: | adding a v2N Payload Oct 31 15:24:35.434097: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.434101: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.434106: | flags: none (0x0) Oct 31 15:24:35.434110: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.434113: | SPI size: 0 (00) Oct 31 15:24:35.434116: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:35.434119: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.434122: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.434125: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:35.434128: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:35.434132: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:35.434135: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:35.434137: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:35.434140: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:35.434143: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:35.434147: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:35.434150: | nat: IKE.SPIr is zero Oct 31 15:24:35.434177: | natd_hash: hasher=0x5587b64b1f80(20) Oct 31 15:24:35.434183: | natd_hash: icookie= Oct 31 15:24:35.434186: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.434188: | natd_hash: rcookie= Oct 31 15:24:35.434191: | 00 00 00 00 00 00 00 00 Oct 31 15:24:35.434193: | natd_hash: ip= Oct 31 15:24:35.434195: | c0 01 03 21 Oct 31 15:24:35.434202: | natd_hash: port= Oct 31 15:24:35.434209: | 01 f4 Oct 31 15:24:35.434212: | natd_hash: hash= Oct 31 15:24:35.434214: | 2b 74 12 c2 e9 f2 aa 87 ea 35 d2 e0 41 b9 39 23 Oct 31 15:24:35.434216: | d4 32 6e 1b Oct 31 15:24:35.434219: | adding a v2N Payload Oct 31 15:24:35.434221: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.434224: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.434227: | flags: none (0x0) Oct 31 15:24:35.434230: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.434233: | SPI size: 0 (00) Oct 31 15:24:35.434236: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:35.434239: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.434241: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.434246: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:35.434249: | Notify data: Oct 31 15:24:35.434251: | 2b 74 12 c2 e9 f2 aa 87 ea 35 d2 e0 41 b9 39 23 Oct 31 15:24:35.434253: | d4 32 6e 1b Oct 31 15:24:35.434256: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:35.434259: | nat: IKE.SPIr is zero Oct 31 15:24:35.434270: | natd_hash: hasher=0x5587b64b1f80(20) Oct 31 15:24:35.434273: | natd_hash: icookie= Oct 31 15:24:35.434276: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.434278: | natd_hash: rcookie= Oct 31 15:24:35.434280: | 00 00 00 00 00 00 00 00 Oct 31 15:24:35.434283: | natd_hash: ip= Oct 31 15:24:35.434285: | c0 01 02 17 Oct 31 15:24:35.434288: | natd_hash: port= Oct 31 15:24:35.434290: | 01 f4 Oct 31 15:24:35.434293: | natd_hash: hash= Oct 31 15:24:35.434295: | 18 52 32 2c fe f5 4a cb 6d 9a e3 69 60 e2 4b 1f Oct 31 15:24:35.434297: | 8f 4a ae f6 Oct 31 15:24:35.434299: | adding a v2N Payload Oct 31 15:24:35.434302: | ***emit IKEv2 Notify Payload: Oct 31 15:24:35.434304: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.434307: | flags: none (0x0) Oct 31 15:24:35.434309: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.434312: | SPI size: 0 (00) Oct 31 15:24:35.434315: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:35.434318: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:35.434321: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.434324: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:35.434326: | Notify data: Oct 31 15:24:35.434328: | 18 52 32 2c fe f5 4a cb 6d 9a e3 69 60 e2 4b 1f Oct 31 15:24:35.434331: | 8f 4a ae f6 Oct 31 15:24:35.434333: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:35.434335: | emitting length of ISAKMP Message: 842 Oct 31 15:24:35.434345: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.434350: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:35.434353: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:35.434358: | Message ID: updating counters for #1 Oct 31 15:24:35.434362: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:35.436253: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.863139 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:35.436265: "northnet-eastnets/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:35.436281: | event_schedule: newref EVENT_RETRANSMIT-pe@0x5587b741cd48 Oct 31 15:24:35.436285: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Oct 31 15:24:35.436290: | libevent_malloc: newref ptr-libevent@0x5587b7415ad8 size 128 Oct 31 15:24:35.436297: | #1 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744549.869074 Oct 31 15:24:35.436305: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.863139 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:35.436312: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.863139 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:35.436317: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:35.436323: | announcing the state transition Oct 31 15:24:35.436328: "northnet-eastnets/0x2" #1: sent IKE_SA_INIT request Oct 31 15:24:35.436346: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.436349: | fb 8d aa 53 8c db 80 3b 00 00 00 00 00 00 00 00 Oct 31 15:24:35.436352: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:35.436355: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:35.436357: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:35.436360: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:35.436362: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:35.436365: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:35.436367: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:35.436370: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:35.436372: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:35.436375: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:35.436377: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:35.436380: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:35.436382: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:35.436385: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:35.436387: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:35.436390: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:35.436392: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:35.436395: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:35.436397: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:35.436400: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:35.436402: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:35.436404: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:35.436407: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:35.436409: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:35.436412: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:35.436414: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:35.436417: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:35.436419: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:35.436422: | 28 00 01 08 00 0e 00 00 25 ff 75 db 61 4e ae 2c Oct 31 15:24:35.436424: | 77 13 f9 ad 47 2b 72 b8 37 c6 a3 61 d8 1d 4a 84 Oct 31 15:24:35.436427: | 3f 43 f5 ec 7d 4f 4d 02 0a ed 20 89 bc df 9c 05 Oct 31 15:24:35.436429: | 96 a6 7d a4 45 84 0a 94 2b 50 b0 09 84 1b 67 3d Oct 31 15:24:35.436594: | 55 e3 d8 8c 7a aa f1 04 10 f5 a6 d6 5d 5d 74 7c Oct 31 15:24:35.436599: | c2 91 50 b2 34 f2 aa 77 cc 91 fe 8b 35 b5 be 75 Oct 31 15:24:35.436601: | 60 4f 7a 1c 24 d1 c3 c4 7e 5f 5a a9 5e 58 1b 3c Oct 31 15:24:35.436604: | a7 72 c5 35 c4 a8 c2 a6 a1 72 95 ff 5d 96 de 3a Oct 31 15:24:35.436607: | 9f 1a 8b aa 13 dc c8 b8 30 c7 4e c3 fb e5 0b 86 Oct 31 15:24:35.436609: | 86 60 59 ce b1 2c 13 b1 16 68 09 f2 f1 06 6e 9e Oct 31 15:24:35.436612: | 34 fe a5 13 12 a4 01 6c 44 3a 24 6e 3f 90 22 6d Oct 31 15:24:35.436615: | 86 0a 02 42 71 4e 04 a8 e8 c1 2f e2 e9 75 47 d3 Oct 31 15:24:35.436617: | c3 87 9a d5 2f 82 ba ca 3f c1 16 40 5b fe e4 27 Oct 31 15:24:35.436620: | 7a ae aa f7 12 ab fb fd 23 4d 2c fa c6 88 91 3d Oct 31 15:24:35.436623: | 2b a2 c3 4e 94 9b 09 5a 9e e6 89 b5 84 e2 c8 cd Oct 31 15:24:35.436625: | 09 5a 40 af 40 a2 22 d0 21 1a 74 45 64 d3 13 57 Oct 31 15:24:35.436628: | 88 09 89 b9 38 3a a5 21 29 00 00 24 e4 60 c0 0c Oct 31 15:24:35.436631: | 31 2e 40 f5 80 2c c0 96 0a f2 66 d1 2f a8 db 4d Oct 31 15:24:35.436633: | 46 75 da f2 a6 0e 53 39 0c 2d 9a 05 29 00 00 08 Oct 31 15:24:35.436636: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:35.436641: | 00 04 29 00 00 1c 00 00 40 04 2b 74 12 c2 e9 f2 Oct 31 15:24:35.436644: | aa 87 ea 35 d2 e0 41 b9 39 23 d4 32 6e 1b 00 00 Oct 31 15:24:35.436652: | 00 1c 00 00 40 05 18 52 32 2c fe f5 4a cb 6d 9a Oct 31 15:24:35.436655: | e3 69 60 e2 4b 1f 8f 4a ae f6 Oct 31 15:24:35.436952: | sent 1 messages Oct 31 15:24:35.436959: | checking that a retransmit timeout_event was already Oct 31 15:24:35.436963: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.436968: | libevent_free: delref ptr-libevent@0x5587b7415728 Oct 31 15:24:35.436973: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b7413c48 Oct 31 15:24:35.436979: | delref logger@0x5587b73fda08(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.436983: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.436986: | delref fd@0x5587b741d548(4->3) (in free_logger() at log.c:854) Oct 31 15:24:35.436990: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:35.436994: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:35.437003: | #1 spent 2.08 (4.56) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.437010: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.437013: | libevent_free: delref ptr-libevent@0x7f43b4006108 Oct 31 15:24:35.444347: | spent 0.00763 (0.0625) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.444370: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.444375: | newref alloc logger@0x5587b740a6f8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.444382: | *received 471 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:35.444385: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.444388: | 21 20 22 20 00 00 00 00 00 00 01 d7 22 00 00 28 Oct 31 15:24:35.444390: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:35.444392: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:35.444394: | 04 00 00 0e 28 00 01 08 00 0e 00 00 33 4c 92 54 Oct 31 15:24:35.444397: | 18 f4 e6 5a a7 55 e5 ed 65 da 5d dd 07 05 89 8c Oct 31 15:24:35.444399: | 18 0d 79 9e cf 6a f3 7d 8e b7 df 6a 23 4d d6 e7 Oct 31 15:24:35.444401: | 5b 93 a3 c1 ae 38 db 98 07 4e d1 55 63 a0 06 a9 Oct 31 15:24:35.444403: | 00 03 b1 0f 96 40 a6 09 17 bc 25 68 5b cf cd 55 Oct 31 15:24:35.444406: | 9b 59 5a 81 68 18 1b 91 cd 89 ec c8 7b 77 eb 3b Oct 31 15:24:35.444408: | 9a 4f 76 24 9e 90 fd 68 a6 e2 66 ee 04 03 9d c9 Oct 31 15:24:35.444433: | 1b 08 ea 09 ea 22 ac 7b b6 1a 60 e9 54 e6 49 81 Oct 31 15:24:35.444437: | 3b 78 63 19 15 ee 8f 1a 20 4e 01 ff 5e 06 44 13 Oct 31 15:24:35.444439: | b6 a0 28 ad a2 2e b8 19 11 97 a4 09 5f 6b c4 c5 Oct 31 15:24:35.444441: | d8 05 e1 75 09 8a 73 91 46 37 31 d4 84 05 c2 ac Oct 31 15:24:35.444444: | 6b ff 4d e9 6f c3 20 7f d4 27 b6 f4 c1 43 7f 5e Oct 31 15:24:35.444446: | 68 45 bb df 49 f5 c1 8e ea 8b 0b 13 bf 24 6f 23 Oct 31 15:24:35.444448: | fd 8d 07 f4 1e 40 00 fe 6b cd 46 13 0b 67 68 14 Oct 31 15:24:35.444450: | c9 72 ba 8f 12 d8 50 5b df 05 4c 4d a6 cd c8 64 Oct 31 15:24:35.444453: | de 37 3d 59 38 91 4f ae 17 f6 be 28 82 ea 6a 41 Oct 31 15:24:35.444455: | e4 32 38 65 35 52 e3 64 82 99 a5 f7 29 00 00 24 Oct 31 15:24:35.444457: | 83 4d 65 4c 55 4b b2 69 40 a1 fc b1 e2 f1 50 bb Oct 31 15:24:35.444459: | 86 31 05 4c 66 25 aa c8 6b 65 08 21 7e 81 03 2f Oct 31 15:24:35.444462: | 29 00 00 08 00 00 40 2e 29 00 00 0e 00 00 40 2f Oct 31 15:24:35.444464: | 00 02 00 03 00 04 29 00 00 1c 00 00 40 04 60 a0 Oct 31 15:24:35.444466: | c7 d4 7c de b2 2a b8 e3 8e 68 d4 76 0e e7 cd 7c Oct 31 15:24:35.444468: | 70 73 26 00 00 1c 00 00 40 05 5a dc 90 99 63 31 Oct 31 15:24:35.444471: | 98 99 e3 56 22 cf a9 97 be 5d d7 fc 4b f6 00 00 Oct 31 15:24:35.444477: | 00 19 04 de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 Oct 31 15:24:35.444479: | c3 15 48 d1 1f d2 d2 Oct 31 15:24:35.444485: | **parse ISAKMP Message: Oct 31 15:24:35.444490: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.444494: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.444497: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.444500: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.444502: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:35.444505: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.444509: | Message ID: 0 (00 00 00 00) Oct 31 15:24:35.444513: | length: 471 (00 00 01 d7) Oct 31 15:24:35.444516: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:35.444520: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:24:35.444524: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:35.444527: | #1 is idle Oct 31 15:24:35.444530: | #1 idle Oct 31 15:24:35.444532: | unpacking clear payloads Oct 31 15:24:35.444535: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.444538: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:35.444541: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:35.444544: | flags: none (0x0) Oct 31 15:24:35.444547: | length: 40 (00 28) Oct 31 15:24:35.444549: | processing payload: ISAKMP_NEXT_v2SA (len=36) Oct 31 15:24:35.444552: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:35.444555: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:35.444557: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:35.444560: | flags: none (0x0) Oct 31 15:24:35.444563: | length: 264 (01 08) Oct 31 15:24:35.444565: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.444568: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:35.444570: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.444573: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:35.444575: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.444578: | flags: none (0x0) Oct 31 15:24:35.444581: | length: 36 (00 24) Oct 31 15:24:35.444583: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:35.444585: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.444588: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.444591: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.444593: | flags: none (0x0) Oct 31 15:24:35.444596: | length: 8 (00 08) Oct 31 15:24:35.444599: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.444602: | SPI size: 0 (00) Oct 31 15:24:35.444604: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:35.444607: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:35.444610: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.444612: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.444615: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.444617: | flags: none (0x0) Oct 31 15:24:35.444620: | length: 14 (00 0e) Oct 31 15:24:35.444623: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.444626: | SPI size: 0 (00) Oct 31 15:24:35.444628: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:35.444631: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:35.444633: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.444636: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.444639: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:35.444641: | flags: none (0x0) Oct 31 15:24:35.444644: | length: 28 (00 1c) Oct 31 15:24:35.444646: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.444649: | SPI size: 0 (00) Oct 31 15:24:35.444652: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:35.444654: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:35.444658: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:35.444661: | ***parse IKEv2 Notify Payload: Oct 31 15:24:35.444663: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Oct 31 15:24:35.444666: | flags: none (0x0) Oct 31 15:24:35.444669: | length: 28 (00 1c) Oct 31 15:24:35.444671: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:35.444674: | SPI size: 0 (00) Oct 31 15:24:35.444676: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:35.444679: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:35.444681: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Oct 31 15:24:35.444684: | ***parse IKEv2 Certificate Request Payload: Oct 31 15:24:35.444687: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.444689: | flags: none (0x0) Oct 31 15:24:35.444692: | length: 25 (00 19) Oct 31 15:24:35.444695: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.444697: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=20) Oct 31 15:24:35.444700: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:24:35.444702: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:24:35.444705: | message has errors Oct 31 15:24:35.444707: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:24:35.444710: | message has errors Oct 31 15:24:35.444712: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:24:35.444714: | message has errors Oct 31 15:24:35.444717: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:35.444719: | matched unencrypted message Oct 31 15:24:35.444727: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:24:35.444730: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:35.444734: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.444736: | hash algorithm identifier (network ordered) Oct 31 15:24:35.444739: | 00 02 Oct 31 15:24:35.444741: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:35.444744: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.444746: | hash algorithm identifier (network ordered) Oct 31 15:24:35.444748: | 00 03 Oct 31 15:24:35.444751: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:35.444753: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:35.444794: | hash algorithm identifier (network ordered) Oct 31 15:24:35.444797: | 00 04 Oct 31 15:24:35.444799: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:35.444801: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:24:35.444821: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:35.444825: | comparing remote proposals against IKE initiator (accepting) 4 local proposals Oct 31 15:24:35.444829: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.444831: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:35.444838: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.444840: | local proposal 1 type DH has 8 transforms Oct 31 15:24:35.444843: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:35.444846: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:35.444849: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.444851: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:35.444854: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.444856: | local proposal 2 type DH has 8 transforms Oct 31 15:24:35.444858: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:35.444861: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:35.444864: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.444867: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:35.444869: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.444871: | local proposal 3 type DH has 8 transforms Oct 31 15:24:35.444874: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:35.444877: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:35.444879: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.444882: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:35.444884: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.444886: | local proposal 4 type DH has 8 transforms Oct 31 15:24:35.444889: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:35.444892: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:35.444895: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.444898: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.444902: | length: 36 (00 24) Oct 31 15:24:35.444904: | prop #: 1 (01) Oct 31 15:24:35.444907: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:35.444910: | spi size: 0 (00) Oct 31 15:24:35.444913: | # transforms: 3 (03) Oct 31 15:24:35.444917: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:35.444920: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.444923: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.444926: | length: 12 (00 0c) Oct 31 15:24:35.444928: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.444931: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.444934: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.444937: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.444940: | length/value: 256 (01 00) Oct 31 15:24:35.444945: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.444948: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.444950: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.444953: | length: 8 (00 08) Oct 31 15:24:35.444956: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:35.444958: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:35.444961: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:35.444964: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.444967: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.444970: | length: 8 (00 08) Oct 31 15:24:35.444972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.444974: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.444978: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:35.444982: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:35.444986: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:35.444989: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.444994: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Oct 31 15:24:35.444997: | converting proposal to internal trans attrs Oct 31 15:24:35.445019: | natd_hash: hasher=0x5587b64b1f80(20) Oct 31 15:24:35.445022: | natd_hash: icookie= Oct 31 15:24:35.445025: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.445027: | natd_hash: rcookie= Oct 31 15:24:35.445030: | 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.445032: | natd_hash: ip= Oct 31 15:24:35.445034: | c0 01 03 21 Oct 31 15:24:35.445037: | natd_hash: port= Oct 31 15:24:35.445039: | 01 f4 Oct 31 15:24:35.445041: | natd_hash: hash= Oct 31 15:24:35.445043: | 5a dc 90 99 63 31 98 99 e3 56 22 cf a9 97 be 5d Oct 31 15:24:35.445046: | d7 fc 4b f6 Oct 31 15:24:35.445053: | natd_hash: hasher=0x5587b64b1f80(20) Oct 31 15:24:35.445056: | natd_hash: icookie= Oct 31 15:24:35.445058: | fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.445060: | natd_hash: rcookie= Oct 31 15:24:35.445063: | 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.445065: | natd_hash: ip= Oct 31 15:24:35.445067: | c0 01 02 17 Oct 31 15:24:35.445070: | natd_hash: port= Oct 31 15:24:35.445072: | 01 f4 Oct 31 15:24:35.445087: | natd_hash: hash= Oct 31 15:24:35.445104: | 60 a0 c7 d4 7c de b2 2a b8 e3 8e 68 d4 76 0e e7 Oct 31 15:24:35.445107: | cd 7c 70 73 Oct 31 15:24:35.445110: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:35.445112: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:35.445115: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:35.445118: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Oct 31 15:24:35.445125: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:35.445130: | DH secret MODP2048@0x7f43b4006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:35.445135: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.445138: | addref fd@0x5587b741d548(3->4) (in clone_logger() at log.c:810) Oct 31 15:24:35.445141: | newref clone logger@0x5587b74158b8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.445144: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:35.445147: | state #1 has no .st_event to delete Oct 31 15:24:35.445150: | #1 requesting EVENT_RETRANSMIT-pe@0x5587b741cd48 be deleted Oct 31 15:24:35.445155: | libevent_free: delref ptr-libevent@0x5587b7415ad8 Oct 31 15:24:35.445158: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x5587b741cd48 Oct 31 15:24:35.445161: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:35.445164: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b73fda08 Oct 31 15:24:35.445167: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.445170: | libevent_malloc: newref ptr-libevent@0x5587b7415728 size 128 Oct 31 15:24:35.445207: | #1 spent 0.406 (0.47) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:24:35.445216: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 2 starting job Oct 31 15:24:35.445888: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:35.446023: | "northnet-eastnets/0x2" #1: spent 0.808 (0.808) milliseconds in helper 2 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:24:35.446028: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 2 sending result back to state Oct 31 15:24:35.446031: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.446033: | libevent_malloc: newref ptr-libevent@0x7f43ac00cc18 size 128 Oct 31 15:24:35.446038: | helper thread 2 has nothing to do Oct 31 15:24:35.445217: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.446052: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:35.446060: | suspending state #1 and saving MD 0x5587b7420158 Oct 31 15:24:35.446064: | addref md@0x5587b7420158(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.446067: | #1 is busy; has suspended MD 0x5587b7420158 Oct 31 15:24:35.446073: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:24:35.446081: | #1 spent 0.845 (1.8) milliseconds in ikev2_process_packet() Oct 31 15:24:35.446085: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.446088: | delref mdp@0x5587b7420158(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.446093: | spent 0.858 (1.82) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.446102: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.446110: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.446116: | unsuspending #1 MD 0x5587b7420158 Oct 31 15:24:35.446119: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 2 Oct 31 15:24:35.446122: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x5587b63bffe7 Oct 31 15:24:35.446125: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:24:35.446129: | DH secret MODP2048@0x7f43b4006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:35.446133: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:24:35.446161: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:35.446192: | get_connection_private_key() using certificate north to find private key for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind RSA Oct 31 15:24:35.446311: | trying secret PKK_RSA:AwEAAcIgy Oct 31 15:24:35.446320: | matched Oct 31 15:24:35.446323: | secrets entry for certificate already exists: north Oct 31 15:24:35.446327: | connection northnet-eastnets/0x2's RSA private key found in NSS DB using cert Oct 31 15:24:35.446333: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.446336: | addref fd@0x5587b741d548(4->5) (in clone_logger() at log.c:810) Oct 31 15:24:35.446340: | newref clone logger@0x5587b7413c48(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.446343: | job 3 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:35.446347: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.446351: | libevent_free: delref ptr-libevent@0x5587b7415728 Oct 31 15:24:35.446354: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b73fda08 Oct 31 15:24:35.446358: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:35.446361: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b7415728 Oct 31 15:24:35.446363: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:35.446365: | libevent_malloc: newref ptr-libevent@0x5587b740bb08 size 128 Oct 31 15:24:35.446376: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.446382: | job 3 for #1: computing responder signature (signature): helper 3 starting job Oct 31 15:24:35.446389: | hash to sign Oct 31 15:24:35.446383: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:35.446396: | b8 43 f8 12 31 a1 c8 b7 38 6a ba 85 ab c1 b5 f8 Oct 31 15:24:35.446401: | suspending state #1 and saving MD 0x5587b7420158 Oct 31 15:24:35.446406: | 8f 10 e7 00 53 86 52 46 99 00 b0 c8 b7 94 7f 77 Oct 31 15:24:35.446415: | 95 92 ee 59 72 32 ee 30 61 ca c8 6d 2f 34 89 ee Oct 31 15:24:35.446418: | 4b c4 dc ef 56 c0 f2 15 89 84 1e b4 9b 36 d2 76 Oct 31 15:24:35.446412: | addref md@0x5587b7420158(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.446426: | RSA_sign_hash: Started using NSS Oct 31 15:24:35.446431: | #1 is busy; has suspended MD 0x5587b7420158 Oct 31 15:24:35.446440: | delref logger@0x5587b74158b8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.446443: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.446446: | delref fd@0x5587b741d548(5->4) (in free_logger() at log.c:854) Oct 31 15:24:35.446449: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:35.446452: | delref mdp@0x5587b7420158(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:35.446458: | #1 spent 0.297 (0.341) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.446463: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.446466: | libevent_free: delref ptr-libevent@0x7f43ac00cc18 Oct 31 15:24:35.467195: | RSA_sign_hash: Ended using NSS Oct 31 15:24:35.467225: | "northnet-eastnets/0x2" #1: spent 16.3 (20.8) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:35.467231: | "northnet-eastnets/0x2" #1: spent 16.3 (20.8) milliseconds in v2_auth_signature() Oct 31 15:24:35.467237: | "northnet-eastnets/0x2" #1: spent 16.3 (20.9) milliseconds in helper 3 processing job 3 for state #1: computing responder signature (signature) Oct 31 15:24:35.467241: | job 3 for #1: computing responder signature (signature): helper thread 3 sending result back to state Oct 31 15:24:35.467246: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:35.467250: | libevent_malloc: newref ptr-libevent@0x7f43b0000da8 size 128 Oct 31 15:24:35.467276: | processing resume sending helper answer back to state for #1 Oct 31 15:24:35.467286: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.467291: | unsuspending #1 MD 0x5587b7420158 Oct 31 15:24:35.467294: | job 3 for #1: computing responder signature (signature): processing response from helper 3 Oct 31 15:24:35.467298: | job 3 for #1: computing responder signature (signature): calling continuation function 0x5587b62ee77f Oct 31 15:24:35.467307: | newref alloc logger@0x5587b73fda08(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.467312: | addref fd@0x5587b741d548(4->5) (in new_state() at state.c:577) Oct 31 15:24:35.467315: | creating state object #2 at 0x5587b7423968 Oct 31 15:24:35.467318: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:35.467326: | pstats #2 ikev2.child started Oct 31 15:24:35.467329: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Oct 31 15:24:35.467336: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:35.467347: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.863139 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:35.467351: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:24:35.467355: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:35.467362: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.863139 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:24:35.467368: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.863139 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:24:35.467378: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:24:35.467382: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.467385: | libevent_free: delref ptr-libevent@0x5587b740bb08 Oct 31 15:24:35.467389: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b7415728 Oct 31 15:24:35.467392: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:35.467396: | event_schedule: newref EVENT_SA_REPLACE-pe@0x5587b74158b8 Oct 31 15:24:35.467399: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1 Oct 31 15:24:35.467402: | libevent_malloc: newref ptr-libevent@0x7f43ac00cc18 size 128 Oct 31 15:24:35.467406: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:24:35.467413: | opening output PBS reply packet Oct 31 15:24:35.467416: | **emit ISAKMP Message: Oct 31 15:24:35.467421: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.467426: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.467429: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.467432: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.467434: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.467437: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.467442: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.467445: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.467449: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:35.467452: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.467455: | flags: none (0x0) Oct 31 15:24:35.467458: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:35.467461: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.467465: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:35.467478: | IKEv2 CERT: send a certificate? Oct 31 15:24:35.467480: | IKEv2 CERT: OK to send a certificate (always) Oct 31 15:24:35.467483: | IDr payload will be sent Oct 31 15:24:35.467486: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:24:35.467489: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.467491: | flags: none (0x0) Oct 31 15:24:35.467494: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.467498: | reserved: 00 00 00 Oct 31 15:24:35.467500: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:24:35.467503: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.467506: | emitting 185 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:24:35.467509: | my identity: Oct 31 15:24:35.467511: | 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.467514: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.467516: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.467518: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.467520: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.467523: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.467525: | 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Oct 31 15:24:35.467527: | 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Oct 31 15:24:35.467530: | 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Oct 31 15:24:35.467532: | 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Oct 31 15:24:35.467534: | 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Oct 31 15:24:35.467536: | 65 73 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.467539: | emitting length of IKEv2 Identification - Initiator - Payload: 193 Oct 31 15:24:35.467544: | sending [CERT] of certificate: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.467547: | ****emit IKEv2 Certificate Payload: Oct 31 15:24:35.467549: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.467552: | flags: none (0x0) Oct 31 15:24:35.467554: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.467557: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Certificate Payload (37:ISAKMP_NEXT_v2CERT) Oct 31 15:24:35.467560: | next payload chain: saving location 'IKEv2 Certificate Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.467563: | emitting 1356 raw bytes of CERT into IKEv2 Certificate Payload Oct 31 15:24:35.467565: | CERT: Oct 31 15:24:35.467568: | 30 82 05 48 30 82 04 30 a0 03 02 01 02 02 01 06 Oct 31 15:24:35.467570: | 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Oct 31 15:24:35.467573: | 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Oct 31 15:24:35.467575: | 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Oct 31 15:24:35.467577: | 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Oct 31 15:24:35.467579: | 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Oct 31 15:24:35.467582: | 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Oct 31 15:24:35.467584: | 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Oct 31 15:24:35.467586: | 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Oct 31 15:24:35.467588: | 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Oct 31 15:24:35.467590: | 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Oct 31 15:24:35.467593: | 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Oct 31 15:24:35.467595: | 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Oct 31 15:24:35.467597: | 18 0f 32 30 32 30 31 30 32 32 31 37 33 37 30 38 Oct 31 15:24:35.467600: | 5a 18 0f 32 30 32 33 31 30 32 32 31 37 33 37 30 Oct 31 15:24:35.467602: | 38 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Oct 31 15:24:35.467604: | 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Oct 31 15:24:35.467607: | 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Oct 31 15:24:35.467609: | 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Oct 31 15:24:35.467611: | 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Oct 31 15:24:35.467613: | 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Oct 31 15:24:35.467616: | 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Oct 31 15:24:35.467618: | 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Oct 31 15:24:35.467620: | 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Oct 31 15:24:35.467622: | 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Oct 31 15:24:35.467625: | 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Oct 31 15:24:35.467627: | 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Oct 31 15:24:35.467629: | 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Oct 31 15:24:35.467631: | 01 8f 00 30 82 01 8a 02 82 01 81 00 c2 20 c8 b3 Oct 31 15:24:35.467634: | e7 66 04 be 08 51 b3 99 cf 02 a8 a4 ca ed ba 66 Oct 31 15:24:35.467636: | 23 2a ff ad 99 c3 1a 76 55 23 2d 9d cc 7b a2 31 Oct 31 15:24:35.467638: | 62 e7 6d 60 f6 51 44 f3 13 d6 85 78 76 7e 8f 89 Oct 31 15:24:35.467641: | 2a c5 0a a6 0d 88 ed 0f ac 90 7d cf 05 c8 fc 8e Oct 31 15:24:35.467643: | 4a 61 07 f6 20 40 56 2e f1 33 1c d5 c9 11 b4 21 Oct 31 15:24:35.467646: | 08 93 e4 67 94 17 9d 20 93 76 21 56 ff 70 1d a2 Oct 31 15:24:35.467648: | 72 ef 2a c7 e6 86 0a dc a5 69 9f 69 99 97 ef 81 Oct 31 15:24:35.467650: | a8 34 79 ed 66 78 ba 5c 4f 83 04 5f 24 a2 21 d5 Oct 31 15:24:35.467653: | 3b 05 e2 54 9c d3 bb 52 c9 fe d8 5e 0d 80 d9 d3 Oct 31 15:24:35.467655: | 68 31 37 e6 ed 75 b9 30 e1 14 0b 08 e3 c8 a1 17 Oct 31 15:24:35.467657: | ab c9 7f e4 34 c8 55 49 29 f0 1a 66 4e ab eb b4 Oct 31 15:24:35.467659: | 63 7a 0f a9 69 94 4a 49 bd c2 04 3c 37 5d f0 5c Oct 31 15:24:35.467662: | 64 94 8e c9 a8 2a 41 72 39 78 43 fa 7e 78 7e f5 Oct 31 15:24:35.467664: | b6 93 ab a8 8a 09 27 1b dc 4d a7 d0 69 cb f5 26 Oct 31 15:24:35.467666: | f7 58 08 dc d9 59 76 1f 26 6d d2 f1 80 b5 59 89 Oct 31 15:24:35.467668: | 16 45 c8 99 35 f0 85 b4 b2 76 20 0d ba 22 c4 d1 Oct 31 15:24:35.467670: | 7e 3c ee 79 6b 1a 72 ea 96 0e 65 72 6a bf aa e8 Oct 31 15:24:35.467673: | 3e 83 21 6a 15 13 72 14 44 89 65 75 cc d9 0b ad Oct 31 15:24:35.467675: | 8d a9 02 ad d9 bb 10 65 4d 6c 5c 1a 92 8e d7 df Oct 31 15:24:35.467677: | a5 7b c5 8f 46 71 f8 1d f5 b6 fe 53 42 a1 1c 8e Oct 31 15:24:35.467680: | 83 e2 ea 4a 19 6f 01 11 f3 04 37 31 bc c0 a6 ee Oct 31 15:24:35.467682: | f2 ba d5 01 d2 44 7a eb 25 30 c9 4d 7e 31 89 51 Oct 31 15:24:35.467684: | 19 0d 20 e8 60 cf fa c9 ee 65 2c 75 19 f5 96 00 Oct 31 15:24:35.467686: | 80 36 b8 3b fb 55 fa 68 54 da 51 db 02 03 01 00 Oct 31 15:24:35.467688: | 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Oct 31 15:24:35.467691: | 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Oct 31 15:24:35.467693: | 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Oct 31 15:24:35.467695: | 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Oct 31 15:24:35.467697: | 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Oct 31 15:24:35.467699: | 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Oct 31 15:24:35.467702: | 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Oct 31 15:24:35.467704: | 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Oct 31 15:24:35.467707: | 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Oct 31 15:24:35.467709: | 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.467712: | 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Oct 31 15:24:35.467714: | 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Oct 31 15:24:35.467716: | 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Oct 31 15:24:35.467718: | 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Oct 31 15:24:35.467719: | 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Oct 31 15:24:35.467721: | f7 0d 01 01 0b 05 00 03 82 01 01 00 3d d9 77 ea Oct 31 15:24:35.467723: | b6 b9 f7 5d 14 4d da 1d 3d 93 ae e3 e9 ea a3 98 Oct 31 15:24:35.467725: | d0 8e b6 c7 f3 c8 cf eb 48 3d 3d fa f4 03 99 c0 Oct 31 15:24:35.467727: | c5 00 27 8b 9c c8 ed 58 8f f0 29 cb a6 ef 28 ec Oct 31 15:24:35.467729: | c8 ac 31 2d 4d 28 61 66 53 90 b5 93 f2 a2 7f 81 Oct 31 15:24:35.467732: | dd 79 e2 e1 77 f8 f1 83 16 a2 5b b1 ca cd 38 f0 Oct 31 15:24:35.467734: | c8 78 e4 d6 b0 3d 7b 74 d2 f6 e2 a4 ac ee 53 1b Oct 31 15:24:35.467737: | c8 49 78 99 27 79 65 21 11 2c a0 9a 1a 7f e7 72 Oct 31 15:24:35.467739: | 46 2c 75 93 13 a5 21 72 d4 09 d9 2c f5 33 21 e7 Oct 31 15:24:35.467741: | c1 a1 ca 1f 04 36 f7 21 11 a2 24 13 6c 13 7c aa Oct 31 15:24:35.467744: | 4f 24 16 45 fb 90 e9 a5 50 a7 fa 54 ff 45 4a 11 Oct 31 15:24:35.467746: | c2 73 88 82 e5 24 4f ea fd 1a 2a 3c 6e 61 e7 23 Oct 31 15:24:35.467748: | c9 cf 19 b1 0c 69 ce 53 0a 22 62 43 ed 8c 02 34 Oct 31 15:24:35.467751: | 0c 83 63 07 10 71 ea 70 bd 31 5f d3 d4 f4 9d fa Oct 31 15:24:35.467753: | 6a 95 57 a8 99 03 33 4c 97 8c 91 56 51 6e 87 ac Oct 31 15:24:35.467755: | 21 4c d0 d8 41 fd 18 0f 4d 2e e7 69 5b a3 ba 22 Oct 31 15:24:35.467758: | 9a d2 cf 06 29 34 2e 83 57 6f 55 d4 Oct 31 15:24:35.467761: | emitting length of IKEv2 Certificate Payload: 1361 Oct 31 15:24:35.467763: | IKEv2 CERTREQ: send a cert request? Oct 31 15:24:35.467768: | IKEv2 CERTREQ: OK to send a certificate request Oct 31 15:24:35.467782: | Sending [CERTREQ] of C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org Oct 31 15:24:35.467785: | connection->kind is CK_PERMANENT so send CERTREQ Oct 31 15:24:35.467788: | ****emit IKEv2 Certificate Request Payload: Oct 31 15:24:35.467790: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.467794: | flags: none (0x0) Oct 31 15:24:35.467798: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.467800: | next payload chain: setting previous 'IKEv2 Certificate Payload'.'next payload type' to current IKEv2 Certificate Request Payload (38:ISAKMP_NEXT_v2CERTREQ) Oct 31 15:24:35.467803: | next payload chain: saving location 'IKEv2 Certificate Request Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.468654: | located CA cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA for CERTREQ Oct 31 15:24:35.468682: | emitting 20 raw bytes of CA cert public key hash into IKEv2 Certificate Request Payload Oct 31 15:24:35.468685: | CA cert public key hash: Oct 31 15:24:35.468688: | de 91 76 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 Oct 31 15:24:35.468690: | d1 1f d2 d2 Oct 31 15:24:35.468693: | emitting length of IKEv2 Certificate Request Payload: 25 Oct 31 15:24:35.468698: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:35.468701: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.468704: | flags: none (0x0) Oct 31 15:24:35.468706: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.468709: | reserved: 00 00 00 Oct 31 15:24:35.468713: | next payload chain: setting previous 'IKEv2 Certificate Request Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:35.468715: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.468719: | emitting 183 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:24:35.468777: | their IDr: Oct 31 15:24:35.468782: | 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.468785: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.468788: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.468790: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.468792: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.468794: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.468797: | 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Oct 31 15:24:35.468799: | 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.468801: | 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Oct 31 15:24:35.468804: | 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Oct 31 15:24:35.468806: | 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.468808: | 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.468811: | emitting length of IKEv2 Identification - Responder - Payload: 191 Oct 31 15:24:35.468813: | not sending INITIAL_CONTACT Oct 31 15:24:35.468816: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:35.468819: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.468822: | flags: none (0x0) Oct 31 15:24:35.468825: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:35.468828: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:35.468830: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.468833: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:35.468836: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:35.468838: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:35.468841: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:35.468843: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:35.468845: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:35.468847: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:35.468850: | 03 02 01 40 Oct 31 15:24:35.468853: | emitting 384 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:35.468857: | signature: Oct 31 15:24:35.468860: | 4d da f9 d0 16 d7 b6 48 bb c4 90 c8 21 88 99 28 Oct 31 15:24:35.468862: | 69 43 64 51 75 aa 9b a0 bc 1d 84 8f 09 eb f6 d0 Oct 31 15:24:35.468864: | 91 7c f4 a6 70 63 4f 07 f2 81 f8 68 47 c6 48 6a Oct 31 15:24:35.468867: | 60 8d d0 10 7f 84 6a 07 d5 b1 a5 25 74 84 d9 5c Oct 31 15:24:35.468869: | ee bc ca 95 90 25 b9 21 3d 8e 2f a5 57 35 43 5d Oct 31 15:24:35.468871: | d9 cb 91 b2 96 07 d6 b4 6b d7 4c 84 5d 7c 71 09 Oct 31 15:24:35.468874: | 2d 67 a3 04 47 78 9a b0 c5 6b 8b 7c ef 9c 40 8f Oct 31 15:24:35.468876: | 35 ed 2e 15 7b 41 d8 57 7c 17 54 54 64 50 f8 01 Oct 31 15:24:35.468878: | d5 3b 87 64 35 e1 9a eb c9 82 d9 de 66 28 a6 8a Oct 31 15:24:35.468880: | 91 7c 2f e7 3e 22 f9 dc f0 ae 5a 9f 0a f8 87 f7 Oct 31 15:24:35.468882: | aa bd 1a eb 1e 18 e0 e5 a9 9e 90 06 02 ea d4 68 Oct 31 15:24:35.468884: | 10 82 6d a0 11 14 4f 6e b9 ea a0 10 26 a3 b3 c6 Oct 31 15:24:35.468887: | 1a dc 2c 77 fe 29 13 7a 46 a2 2e 96 1c a6 9f b4 Oct 31 15:24:35.468889: | fa bc 91 c8 94 e3 a4 94 bd 21 8d 7e 16 66 96 7c Oct 31 15:24:35.468891: | a4 42 bf 5d d3 8a 74 e6 d8 dd da 5f 19 85 68 4e Oct 31 15:24:35.468893: | 19 f7 55 59 38 33 05 2a 64 de bd 17 70 9d c6 80 Oct 31 15:24:35.468895: | ed 29 6d 3d 86 04 57 2f 7a 33 f3 48 d2 a8 1b d9 Oct 31 15:24:35.468897: | b1 26 2d 54 4c 7f 76 57 20 16 71 26 2a 24 8d 46 Oct 31 15:24:35.468899: | 8f 52 e2 f2 49 36 a7 9d 44 75 04 13 78 56 f6 16 Oct 31 15:24:35.468901: | 12 f1 5a 05 3e f5 e3 b3 82 4c cd 76 03 c0 0b d4 Oct 31 15:24:35.468903: | 75 57 ea 91 b3 61 f6 f7 81 72 aa d7 52 78 ef e9 Oct 31 15:24:35.468905: | 65 1f 20 8a c0 3f db e7 54 37 ed 4c 42 c5 58 1b Oct 31 15:24:35.468907: | d9 5c 4e 95 0a 8f f8 6c e1 23 0c 03 f2 2c 0a 8f Oct 31 15:24:35.468909: | 0c 03 49 f4 87 b7 09 02 25 8f 58 73 8c 8b 5e 30 Oct 31 15:24:35.468911: | emitting length of IKEv2 Authentication Payload: 460 Oct 31 15:24:35.468914: | getting first pending from state #1 Oct 31 15:24:35.468918: | delref fd@0x5587b741d548(5->4) (in first_pending() at pending.c:318) Oct 31 15:24:35.468921: | addref fd@0x5587b741d548(4->5) (in first_pending() at pending.c:319) Oct 31 15:24:35.468924: | Switching Child connection for #2 to "northnet-eastnets/0x1" from "northnet-eastnets/0x2" Oct 31 15:24:35.468929: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:35.468950: | netlink_get_spi: allocated 0x8c58fba8 for esp.0@192.1.3.33 Oct 31 15:24:35.468954: | constructing ESP/AH proposals with all DH removed for northnet-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:24:35.468964: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:35.468972: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:35.468975: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:35.468979: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:35.468983: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.468987: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.468990: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.468994: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.468998: "northnet-eastnets/0x1": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:24:35.469002: "northnet-eastnets/0x1": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:35.469006: "northnet-eastnets/0x1": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:35.469010: "northnet-eastnets/0x1": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.469014: "northnet-eastnets/0x1": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.469017: | Emitting ikev2_proposals ... Oct 31 15:24:35.469020: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:35.469025: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.469027: | flags: none (0x0) Oct 31 15:24:35.469030: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.469033: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.469037: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.469040: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.469043: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.469046: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.469049: | prop #: 1 (01) Oct 31 15:24:35.469052: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.469055: | spi size: 4 (04) Oct 31 15:24:35.469057: | # transforms: 2 (02) Oct 31 15:24:35.469060: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.469063: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.469066: | our spi: 8c 58 fb a8 Oct 31 15:24:35.469069: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469074: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.469076: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.469078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469081: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.469083: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.469086: | length/value: 256 (01 00) Oct 31 15:24:35.469089: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.469092: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.469094: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.469096: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469099: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.469101: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.469103: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.469106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469111: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469113: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:35.469115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.469119: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.469121: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.469124: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.469126: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.469129: | prop #: 2 (02) Oct 31 15:24:35.469132: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.469227: | spi size: 4 (04) Oct 31 15:24:35.469238: | # transforms: 2 (02) Oct 31 15:24:35.469241: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.469244: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.469249: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.469253: | our spi: 8c 58 fb a8 Oct 31 15:24:35.469255: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469258: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469260: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.469262: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.469265: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469267: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.469270: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.469273: | length/value: 128 (00 80) Oct 31 15:24:35.469276: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.469278: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.469281: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.469283: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469285: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.469288: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.469290: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.469293: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469295: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469298: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469301: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:35.469303: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.469307: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.469309: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.469313: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.469315: | prop #: 3 (03) Oct 31 15:24:35.469317: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.469320: | spi size: 4 (04) Oct 31 15:24:35.469322: | # transforms: 4 (04) Oct 31 15:24:35.469325: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.469328: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.469331: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.469334: | our spi: 8c 58 fb a8 Oct 31 15:24:35.469337: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469339: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469341: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.469344: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.469346: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469348: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.469351: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.469354: | length/value: 256 (01 00) Oct 31 15:24:35.469356: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.469359: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469363: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.469365: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.469368: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469372: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469375: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469378: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469380: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469382: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.469384: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.469387: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469389: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469392: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469395: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.469397: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469399: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.469401: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.469404: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.469406: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469411: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469413: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:35.469415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.469418: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.469420: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.469422: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.469425: | prop #: 4 (04) Oct 31 15:24:35.469428: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.469431: | spi size: 4 (04) Oct 31 15:24:35.469433: | # transforms: 4 (04) Oct 31 15:24:35.469436: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.469438: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.469441: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.469444: | our spi: 8c 58 fb a8 Oct 31 15:24:35.469446: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469451: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.469453: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.469455: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469458: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.469460: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.469463: | length/value: 128 (00 80) Oct 31 15:24:35.469465: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.469468: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469470: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469472: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.469476: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.469479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469484: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469486: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469491: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.469493: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.469496: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469501: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469504: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.469507: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.469509: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.469511: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.469514: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.469516: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.469519: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.469521: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.469524: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:35.469527: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.469530: | emitting length of IKEv2 Security Association Payload: 164 Oct 31 15:24:35.469532: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.469538: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.469541: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.469544: | flags: none (0x0) Oct 31 15:24:35.469547: | number of TS: 1 (01) Oct 31 15:24:35.469550: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.469553: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.469556: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.469559: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.469562: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.469565: | start port: 0 (00 00) Oct 31 15:24:35.469569: | end port: 65535 (ff ff) Oct 31 15:24:35.469574: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.469578: | IP start: c0 00 03 00 Oct 31 15:24:35.469581: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.469584: | IP end: c0 00 03 ff Oct 31 15:24:35.469587: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.469590: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:35.469592: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.469595: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.469599: | flags: none (0x0) Oct 31 15:24:35.469602: | number of TS: 1 (01) Oct 31 15:24:35.469605: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.469608: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.469610: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.469613: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.469615: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.469618: | start port: 0 (00 00) Oct 31 15:24:35.469621: | end port: 65535 (ff ff) Oct 31 15:24:35.469624: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.469627: | IP start: c0 00 02 00 Oct 31 15:24:35.469629: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.469632: | IP end: c0 00 02 ff Oct 31 15:24:35.469635: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.469638: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:35.469640: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:35.469643: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:35.469647: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.469649: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:35.469653: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:35.469655: | emitting length of IKEv2 Encryption Payload: 2471 Oct 31 15:24:35.469657: | emitting length of ISAKMP Message: 2499 Oct 31 15:24:35.469663: | **parse ISAKMP Message: Oct 31 15:24:35.469667: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.469670: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.469672: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:35.469675: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.469677: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.469680: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.469683: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.469686: | length: 2499 (00 00 09 c3) Oct 31 15:24:35.469689: | **parse IKEv2 Encryption Payload: Oct 31 15:24:35.469692: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:35.469694: | flags: none (0x0) Oct 31 15:24:35.469697: | length: 2471 (09 a7) Oct 31 15:24:35.469700: | opening output PBS reply frag packet Oct 31 15:24:35.469702: | **emit ISAKMP Message: Oct 31 15:24:35.469706: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.469709: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.469712: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.469714: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.469717: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.469719: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.469722: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.469725: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.469728: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.469730: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:35.469732: | flags: none (0x0) Oct 31 15:24:35.469735: | fragment number: 1 (00 01) Oct 31 15:24:35.469738: | total fragments: 6 (00 06) Oct 31 15:24:35.469740: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Oct 31 15:24:35.469743: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.469746: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.469753: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.469762: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.469765: | cleartext fragment: Oct 31 15:24:35.469767: | 25 00 00 c1 09 00 00 00 30 81 b6 31 0b 30 09 06 Oct 31 15:24:35.469769: | 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Oct 31 15:24:35.469772: | 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 Oct 31 15:24:35.469774: | 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 Oct 31 15:24:35.469776: | 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.469778: | 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 Oct 31 15:24:35.469780: | 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 06 03 Oct 31 15:24:35.469782: | 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 74 69 Oct 31 15:24:35.469785: | 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.469787: | 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 01 16 Oct 31 15:24:35.469789: | 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 73 74 Oct 31 15:24:35.469791: | 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 Oct 31 15:24:35.469793: | 67 26 00 05 51 04 30 82 05 48 30 82 04 30 a0 03 Oct 31 15:24:35.469795: | 02 01 02 02 01 06 30 0d 06 09 2a 86 48 86 f7 0d Oct 31 15:24:35.469797: | 01 01 0b 05 00 30 81 ac 31 0b 30 09 06 03 55 04 Oct 31 15:24:35.469799: | 06 13 02 43 41 31 10 30 0e 06 03 55 04 08 0c 07 Oct 31 15:24:35.469801: | 4f 6e 74 61 72 69 6f 31 10 30 0e 06 03 55 04 07 Oct 31 15:24:35.469803: | 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 Oct 31 15:24:35.469806: | 04 0a 0c 09 4c 69 62 72 65 73 77 61 6e 31 18 30 Oct 31 15:24:35.469808: | 16 06 03 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 Oct 31 15:24:35.469810: | 61 72 74 6d 65 6e 74 31 25 30 23 06 03 55 04 03 Oct 31 15:24:35.469812: | 0c 1c 4c 69 62 72 65 73 77 61 6e 20 74 65 73 74 Oct 31 15:24:35.469815: | 20 43 41 20 66 6f 72 20 6d 61 69 6e 63 61 31 24 Oct 31 15:24:35.469817: | 30 22 06 09 2a 86 48 86 f7 0d 01 09 01 16 15 74 Oct 31 15:24:35.469819: | 65 73 74 69 6e 67 40 6c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.469821: | 2e 6f 72 67 30 22 18 0f 32 30 32 30 31 30 32 32 Oct 31 15:24:35.469823: | 31 37 33 37 30 38 5a 18 0f 32 30 32 33 31 30 32 Oct 31 15:24:35.469826: | 32 31 37 33 37 30 38 5a 30 81 b6 31 0b 30 09 06 Oct 31 15:24:35.469828: | 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 04 Oct 31 15:24:35.469830: | 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e Oct 31 15:24:35.469833: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.469836: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.469839: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.469841: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.469844: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.469862: | recording fragment 1 Oct 31 15:24:35.469866: | opening output PBS reply frag packet Oct 31 15:24:35.469869: | **emit ISAKMP Message: Oct 31 15:24:35.469873: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.469877: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.469879: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.469882: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.469884: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.469887: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.469890: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.469893: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.469896: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.469899: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.469901: | flags: none (0x0) Oct 31 15:24:35.469904: | fragment number: 2 (00 02) Oct 31 15:24:35.469908: | total fragments: 6 (00 06) Oct 31 15:24:35.469912: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.469915: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.469917: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.469920: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.469925: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.469927: | cleartext fragment: Oct 31 15:24:35.469930: | 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 Oct 31 15:24:35.469932: | 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 Oct 31 15:24:35.469934: | 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 Oct 31 15:24:35.469936: | 74 20 44 65 70 61 72 74 6d 65 6e 74 31 24 30 22 Oct 31 15:24:35.469938: | 06 03 55 04 03 0c 1b 6e 6f 72 74 68 2e 74 65 73 Oct 31 15:24:35.469940: | 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f Oct 31 15:24:35.469942: | 72 67 31 2f 30 2d 06 09 2a 86 48 86 f7 0d 01 09 Oct 31 15:24:35.469944: | 01 16 20 75 73 65 72 2d 6e 6f 72 74 68 40 74 65 Oct 31 15:24:35.469947: | 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e Oct 31 15:24:35.469949: | 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48 86 f7 Oct 31 15:24:35.469951: | 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01 8a 02 Oct 31 15:24:35.469953: | 82 01 81 00 c2 20 c8 b3 e7 66 04 be 08 51 b3 99 Oct 31 15:24:35.469955: | cf 02 a8 a4 ca ed ba 66 23 2a ff ad 99 c3 1a 76 Oct 31 15:24:35.469957: | 55 23 2d 9d cc 7b a2 31 62 e7 6d 60 f6 51 44 f3 Oct 31 15:24:35.469959: | 13 d6 85 78 76 7e 8f 89 2a c5 0a a6 0d 88 ed 0f Oct 31 15:24:35.469962: | ac 90 7d cf 05 c8 fc 8e 4a 61 07 f6 20 40 56 2e Oct 31 15:24:35.469964: | f1 33 1c d5 c9 11 b4 21 08 93 e4 67 94 17 9d 20 Oct 31 15:24:35.469966: | 93 76 21 56 ff 70 1d a2 72 ef 2a c7 e6 86 0a dc Oct 31 15:24:35.469968: | a5 69 9f 69 99 97 ef 81 a8 34 79 ed 66 78 ba 5c Oct 31 15:24:35.469970: | 4f 83 04 5f 24 a2 21 d5 3b 05 e2 54 9c d3 bb 52 Oct 31 15:24:35.469972: | c9 fe d8 5e 0d 80 d9 d3 68 31 37 e6 ed 75 b9 30 Oct 31 15:24:35.469975: | e1 14 0b 08 e3 c8 a1 17 ab c9 7f e4 34 c8 55 49 Oct 31 15:24:35.469977: | 29 f0 1a 66 4e ab eb b4 63 7a 0f a9 69 94 4a 49 Oct 31 15:24:35.469979: | bd c2 04 3c 37 5d f0 5c 64 94 8e c9 a8 2a 41 72 Oct 31 15:24:35.469981: | 39 78 43 fa 7e 78 7e f5 b6 93 ab a8 8a 09 27 1b Oct 31 15:24:35.469984: | dc 4d a7 d0 69 cb f5 26 f7 58 08 dc d9 59 76 1f Oct 31 15:24:35.469986: | 26 6d d2 f1 80 b5 59 89 16 45 c8 99 35 f0 85 b4 Oct 31 15:24:35.469988: | b2 76 20 0d ba 22 c4 d1 7e 3c ee 79 6b 1a 72 ea Oct 31 15:24:35.469990: | 96 0e 65 72 6a bf aa e8 3e 83 21 6a 15 13 72 14 Oct 31 15:24:35.469992: | 44 89 65 75 cc d9 0b ad 8d a9 02 ad d9 bb Oct 31 15:24:35.469995: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.469998: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.470001: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.470003: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.470006: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.470017: | recording fragment 2 Oct 31 15:24:35.470021: | opening output PBS reply frag packet Oct 31 15:24:35.470023: | **emit ISAKMP Message: Oct 31 15:24:35.470027: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.470031: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.470034: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.470036: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.470039: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.470041: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.470045: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.470052: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.470056: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.470058: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.470060: | flags: none (0x0) Oct 31 15:24:35.470064: | fragment number: 3 (00 03) Oct 31 15:24:35.470067: | total fragments: 6 (00 06) Oct 31 15:24:35.470069: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.470072: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.470074: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.470078: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.470082: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.470085: | cleartext fragment: Oct 31 15:24:35.470087: | 10 65 4d 6c 5c 1a 92 8e d7 df a5 7b c5 8f 46 71 Oct 31 15:24:35.470089: | f8 1d f5 b6 fe 53 42 a1 1c 8e 83 e2 ea 4a 19 6f Oct 31 15:24:35.470092: | 01 11 f3 04 37 31 bc c0 a6 ee f2 ba d5 01 d2 44 Oct 31 15:24:35.470094: | 7a eb 25 30 c9 4d 7e 31 89 51 19 0d 20 e8 60 cf Oct 31 15:24:35.470096: | fa c9 ee 65 2c 75 19 f5 96 00 80 36 b8 3b fb 55 Oct 31 15:24:35.470098: | fa 68 54 da 51 db 02 03 01 00 01 a3 81 e4 30 81 Oct 31 15:24:35.470101: | e1 30 09 06 03 55 1d 13 04 02 30 00 30 26 06 03 Oct 31 15:24:35.470103: | 55 1d 11 04 1f 30 1d 82 1b 6e 6f 72 74 68 2e 74 Oct 31 15:24:35.470105: | 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Oct 31 15:24:35.470107: | 2e 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 Oct 31 15:24:35.470110: | 80 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 Oct 31 15:24:35.470112: | 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 Oct 31 15:24:35.470114: | 30 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 Oct 31 15:24:35.470116: | 30 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 Oct 31 15:24:35.470119: | 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 Oct 31 15:24:35.470121: | 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 Oct 31 15:24:35.470123: | 35 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 Oct 31 15:24:35.470125: | a0 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 Oct 31 15:24:35.470128: | 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 Oct 31 15:24:35.470130: | 61 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 Oct 31 15:24:35.470132: | 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 Oct 31 15:24:35.470134: | 00 03 82 01 01 00 3d d9 77 ea b6 b9 f7 5d 14 4d Oct 31 15:24:35.470136: | da 1d 3d 93 ae e3 e9 ea a3 98 d0 8e b6 c7 f3 c8 Oct 31 15:24:35.470139: | cf eb 48 3d 3d fa f4 03 99 c0 c5 00 27 8b 9c c8 Oct 31 15:24:35.470141: | ed 58 8f f0 29 cb a6 ef 28 ec c8 ac 31 2d 4d 28 Oct 31 15:24:35.470143: | 61 66 53 90 b5 93 f2 a2 7f 81 dd 79 e2 e1 77 f8 Oct 31 15:24:35.470145: | f1 83 16 a2 5b b1 ca cd 38 f0 c8 78 e4 d6 b0 3d Oct 31 15:24:35.470147: | 7b 74 d2 f6 e2 a4 ac ee 53 1b c8 49 78 99 27 79 Oct 31 15:24:35.470150: | 65 21 11 2c a0 9a 1a 7f e7 72 46 2c 75 93 13 a5 Oct 31 15:24:35.470152: | 21 72 d4 09 d9 2c f5 33 21 e7 c1 a1 ca 1f Oct 31 15:24:35.470154: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.470157: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.470160: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.470162: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.470165: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.470173: | recording fragment 3 Oct 31 15:24:35.470246: | opening output PBS reply frag packet Oct 31 15:24:35.470255: | **emit ISAKMP Message: Oct 31 15:24:35.470260: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.470267: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.470270: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.470273: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.470275: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.470279: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.470283: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.470286: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.470289: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.470292: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.470294: | flags: none (0x0) Oct 31 15:24:35.470298: | fragment number: 4 (00 04) Oct 31 15:24:35.470301: | total fragments: 6 (00 06) Oct 31 15:24:35.470304: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.470308: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.470310: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.470313: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.470322: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.470325: | cleartext fragment: Oct 31 15:24:35.470328: | 04 36 f7 21 11 a2 24 13 6c 13 7c aa 4f 24 16 45 Oct 31 15:24:35.470330: | fb 90 e9 a5 50 a7 fa 54 ff 45 4a 11 c2 73 88 82 Oct 31 15:24:35.470332: | e5 24 4f ea fd 1a 2a 3c 6e 61 e7 23 c9 cf 19 b1 Oct 31 15:24:35.470334: | 0c 69 ce 53 0a 22 62 43 ed 8c 02 34 0c 83 63 07 Oct 31 15:24:35.470336: | 10 71 ea 70 bd 31 5f d3 d4 f4 9d fa 6a 95 57 a8 Oct 31 15:24:35.470338: | 99 03 33 4c 97 8c 91 56 51 6e 87 ac 21 4c d0 d8 Oct 31 15:24:35.470340: | 41 fd 18 0f 4d 2e e7 69 5b a3 ba 22 9a d2 cf 06 Oct 31 15:24:35.470343: | 29 34 2e 83 57 6f 55 d4 24 00 00 19 04 de 91 76 Oct 31 15:24:35.470345: | 61 50 ac 79 0d 0f 60 83 8c a3 c3 15 48 d1 1f d2 Oct 31 15:24:35.470348: | d2 27 00 00 bf 09 00 00 00 30 81 b4 31 0b 30 09 Oct 31 15:24:35.470350: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Oct 31 15:24:35.470352: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Oct 31 15:24:35.470355: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Oct 31 15:24:35.470357: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Oct 31 15:24:35.470359: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Oct 31 15:24:35.470362: | 20 44 65 70 61 72 74 6d 65 6e 74 31 23 30 21 06 Oct 31 15:24:35.470364: | 03 55 04 03 0c 1a 65 61 73 74 2e 74 65 73 74 69 Oct 31 15:24:35.470366: | 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.470369: | 31 2e 30 2c 06 09 2a 86 48 86 f7 0d 01 09 01 16 Oct 31 15:24:35.470371: | 1f 75 73 65 72 2d 65 61 73 74 40 74 65 73 74 69 Oct 31 15:24:35.470374: | 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.470376: | 21 00 01 cc 0e 00 00 00 43 30 41 06 09 2a 86 48 Oct 31 15:24:35.470378: | 86 f7 0d 01 01 0a 30 34 a0 0f 30 0d 06 09 60 86 Oct 31 15:24:35.470381: | 48 01 65 03 04 02 03 05 00 a1 1c 30 1a 06 09 2a Oct 31 15:24:35.470383: | 86 48 86 f7 0d 01 01 08 30 0d 06 09 60 86 48 01 Oct 31 15:24:35.470386: | 65 03 04 02 03 05 00 a2 03 02 01 40 4d da f9 d0 Oct 31 15:24:35.470389: | 16 d7 b6 48 bb c4 90 c8 21 88 99 28 69 43 64 51 Oct 31 15:24:35.470391: | 75 aa 9b a0 bc 1d 84 8f 09 eb f6 d0 91 7c f4 a6 Oct 31 15:24:35.470394: | 70 63 4f 07 f2 81 f8 68 47 c6 48 6a 60 8d d0 10 Oct 31 15:24:35.470396: | 7f 84 6a 07 d5 b1 a5 25 74 84 d9 5c ee bc Oct 31 15:24:35.470399: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.470402: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.470405: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.470409: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.470412: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.470421: | recording fragment 4 Oct 31 15:24:35.470426: | opening output PBS reply frag packet Oct 31 15:24:35.470429: | **emit ISAKMP Message: Oct 31 15:24:35.470432: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.470436: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.470439: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.470441: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.470444: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.470446: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.470450: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.470453: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.470456: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.470458: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.470460: | flags: none (0x0) Oct 31 15:24:35.470463: | fragment number: 5 (00 05) Oct 31 15:24:35.470466: | total fragments: 6 (00 06) Oct 31 15:24:35.470469: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.470471: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.470474: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.470477: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.470481: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.470483: | cleartext fragment: Oct 31 15:24:35.470486: | ca 95 90 25 b9 21 3d 8e 2f a5 57 35 43 5d d9 cb Oct 31 15:24:35.470488: | 91 b2 96 07 d6 b4 6b d7 4c 84 5d 7c 71 09 2d 67 Oct 31 15:24:35.470490: | a3 04 47 78 9a b0 c5 6b 8b 7c ef 9c 40 8f 35 ed Oct 31 15:24:35.470492: | 2e 15 7b 41 d8 57 7c 17 54 54 64 50 f8 01 d5 3b Oct 31 15:24:35.470495: | 87 64 35 e1 9a eb c9 82 d9 de 66 28 a6 8a 91 7c Oct 31 15:24:35.470497: | 2f e7 3e 22 f9 dc f0 ae 5a 9f 0a f8 87 f7 aa bd Oct 31 15:24:35.470499: | 1a eb 1e 18 e0 e5 a9 9e 90 06 02 ea d4 68 10 82 Oct 31 15:24:35.470501: | 6d a0 11 14 4f 6e b9 ea a0 10 26 a3 b3 c6 1a dc Oct 31 15:24:35.470503: | 2c 77 fe 29 13 7a 46 a2 2e 96 1c a6 9f b4 fa bc Oct 31 15:24:35.470505: | 91 c8 94 e3 a4 94 bd 21 8d 7e 16 66 96 7c a4 42 Oct 31 15:24:35.470507: | bf 5d d3 8a 74 e6 d8 dd da 5f 19 85 68 4e 19 f7 Oct 31 15:24:35.470509: | 55 59 38 33 05 2a 64 de bd 17 70 9d c6 80 ed 29 Oct 31 15:24:35.470511: | 6d 3d 86 04 57 2f 7a 33 f3 48 d2 a8 1b d9 b1 26 Oct 31 15:24:35.470513: | 2d 54 4c 7f 76 57 20 16 71 26 2a 24 8d 46 8f 52 Oct 31 15:24:35.470516: | e2 f2 49 36 a7 9d 44 75 04 13 78 56 f6 16 12 f1 Oct 31 15:24:35.470518: | 5a 05 3e f5 e3 b3 82 4c cd 76 03 c0 0b d4 75 57 Oct 31 15:24:35.470520: | ea 91 b3 61 f6 f7 81 72 aa d7 52 78 ef e9 65 1f Oct 31 15:24:35.470522: | 20 8a c0 3f db e7 54 37 ed 4c 42 c5 58 1b d9 5c Oct 31 15:24:35.470524: | 4e 95 0a 8f f8 6c e1 23 0c 03 f2 2c 0a 8f 0c 03 Oct 31 15:24:35.470526: | 49 f4 87 b7 09 02 25 8f 58 73 8c 8b 5e 30 2c 00 Oct 31 15:24:35.470529: | 00 a4 02 00 00 20 01 03 04 02 8c 58 fb a8 03 00 Oct 31 15:24:35.470531: | 00 0c 01 00 00 14 80 0e 01 00 00 00 00 08 05 00 Oct 31 15:24:35.470533: | 00 00 02 00 00 20 02 03 04 02 8c 58 fb a8 03 00 Oct 31 15:24:35.470535: | 00 0c 01 00 00 14 80 0e 00 80 00 00 00 08 05 00 Oct 31 15:24:35.470537: | 00 00 02 00 00 30 03 03 04 04 8c 58 fb a8 03 00 Oct 31 15:24:35.470539: | 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 03 00 Oct 31 15:24:35.470541: | 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 05 00 Oct 31 15:24:35.470543: | 00 00 00 00 00 30 04 03 04 04 8c 58 fb a8 03 00 Oct 31 15:24:35.470548: | 00 0c 01 00 00 0c 80 0e 00 80 03 00 00 08 03 00 Oct 31 15:24:35.470550: | 00 0e 03 00 00 08 03 00 00 0c 00 00 00 08 Oct 31 15:24:35.470552: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.470555: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.470558: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.470560: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:35.470563: | emitting length of ISAKMP Message: 539 Oct 31 15:24:35.470571: | recording fragment 5 Oct 31 15:24:35.470574: | opening output PBS reply frag packet Oct 31 15:24:35.470577: | **emit ISAKMP Message: Oct 31 15:24:35.470581: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.470584: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.470587: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.470589: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.470592: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.470595: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.470598: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.470601: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.470604: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:35.470606: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.470609: | flags: none (0x0) Oct 31 15:24:35.470612: | fragment number: 6 (00 06) Oct 31 15:24:35.470615: | total fragments: 6 (00 06) Oct 31 15:24:35.470617: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:35.470620: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.470622: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:35.470626: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:35.470629: | emitting 52 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:35.470632: | cleartext fragment: Oct 31 15:24:35.470634: | 05 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 Oct 31 15:24:35.470637: | 00 00 ff ff c0 00 03 00 c0 00 03 ff 00 00 00 18 Oct 31 15:24:35.470639: | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 02 00 Oct 31 15:24:35.470641: | c0 00 02 ff Oct 31 15:24:35.470644: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.470647: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:35.470649: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:35.470652: | emitting length of IKEv2 Encrypted Fragment: 85 Oct 31 15:24:35.470654: | emitting length of ISAKMP Message: 113 Oct 31 15:24:35.470662: | recording fragment 6 Oct 31 15:24:35.470668: | delref logger@0x5587b7413c48(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.470671: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.470674: | delref fd@0x5587b741d548(5->4) (in free_logger() at log.c:854) Oct 31 15:24:35.470679: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:24:35.470687: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.470692: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.470698: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:35.470701: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:24:35.470703: | Message ID: updating counters for #2 Oct 31 15:24:35.470713: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744549.863139 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.470720: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744549.863139->744549.903504 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:24:35.470726: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744549.903504 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:24:35.470731: "northnet-eastnets/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:35.470748: | event_schedule: newref EVENT_RETRANSMIT-pe@0x5587b7413c48 Oct 31 15:24:35.470752: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Oct 31 15:24:35.470756: | libevent_malloc: newref ptr-libevent@0x5587b7428378 size 128 Oct 31 15:24:35.470762: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744549.903542 Oct 31 15:24:35.470768: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744549.903504 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:24:35.470774: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744549.903504 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.470778: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:24:35.470781: | announcing the state transition Oct 31 15:24:35.470786: "northnet-eastnets/0x2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:35.470796: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.470799: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.470801: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Oct 31 15:24:35.470803: | 00 01 00 06 8c 68 f1 53 39 c9 66 36 89 13 09 a9 Oct 31 15:24:35.470806: | e8 1c e7 22 70 b0 b8 bc 3a 6a 47 06 32 57 db b3 Oct 31 15:24:35.470808: | d1 54 49 39 2b fe 58 cc 26 4c 4b a9 b9 0c db bd Oct 31 15:24:35.470810: | ca 86 0a 05 6a c7 22 6a fe 5a 9f fe a3 b8 c5 3d Oct 31 15:24:35.470812: | 8b 48 2c c6 09 2d 00 fa 1f 30 8a 05 86 f0 81 73 Oct 31 15:24:35.470815: | ee 34 26 68 ca 40 b9 66 f8 ed 9e 92 93 e5 ab 6b Oct 31 15:24:35.470817: | e0 73 ca 22 b0 70 a0 2b b3 49 d2 8f d2 17 7c 5e Oct 31 15:24:35.470819: | af 09 32 10 cc 61 b7 60 72 b8 3a 54 cc dd 1e 8b Oct 31 15:24:35.470821: | b0 64 97 38 3e 7b 3e b2 db 22 7f 48 d1 dd b0 ca Oct 31 15:24:35.470824: | 6f 54 b8 bd 7c 25 7e 0e 04 37 20 c2 b9 88 45 d2 Oct 31 15:24:35.470826: | ae 1c 40 86 29 9f 1f 6f d7 a9 d8 4e 38 88 32 06 Oct 31 15:24:35.470828: | 92 80 a0 3b bb 24 93 1e 44 79 27 66 a1 ae a8 05 Oct 31 15:24:35.470830: | 62 fc a1 d4 8f 74 38 37 f2 be 48 48 db 58 e0 08 Oct 31 15:24:35.470832: | 3f cb be a3 1d f7 83 25 b3 03 e9 ca ff 9b f9 df Oct 31 15:24:35.470835: | 16 14 92 74 f6 11 df 63 a3 46 fd 6a b0 4c 2d 2e Oct 31 15:24:35.470837: | 72 33 f8 fc 26 db a4 b8 2f 15 7e 1a 25 f3 4d c2 Oct 31 15:24:35.470839: | 08 2e ea 9c c3 08 9c ad 2a 43 8a 55 10 18 46 65 Oct 31 15:24:35.470843: | 8e f4 22 da 9c b6 f9 2b 07 e2 3d 9b 17 93 61 ff Oct 31 15:24:35.470846: | 30 f1 d9 d0 c5 75 5a fc 32 a4 80 59 2c 6e 5e 91 Oct 31 15:24:35.470848: | 6b b9 0e 93 aa cf 9c d6 54 8e e2 b1 5e 09 3e 3e Oct 31 15:24:35.470850: | b3 7d 11 7a 41 79 14 fc 32 c7 c3 d3 a8 56 a7 77 Oct 31 15:24:35.470852: | 4d 0e b6 11 cc be 58 7c b6 ae a4 d0 8d 6e 79 e1 Oct 31 15:24:35.470855: | 49 22 0f e9 7d 86 3e e8 1b 87 61 a1 1d b1 ad c2 Oct 31 15:24:35.470857: | 46 57 74 2f 55 d3 e9 ac 32 4d be 62 fe 7d 35 f1 Oct 31 15:24:35.470859: | 7a 98 bb 2f e1 60 39 72 da 95 10 c0 23 fb 2d fe Oct 31 15:24:35.470861: | 8e 7e 9b 47 87 1d 7b 19 94 30 d7 93 97 a9 36 11 Oct 31 15:24:35.470863: | 35 29 3c f0 14 16 2b dd 23 07 ff da 12 a9 5d 0c Oct 31 15:24:35.470866: | c8 56 82 ea f9 c4 6a 95 07 37 0d 06 54 38 69 f8 Oct 31 15:24:35.470868: | 65 e9 4d 02 40 4f 81 ef d5 42 8b 91 5d b4 96 fd Oct 31 15:24:35.470870: | a6 e1 97 8c 55 df 5a ca 08 e0 1a dd 88 50 c8 cf Oct 31 15:24:35.470873: | 71 bd 1e 03 dd 68 6c 89 c4 a6 8c d1 74 b4 a8 ef Oct 31 15:24:35.470875: | f8 ed d6 92 7e 63 3f a3 a5 94 c2 Oct 31 15:24:35.470934: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.470939: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.470942: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.470944: | 00 02 00 06 c4 8f 18 d3 84 75 7e 93 2b 9f 35 b1 Oct 31 15:24:35.470946: | f6 27 18 17 00 19 c4 81 9f c6 67 a2 78 b8 04 76 Oct 31 15:24:35.470949: | fb 5e 33 75 13 53 8c 63 1e 20 6b 6a 21 09 1a 43 Oct 31 15:24:35.470951: | cc c2 e4 08 9c e8 fd ee 64 f6 7b 83 9b e1 c1 ff Oct 31 15:24:35.470953: | 02 5b a5 63 77 94 81 c5 2e 3e 67 6a f0 aa 88 c5 Oct 31 15:24:35.470955: | b0 39 63 cd 4f c5 9b ff eb 06 a4 6e 70 9b 09 01 Oct 31 15:24:35.470957: | 90 2d 6f 07 b5 dc 33 90 ee 6f a5 ae 17 fe 05 4a Oct 31 15:24:35.470960: | 60 fd 9e ef b0 e3 e9 40 ef 94 46 72 a1 1e 55 a2 Oct 31 15:24:35.470962: | d3 d9 45 0e 52 d9 f9 eb 43 6d 4b f5 8d db 51 07 Oct 31 15:24:35.470964: | c7 4f 4d 0f d7 1b 65 19 cd 28 ae 15 bc 61 11 c3 Oct 31 15:24:35.470967: | 3b 8a 3e de f5 eb be 5b 6e e6 a7 c1 eb 9a d2 3e Oct 31 15:24:35.470969: | 1e 66 f6 88 50 95 1f ca 46 9a 1d 84 55 78 8f dc Oct 31 15:24:35.470972: | ae 65 ba d8 28 35 72 a3 25 e1 ed d5 16 2b 34 87 Oct 31 15:24:35.470974: | dc 0c c0 da 39 c5 2c 0b 53 ea c5 2c 6b 61 c7 2d Oct 31 15:24:35.470976: | 10 22 8c 42 4e 7b 8e a2 8b 11 f3 2c 35 15 fb 53 Oct 31 15:24:35.470979: | 23 29 70 74 3a a7 36 2c 6c 4f b9 25 5a ed 2e 76 Oct 31 15:24:35.470981: | b7 d1 c0 71 77 2a a2 cc 3a 22 af fb 2a 5a 8f 80 Oct 31 15:24:35.470984: | 44 fc 15 7b d2 08 04 28 7c a0 97 e6 44 44 84 81 Oct 31 15:24:35.470986: | b8 58 8e 79 b3 35 44 db 6d da ab 8f 7a eb 98 3a Oct 31 15:24:35.470988: | f5 cd f6 2e c6 07 d0 ba 28 dc f7 01 99 17 d5 91 Oct 31 15:24:35.470991: | d9 08 bb 55 e1 0b d8 67 cf cd 08 68 83 99 0c ca Oct 31 15:24:35.470993: | 8b e1 2d 64 b7 a6 20 af da 46 b1 32 dc 95 b2 67 Oct 31 15:24:35.470996: | d0 36 dd 9f 60 d1 46 d7 09 fe 71 70 19 d0 01 cd Oct 31 15:24:35.470998: | 01 2d 4c 56 b3 f9 c3 c4 c7 43 e6 25 ec 80 87 5a Oct 31 15:24:35.471000: | 04 b1 c0 a7 64 82 ea 61 c8 45 9c 47 a7 93 b4 84 Oct 31 15:24:35.471002: | b4 ba c7 a4 e5 6d 2b 6f d3 cc 5f a8 02 da 13 40 Oct 31 15:24:35.471004: | 79 3c 2e f4 b9 2b 82 dc 77 58 f9 be f6 b5 d2 13 Oct 31 15:24:35.471007: | 04 d8 c1 1f 91 db 71 85 ed 41 d0 53 f1 01 88 99 Oct 31 15:24:35.471009: | 56 9c 63 f2 47 b7 a0 fd 90 61 a3 2e 33 9b d8 ed Oct 31 15:24:35.471012: | c4 d6 81 84 cd c1 53 3e 31 8d 98 26 7e e2 91 bb Oct 31 15:24:35.471014: | 0c bb 7a df ca 4a ca 38 a5 f2 e2 33 48 37 84 6c Oct 31 15:24:35.471017: | 67 77 b2 4b 29 a5 ef fd 9a 8d 09 Oct 31 15:24:35.471040: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.471046: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471048: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.471050: | 00 03 00 06 a5 90 dc 22 b4 8f bd e7 bc a8 7d 7f Oct 31 15:24:35.471052: | ee e1 b4 b4 15 d7 b5 d3 6c ff 0b ce 6c f8 05 7f Oct 31 15:24:35.471055: | 33 bc 67 66 62 ee 20 0f 25 b9 32 62 c5 98 9a 65 Oct 31 15:24:35.471057: | af 09 5b fb 9e 06 03 b1 0f 56 0c a5 cd e4 41 89 Oct 31 15:24:35.471059: | cd 1b 88 91 0b ed 3d 9b 6f b3 cf 43 88 76 84 d0 Oct 31 15:24:35.471061: | 84 92 ab c9 11 2b 3e c8 d3 cc 33 dd 4f 28 9d 04 Oct 31 15:24:35.471063: | fc f5 76 9c f8 4f 35 f5 94 24 1c 53 8d 48 5a dd Oct 31 15:24:35.471065: | 00 87 32 e7 de be ba d3 c6 8c da b2 ea 43 e0 94 Oct 31 15:24:35.471068: | 20 f9 a0 dd ea 91 0e 07 4f f9 b4 67 77 4e c3 1f Oct 31 15:24:35.471070: | d2 3a d9 80 2d e2 5d 4f e2 59 b5 5e f1 50 d1 24 Oct 31 15:24:35.471072: | b9 93 14 10 cf d9 cb c4 9a 60 2e f6 20 a8 75 3a Oct 31 15:24:35.471074: | 7b 65 cc 89 92 fb 03 51 48 df 04 c8 1b ac c6 55 Oct 31 15:24:35.471077: | 79 4a 28 e0 3f 76 14 a4 e9 38 6b 27 83 1f b3 91 Oct 31 15:24:35.471079: | b4 15 1a 07 c7 c5 37 39 bf 04 7b 49 ba 78 07 0c Oct 31 15:24:35.471081: | c6 a8 f4 79 16 69 f6 fd ca 88 0a 74 a2 96 7f b2 Oct 31 15:24:35.471083: | 29 0b 82 8c 08 a0 a5 6b f3 2c f6 a7 06 a5 16 68 Oct 31 15:24:35.471085: | db cf 42 9a 2d ef 1e 25 dc 2d 3a 42 57 9a 4e 59 Oct 31 15:24:35.471087: | 49 97 15 3d 71 7b 3b 95 31 35 66 78 33 d0 db d0 Oct 31 15:24:35.471089: | b4 42 29 6c 70 ad 72 25 c7 1c 9d e8 e8 10 9c 5f Oct 31 15:24:35.471091: | 75 2b bb 3c 17 22 81 12 3c 8a 87 13 2a 83 5d c4 Oct 31 15:24:35.471093: | 22 0b 28 4b d1 c8 2b e2 57 b8 ec 6b 81 c7 f2 ac Oct 31 15:24:35.471095: | de 21 a3 83 63 04 a7 84 83 57 7b 97 15 6e 55 d5 Oct 31 15:24:35.471097: | 64 68 f8 c9 3b 73 af 01 87 09 bc 9d 2e 92 06 d6 Oct 31 15:24:35.471099: | 3a 54 04 14 a8 f2 59 00 da bf 14 ef 66 8f 79 63 Oct 31 15:24:35.471101: | f2 b2 b0 95 4e da e5 dd dc 3b c3 4a c2 2b 1e 8d Oct 31 15:24:35.471103: | 9a 7e ac be 77 63 fd 63 7d cf af e2 71 af a4 11 Oct 31 15:24:35.471105: | 23 31 a9 ba 9e 5c dc 75 35 e2 7a 65 e0 e5 8b 9d Oct 31 15:24:35.471107: | a4 8d 8a d2 ca 26 13 15 c0 61 c6 e0 a8 6c 92 46 Oct 31 15:24:35.471109: | 48 11 7f 73 b9 5e a0 06 33 59 8b 67 42 d5 38 6b Oct 31 15:24:35.471111: | 98 e7 82 01 2e 98 36 c4 c3 89 68 ad b9 06 b0 2b Oct 31 15:24:35.471112: | 96 9d 2c 08 f1 6d 9c 7e 28 69 a4 f7 1a 92 4e 88 Oct 31 15:24:35.471114: | ac 11 19 ef 14 76 49 dc 24 2e a9 Oct 31 15:24:35.471131: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.471134: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.471136: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.471138: | 00 04 00 06 1a f4 a8 25 97 23 b0 4e ed 79 af ba Oct 31 15:24:35.471140: | 73 f7 16 37 cc bc 47 37 46 7f 57 63 96 32 da c5 Oct 31 15:24:35.471142: | ac 1d 2d e7 11 a6 59 15 75 f8 27 b9 62 1a 57 f1 Oct 31 15:24:35.471144: | 53 d9 1c 4e e6 0b 64 4d f9 66 c2 65 a7 05 5e 4e Oct 31 15:24:35.471146: | e2 8e 19 92 20 33 0c 77 aa 2e e5 91 2d d3 39 5d Oct 31 15:24:35.471148: | ef a7 be 5b 99 6a 8f c6 07 cc c5 8e ed af 51 64 Oct 31 15:24:35.471150: | 81 f2 cc 53 e3 43 95 6e 97 09 e5 bd 7d 9f 50 2b Oct 31 15:24:35.471152: | 38 bb 02 da 99 50 83 94 80 7b 2b e0 bb 09 3e fd Oct 31 15:24:35.471154: | 73 dc 74 db e6 9a 79 1f c4 d9 09 7a df 0b a2 3d Oct 31 15:24:35.471156: | 46 e7 56 09 89 67 cd e5 d3 50 eb 4a ca 74 f3 02 Oct 31 15:24:35.471158: | cf 0f 59 92 94 aa b2 d1 db 64 8d cc 12 30 9a e3 Oct 31 15:24:35.471160: | e2 b6 64 f7 12 ed 68 a9 b6 21 45 b7 83 88 10 b2 Oct 31 15:24:35.471162: | 81 ab cb 8d 1a 1d a6 ff 73 0a f0 e2 f1 3f 7d 37 Oct 31 15:24:35.471164: | 83 b9 af 1e be 36 c0 58 bb a3 77 e4 e2 e5 67 d2 Oct 31 15:24:35.471168: | 3e e1 93 7f 8d a0 28 ee b3 5b 33 a3 34 7b 53 d7 Oct 31 15:24:35.471170: | 82 02 56 fd 15 15 45 6f d0 40 a9 ad 0c a6 45 0a Oct 31 15:24:35.471172: | 49 b8 6a 07 b8 1f be c8 b5 74 7a 3f e1 24 cf 93 Oct 31 15:24:35.471174: | cf 70 75 d0 ec 80 37 31 69 b2 da 7d 10 c8 7a 16 Oct 31 15:24:35.471176: | 2e ce a7 27 f5 38 88 ab c4 db d3 13 13 40 21 ac Oct 31 15:24:35.471178: | 91 ef 82 51 61 9f 7c c4 23 47 3a 46 c5 d1 ef ec Oct 31 15:24:35.471179: | ae 58 7b 1a 98 0e 30 6e ff 91 db 59 d0 c5 8e d1 Oct 31 15:24:35.471181: | 9a 7d bb 32 c5 c0 0a 10 a5 26 ff 58 96 ec b9 42 Oct 31 15:24:35.471184: | 32 2a b0 8e 69 d0 af 35 78 97 0d 27 39 db 0f 1a Oct 31 15:24:35.471186: | ae e2 e9 2f 90 7b 4d 7f 96 64 73 c8 5f 9e bb ec Oct 31 15:24:35.471188: | da 53 aa 00 d7 40 4b 22 82 f6 7e d8 17 56 5e a9 Oct 31 15:24:35.471190: | 0b d3 84 b7 0d 40 88 9b 88 b2 2c fc 9d b8 e8 58 Oct 31 15:24:35.471192: | b8 46 73 03 04 ce 37 19 7a b2 1e 67 ca 7e 03 19 Oct 31 15:24:35.471193: | ba 2b 9a f5 68 74 40 15 95 a1 c1 4d 38 12 ea de Oct 31 15:24:35.471196: | bb 54 2f 84 bd 7c 33 2f 64 a7 d6 3b 51 c9 1f 1a Oct 31 15:24:35.471202: | 92 da 9f a0 1e a4 43 31 a7 10 bb b0 9b 46 b7 52 Oct 31 15:24:35.471208: | 74 4f 0f fb a7 33 49 e9 4c fd 6f 43 90 06 e5 b3 Oct 31 15:24:35.471210: | 85 45 b0 bd a2 e9 3d 2b ca f1 b8 Oct 31 15:24:35.472360: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.472370: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472374: | 35 20 23 08 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.472376: | 00 05 00 06 68 57 be dc 4d f7 c2 4f 81 49 22 e1 Oct 31 15:24:35.472379: | 9d 7c df 2d f7 d3 98 11 c7 b0 ef bf 79 e2 c7 58 Oct 31 15:24:35.472381: | c7 69 dd 6b 8a 5f 77 ab 30 13 52 f7 d8 a0 9b 7e Oct 31 15:24:35.472384: | 13 15 a1 88 95 23 2c 88 2d 46 29 93 87 6e 13 51 Oct 31 15:24:35.472386: | c2 1e 70 4d e6 af 6d 22 ee cf 9c ec c9 48 a5 12 Oct 31 15:24:35.472389: | b6 91 c1 c5 cb 23 1d 28 e9 25 3f 2a ff 85 46 9d Oct 31 15:24:35.472391: | d3 2d 27 87 7a 39 ce 9a f6 ec bd 2d 9e ca 36 16 Oct 31 15:24:35.472393: | 02 ad 6e 3b 74 3d 7d 58 87 13 33 57 28 e6 00 68 Oct 31 15:24:35.472396: | 8a d2 13 9a 8c d2 5f ff 76 0f f4 19 97 8e 4b ca Oct 31 15:24:35.472399: | 2b a6 e0 4a f8 bc c2 88 b2 54 d0 95 72 d7 2e 2b Oct 31 15:24:35.472401: | 32 41 d0 20 ca 7d 33 0c d2 71 7d de f8 bf a3 94 Oct 31 15:24:35.472403: | 32 47 34 46 64 62 61 e2 56 cd 7d ac bf e5 de 9d Oct 31 15:24:35.472406: | f9 5b f7 52 86 58 d7 5f 99 67 d8 de af 7e 25 27 Oct 31 15:24:35.472408: | 85 31 86 c6 39 0f 08 e3 e0 f1 12 34 f0 32 e3 f7 Oct 31 15:24:35.472410: | ad fa 83 e0 59 59 77 80 fa 78 64 99 c4 70 3c 23 Oct 31 15:24:35.472413: | 9f 6c d2 df e7 25 25 24 93 3e 4a 1d 1a 0d 76 a6 Oct 31 15:24:35.472415: | 55 03 00 e8 01 bd b7 07 93 89 00 21 af cb 49 6d Oct 31 15:24:35.472417: | f2 a1 55 76 31 e4 37 33 b8 fa 15 ff 7c 51 62 55 Oct 31 15:24:35.472420: | 4b 82 3d 96 8d 6c 5f 85 ab bd e1 b2 89 01 9d 3d Oct 31 15:24:35.472422: | c0 5a 2d a1 b1 cb e3 0e 72 c3 87 c8 bd 48 ed 4a Oct 31 15:24:35.472425: | 25 19 c6 5a 8f 1c e8 7f 22 85 84 0b 6c 88 99 fa Oct 31 15:24:35.472427: | 37 ea f8 0a 43 ab b5 bc ed 88 13 5c c8 1c fd a0 Oct 31 15:24:35.472429: | 65 26 80 00 72 b2 de 57 31 b3 7d b5 42 91 e5 80 Oct 31 15:24:35.472432: | 6f a9 77 cb ec 8e fe ed 28 c5 29 44 19 13 e1 ca Oct 31 15:24:35.472434: | 1e 0c 10 38 8e 3c b7 5b eb 96 f7 8f ff 74 8a d1 Oct 31 15:24:35.472437: | 1a 93 ef ab a9 0f d5 23 51 f7 48 79 12 a5 48 af Oct 31 15:24:35.472439: | f6 da 9c d1 6b 96 45 c3 aa 18 31 14 ea bb fa a4 Oct 31 15:24:35.472442: | 6e 26 f4 30 3d 0d f3 87 b6 6a 3c b2 ec 2a eb 0f Oct 31 15:24:35.472444: | c5 30 d4 f4 8b fa 55 59 f0 f2 72 5e 0b 18 26 59 Oct 31 15:24:35.472447: | a9 5a 55 df 16 a9 5e ff b7 6f 5d 52 ab 56 63 80 Oct 31 15:24:35.472449: | fb 0f e1 32 8d de e4 94 0f 3f 22 05 74 0f 09 28 Oct 31 15:24:35.472454: | ba 75 48 c2 86 ec 00 02 6f 09 d0 Oct 31 15:24:35.472500: | sending 113 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.472505: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.472508: | 35 20 23 08 00 00 00 01 00 00 00 71 00 00 00 55 Oct 31 15:24:35.472510: | 00 06 00 06 95 15 02 16 e4 45 79 ef 5c 67 f4 71 Oct 31 15:24:35.472512: | 58 58 f5 e2 ff e3 43 8c 19 47 70 70 b1 c5 b2 cc Oct 31 15:24:35.472515: | fc ed 65 c8 2a fd 23 2f bf 11 99 e3 03 0e 11 38 Oct 31 15:24:35.472517: | 7f 29 85 d9 9a 91 3d ca d1 09 ff 94 b2 15 49 11 Oct 31 15:24:35.472519: | 5d bf 62 64 3f 0f 27 3f ec 1f c5 db cf 4b 16 a7 Oct 31 15:24:35.472521: | f6 Oct 31 15:24:35.472536: | sent 6 messages Oct 31 15:24:35.472540: | checking that a retransmit timeout_event was already Oct 31 15:24:35.472543: | state #2 has no .st_event to delete Oct 31 15:24:35.472547: | delref mdp@0x5587b7420158(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.472550: | delref logger@0x5587b740a6f8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.472553: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.472555: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.472564: | #1 spent 3.8 (5.27) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.472570: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.472575: | libevent_free: delref ptr-libevent@0x7f43b0000da8 Oct 31 15:24:35.475350: | helper thread 3 has nothing to do Oct 31 15:24:35.608690: | spent 0.00227 (0.00229) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.608711: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.608715: | newref alloc logger@0x5587b7415728(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.608723: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:35.608726: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608728: | 35 20 23 20 00 00 00 01 00 00 02 1b 24 00 01 ff Oct 31 15:24:35.608730: | 00 01 00 05 5b e6 4b 86 6c 84 25 bc f6 1f 97 44 Oct 31 15:24:35.608733: | ed 3f 95 c0 96 c0 e7 33 71 d3 4a 2c 21 52 8f e4 Oct 31 15:24:35.608735: | b9 35 a9 2a b4 5b 3c 11 a7 a8 17 53 ef 66 07 24 Oct 31 15:24:35.608737: | 50 2a 16 a1 96 e1 7b ec e2 6f d9 de 8c 04 60 62 Oct 31 15:24:35.608740: | c3 e3 86 60 c6 24 c2 8b 10 38 ec d1 d6 9b 5c f6 Oct 31 15:24:35.608742: | f7 fc 8a 7e ef fb 5b 34 b2 d0 b6 b3 9c 7c 53 da Oct 31 15:24:35.608744: | aa b0 6c 54 3b 63 a5 01 d4 89 a2 44 80 5f 1a 85 Oct 31 15:24:35.608746: | 62 ef 3b d6 b5 fa 05 b4 62 58 85 f1 c0 c0 d5 17 Oct 31 15:24:35.608748: | c0 b7 b4 86 02 7d dc 3b dd 20 db fd 69 cc f5 0d Oct 31 15:24:35.608750: | 4e ab 40 35 2a 5b 47 37 2e 22 7f d2 3b c1 02 c9 Oct 31 15:24:35.608752: | f2 fb c8 87 c6 38 76 3b 3d c9 56 4c b9 39 47 85 Oct 31 15:24:35.608754: | d6 1d d8 f7 f6 f7 8f 24 2a f7 05 0d 77 23 2f ba Oct 31 15:24:35.608757: | d5 63 fc c2 44 68 ca 15 b8 1f 0b 0a 5a ca 84 1e Oct 31 15:24:35.608759: | 6f 91 a3 fa 82 18 6d 86 28 7a 24 b8 60 37 09 7a Oct 31 15:24:35.608761: | d4 71 01 f4 9a 63 d3 df 15 4f 6a d2 e0 a6 b1 6d Oct 31 15:24:35.608764: | f8 fc e3 5d 14 da 4c b2 da 76 52 89 06 33 b9 7d Oct 31 15:24:35.608766: | 0e e4 52 b9 97 4b 58 a2 31 99 7e ac 64 ac 55 b5 Oct 31 15:24:35.608768: | cf 00 09 a7 55 fc 36 17 58 51 2b bc 65 07 01 ec Oct 31 15:24:35.608771: | d3 ae 0f 13 46 24 76 27 55 d6 d8 a9 7a 61 3a a5 Oct 31 15:24:35.608773: | 72 b1 ac e4 9a 1e d7 fe d9 0b c8 0e 4a cc 89 ea Oct 31 15:24:35.608775: | fc 56 c9 ea b7 12 fe a6 55 e7 96 da 75 41 af 10 Oct 31 15:24:35.608778: | 83 aa c7 c4 7f fa d8 fd 85 47 3c 02 14 6e 15 2d Oct 31 15:24:35.608780: | 7a 05 66 7e 93 67 82 34 96 c1 d6 84 18 88 38 c3 Oct 31 15:24:35.608785: | ed c8 d1 bd a2 ed bd 6e c9 03 9f 19 7f 4b 5d 28 Oct 31 15:24:35.608787: | 04 73 6e 73 34 e8 e2 3c 04 e0 e1 6b ee fe ab f6 Oct 31 15:24:35.608789: | ea c9 37 bf 61 80 e6 d8 f4 f4 3d 09 46 1c 08 6a Oct 31 15:24:35.608792: | 69 3b 3b b2 98 22 3a c0 07 48 db 26 f7 90 0f 02 Oct 31 15:24:35.608794: | bf 70 c8 65 3e 0b ca 8c 89 49 69 f4 84 cf 62 10 Oct 31 15:24:35.608796: | 66 fb bc 1a 25 69 a3 e7 f1 b6 24 15 81 6c 13 63 Oct 31 15:24:35.608798: | ae 65 b0 6b d2 89 a2 30 84 b5 45 7a 54 3c 60 0e Oct 31 15:24:35.608800: | 26 80 96 19 d8 14 42 6d 2b 64 88 dc 20 b0 c3 7d Oct 31 15:24:35.608803: | e3 7a 5f 63 90 8a c4 b1 39 54 4f Oct 31 15:24:35.608807: | **parse ISAKMP Message: Oct 31 15:24:35.608812: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.608816: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608819: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.608821: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.608824: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.608826: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.608830: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.608834: | length: 539 (00 00 02 1b) Oct 31 15:24:35.608837: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.608840: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:35.608845: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:35.608853: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.608856: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:35.608859: | #2 is idle Oct 31 15:24:35.608862: | #2 idle Oct 31 15:24:35.608867: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.608872: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.608874: | unpacking clear payload Oct 31 15:24:35.608877: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.608880: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.608883: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:35.608885: | flags: none (0x0) Oct 31 15:24:35.608889: | length: 511 (01 ff) Oct 31 15:24:35.608892: | fragment number: 1 (00 01) Oct 31 15:24:35.608895: | total fragments: 5 (00 05) Oct 31 15:24:35.608897: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.608900: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:35.608904: | received IKE encrypted fragment number '1', total number '5', next payload '36' Oct 31 15:24:35.608910: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.608916: | #1 spent 0.234 (0.234) milliseconds in ikev2_process_packet() Oct 31 15:24:35.608919: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.608922: | delref mdp@0x5587b7420158(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.608925: | delref logger@0x5587b7415728(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.608928: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.608930: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.608935: | spent 0.254 (0.254) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.608946: | spent 0.0016 (0.0016) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.608952: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.608955: | newref alloc logger@0x5587b7415728(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.608961: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:35.608965: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.608967: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.608969: | 00 02 00 05 fb 7c 7c ac c4 57 e2 2b 9f 2d 33 e4 Oct 31 15:24:35.608972: | 78 8d d2 5c db 71 3a e3 05 a1 da 39 42 11 49 f4 Oct 31 15:24:35.608974: | c1 cd b5 b0 cb 2c 1c 32 54 41 e0 81 62 eb ec eb Oct 31 15:24:35.608976: | c2 77 d5 d0 69 ba c2 ba 7e a6 78 a3 92 7b a0 58 Oct 31 15:24:35.608979: | 81 a9 4a eb 05 cb 21 b6 07 7d 94 da 92 80 4d 0a Oct 31 15:24:35.608981: | 2c ad 55 f0 80 e7 da 50 a8 52 96 3a fa 80 c6 4e Oct 31 15:24:35.608983: | ce 4c 9f 88 3e 4b 34 14 8a b5 ae ef b5 e6 24 92 Oct 31 15:24:35.608985: | 1a 47 e6 bf 9c 39 c3 f8 68 a1 ca c3 3d bb f3 7e Oct 31 15:24:35.608987: | 13 58 56 cf 92 2e 9d f8 1e 87 fe 07 82 2e 5a 49 Oct 31 15:24:35.608989: | 24 d4 b0 3a 48 f6 7a 5a 53 31 73 d7 3b ca f2 9f Oct 31 15:24:35.608991: | bc 37 1a 21 78 85 61 24 a0 c7 aa dc d9 e7 dd 87 Oct 31 15:24:35.609052: | 1e 92 af 26 e6 ef 68 46 eb d0 de a3 04 28 f4 d1 Oct 31 15:24:35.609055: | d7 01 fe ef a0 fb 4d 53 f5 64 98 99 40 7e 12 24 Oct 31 15:24:35.609057: | a2 af 12 24 c0 14 d2 67 06 74 fe bd 5e 49 72 ca Oct 31 15:24:35.609060: | 4f 32 d3 60 80 b7 cb a3 c4 a7 cb b9 f4 3d dd c3 Oct 31 15:24:35.609062: | 3c e1 7e 79 43 22 fd 2a 3c 9f 6b 0d e5 4f 2f 1b Oct 31 15:24:35.609064: | cb a0 d2 4a f5 e4 95 60 90 07 e7 9d 1d 3b 92 2d Oct 31 15:24:35.609122: | a7 74 fd 1a 20 56 81 9e 25 79 31 1b d6 b1 d7 77 Oct 31 15:24:35.609127: | 38 7a 76 e8 7e cd d5 93 35 af 52 c4 ef 93 17 ac Oct 31 15:24:35.609130: | 9c 96 f2 81 3f 18 8a 08 9d be b2 96 67 ee 5e c1 Oct 31 15:24:35.609132: | a5 64 e0 6a 96 a4 65 e5 23 d0 a6 ea d3 42 3c e5 Oct 31 15:24:35.609134: | 2c 93 9c bd 2a e6 1c 6c a1 80 1f 9b ae e9 e8 c5 Oct 31 15:24:35.609137: | 05 18 1c 69 2e a1 c7 c3 5d b5 b6 3c 5a 76 2c 71 Oct 31 15:24:35.609139: | a0 98 63 b4 41 89 44 61 ff a6 08 2e cb 7b 36 93 Oct 31 15:24:35.609141: | bb d1 f6 c7 ba 39 c7 b7 f3 ac 82 49 ac 93 fa 7d Oct 31 15:24:35.609143: | c6 2c 45 19 55 09 7e e7 7a 47 85 58 05 fc 57 f6 Oct 31 15:24:35.609146: | 99 b1 ac d9 af b2 99 42 59 02 47 00 3f b4 78 d9 Oct 31 15:24:35.609299: | 4b c1 07 04 75 9a 8e c3 82 5b 0d b1 ab 97 c5 d3 Oct 31 15:24:35.609302: | 53 4d 6e 64 a3 23 dd 05 cb 37 41 9b 37 41 76 b2 Oct 31 15:24:35.609305: | e9 72 dd b6 17 d9 f5 d0 70 6b 19 9b ee 0d 19 3f Oct 31 15:24:35.609307: | a8 f0 a7 ec 27 9b 6f 91 20 60 15 34 da da 7c ea Oct 31 15:24:35.609309: | d1 fa 9e 20 57 84 c2 ec fc 14 9d Oct 31 15:24:35.609313: | **parse ISAKMP Message: Oct 31 15:24:35.609318: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.609322: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.609324: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.609327: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.609329: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.609332: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.609336: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.609339: | length: 539 (00 00 02 1b) Oct 31 15:24:35.609399: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.609462: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:35.609469: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:35.609476: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.609480: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:35.609482: | #2 is idle Oct 31 15:24:35.609485: | #2 idle Oct 31 15:24:35.609489: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.609496: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.609499: | unpacking clear payload Oct 31 15:24:35.609501: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.609505: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.609507: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.609510: | flags: none (0x0) Oct 31 15:24:35.609513: | length: 511 (01 ff) Oct 31 15:24:35.609516: | fragment number: 2 (00 02) Oct 31 15:24:35.609519: | total fragments: 5 (00 05) Oct 31 15:24:35.609522: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.609525: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:35.609528: | received IKE encrypted fragment number '2', total number '5', next payload '0' Oct 31 15:24:35.609534: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.609539: | #1 spent 0.264 (0.595) milliseconds in ikev2_process_packet() Oct 31 15:24:35.609542: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.609545: | delref mdp@0x5587b7420158(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.609548: | delref logger@0x5587b7415728(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.609551: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.609553: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.609558: | spent 0.284 (0.615) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.609568: | spent 0.0017 (0.0017) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.609574: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.609578: | newref alloc logger@0x5587b7415728(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.609640: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:35.609646: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.609648: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.609650: | 00 03 00 05 8d e3 ed 8d 4a a2 17 8b 8a 1b 85 44 Oct 31 15:24:35.609653: | d5 bd f8 92 65 ab 6a f7 35 5a 04 91 3b 3e f9 17 Oct 31 15:24:35.609655: | d3 a3 0d 31 b4 9e c6 ab 31 32 0f 2c 1b 62 ee d6 Oct 31 15:24:35.609657: | 83 8c 02 40 72 6c 67 49 b7 c0 4f 94 1d 2d 90 33 Oct 31 15:24:35.609660: | 58 49 37 1d 44 1e d8 79 94 34 74 8e 5f f6 92 f0 Oct 31 15:24:35.609662: | d3 05 c0 e7 91 93 38 8c 14 bc 0d f7 63 db e2 1d Oct 31 15:24:35.609664: | a1 d9 db 18 09 25 98 29 ca cc 7d 1c d8 25 3d bd Oct 31 15:24:35.609666: | 45 2e 28 df 18 a9 11 e7 fe e3 30 3f a8 ac a0 ed Oct 31 15:24:35.609669: | 08 9f 2f ef 02 66 83 26 3f 8b 8c e9 e8 12 31 0e Oct 31 15:24:35.609671: | 83 4b 49 39 91 a8 e4 28 98 c8 d8 18 0d 22 91 6b Oct 31 15:24:35.609673: | 70 1f 6d f3 1a 94 fe ab ea cd f0 0d b1 1e dc 90 Oct 31 15:24:35.609676: | 88 2c 2f 3b 58 3c dc 26 f2 e3 97 27 96 a3 b8 2b Oct 31 15:24:35.609678: | 00 c6 78 48 07 b7 ca f5 42 53 52 0b 62 ca de 39 Oct 31 15:24:35.609680: | fc a2 55 75 3d 49 07 61 e0 1d 94 22 6a 98 ae fb Oct 31 15:24:35.609683: | 13 bf fc 1e 03 c0 98 88 1f 70 49 26 99 f3 cf 38 Oct 31 15:24:35.609685: | 30 d1 16 c9 36 0c 32 7b ba 0b 53 88 de af da ae Oct 31 15:24:35.609687: | 24 35 8d 66 2a db a8 7f 55 69 0d f2 56 67 fb 71 Oct 31 15:24:35.609689: | ee 6d 62 ff c3 88 ae d6 3e c0 70 2e 2c 1e cc 1c Oct 31 15:24:35.609692: | ec f6 22 76 52 e7 f8 4e 74 57 83 9d be 84 35 73 Oct 31 15:24:35.609694: | 7f 2e 1a ad 1f cc 66 68 a4 1e f7 ed c3 1b 44 b2 Oct 31 15:24:35.609696: | ee ac b7 d4 04 8c 7e e8 bb 49 92 8e a7 16 13 c4 Oct 31 15:24:35.609699: | 2d 14 20 df 7a 20 9f 30 f4 de eb aa fb 03 20 38 Oct 31 15:24:35.609701: | 43 c4 48 13 2d e3 65 0e 3e 96 d9 e0 73 88 b8 ab Oct 31 15:24:35.609703: | 63 9c 59 42 b4 00 73 25 f6 f8 7c 7f 31 b9 fb 04 Oct 31 15:24:35.609708: | 73 a9 0b a8 c6 37 01 19 ee 74 14 c0 d1 08 56 35 Oct 31 15:24:35.609710: | 8c 08 52 95 83 3d 06 74 a4 b9 ad 0a 59 51 f2 1e Oct 31 15:24:35.609712: | 60 43 a2 72 23 60 dd 3e 38 5a 30 0b 53 c0 25 d8 Oct 31 15:24:35.609714: | 8f 86 5e 7f 5d 99 59 2d 64 30 00 01 e5 f3 d8 8f Oct 31 15:24:35.609716: | 4d b5 31 53 fb 69 4a 96 8d 54 cb 91 16 f1 28 3c Oct 31 15:24:35.609719: | 4f d2 ce af c1 3c f7 72 11 3e ab 1d 82 23 5b ac Oct 31 15:24:35.609721: | f0 52 af 05 23 44 0c b3 f6 7d 90 df f9 bb 6e 38 Oct 31 15:24:35.609723: | d4 60 e0 b4 46 ab 86 91 71 3f d2 Oct 31 15:24:35.609727: | **parse ISAKMP Message: Oct 31 15:24:35.609731: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.609735: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.609737: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.609740: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.609742: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.609745: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.609749: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.609752: | length: 539 (00 00 02 1b) Oct 31 15:24:35.609755: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.609758: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:35.609761: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:35.609767: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.609770: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:35.609773: | #2 is idle Oct 31 15:24:35.609775: | #2 idle Oct 31 15:24:35.609780: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.609785: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.609787: | unpacking clear payload Oct 31 15:24:35.609789: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.609792: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.609795: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.609797: | flags: none (0x0) Oct 31 15:24:35.609801: | length: 511 (01 ff) Oct 31 15:24:35.609804: | fragment number: 3 (00 03) Oct 31 15:24:35.609807: | total fragments: 5 (00 05) Oct 31 15:24:35.609809: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.609812: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:35.609814: | received IKE encrypted fragment number '3', total number '5', next payload '0' Oct 31 15:24:35.609820: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.609825: | #1 spent 0.21 (0.259) milliseconds in ikev2_process_packet() Oct 31 15:24:35.609828: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.609831: | delref mdp@0x5587b7420158(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.609834: | delref logger@0x5587b7415728(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.609837: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.609839: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.609844: | spent 0.229 (0.278) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.609852: | spent 0.00152 (0.00152) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.609858: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.609861: | newref alloc logger@0x5587b7415728(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.609867: | *received 539 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:35.609873: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.609875: | 35 20 23 20 00 00 00 01 00 00 02 1b 00 00 01 ff Oct 31 15:24:35.609878: | 00 04 00 05 a1 7d bf db e1 0a c5 5f ae 59 eb ac Oct 31 15:24:35.609880: | 3b 90 fd 5d 97 2a 11 f1 91 3d 33 f8 9d 54 79 bf Oct 31 15:24:35.609882: | be 4d b7 0d 85 21 ec a4 5e 50 82 5a 65 64 2a 5a Oct 31 15:24:35.609884: | f9 70 29 bd 25 9a f4 b6 2b 83 0b 04 61 ca 28 24 Oct 31 15:24:35.609887: | 12 d6 24 94 5b 24 32 cd 1e af 0d 90 f2 b5 93 08 Oct 31 15:24:35.609889: | ef fd 64 c0 10 5d 29 f7 4d 32 ef f1 69 a5 e3 96 Oct 31 15:24:35.609891: | 45 17 95 f0 9e b8 f9 70 49 b9 29 c3 8f 6f 5b 25 Oct 31 15:24:35.609894: | ff b1 3c 7f e0 9d 20 2a 16 01 5e 26 fd 7b 83 8a Oct 31 15:24:35.609896: | 15 bb 16 62 1c 12 8a b4 54 fe 8f bc 40 34 4b 95 Oct 31 15:24:35.609898: | 05 55 2c 91 77 8c 77 8e f0 b8 10 e7 76 88 d3 54 Oct 31 15:24:35.609901: | 00 a6 f0 fc 03 9d 0a ac a3 64 14 5c ea 03 11 b9 Oct 31 15:24:35.609903: | 0e 9f 69 83 5f 90 4a a8 31 3c 87 37 ba 80 15 a8 Oct 31 15:24:35.609905: | 42 b4 39 d4 ed 2e 21 63 2f b6 03 33 ae 6d 7f 47 Oct 31 15:24:35.609907: | 04 a3 5b ec 35 1b da c2 95 20 e4 b8 92 be 85 b1 Oct 31 15:24:35.609910: | b7 59 dc bf 62 fc 7e ee e7 6d 16 19 83 b4 a4 d9 Oct 31 15:24:35.609912: | 89 1e 83 97 0f 2f fc ce 71 0a 29 bc e2 84 e7 7c Oct 31 15:24:35.609914: | 40 d7 53 42 f2 21 41 e3 43 82 da 02 40 e0 54 b4 Oct 31 15:24:35.609916: | 82 06 fc 29 6e f8 5c 4f 20 ef 54 5a be cd e6 37 Oct 31 15:24:35.609919: | 4a 14 43 fd 4f a0 b8 8b f6 58 ce 5a 3c 89 a7 e3 Oct 31 15:24:35.609921: | 27 24 77 fb 09 3c 28 94 e9 ce 1a 79 8a ac 5c c9 Oct 31 15:24:35.609923: | 17 93 17 62 28 7b d8 92 c7 36 d4 fa 9a bf 01 47 Oct 31 15:24:35.609926: | 25 65 e1 af c7 36 db 70 a9 ec dc 09 36 f8 7e ca Oct 31 15:24:35.609928: | c1 38 65 c6 73 d0 8d 20 38 6a fd 5d dc ae 2e c9 Oct 31 15:24:35.609930: | aa ca a3 d6 46 58 ad e9 fd 78 47 b3 88 6b e9 a6 Oct 31 15:24:35.609932: | 73 db 39 13 82 59 80 8a d3 db 58 0c 1f 5d c5 46 Oct 31 15:24:35.609935: | 94 4d bc 41 6e eb 6c d0 9c 27 80 4a 88 2e 87 f8 Oct 31 15:24:35.609937: | b2 eb 44 9d 0a 9a a9 8d 6f 90 36 cb 3b f7 2c 87 Oct 31 15:24:35.609939: | b4 cc e3 93 3e 6d bd 22 be ea 98 97 9a 90 a0 d1 Oct 31 15:24:35.609942: | 5a 86 8b 06 5a 53 92 66 4d 71 f0 ae 43 be d9 a7 Oct 31 15:24:35.609944: | ae 7a 5c 64 bb 22 16 88 5b 16 55 eb 93 27 40 78 Oct 31 15:24:35.609946: | 90 9c 4f 97 cd 20 15 15 ff 70 b9 e0 f3 ec 23 2b Oct 31 15:24:35.609949: | 02 17 99 89 61 af 2b 79 3f a2 8f Oct 31 15:24:35.609952: | **parse ISAKMP Message: Oct 31 15:24:35.609956: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.609960: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.609962: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.609965: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.609967: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.609970: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.609974: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.609977: | length: 539 (00 00 02 1b) Oct 31 15:24:35.609980: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.609983: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:35.609985: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:35.609991: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.609994: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:35.609996: | #2 is idle Oct 31 15:24:35.609999: | #2 idle Oct 31 15:24:35.610004: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.610008: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.610012: | unpacking clear payload Oct 31 15:24:35.610015: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.610018: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.610020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.610022: | flags: none (0x0) Oct 31 15:24:35.610080: | length: 511 (01 ff) Oct 31 15:24:35.610085: | fragment number: 4 (00 04) Oct 31 15:24:35.610088: | total fragments: 5 (00 05) Oct 31 15:24:35.610091: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:35.610094: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:35.610097: | received IKE encrypted fragment number '4', total number '5', next payload '0' Oct 31 15:24:35.610158: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.610165: | #1 spent 0.221 (0.314) milliseconds in ikev2_process_packet() Oct 31 15:24:35.610168: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.610171: | delref mdp@0x5587b7420158(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.610174: | delref logger@0x5587b7415728(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.610177: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.610179: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.610248: | spent 0.252 (0.397) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.610258: | spent 0.00164 (0.00164) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.610265: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.610323: | newref alloc logger@0x5587b7415728(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.610331: | *received 278 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:35.610334: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.610336: | 35 20 23 20 00 00 00 01 00 00 01 16 00 00 00 fa Oct 31 15:24:35.610339: | 00 05 00 05 e5 cd d6 f8 3e a0 18 37 62 26 5f 13 Oct 31 15:24:35.610341: | f7 50 19 87 62 ec 36 9c fd 66 d8 2b 22 cc a9 66 Oct 31 15:24:35.610343: | ba 99 7c a8 ba e0 7b 95 77 6c 9c b7 1e ee 09 e0 Oct 31 15:24:35.610346: | 9f 03 34 34 ac 71 58 d2 f3 7d 36 48 0d 49 a0 05 Oct 31 15:24:35.610348: | c5 5c 20 aa f4 87 bc 26 6c fa 59 c6 51 cf ab ce Oct 31 15:24:35.610350: | 5c 3a 17 e4 4a 33 c2 ad a8 2a ec 7d 48 c0 ef ef Oct 31 15:24:35.610353: | b2 f5 69 69 e1 fc 1b ce e0 96 d5 ea 0f c7 a4 38 Oct 31 15:24:35.610355: | d3 0e f2 a7 17 95 c6 45 a0 05 12 0b d3 c8 3b 79 Oct 31 15:24:35.610357: | 55 f7 fa 4e c5 aa f4 b3 98 4c ce fd 75 f7 83 85 Oct 31 15:24:35.610359: | c1 86 9e 11 3c f5 10 38 c7 c5 36 32 a0 0e e8 93 Oct 31 15:24:35.610362: | be bd a5 b6 26 de 38 6a 4a d6 b8 7c fb f1 00 c1 Oct 31 15:24:35.610364: | 80 db 10 9c d4 be 54 e8 3d 60 7e cd 7b 9f 94 fb Oct 31 15:24:35.610366: | 5f bf 0a 7c 42 93 37 db 56 04 c6 d5 cd 63 4f e5 Oct 31 15:24:35.610368: | 7b 39 fc 1e da d8 5f 5b 5b fd 4a 9b 9c 6f 3f 47 Oct 31 15:24:35.610371: | 0f f4 6f b2 dc 3e e6 24 9e 4c 0a ca c3 e4 4a da Oct 31 15:24:35.610373: | 25 90 73 01 c3 01 Oct 31 15:24:35.610382: | **parse ISAKMP Message: Oct 31 15:24:35.610386: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.610390: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.610393: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:35.610395: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.610398: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:35.610400: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.610404: | Message ID: 1 (00 00 00 01) Oct 31 15:24:35.610407: | length: 278 (00 00 01 16) Oct 31 15:24:35.610410: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:35.610416: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:35.610419: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:35.610426: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.610429: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:35.610431: | #2 is idle Oct 31 15:24:35.610433: | #2 idle Oct 31 15:24:35.610442: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.610446: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.610449: | unpacking clear payload Oct 31 15:24:35.610451: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:35.610454: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:35.610457: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.610459: | flags: none (0x0) Oct 31 15:24:35.610462: | length: 250 (00 fa) Oct 31 15:24:35.610465: | fragment number: 5 (00 05) Oct 31 15:24:35.610468: | total fragments: 5 (00 05) Oct 31 15:24:35.610471: | processing payload: ISAKMP_NEXT_v2SKF (len=242) Oct 31 15:24:35.610473: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:35.610476: | received IKE encrypted fragment number '5', total number '5', next payload '0' Oct 31 15:24:35.610512: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:35.610515: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:35.610519: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:35.610521: | next payload type: ISAKMP_NEXT_v2CERT (0x25) Oct 31 15:24:35.610523: | flags: none (0x0) Oct 31 15:24:35.610527: | length: 191 (00 bf) Oct 31 15:24:35.610529: | ID type: ID_DER_ASN1_DN (0x9) Oct 31 15:24:35.610532: | reserved: 00 00 00 Oct 31 15:24:35.610534: | processing payload: ISAKMP_NEXT_v2IDr (len=183) Oct 31 15:24:35.610537: | Now let's proceed with payload (ISAKMP_NEXT_v2CERT) Oct 31 15:24:35.610539: | **parse IKEv2 Certificate Payload: Oct 31 15:24:35.610542: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:35.610544: | flags: none (0x0) Oct 31 15:24:35.610547: | length: 1394 (05 72) Oct 31 15:24:35.610549: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:35.610552: | processing payload: ISAKMP_NEXT_v2CERT (len=1389) Oct 31 15:24:35.610554: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:35.610556: | **parse IKEv2 Authentication Payload: Oct 31 15:24:35.610559: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.610561: | flags: none (0x0) Oct 31 15:24:35.610564: | length: 460 (01 cc) Oct 31 15:24:35.610566: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:35.610569: | processing payload: ISAKMP_NEXT_v2AUTH (len=452) Oct 31 15:24:35.610571: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.610573: | **parse IKEv2 Security Association Payload: Oct 31 15:24:35.610576: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:35.610578: | flags: none (0x0) Oct 31 15:24:35.610581: | length: 36 (00 24) Oct 31 15:24:35.610583: | processing payload: ISAKMP_NEXT_v2SA (len=32) Oct 31 15:24:35.610585: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.610588: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.610590: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:35.610592: | flags: none (0x0) Oct 31 15:24:35.610595: | length: 24 (00 18) Oct 31 15:24:35.610598: | number of TS: 1 (01) Oct 31 15:24:35.610600: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:35.610602: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.610605: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.610607: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.610612: | flags: none (0x0) Oct 31 15:24:35.610619: | length: 24 (00 18) Oct 31 15:24:35.610622: | number of TS: 1 (01) Oct 31 15:24:35.610624: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:35.610627: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:24:35.610630: | calling processor Initiator: process IKE_AUTH response Oct 31 15:24:35.610634: | addref md@0x5587b7420158(1->2) (in submit_cert_decode() at cert_decode_helper.c:81) Oct 31 15:24:35.610638: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Oct 31 15:24:35.610642: loading root certificate cache Oct 31 15:24:35.610645: | newref struct root_certs@0x5587b74277d8(0->1) (in submit_cert_decode() at cert_decode_helper.c:80) Oct 31 15:24:35.610648: | addref root_certs@0x5587b74277d8(1->2) (in submit_cert_decode() at cert_decode_helper.c:80) Oct 31 15:24:35.615371: | spent 4.1 (4.71) milliseconds in root_certs_addref() calling PK11_ListCertsInSlot() Oct 31 15:24:35.615386: | adding the CA+root cert E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615391: | discarding non-CA cert E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615394: | discarding non-CA cert E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615397: | discarding non-CA cert E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615400: | discarding non-CA cert E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615403: | discarding non-CA cert E=user-hashsha1@testing.libreswan.org,CN=hashsha1.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615410: | discarding non-CA cert E=testing@libreswan.org,CN=west-ec.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615413: | discarding non-CA cert E=testing@libreswan.org,CN=east-ec.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615416: | discarding non-CA cert E=user-nic@testing.libreswan.org,CN=nic.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615511: | spent 0.056 (0.0558) milliseconds in root_certs_addref() filtering CAs Oct 31 15:24:35.615527: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.615531: | addref fd@0x5587b741d548(4->5) (in clone_logger() at log.c:810) Oct 31 15:24:35.615535: | newref clone logger@0x5587b741dce8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.615538: | job 4 for #2: initiator decoding certificates (decode certificate payload): adding job to queue Oct 31 15:24:35.615540: | state #2 has no .st_event to delete Oct 31 15:24:35.615544: | #2 requesting EVENT_RETRANSMIT-pe@0x5587b7413c48 be deleted Oct 31 15:24:35.615549: | libevent_free: delref ptr-libevent@0x5587b7428378 Oct 31 15:24:35.615552: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x5587b7413c48 Oct 31 15:24:35.615555: | #2 STATE_PARENT_I2: retransmits: cleared Oct 31 15:24:35.615558: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b740a6f8 Oct 31 15:24:35.615561: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Oct 31 15:24:35.615563: | libevent_malloc: newref ptr-libevent@0x5587b7428378 size 128 Oct 31 15:24:35.615577: | #2 spent 4.27 (4.94) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:24:35.615585: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.615587: | job 4 for #2: initiator decoding certificates (decode certificate payload): helper 4 starting job Oct 31 15:24:35.615591: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=NULL Oct 31 15:24:35.615611: | suspending state #2 and saving MD 0x5587b7420158 Oct 31 15:24:35.615601: | checking for known CERT payloads Oct 31 15:24:35.615616: | addref md@0x5587b7420158(2->3) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.615627: | #2 is busy; has suspended MD 0x5587b7420158 Oct 31 15:24:35.615623: | saving certificate of type 'X509_SIGNATURE' Oct 31 15:24:35.615632: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.615646: | #1 spent 4.65 (5.39) milliseconds in ikev2_process_packet() Oct 31 15:24:35.615649: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.615652: | delref mdp@0x5587b7420158(3->2) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.615656: | spent 4.66 (5.4) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.615707: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615718: | "northnet-eastnets/0x2" #1: spent 0.103 (0.115) milliseconds in find_and_verify_certs() calling decode_cert_payloads() Oct 31 15:24:35.615725: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615797: | "northnet-eastnets/0x2" #1: spent 0.0696 (0.0699) milliseconds in find_and_verify_certs() calling crl_update_check() Oct 31 15:24:35.615802: | missing or expired CRL Oct 31 15:24:35.615806: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Oct 31 15:24:35.615808: | verify_end_cert verifying E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA using: Oct 31 15:24:35.615810: | trusted CA: E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.615813: | verify_end_cert trying profile IPsec Oct 31 15:24:35.616622: | certificate is valid (profile IPsec) Oct 31 15:24:35.616644: | "northnet-eastnets/0x2" #1: spent 0.208 (0.835) milliseconds in find_and_verify_certs() calling verify_end_cert() Oct 31 15:24:35.616751: | newref struct pubkey@0x7f43a40037e8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.616767: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f43a4002368 Oct 31 15:24:35.616772: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f43a4002268 Oct 31 15:24:35.616775: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f43a4002588 Oct 31 15:24:35.616778: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f43a4001d38 Oct 31 15:24:35.616780: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f43a40055e8 Oct 31 15:24:35.616848: | newref struct pubkey@0x7f43a4003bb8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.616920: | newref struct pubkey@0x7f43a4003f58(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.616983: | newref struct pubkey@0x7f43a4000e38(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.617052: | newref struct pubkey@0x7f43a40011d8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.617120: | newref struct pubkey@0x7f43a40042a8(0->1) (in create_pubkey_from_cert_1() at secrets.c:1962) Oct 31 15:24:35.617131: | delref pkp@0x7f43a40037e8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:35.617142: | "northnet-eastnets/0x2" #1: spent 0.491 (0.491) milliseconds in find_and_verify_certs() calling add_pubkey_from_nss_cert() Oct 31 15:24:35.617149: | "northnet-eastnets/0x2" #1: spent 0.925 (1.56) milliseconds in helper 4 processing job 4 for state #2: initiator decoding certificates (decode certificate payload) Oct 31 15:24:35.617153: | job 4 for #2: initiator decoding certificates (decode certificate payload): helper thread 4 sending result back to state Oct 31 15:24:35.617161: | scheduling resume sending helper answer back to state for #2 Oct 31 15:24:35.617165: | libevent_malloc: newref ptr-libevent@0x7f43a4001868 size 128 Oct 31 15:24:35.617170: | libevent_realloc: delref ptr-libevent@0x5587b73cc488 Oct 31 15:24:35.617173: | libevent_realloc: newref ptr-libevent@0x5587b7428148 size 128 Oct 31 15:24:35.617183: | helper thread 4 has nothing to do Oct 31 15:24:35.617193: | processing resume sending helper answer back to state for #2 Oct 31 15:24:35.617209: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.617219: | unsuspending #2 MD 0x5587b7420158 Oct 31 15:24:35.617222: | job 4 for #2: initiator decoding certificates (decode certificate payload): processing response from helper 4 Oct 31 15:24:35.617225: | job 4 for #2: initiator decoding certificates (decode certificate payload): calling continuation function 0x5587b63aa0d4 Oct 31 15:24:35.617229: | delref mdp@0x5587b7420158(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:215) Oct 31 15:24:35.617232: | delref root_certs@0x5587b74277d8(2->1) (in cert_decode_cancelled() at cert_decode_helper.c:216) Oct 31 15:24:35.617237: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Oct 31 15:24:35.617250: | DER ASN1 DN: Oct 31 15:24:35.617253: | 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Oct 31 15:24:35.617255: | 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Oct 31 15:24:35.617257: | 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Oct 31 15:24:35.617259: | 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Oct 31 15:24:35.617262: | 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Oct 31 15:24:35.617264: | 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Oct 31 15:24:35.617266: | 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Oct 31 15:24:35.617269: | 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.617271: | 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Oct 31 15:24:35.617273: | 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Oct 31 15:24:35.617276: | 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Oct 31 15:24:35.617278: | 77 61 6e 2e 6f 72 67 Oct 31 15:24:35.617303: | comparing ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' to certificate derSubject='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' (subjectName='E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA') Oct 31 15:24:35.617314: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Oct 31 15:24:35.617317: | X509: CERT and ID matches current connection Oct 31 15:24:35.617329: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.617337: "northnet-eastnets/0x1" #2: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Oct 31 15:24:35.617378: | verifying AUTH payload Oct 31 15:24:35.617384: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:35.617387: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:35.617390: | ASN.1 blob for hash algo Oct 31 15:24:35.617392: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:35.617394: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:35.617399: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:35.617401: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:35.617403: | 03 02 01 40 Oct 31 15:24:35.617427: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.617436: | trying all remote certificates public keys for RSA key that matches ID: C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org Oct 31 15:24:35.617448: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.617460: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.617476: | trying 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' issued by CA 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.617480: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:35.617483: | a4 17 e2 11 b8 79 bf ff dc 8d bf 38 f1 77 39 91 Oct 31 15:24:35.617485: | 2b 02 ac a3 71 74 09 eb 41 c3 6d 3a f7 32 ea d2 Oct 31 15:24:35.617488: | 03 42 4b bc a9 1e 75 de d4 b2 9e 8b db 81 e8 cd Oct 31 15:24:35.617490: | 60 22 22 07 f1 31 1b b5 44 fd 62 4e 76 fe f1 78 Oct 31 15:24:35.617789: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:35.617796: | addref pk@0x7f43a40042a8(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:35.617801: | an RSA Sig check passed with *AwEAAeu8z [remote certificates] Oct 31 15:24:35.617808: | #1 spent 0.233 (0.326) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:35.617813: "northnet-eastnets/0x2" #1: authenticated using RSA with SHA2_512 Oct 31 15:24:35.617825: | #1 spent 0.324 (0.417) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:35.617831: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:35.617836: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:24:35.617840: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:24:35.617845: | libevent_free: delref ptr-libevent@0x7f43ac00cc18 Oct 31 15:24:35.617850: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x5587b74158b8 Oct 31 15:24:35.617854: | event_schedule: newref EVENT_SA_REKEY-pe@0x5587b74158b8 Oct 31 15:24:35.617857: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:24:35.617861: | libevent_malloc: newref ptr-libevent@0x5587b74408b8 size 128 Oct 31 15:24:35.618155: | pstats #1 ikev2.ike established Oct 31 15:24:35.618165: | TSi: parsing 1 traffic selectors Oct 31 15:24:35.618170: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.618174: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.618177: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.618181: | length: 16 (00 10) Oct 31 15:24:35.618185: | start port: 0 (00 00) Oct 31 15:24:35.618189: | end port: 65535 (ff ff) Oct 31 15:24:35.618192: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.618195: | TS low Oct 31 15:24:35.618197: | c0 00 03 00 Oct 31 15:24:35.618211: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.618213: | TS high Oct 31 15:24:35.618216: | c0 00 03 ff Oct 31 15:24:35.618219: | TSi: parsed 1 traffic selectors Oct 31 15:24:35.618222: | TSr: parsing 1 traffic selectors Oct 31 15:24:35.618225: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.618228: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.618231: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.618235: | length: 16 (00 10) Oct 31 15:24:35.618238: | start port: 0 (00 00) Oct 31 15:24:35.618244: | end port: 65535 (ff ff) Oct 31 15:24:35.618247: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.618250: | TS low Oct 31 15:24:35.618253: | c0 00 02 00 Oct 31 15:24:35.618255: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.618258: | TS high Oct 31 15:24:35.618260: | c0 00 02 ff Oct 31 15:24:35.618263: | TSr: parsed 1 traffic selectors Oct 31 15:24:35.618271: | evaluating our conn="northnet-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:35.618277: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.618286: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.618290: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.618293: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.618296: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.618300: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.618305: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.618312: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:35.618315: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.618318: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.618320: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.618323: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.618326: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.618328: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:24:35.618330: | printing contents struct traffic_selector Oct 31 15:24:35.618333: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.618335: | ipprotoid: 0 Oct 31 15:24:35.618338: | port range: 0-65535 Oct 31 15:24:35.618342: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:35.618345: | printing contents struct traffic_selector Oct 31 15:24:35.618347: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.618349: | ipprotoid: 0 Oct 31 15:24:35.618352: | port range: 0-65535 Oct 31 15:24:35.618356: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:35.618371: | using existing local ESP/AH proposals for northnet-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:35.618374: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:24:35.618380: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.618383: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:35.618386: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.618388: | local proposal 1 type DH has 1 transforms Oct 31 15:24:35.618391: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:35.618394: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:35.618397: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.618400: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:35.618402: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.618405: | local proposal 2 type DH has 1 transforms Oct 31 15:24:35.618407: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:35.618410: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:35.618413: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.618415: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:35.618418: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.618420: | local proposal 3 type DH has 1 transforms Oct 31 15:24:35.618423: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:35.618426: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:35.618430: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.618433: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:35.618435: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.618438: | local proposal 4 type DH has 1 transforms Oct 31 15:24:35.618441: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:35.618444: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:35.618447: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.618451: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.618454: | length: 32 (00 20) Oct 31 15:24:35.618457: | prop #: 1 (01) Oct 31 15:24:35.618460: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.618463: | spi size: 4 (04) Oct 31 15:24:35.618466: | # transforms: 2 (02) Oct 31 15:24:35.618470: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.618472: | remote SPI Oct 31 15:24:35.618474: | 0c 10 d1 90 Oct 31 15:24:35.618478: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:35.618481: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.618484: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.618487: | length: 12 (00 0c) Oct 31 15:24:35.618490: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.618492: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.618495: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.618498: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.618501: | length/value: 256 (01 00) Oct 31 15:24:35.618505: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.618509: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.618511: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.618515: | length: 8 (00 08) Oct 31 15:24:35.618517: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.618520: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.618524: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:35.618527: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:35.618532: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:35.618535: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.618538: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Oct 31 15:24:35.618543: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=0c10d190 Oct 31 15:24:35.618546: | converting proposal to internal trans attrs Oct 31 15:24:35.618553: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:35.618693: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:24:35.618700: | could_route called for northnet-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:35.618704: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.618707: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.618711: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.618714: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.618717: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.618720: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.618725: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.618728: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.618731: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.618734: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.618741: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.618745: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Oct 31 15:24:35.618748: | netlink: enabling tunnel mode Oct 31 15:24:35.618751: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:35.618754: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.618757: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.618939: | netlink response for Add SA esp.c10d190@192.1.2.23 included non-error error Oct 31 15:24:35.618946: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:35.618949: | set up outgoing SA, ref=0/0 Oct 31 15:24:35.618953: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.618956: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.618959: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.618962: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.618966: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.618969: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Oct 31 15:24:35.618973: | netlink: enabling tunnel mode Oct 31 15:24:35.618975: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:35.618978: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.618980: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.619094: | netlink response for Add SA esp.8c58fba8@192.1.3.33 included non-error error Oct 31 15:24:35.619100: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:35.619103: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:35.619106: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:35.619108: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:35.619111: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:35.619114: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:35.619121: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:35.619125: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.619250: | raw_eroute result=success Oct 31 15:24:35.619259: | set up incoming SA, ref=0/0 Oct 31 15:24:35.619262: | sr for #2: unrouted Oct 31 15:24:35.619265: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:35.619267: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.619271: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.619274: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.619276: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.619279: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.619282: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.619285: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:24:35.619288: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:35.619297: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:35.619301: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.619324: | raw_eroute result=success Oct 31 15:24:35.619328: | running updown command "ipsec _updown" for verb up Oct 31 15:24:35.619331: | command executing up-client Oct 31 15:24:35.619335: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:35.619345: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:35.619397: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.619409: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.619435: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='... Oct 31 15:24:35.619439: | popen cmd is 1504 chars long Oct 31 15:24:35.619442: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Oct 31 15:24:35.619445: | cmd( 80):x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:35.619448: | cmd( 160):O_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=: Oct 31 15:24:35.619450: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user: Oct 31 15:24:35.619452: | cmd( 320):-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET: Oct 31 15:24:35.619455: | cmd( 400):='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO: Oct 31 15:24:35.619458: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLU: Oct 31 15:24:35.619461: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=eas: Oct 31 15:24:35.619463: | cmd( 640):t.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='1: Oct 31 15:24:35.619466: | cmd( 720):92.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.2: Oct 31 15:24:35.619469: | cmd( 800):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontari: Oct 31 15:24:35.619472: | cmd( 880):o, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, : Oct 31 15:24:35.619474: | cmd( 960):E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_CON: Oct 31 15:24:35.619477: | cmd(1040):N_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+R: Oct 31 15:24:35.619480: | cmd(1120):SASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: Oct 31 15:24:35.619482: | cmd(1200):ILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' : Oct 31 15:24:35.619485: | cmd(1280):PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR: Oct 31 15:24:35.619488: | cmd(1360):ED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH: Oct 31 15:24:35.619491: | cmd(1440):ARED='no' SPI_IN=0xc10d190 SPI_OUT=0x8c58fba8 ipsec _updown 2>&1: Oct 31 15:24:35.634900: | route_and_eroute: firewall_notified: true Oct 31 15:24:35.634911: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:35.634915: | command executing prepare-client Oct 31 15:24:35.634921: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:35.634940: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:35.635000: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.635011: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.635036: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLU... Oct 31 15:24:35.635040: | popen cmd is 1509 chars long Oct 31 15:24:35.635043: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:35.635045: | cmd( 80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:35.635048: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:35.635050: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E: Oct 31 15:24:35.635052: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN: Oct 31 15:24:35.635055: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M: Oct 31 15:24:35.635057: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23: Oct 31 15:24:35.635059: | cmd( 560):' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, C: Oct 31 15:24:35.635062: | cmd( 640):N=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIE: Oct 31 15:24:35.635064: | cmd( 720):NT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.: Oct 31 15:24:35.635066: | cmd( 800):255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=O: Oct 31 15:24:35.635069: | cmd( 880):ntario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mai: Oct 31 15:24:35.635071: | cmd( 960):nca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUT: Oct 31 15:24:35.635073: | cmd(1040):O_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN: Oct 31 15:24:35.635075: | cmd(1120):_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Oct 31 15:24:35.635078: | cmd(1200):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF: Oct 31 15:24:35.635080: | cmd(1280):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON: Oct 31 15:24:35.635082: | cmd(1360):FIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' V: Oct 31 15:24:35.635085: | cmd(1440):TI_SHARED='no' SPI_IN=0xc10d190 SPI_OUT=0x8c58fba8 ipsec _updown 2>&1: Oct 31 15:24:35.652981: | running updown command "ipsec _updown" for verb route Oct 31 15:24:35.652995: | command executing route-client Oct 31 15:24:35.653005: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:35.653028: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:35.653075: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.653083: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.653100: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_S... Oct 31 15:24:35.653104: | popen cmd is 1507 chars long Oct 31 15:24:35.653107: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Oct 31 15:24:35.653108: | cmd( 80):s/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P: Oct 31 15:24:35.653110: | cmd( 160):LUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario,: Oct 31 15:24:35.653111: | cmd( 240): L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=u: Oct 31 15:24:35.653113: | cmd( 320):ser-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_: Oct 31 15:24:35.653114: | cmd( 400):NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Oct 31 15:24:35.653116: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' : Oct 31 15:24:35.653117: | cmd( 560):PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Oct 31 15:24:35.653119: | cmd( 640):east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT: Oct 31 15:24:35.653120: | cmd( 720):='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.25: Oct 31 15:24:35.653122: | cmd( 800):5.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ont: Oct 31 15:24:35.653123: | cmd( 880):ario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainc: Oct 31 15:24:35.653125: | cmd( 960):a, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_: Oct 31 15:24:35.653126: | cmd(1040):CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_N: Oct 31 15:24:35.653128: | cmd(1120):O+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH: Oct 31 15:24:35.653129: | cmd(1200):_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=: Oct 31 15:24:35.653130: | cmd(1280):'' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI: Oct 31 15:24:35.653132: | cmd(1360):GURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI: Oct 31 15:24:35.653133: | cmd(1440):_SHARED='no' SPI_IN=0xc10d190 SPI_OUT=0x8c58fba8 ipsec _updown 2>&1: Oct 31 15:24:35.698419: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698452: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698459: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698464: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698469: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698477: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698515: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698558: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698575: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698582: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698608: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698654: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698693: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698724: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698737: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698757: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698792: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698838: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698886: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698931: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.698984: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699039: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699091: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699145: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699197: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699253: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699268: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699296: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699337: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699388: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699437: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699485: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699538: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699599: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699883: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.699945: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700004: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700057: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700108: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700159: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700270: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700287: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700294: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.700299: "northnet-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.725967: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x5587b740bd58,sr=0x5587b740bd58} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:35.726043: | inR2: instance northnet-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:24:35.726051: | delref logger@0x5587b741dce8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.726054: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.726057: | delref fd@0x5587b741d548(5->4) (in free_logger() at log.c:854) Oct 31 15:24:35.726065: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.726069: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:35.726071: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:35.726073: | Message ID: updating counters for #2 Oct 31 15:24:35.726079: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744549.903504 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.726084: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744549.903504->744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:24:35.726088: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.726092: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.726097: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:35.726103: | pstats #2 ikev2.child established Oct 31 15:24:35.726106: | announcing the state transition Oct 31 15:24:35.726115: "northnet-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:24:35.726127: | NAT-T: encaps is 'auto' Oct 31 15:24:35.726134: "northnet-eastnets/0x1" #2: IPsec SA established tunnel mode {ESP=>0x0c10d190 <0x8c58fba8 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:35.726141: | releasing #2's fd-fd@0x5587b741d548 because IKEv2 transitions finished Oct 31 15:24:35.726144: | delref fd@0x5587b741d548(4->3) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.726148: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.726150: | unpending #2's IKE SA #1 Oct 31 15:24:35.726152: | unpending state #1 connection "northnet-eastnets/0x1" Oct 31 15:24:35.726155: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x1" Oct 31 15:24:35.726158: | delref fd@0x5587b741d548(3->2) (in delete_pending() at pending.c:218) Oct 31 15:24:35.726159: | removing pending policy for no connection {0x5587b741dbb8} Oct 31 15:24:35.726162: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:24:35.726166: | newref alloc logger@0x5587b7413c48(0->1) (in new_state() at state.c:576) Oct 31 15:24:35.726168: | addref fd@0x5587b741d548(2->3) (in new_state() at state.c:577) Oct 31 15:24:35.726170: | creating state object #3 at 0x5587b743dc98 Oct 31 15:24:35.726172: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:24:35.726176: | pstats #3 ikev2.child started Oct 31 15:24:35.726180: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Oct 31 15:24:35.726184: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:35.726190: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:35.726192: | child state #3: UNDEFINED(ignore) => V2_NEW_CHILD_I0(established IKE SA) Oct 31 15:24:35.726195: | #3.st_v2_transition NULL -> V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:24:35.726206: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:35.726213: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:35.726217: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:24:35.726222: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals) Oct 31 15:24:35.726229: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:35.726237: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:35.726241: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:35.726246: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:35.726249: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.726254: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.726258: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:35.726262: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.726266: "northnet-eastnets/0x2": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:24:35.726270: "northnet-eastnets/0x2": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:35.726275: "northnet-eastnets/0x2": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:35.726279: "northnet-eastnets/0x2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.726284: "northnet-eastnets/0x2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.726290: | #3 schedule initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 using IKE# 1 pfs=MODP2048 Oct 31 15:24:35.726294: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x5587b73f1eb8 Oct 31 15:24:35.726297: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Oct 31 15:24:35.726301: | libevent_malloc: newref ptr-libevent@0x5587b73f1e08 size 128 Oct 31 15:24:35.726309: | RESET processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:24:35.726316: | delete from pending Child SA with 192.1.2.23 "northnet-eastnets/0x2" Oct 31 15:24:35.726321: | delref fd@0x5587b741d548(3->2) (in delete_pending() at pending.c:218) Oct 31 15:24:35.726323: | removing pending policy for no connection {0x5587b741c3d8} Oct 31 15:24:35.726327: | releasing #1's fd-fd@0x5587b741d548 because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:35.726330: | delref fd@0x5587b741d548(2->1) (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.726333: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.726337: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:24:35.726340: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.726344: | libevent_free: delref ptr-libevent@0x5587b7428378 Oct 31 15:24:35.726350: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b740a6f8 Oct 31 15:24:35.726354: | event_schedule: newref EVENT_SA_REKEY-pe@0x5587b740a6f8 Oct 31 15:24:35.726358: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Oct 31 15:24:35.726361: | libevent_malloc: newref ptr-libevent@0x5587b7428378 size 128 Oct 31 15:24:35.726366: | delref mdp@0x5587b7420158(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.726372: | delref logger@0x5587b7415728(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.726375: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.726381: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.726391: | #2 spent 3.33 (109) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.726394: | processing: STOP state #0 (in resume_handler() at server.c:745) Oct 31 15:24:35.726398: | libevent_free: delref ptr-libevent@0x7f43a4001868 Oct 31 15:24:35.726410: | timer_event_cb: processing event@0x5587b73f1eb8 Oct 31 15:24:35.726414: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Oct 31 15:24:35.726417: | libevent_free: delref ptr-libevent@0x5587b73f1e08 Oct 31 15:24:35.726421: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x5587b73f1eb8 Oct 31 15:24:35.726427: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:35.726436: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.726441: | addref fd@0x5587b741d548(1->2) (in clone_logger() at log.c:810) Oct 31 15:24:35.726445: | newref clone logger@0x5587b741dce8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.726448: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:24:35.726451: | state #3 has no .st_event to delete Oct 31 15:24:35.726454: | #3 STATE_V2_NEW_CHILD_I0: retransmits: cleared Oct 31 15:24:35.726457: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b740bb68 Oct 31 15:24:35.726460: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:24:35.726463: | libevent_malloc: newref ptr-libevent@0x7f43a4001868 size 128 Oct 31 15:24:35.726474: | #3 spent 0.0618 (0.0617) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:24:35.726481: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:35.726486: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.726486: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper 5 starting job Oct 31 15:24:35.726491: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.726506: | spent 0.0111 (0.0149) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.726509: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.726513: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.726517: | spent 0.00441 (0.00431) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.726520: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.726524: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.726528: | spent 0.00402 (0.00403) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.728478: | "northnet-eastnets/0x2" #3: spent 1.97 (1.99) milliseconds in helper 5 processing job 5 for state #3: Child Initiator KE and nonce ni (pcr) Oct 31 15:24:35.728493: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper thread 5 sending result back to state Oct 31 15:24:35.728497: | scheduling resume sending helper answer back to state for #3 Oct 31 15:24:35.728502: | libevent_malloc: newref ptr-libevent@0x7f43a8006108 size 128 Oct 31 15:24:35.728512: | helper thread 5 has nothing to do Oct 31 15:24:35.728525: | processing resume sending helper answer back to state for #3 Oct 31 15:24:35.728539: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.728545: | unsuspending #3 MD (nil) Oct 31 15:24:35.728552: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): processing response from helper 5 Oct 31 15:24:35.728555: | job 5 for #3: Child Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x5587b63bffe7 Oct 31 15:24:35.728559: | ikev2_child_outI_continue() for #3 STATE_V2_NEW_CHILD_I0 Oct 31 15:24:35.728563: | DH secret MODP2048@0x7f43a8006ba8: transferring ownership from helper KE to state #3 Oct 31 15:24:35.728566: | adding CHILD SA #3 to IKE SA #1 message initiator queue Oct 31 15:24:35.728575: | Message ID: CHILD #1.#3 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.728579: | scheduling callback v2_msgid_schedule_next_initiator (#1) Oct 31 15:24:35.728582: | libevent_malloc: newref ptr-libevent@0x5587b7411cc8 size 128 Oct 31 15:24:35.728588: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.728593: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_SUSPEND Oct 31 15:24:35.728596: | no MD to suspend Oct 31 15:24:35.728600: | delref logger@0x5587b741dce8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.728603: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.728606: | delref fd@0x5587b741d548(2->1) (in free_logger() at log.c:854) Oct 31 15:24:35.728610: | resume sending helper answer back to state for #3 suppresed complete_v2_state_transition() Oct 31 15:24:35.728613: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:35.728619: | #3 spent 0.0727 (0.0725) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.728624: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.728628: | libevent_free: delref ptr-libevent@0x7f43a8006108 Oct 31 15:24:35.728633: | libevent_free: delref ptr-libevent@0x5587b7411cc8 Oct 31 15:24:35.728636: | processing callback v2_msgid_schedule_next_initiator for #1 Oct 31 15:24:35.728642: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:828) Oct 31 15:24:35.728649: | Message ID: CHILD #1.#3 resuming SA using IKE SA (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.728654: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:24:35.728658: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:24:35.728661: | unsuspending #3 MD (nil) Oct 31 15:24:35.728666: | opening output PBS reply packet Oct 31 15:24:35.728670: | **emit ISAKMP Message: Oct 31 15:24:35.728674: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.728678: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.728681: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:35.728684: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.728687: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:35.728689: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:35.728694: | Message ID: 2 (00 00 00 02) Oct 31 15:24:35.728697: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:35.728701: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:35.728704: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.728706: | flags: none (0x0) Oct 31 15:24:35.728709: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:35.728714: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.728718: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:35.728748: | netlink_get_spi: allocated 0xa12c885a for esp.0@192.1.3.33 Oct 31 15:24:35.728751: | Emitting ikev2_proposals ... Oct 31 15:24:35.728754: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:35.728757: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.728759: | flags: none (0x0) Oct 31 15:24:35.728762: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:35.728764: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.728769: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.728772: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.728774: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.728778: | prop #: 1 (01) Oct 31 15:24:35.728780: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.728783: | spi size: 4 (04) Oct 31 15:24:35.728786: | # transforms: 3 (03) Oct 31 15:24:35.728788: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.728792: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.728795: | our spi: a1 2c 88 5a Oct 31 15:24:35.728797: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.728800: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728802: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.728804: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.728806: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.728809: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.728812: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.728815: | length/value: 256 (01 00) Oct 31 15:24:35.728818: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.728821: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.728823: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.728826: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728828: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.728832: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.728835: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728838: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.728842: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.728845: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.728848: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.728851: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.728854: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.728857: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.728863: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.728867: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:35.728869: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.728874: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:35.728877: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.728879: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.728882: | prop #: 2 (02) Oct 31 15:24:35.728884: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.728888: | spi size: 4 (04) Oct 31 15:24:35.728890: | # transforms: 3 (03) Oct 31 15:24:35.728893: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.728896: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.728899: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.728902: | our spi: a1 2c 88 5a Oct 31 15:24:35.728905: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.728908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728910: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.728913: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.728915: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.728918: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.728921: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.728924: | length/value: 128 (00 80) Oct 31 15:24:35.728926: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.728929: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:35.728932: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.728934: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.728939: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.728941: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.728947: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.728949: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.728952: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.728954: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.728956: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.728959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.728961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.728964: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.728966: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:35.728969: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.728972: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.728975: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.728978: | prop #: 3 (03) Oct 31 15:24:35.728981: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.728983: | spi size: 4 (04) Oct 31 15:24:35.728985: | # transforms: 5 (05) Oct 31 15:24:35.728988: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.728992: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.728995: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.728998: | our spi: a1 2c 88 5a Oct 31 15:24:35.729001: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729005: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.729007: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.729010: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729012: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.729015: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.729018: | length/value: 256 (01 00) Oct 31 15:24:35.729020: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.729023: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729027: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.729030: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.729032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729037: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729040: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729044: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.729047: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.729049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729054: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729057: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729062: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.729064: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.729066: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729071: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729073: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729075: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.729077: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.729079: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.729081: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729083: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729086: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729089: | emitting length of IKEv2 Proposal Substructure Payload: 56 Oct 31 15:24:35.729092: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.729095: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.729097: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.729099: | prop #: 4 (04) Oct 31 15:24:35.729102: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.729104: | spi size: 4 (04) Oct 31 15:24:35.729106: | # transforms: 5 (05) Oct 31 15:24:35.729109: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:35.729111: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:35.729114: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:35.729116: | our spi: a1 2c 88 5a Oct 31 15:24:35.729119: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729121: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729123: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.729125: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:35.729127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729129: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.729131: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.729134: | length/value: 128 (00 80) Oct 31 15:24:35.729136: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:35.729138: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729140: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729142: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.729144: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:35.729146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729148: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729150: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729152: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729161: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729163: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:35.729165: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:35.729168: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729172: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729175: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729179: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.729181: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.729184: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729188: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729192: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:35.729194: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.729196: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.729215: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.729223: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.729226: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:35.729229: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:35.729231: | emitting length of IKEv2 Proposal Substructure Payload: 56 Oct 31 15:24:35.729233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:35.729235: | emitting length of IKEv2 Security Association Payload: 196 Oct 31 15:24:35.729237: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:35.729300: | ****emit IKEv2 Nonce Payload: Oct 31 15:24:35.729310: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.729313: | flags: none (0x0) Oct 31 15:24:35.729317: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.729319: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.729323: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:35.729325: | IKEv2 nonce: Oct 31 15:24:35.729328: | 14 7e 73 c7 ff db d1 b6 5b ac 0c bc db 03 55 e4 Oct 31 15:24:35.729331: | 6a 59 1a c7 c8 0e c4 3f bf ff 9e c6 57 0f a3 c8 Oct 31 15:24:35.729333: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:35.729336: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:24:35.729338: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.729341: | flags: none (0x0) Oct 31 15:24:35.729343: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.729346: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:35.729349: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.729352: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:35.729354: | ikev2 g^x: Oct 31 15:24:35.729357: | 51 d0 87 bc 9f 83 76 d2 bc fe bd 81 64 cd b9 0e Oct 31 15:24:35.729359: | a6 24 8b e4 56 10 23 38 18 3b 7f 63 3c 61 c2 1b Oct 31 15:24:35.729361: | 87 7a 91 3d 3b 64 db 18 ec 54 10 82 47 ef 0b 6b Oct 31 15:24:35.729364: | f3 db 57 2b 7c cd 7d d3 05 0d f4 12 ba 10 28 b9 Oct 31 15:24:35.729366: | b5 6b 1d b5 4d e4 c0 82 11 3c 38 37 c4 1a 38 1b Oct 31 15:24:35.729368: | 12 49 ee 35 18 30 01 1a 30 fb d0 bb 6d bd cb 7c Oct 31 15:24:35.729370: | ac 2e be b2 78 b1 28 8a d7 f1 74 75 e0 d4 f1 8b Oct 31 15:24:35.729373: | 30 bf e6 0f 5f d8 08 91 6b 1b 14 b1 c6 6e f7 4c Oct 31 15:24:35.729375: | 4e e6 9b 8a ff 9f c6 ac b3 ea 6f 3c 1e 47 6d 40 Oct 31 15:24:35.729377: | 73 61 16 97 3a 7e a5 09 d3 fa 49 99 b1 8b bf d4 Oct 31 15:24:35.729379: | 13 1d 5d 35 a9 bb c6 0e 4c 7c bd a7 bf 70 fa 58 Oct 31 15:24:35.729381: | f8 ee bb aa d1 c0 1d 7a e5 2e ba a5 15 55 8d c0 Oct 31 15:24:35.729383: | ab ba 91 24 89 dc a4 3c b3 b0 5a d0 cc 16 19 b0 Oct 31 15:24:35.729386: | 16 63 f6 85 17 d5 8b f0 6a 53 c1 9e 99 a4 05 52 Oct 31 15:24:35.729388: | 43 7d aa fb c5 f3 d2 65 72 50 03 ff 01 92 13 02 Oct 31 15:24:35.729390: | b6 e9 64 6f 12 51 41 d0 9e 85 c1 15 96 b1 4a 9b Oct 31 15:24:35.729393: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:35.729400: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.729403: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.729405: | flags: none (0x0) Oct 31 15:24:35.729408: | number of TS: 1 (01) Oct 31 15:24:35.729411: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.729413: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.729416: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.729418: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.729421: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.729424: | start port: 0 (00 00) Oct 31 15:24:35.729428: | end port: 65535 (ff ff) Oct 31 15:24:35.729431: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.729435: | IP start: c0 00 03 00 Oct 31 15:24:35.729437: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.729441: | IP end: c0 00 03 ff Oct 31 15:24:35.729443: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.729445: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:35.729448: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.729450: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.729453: | flags: none (0x0) Oct 31 15:24:35.729455: | number of TS: 1 (01) Oct 31 15:24:35.729458: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.729461: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:35.729464: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:35.729466: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.729468: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.729471: | start port: 0 (00 00) Oct 31 15:24:35.729474: | end port: 65535 (ff ff) Oct 31 15:24:35.729478: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:35.729481: | IP start: c0 00 16 00 Oct 31 15:24:35.729483: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:35.729486: | IP end: c0 00 16 ff Oct 31 15:24:35.729489: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:35.729491: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:35.729494: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:35.729497: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:35.729500: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:35.729503: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:35.729505: | emitting length of IKEv2 Encryption Payload: 573 Oct 31 15:24:35.729508: | emitting length of ISAKMP Message: 601 Oct 31 15:24:35.729536: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.729542: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_OK Oct 31 15:24:35.729545: | transitioning from state STATE_V2_NEW_CHILD_I0 to state STATE_V2_NEW_CHILD_I1 Oct 31 15:24:35.729547: | Message ID: updating counters for #3 Oct 31 15:24:35.729550: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:35.729557: | Message ID: CHILD #1.#3 scheduling EVENT_RETRANSMIT: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=2 child.wip.responder=-1 Oct 31 15:24:35.729561: "northnet-eastnets/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:35.729576: | event_schedule: newref EVENT_RETRANSMIT-pe@0x5587b743fc08 Oct 31 15:24:35.729579: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Oct 31 15:24:35.729582: | libevent_malloc: newref ptr-libevent@0x5587b7411cc8 size 128 Oct 31 15:24:35.729587: | #3 STATE_V2_NEW_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744550.16237 Oct 31 15:24:35.729594: | Message ID: CHILD #1.#3 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1->2 child.wip.responder=-1 Oct 31 15:24:35.729600: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.729603: | child state #3: V2_NEW_CHILD_I0(established IKE SA) => V2_NEW_CHILD_I1(established IKE SA) Oct 31 15:24:35.729606: | announcing the state transition Oct 31 15:24:35.729610: "northnet-eastnets/0x2" #3: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:24:35.729620: | sending 601 bytes for STATE_V2_NEW_CHILD_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:35.729623: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.729625: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Oct 31 15:24:35.729628: | cb f2 d1 29 e5 5a e8 57 70 32 82 32 84 b1 7e 40 Oct 31 15:24:35.729630: | d9 10 4e 35 5b 69 bf b7 42 b9 b8 1f 59 ad f6 46 Oct 31 15:24:35.729632: | b5 2b a1 fc 8e b7 7e ec 34 b3 a3 39 02 ec c2 5f Oct 31 15:24:35.729634: | 6d 6a d1 59 6a 18 e2 0a 34 61 e1 f9 00 e0 3d 3d Oct 31 15:24:35.729636: | f4 dd b1 f9 71 65 e1 10 f2 78 e6 e5 48 1f d3 19 Oct 31 15:24:35.729639: | fc 75 b8 e0 cd 7e 81 96 c4 92 c3 a2 e6 00 13 2b Oct 31 15:24:35.729641: | 40 56 ba e7 a1 e8 9b 45 65 92 d2 54 07 d0 8a 1d Oct 31 15:24:35.729643: | 5e d3 0a bd 3d 57 25 94 a9 94 c2 60 20 99 cf 95 Oct 31 15:24:35.729645: | e7 88 40 25 36 a6 2a 3e 52 cc 01 c0 8c 3a bd 7b Oct 31 15:24:35.729648: | 9b f0 94 74 22 09 1b 9c 77 2b 2b 96 98 ab 20 70 Oct 31 15:24:35.729650: | 81 d4 03 f4 a2 dd 8e c7 ef 4d 53 f8 81 11 86 12 Oct 31 15:24:35.729652: | 39 d2 29 58 b4 e0 09 2f 8b dc 27 32 1a b6 29 7b Oct 31 15:24:35.729654: | fb 1e 3e 8d a8 01 85 5f 5b c6 f1 8e 86 c5 b0 f6 Oct 31 15:24:35.729656: | 1f 79 ef 0a d4 07 72 05 e5 8d d5 ba fe 4f 64 10 Oct 31 15:24:35.729659: | db 46 1a 88 2a 1b a2 c5 33 ae c5 c6 b5 43 45 9c Oct 31 15:24:35.729661: | 97 71 71 05 9c c5 5a d7 cb 36 21 1f 4e 75 93 4c Oct 31 15:24:35.729663: | c5 55 2c 10 96 f6 94 3a f6 4f d9 e5 b4 07 ec 4f Oct 31 15:24:35.729665: | 0f 58 55 d2 ec a9 62 68 df 1a c0 16 d6 20 c1 91 Oct 31 15:24:35.729667: | 3d e9 ae 2c c8 70 61 7d c3 ac 91 ba 1c 21 59 47 Oct 31 15:24:35.729670: | 65 0c d3 ae 43 6a 5f e3 50 b5 52 36 bb be 72 83 Oct 31 15:24:35.729672: | 23 d6 b8 11 79 7b 37 e1 eb 58 b1 40 1f cc 47 6a Oct 31 15:24:35.729674: | 4a 5a e7 d3 de f8 c6 ac 81 81 14 30 e8 ea 23 ba Oct 31 15:24:35.729677: | a9 0f 8f 01 59 de 74 52 e0 ee ca 51 3d d0 01 5a Oct 31 15:24:35.729679: | 1a b3 56 c6 42 25 a4 c6 de c4 6a 9b a2 05 8d 1a Oct 31 15:24:35.729681: | 42 5d 5d 82 39 ce ca 4e 44 7e 75 2e 57 03 71 1e Oct 31 15:24:35.729683: | 03 f0 d9 b0 05 a1 67 35 96 37 1e 19 5a f6 9c 0c Oct 31 15:24:35.729685: | c9 76 96 b2 0a e4 74 6e 37 ca be 3f cc 4e 3c 25 Oct 31 15:24:35.729688: | 17 5f 58 08 45 1c 71 0d 7e d5 14 54 03 48 1b fd Oct 31 15:24:35.729690: | 93 cc 49 9c 84 2f f7 f6 2f 51 1e f7 b8 02 ea 4b Oct 31 15:24:35.729692: | b7 c3 a1 42 7d 36 4c 14 32 43 e9 a4 75 b0 bf da Oct 31 15:24:35.729694: | ea a6 a3 d4 46 9b 7b 34 39 98 67 e3 1a 27 38 2f Oct 31 15:24:35.729696: | c2 34 35 26 27 45 b9 d9 c5 cf 89 a4 98 7e a2 0c Oct 31 15:24:35.729700: | 74 e5 27 ec f9 ea f2 bf d4 0e d2 13 57 bb 74 ba Oct 31 15:24:35.729702: | 66 54 d8 29 00 e3 41 7a 23 73 97 71 b1 67 c0 28 Oct 31 15:24:35.729704: | 24 2e 3d 8c 4b e1 2a 22 5e a0 4a 81 84 12 48 34 Oct 31 15:24:35.729707: | 91 3d cd e1 64 18 8d cd 58 Oct 31 15:24:35.729768: | sent 1 messages Oct 31 15:24:35.729773: | checking that a retransmit timeout_event was already Oct 31 15:24:35.729777: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.729782: | libevent_free: delref ptr-libevent@0x7f43a4001868 Oct 31 15:24:35.729786: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b740bb68 Oct 31 15:24:35.729791: | delref mdp@NULL (in initiate_next() at ikev2_msgid.c:705) Oct 31 15:24:35.729797: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:24:35.729801: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:24:35.729806: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:832) Oct 31 15:24:35.729812: | spent 1.06 (1.17) milliseconds in callback v2_msgid_schedule_next_initiator Oct 31 15:24:35.754982: | spent 0.00224 (0.00222) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:35.755000: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.755005: | newref alloc logger@0x5587b741dce8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:35.755013: | *received 449 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:35.755016: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.755019: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Oct 31 15:24:35.755021: | 4a 32 58 f3 f3 47 1f 00 9d 97 ee 75 b5 97 aa a0 Oct 31 15:24:35.755024: | a2 2b 9d d6 1e 8a 2b 21 28 22 7a 1c 98 ee 56 a1 Oct 31 15:24:35.755026: | 8c 0f cc 22 9b 1b 46 d0 bb 68 85 9c d0 06 1f d1 Oct 31 15:24:35.755028: | d7 ae 01 72 72 08 0b 43 84 54 d4 f5 94 38 02 77 Oct 31 15:24:35.755031: | 6f fd e3 83 3a 32 0b 6c 96 34 75 2d 2f c5 4a 48 Oct 31 15:24:35.755033: | 47 ea 13 33 ed 22 58 bf d3 49 e4 bf b3 43 c7 8b Oct 31 15:24:35.755036: | d4 9b a0 00 5a c5 44 b9 9f 13 6f e4 47 83 67 28 Oct 31 15:24:35.755038: | 9b a1 37 cf f9 8f bf 9a 46 e5 c5 26 39 8f 5c e3 Oct 31 15:24:35.755040: | b3 0b c8 de cb 87 b4 f2 91 4b 2d 30 92 39 ba 5f Oct 31 15:24:35.755043: | e0 c1 0b 85 74 e2 31 1e 63 3d 01 9f 9a 13 87 f3 Oct 31 15:24:35.755045: | 93 ea 43 10 f6 d5 ce c7 71 07 77 b5 71 f4 aa d1 Oct 31 15:24:35.755048: | 35 62 80 0f 6f 02 fc c6 94 1c 4b e3 5e da da 9a Oct 31 15:24:35.755050: | 34 d3 a2 f4 4d 24 b3 02 da f9 f5 46 c9 06 81 a7 Oct 31 15:24:35.755053: | e2 20 23 f9 4e 3d 32 f4 53 f5 c6 28 7f a2 5b f7 Oct 31 15:24:35.755055: | 45 78 5e 72 64 b6 ef ec 15 42 1c 27 f0 34 f8 2b Oct 31 15:24:35.755057: | 51 45 55 75 7f 18 e2 af c5 fe fb 50 11 3e 41 8b Oct 31 15:24:35.755060: | 12 34 6b c9 17 db f1 01 47 87 24 2c 93 ed 93 2e Oct 31 15:24:35.755062: | 06 80 c8 af 7b 2c 38 e2 11 04 62 48 54 78 00 b6 Oct 31 15:24:35.755065: | ee 11 1a 83 9e 48 33 c6 0f 74 d8 7c e9 d9 49 0f Oct 31 15:24:35.755067: | 72 96 20 9f 30 f7 46 e8 bf 8b eb fc 45 a8 05 2a Oct 31 15:24:35.755069: | d0 8f cb b5 df 66 03 ef 48 3c 96 ef 27 52 29 98 Oct 31 15:24:35.755072: | 1f 50 bb 95 23 15 b2 c3 8c db 2a 7d 3c 3a 59 bf Oct 31 15:24:35.755074: | cd 18 ad 57 f0 9e 46 f3 95 31 75 21 1c 63 0e 4c Oct 31 15:24:35.755077: | 0c 70 8e d9 8f eb 45 c4 af 88 a0 56 c2 bf 60 fb Oct 31 15:24:35.755079: | 65 35 63 71 91 2f 26 b8 6b 6a 69 4a 43 d5 3b 2c Oct 31 15:24:35.755082: | 33 db e7 16 21 d4 d6 93 fb 8f cf 44 46 90 9f 2b Oct 31 15:24:35.755084: | 2a Oct 31 15:24:35.755089: | **parse ISAKMP Message: Oct 31 15:24:35.755094: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:35.755101: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:35.755105: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:35.755108: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:35.755111: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:35.755114: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:35.755118: | Message ID: 2 (00 00 00 02) Oct 31 15:24:35.755122: | length: 449 (00 00 01 c1) Oct 31 15:24:35.755125: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:24:35.755129: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Oct 31 15:24:35.755134: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:35.755142: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:35.755145: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_I1 (find_v2_sa_by_initiator_wip) Oct 31 15:24:35.755148: | #3 is idle Oct 31 15:24:35.755151: | #3 idle Oct 31 15:24:35.755156: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.755238: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:35.755242: | unpacking clear payload Oct 31 15:24:35.755246: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:35.755250: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:35.755253: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:35.755255: | flags: none (0x0) Oct 31 15:24:35.755259: | length: 421 (01 a5) Oct 31 15:24:35.755262: | processing payload: ISAKMP_NEXT_v2SK (len=417) Oct 31 15:24:35.755265: | #3 in state V2_NEW_CHILD_I1: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:24:35.755282: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:24:35.755285: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:35.755288: | **parse IKEv2 Security Association Payload: Oct 31 15:24:35.755291: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:35.755294: | flags: none (0x0) Oct 31 15:24:35.755297: | length: 44 (00 2c) Oct 31 15:24:35.755300: | processing payload: ISAKMP_NEXT_v2SA (len=40) Oct 31 15:24:35.755303: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:35.755306: | **parse IKEv2 Nonce Payload: Oct 31 15:24:35.755308: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:35.755311: | flags: none (0x0) Oct 31 15:24:35.755314: | length: 36 (00 24) Oct 31 15:24:35.755317: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:35.755319: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:35.755322: | **parse IKEv2 Key Exchange Payload: Oct 31 15:24:35.755325: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:35.755327: | flags: none (0x0) Oct 31 15:24:35.755331: | length: 264 (01 08) Oct 31 15:24:35.755334: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.755336: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:35.755339: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:35.755341: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:35.755344: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:35.755346: | flags: none (0x0) Oct 31 15:24:35.755350: | length: 24 (00 18) Oct 31 15:24:35.755353: | number of TS: 1 (01) Oct 31 15:24:35.755355: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:35.755358: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:35.755361: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:35.755364: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:35.755366: | flags: none (0x0) Oct 31 15:24:35.755369: | length: 24 (00 18) Oct 31 15:24:35.755372: | number of TS: 1 (01) Oct 31 15:24:35.755377: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:35.755380: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:24:35.755387: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:35.755390: | forcing ST #3 to CHILD #1.#3 in FSM processor Oct 31 15:24:35.755393: | calling processor Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:24:35.755408: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:35.755411: | comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:24:35.755416: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:35.755419: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:35.755421: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:35.755424: | local proposal 1 type DH has 1 transforms Oct 31 15:24:35.755426: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:35.755430: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:24:35.755433: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:35.755435: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:35.755438: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:35.755440: | local proposal 2 type DH has 1 transforms Oct 31 15:24:35.755443: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:35.755446: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:24:35.755449: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:35.755451: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:35.755454: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:35.755456: | local proposal 3 type DH has 1 transforms Oct 31 15:24:35.755459: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:35.755462: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:35.755465: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:35.755467: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:35.755470: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:35.755472: | local proposal 4 type DH has 1 transforms Oct 31 15:24:35.755475: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:35.755478: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:35.755481: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:35.755484: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:35.755488: | length: 40 (00 28) Oct 31 15:24:35.755491: | prop #: 1 (01) Oct 31 15:24:35.755493: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:35.755496: | spi size: 4 (04) Oct 31 15:24:35.755499: | # transforms: 3 (03) Oct 31 15:24:35.755503: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:35.755506: | remote SPI Oct 31 15:24:35.755508: | 06 84 bd b8 Oct 31 15:24:35.755511: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:35.755515: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.755517: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.755521: | length: 12 (00 0c) Oct 31 15:24:35.755524: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:35.755526: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:35.755529: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:35.755532: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:35.755536: | length/value: 256 (01 00) Oct 31 15:24:35.755543: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:35.755548: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.755551: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:35.755555: | length: 8 (00 08) Oct 31 15:24:35.755557: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:35.755560: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:35.755564: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:35.755567: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:35.755570: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:35.755573: | length: 8 (00 08) Oct 31 15:24:35.755576: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:35.755579: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:35.755583: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:35.755587: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Oct 31 15:24:35.755594: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Oct 31 15:24:35.755599: | remote proposal 1 matches local proposal 1 Oct 31 15:24:35.755603: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Oct 31 15:24:35.755609: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-MODP2048-DISABLED SPI=0684bdb8 Oct 31 15:24:35.755611: | converting proposal to internal trans attrs Oct 31 15:24:35.755616: | updating #3's .st_oakley with preserved PRF, but why update? Oct 31 15:24:35.755622: | DH secret MODP2048@0x7f43a8006ba8: transferring ownership from state #3 to helper DH Oct 31 15:24:35.755627: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:35.755631: | addref fd@0x5587b741d548(1->2) (in clone_logger() at log.c:810) Oct 31 15:24:35.755635: | newref clone logger@0x5587b741cd48(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:35.755638: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): adding job to queue Oct 31 15:24:35.755641: | state #3 has no .st_event to delete Oct 31 15:24:35.755644: | #3 requesting EVENT_RETRANSMIT-pe@0x5587b743fc08 be deleted Oct 31 15:24:35.755649: | libevent_free: delref ptr-libevent@0x5587b7411cc8 Oct 31 15:24:35.755652: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x5587b743fc08 Oct 31 15:24:35.755655: | #3 STATE_V2_NEW_CHILD_I1: retransmits: cleared Oct 31 15:24:35.755658: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b743d0f8 Oct 31 15:24:35.755661: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:24:35.755664: | libevent_malloc: newref ptr-libevent@0x7f43a4001868 size 128 Oct 31 15:24:35.755677: | #3 spent 0.278 (0.278) milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in v2_dispatch() Oct 31 15:24:35.755683: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.755688: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:24:35.755691: | suspending state #3 and saving MD 0x5587b7420158 Oct 31 15:24:35.755695: | addref md@0x5587b7420158(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:35.755697: | #3 is busy; has suspended MD 0x5587b7420158 Oct 31 15:24:35.755703: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:35.755708: | #1 spent 0.669 (0.734) milliseconds in ikev2_process_packet() Oct 31 15:24:35.755711: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:35.755714: | delref mdp@0x5587b7420158(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:35.755718: | spent 0.68 (0.744) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:35.755741: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): helper 6 starting job Oct 31 15:24:35.756763: | "northnet-eastnets/0x2" #3: spent 0.914 (1.01) milliseconds in helper 6 processing job 6 for state #3: ikev2 Child SA initiator pfs=yes (dh) Oct 31 15:24:35.756777: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): helper thread 6 sending result back to state Oct 31 15:24:35.756782: | scheduling resume sending helper answer back to state for #3 Oct 31 15:24:35.756787: | libevent_malloc: newref ptr-libevent@0x7f439c001fb8 size 128 Oct 31 15:24:35.756797: | helper thread 6 has nothing to do Oct 31 15:24:35.756811: | processing resume sending helper answer back to state for #3 Oct 31 15:24:35.756822: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:35.756829: | unsuspending #3 MD 0x5587b7420158 Oct 31 15:24:35.756833: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): processing response from helper 6 Oct 31 15:24:35.756836: | job 6 for #3: ikev2 Child SA initiator pfs=yes (dh): calling continuation function 0x5587b63c17cb Oct 31 15:24:35.756840: | DH secret MODP2048@0x7f43a8006ba8: transferring ownership from helper IKEv2 DH to state #3 Oct 31 15:24:35.756844: | ikev2_child_inR_continue() for #3 STATE_V2_NEW_CHILD_I1 Oct 31 15:24:35.756849: | TSi: parsing 1 traffic selectors Oct 31 15:24:35.757847: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.757863: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.757868: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.757873: | length: 16 (00 10) Oct 31 15:24:35.757877: | start port: 0 (00 00) Oct 31 15:24:35.757881: | end port: 65535 (ff ff) Oct 31 15:24:35.757885: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.757888: | TS low Oct 31 15:24:35.757891: | c0 00 03 00 Oct 31 15:24:35.757897: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.757900: | TS high Oct 31 15:24:35.757902: | c0 00 03 ff Oct 31 15:24:35.757905: | TSi: parsed 1 traffic selectors Oct 31 15:24:35.757907: | TSr: parsing 1 traffic selectors Oct 31 15:24:35.757911: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:35.757913: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:35.757916: | IP Protocol ID: ALL (0x0) Oct 31 15:24:35.757921: | length: 16 (00 10) Oct 31 15:24:35.757926: | start port: 0 (00 00) Oct 31 15:24:35.757929: | end port: 65535 (ff ff) Oct 31 15:24:35.757932: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:35.757934: | TS low Oct 31 15:24:35.757936: | c0 00 16 00 Oct 31 15:24:35.757939: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:35.757942: | TS high Oct 31 15:24:35.757944: | c0 00 16 ff Oct 31 15:24:35.757947: | TSr: parsed 1 traffic selectors Oct 31 15:24:35.757955: | evaluating our conn="northnet-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:35.757961: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.757970: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:35.757975: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:35.757978: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:35.757981: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:35.757986: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.757992: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:35.758000: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:24:35.758003: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:35.758006: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:35.758009: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:35.758012: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:35.758019: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:35.758021: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:24:35.758024: | printing contents struct traffic_selector Oct 31 15:24:35.758027: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.758029: | ipprotoid: 0 Oct 31 15:24:35.758032: | port range: 0-65535 Oct 31 15:24:35.758040: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:35.758043: | printing contents struct traffic_selector Oct 31 15:24:35.758046: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:35.758048: | ipprotoid: 0 Oct 31 15:24:35.758051: | port range: 0-65535 Oct 31 15:24:35.758055: | ip range: 192.0.22.0-192.0.22.255 Oct 31 15:24:35.758061: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:35.758153: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:24:35.758159: | could_route called for northnet-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:35.758162: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.758166: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.758169: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.758172: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.758175: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.758179: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.758183: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.758187: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.758190: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.758192: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.758218: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.758225: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Oct 31 15:24:35.758229: | netlink: enabling tunnel mode Oct 31 15:24:35.758232: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:35.758235: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.758238: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.758458: | netlink response for Add SA esp.684bdb8@192.1.2.23 included non-error error Oct 31 15:24:35.758465: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:35.758469: | set up outgoing SA, ref=0/0 Oct 31 15:24:35.758472: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:35.758475: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:35.758477: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:35.758479: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:35.758483: | setting IPsec SA replay-window to 32 Oct 31 15:24:35.758486: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Oct 31 15:24:35.758489: | netlink: enabling tunnel mode Oct 31 15:24:35.758491: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:35.758494: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:35.758496: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:35.758553: | netlink response for Add SA esp.a12c885a@192.1.3.33 included non-error error Oct 31 15:24:35.758560: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:35.758563: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:35.758565: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:35.758568: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:35.758570: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:35.758573: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:35.758584: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:35.758594: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.758645: | raw_eroute result=success Oct 31 15:24:35.758650: | set up incoming SA, ref=0/0 Oct 31 15:24:35.758654: | sr for #3: unrouted Oct 31 15:24:35.758657: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:35.758660: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:35.758664: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.758667: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:35.758672: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:35.758677: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:35.758681: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:35.758684: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Oct 31 15:24:35.758688: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:35.758696: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:35.758700: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:35.758733: | raw_eroute result=success Oct 31 15:24:35.758739: | running updown command "ipsec _updown" for verb up Oct 31 15:24:35.758742: | command executing up-client Oct 31 15:24:35.758748: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:35.758762: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:35.758826: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.758842: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.758871: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK... Oct 31 15:24:35.758875: | popen cmd is 1506 chars long Oct 31 15:24:35.758878: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Oct 31 15:24:35.758881: | cmd( 80):x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:35.758884: | cmd( 160):O_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=: Oct 31 15:24:35.758887: | cmd( 240):Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user: Oct 31 15:24:35.758890: | cmd( 320):-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET: Oct 31 15:24:35.758892: | cmd( 400):='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PRO: Oct 31 15:24:35.758895: | cmd( 480):TOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLU: Oct 31 15:24:35.758897: | cmd( 560):TO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=eas: Oct 31 15:24:35.758900: | cmd( 640):t.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='1: Oct 31 15:24:35.758905: | cmd( 720):92.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255: Oct 31 15:24:35.758908: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Onta: Oct 31 15:24:35.758911: | cmd( 880):rio, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca: Oct 31 15:24:35.758913: | cmd( 960):, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_C: Oct 31 15:24:35.758918: | cmd(1040):ONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO: Oct 31 15:24:35.758921: | cmd(1120):+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: Oct 31 15:24:35.758924: | cmd(1200):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': Oct 31 15:24:35.758926: | cmd(1280):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: Oct 31 15:24:35.758929: | cmd(1360):URED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' VTI_: Oct 31 15:24:35.758931: | cmd(1440):SHARED='no' SPI_IN=0x684bdb8 SPI_OUT=0xa12c885a ipsec _updown 2>&1: Oct 31 15:24:35.772452: | route_and_eroute: firewall_notified: true Oct 31 15:24:35.772468: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:35.772473: | command executing prepare-client Oct 31 15:24:35.772480: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:35.772504: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:35.772585: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.772602: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.772629: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' P... Oct 31 15:24:35.772635: | popen cmd is 1511 chars long Oct 31 15:24:35.772639: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:35.772642: | cmd( 80):ets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:35.772644: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:35.772646: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E: Oct 31 15:24:35.772649: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN: Oct 31 15:24:35.772651: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M: Oct 31 15:24:35.772654: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23: Oct 31 15:24:35.772657: | cmd( 560):' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, C: Oct 31 15:24:35.772659: | cmd( 640):N=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIE: Oct 31 15:24:35.772665: | cmd( 720):NT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='25: Oct 31 15:24:35.772668: | cmd( 800):5.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST: Oct 31 15:24:35.772670: | cmd( 880):=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for m: Oct 31 15:24:35.772672: | cmd( 960):ainca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PL: Oct 31 15:24:35.772674: | cmd(1040):UTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+E: Oct 31 15:24:35.772677: | cmd(1120):SN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' X: Oct 31 15:24:35.772679: | cmd(1200):AUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_I: Oct 31 15:24:35.772683: | cmd(1280):NFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_C: Oct 31 15:24:35.772687: | cmd(1360):ONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no': Oct 31 15:24:35.772689: | cmd(1440): VTI_SHARED='no' SPI_IN=0x684bdb8 SPI_OUT=0xa12c885a ipsec _updown 2>&1: Oct 31 15:24:35.786298: | running updown command "ipsec _updown" for verb route Oct 31 15:24:35.786314: | command executing route-client Oct 31 15:24:35.786323: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:35.786346: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:35.786406: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.786419: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:35.786446: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO... Oct 31 15:24:35.786450: | popen cmd is 1509 chars long Oct 31 15:24:35.786453: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Oct 31 15:24:35.786456: | cmd( 80):s/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P: Oct 31 15:24:35.786458: | cmd( 160):LUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario,: Oct 31 15:24:35.786461: | cmd( 240): L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=u: Oct 31 15:24:35.786463: | cmd( 320):ser-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_: Oct 31 15:24:35.786465: | cmd( 400):NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_: Oct 31 15:24:35.786467: | cmd( 480):PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' : Oct 31 15:24:35.786470: | cmd( 560):PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Oct 31 15:24:35.786472: | cmd( 640):east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT: Oct 31 15:24:35.786474: | cmd( 720):='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.: Oct 31 15:24:35.786477: | cmd( 800):255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=O: Oct 31 15:24:35.786482: | cmd( 880):ntario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mai: Oct 31 15:24:35.786485: | cmd( 960):nca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUT: Oct 31 15:24:35.786487: | cmd(1040):O_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN: Oct 31 15:24:35.786489: | cmd(1120):_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAU: Oct 31 15:24:35.786491: | cmd(1200):TH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INF: Oct 31 15:24:35.786493: | cmd(1280):O='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON: Oct 31 15:24:35.786496: | cmd(1360):FIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE='' VTI_ROUTING='no' V: Oct 31 15:24:35.786499: | cmd(1440):TI_SHARED='no' SPI_IN=0x684bdb8 SPI_OUT=0xa12c885a ipsec _updown 2>&1: Oct 31 15:24:35.806112: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806137: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806144: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806150: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806156: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806884: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806906: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806914: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806920: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806925: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806930: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806936: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806942: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806947: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806956: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806963: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806969: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806974: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806979: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806984: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806990: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.806995: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807000: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807006: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807011: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807016: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807022: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807031: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807037: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807042: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807047: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807052: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807058: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.807064: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808024: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808035: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808041: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808047: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808052: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808057: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808062: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808069: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808074: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808079: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.808084: "northnet-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:35.814030: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x5587b740d848,sr=0x5587b740d848} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:35.814444: | inR2: instance northnet-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Oct 31 15:24:35.814456: | delref logger@0x5587b741cd48(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:35.814461: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.814465: | delref fd@0x5587b741d548(2->1) (in free_logger() at log.c:854) Oct 31 15:24:35.814475: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:35.814481: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:24:35.814485: | transitioning from state STATE_V2_NEW_CHILD_I1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:35.814488: | Message ID: updating counters for #3 Oct 31 15:24:35.814564: | Message ID: CHILD #1.#3 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744550.158871 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.814575: | Message ID: CHILD #1.#3 updating initiator received message response 2: ike.initiator.sent=2 ike.initiator.recv=1->2 ike.initiator.last_contact=744550.158871->744550.247287 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=2->-1 child.wip.responder=-1 Oct 31 15:24:35.814583: | Message ID: CHILD #1.#3 skipping update_send as nothing to send: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:35.814593: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:35.814598: | child state #3: V2_NEW_CHILD_I1(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:35.814602: | pstats #3 ikev2.child established Oct 31 15:24:35.814605: | announcing the state transition Oct 31 15:24:35.814614: "northnet-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Oct 31 15:24:35.814629: | NAT-T: encaps is 'auto' Oct 31 15:24:35.814635: "northnet-eastnets/0x2" #3: IPsec SA established tunnel mode {ESP=>0x0684bdb8 <0xa12c885a xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Oct 31 15:24:35.814641: | releasing #3's fd-fd@0x5587b741d548 because IKEv2 transitions finished Oct 31 15:24:35.814644: | delref fd@0x5587b741d548(1->0) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.814652: | freeref fd-fd@0x5587b741d548 (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.814656: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:35.814659: | unpending #3's IKE SA #1 Oct 31 15:24:35.814661: | unpending state #1 connection "northnet-eastnets/0x2" Oct 31 15:24:35.814665: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:35.814667: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.814670: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:35.814674: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Oct 31 15:24:35.814678: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:35.814684: | libevent_free: delref ptr-libevent@0x7f43a4001868 Oct 31 15:24:35.814687: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b743d0f8 Oct 31 15:24:35.814691: | event_schedule: newref EVENT_SA_REKEY-pe@0x5587b743d0f8 Oct 31 15:24:35.814695: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Oct 31 15:24:35.814698: | libevent_malloc: newref ptr-libevent@0x5587b7436ee8 size 128 Oct 31 15:24:35.814703: | delref mdp@0x5587b7420158(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.814707: | delref logger@0x5587b741dce8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:35.814709: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:35.814712: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:35.814722: | #3 spent 2.21 (57.9) milliseconds in resume sending helper answer back to state Oct 31 15:24:35.814728: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:35.814731: | libevent_free: delref ptr-libevent@0x7f439c001fb8 Oct 31 15:24:35.814744: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.814750: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.814755: | spent 0.0055 (0.00541) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.814758: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.814761: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.814765: | spent 0.00367 (0.00363) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.814768: | processing signal PLUTO_SIGCHLD Oct 31 15:24:35.814771: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:35.814775: | spent 0.00328 (0.00327) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:35.897482: | newref struct fd@0x5587b73f1cb8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.897498: | fd_accept: new fd-fd@0x5587b73f1cb8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:35.897512: | whack: status Oct 31 15:24:35.897674: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:35.897680: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:35.897824: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:35.897827: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:35.897834: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:35.897848: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:35.897865: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:35.897872: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:35.897885: | delref fd@0x5587b73f1cb8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.897890: | freeref fd-fd@0x5587b73f1cb8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:35.897896: | spent 0.427 (0.432) milliseconds in whack Oct 31 15:24:38.215359: | newref struct fd@0x5587b7436df8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:38.215379: | fd_accept: new fd-fd@0x5587b7436df8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:38.215395: | whack: traffic_status Oct 31 15:24:38.215398: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:24:38.215402: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:38.215413: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:38.215433: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:38.215466: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:38.215477: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:38.215500: | delref fd@0x5587b7436df8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:38.215508: | freeref fd-fd@0x5587b7436df8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:38.215516: | spent 0.167 (0.167) milliseconds in whack Oct 31 15:24:39.207433: | newref struct fd@0x5587b7436df8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.207446: | fd_accept: new fd-fd@0x5587b7436df8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.207459: | whack: status Oct 31 15:24:39.207683: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:39.207688: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:39.208051: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:39.208056: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:39.208067: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:39.208087: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:39.208113: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:39.208123: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:39.208144: | delref fd@0x5587b7436df8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:39.208151: | freeref fd-fd@0x5587b7436df8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:39.208157: | spent 0.601 (0.733) milliseconds in whack Oct 31 15:24:39.417322: | spent 0.00204 (0.00204) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:39.417340: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:39.417343: | newref alloc logger@0x5587b741cd48(0->1) (in read_message() at demux.c:103) Oct 31 15:24:39.417348: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:39.417350: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.417351: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.417353: | 9a bd 52 00 a9 8f 46 08 d5 80 be 69 8c 46 9a 16 Oct 31 15:24:39.417354: | c8 e1 49 bd d4 32 df d5 6a 79 38 44 0b 27 21 ec Oct 31 15:24:39.417356: | f0 4d 63 94 ab Oct 31 15:24:39.417359: | **parse ISAKMP Message: Oct 31 15:24:39.417362: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.417364: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.417366: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:39.417368: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.417370: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.417371: | flags: none (0x0) Oct 31 15:24:39.417374: | Message ID: 0 (00 00 00 00) Oct 31 15:24:39.417376: | length: 69 (00 00 00 45) Oct 31 15:24:39.417378: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:24:39.417383: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:24:39.417387: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:39.417394: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:39.417399: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Oct 31 15:24:39.417403: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:39.417406: | #1 is idle Oct 31 15:24:39.417412: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:39.417418: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:39.417421: | unpacking clear payload Oct 31 15:24:39.417424: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:39.417428: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:39.417431: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:24:39.417433: | flags: none (0x0) Oct 31 15:24:39.417437: | length: 41 (00 29) Oct 31 15:24:39.417440: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:24:39.417443: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:39.417458: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:24:39.417462: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:24:39.417466: | **parse IKEv2 Delete Payload: Oct 31 15:24:39.417468: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.417471: | flags: none (0x0) Oct 31 15:24:39.417474: | length: 12 (00 0c) Oct 31 15:24:39.417477: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.417480: | SPI size: 4 (04) Oct 31 15:24:39.417483: | number of SPIs: 1 (00 01) Oct 31 15:24:39.417486: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:24:39.417490: | selected state microcode Informational Request Oct 31 15:24:39.417497: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:39.417499: | calling processor Informational Request Oct 31 15:24:39.417504: | an informational request should send a response Oct 31 15:24:39.417508: | opening output PBS information exchange reply packet Oct 31 15:24:39.417511: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:24:39.417514: | **emit ISAKMP Message: Oct 31 15:24:39.417518: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.417522: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.417525: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.417527: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.417530: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.417533: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:24:39.417537: | Message ID: 0 (00 00 00 00) Oct 31 15:24:39.417540: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.417543: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.417546: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.417549: | flags: none (0x0) Oct 31 15:24:39.417552: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.417554: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:39.417556: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.417562: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:24:39.417565: | SPI Oct 31 15:24:39.417567: | 06 84 bd b8 Oct 31 15:24:39.417569: | delete IKEv2_SEC_PROTO_ESP SA(0x0684bdb8) Oct 31 15:24:39.417571: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:39.417573: | State DB: found IKEv2 state #3 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:24:39.417575: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x0684bdb8) Oct 31 15:24:39.417577: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #3 now Oct 31 15:24:39.417580: | #3 requesting EVENT_SA_REKEY-pe@0x5587b743d0f8 be deleted Oct 31 15:24:39.417582: | libevent_free: delref ptr-libevent@0x5587b7436ee8 Oct 31 15:24:39.417584: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5587b743d0f8 Oct 31 15:24:39.417587: | event_schedule: newref EVENT_SA_REPLACE-pe@0x5587b741dce8 Oct 31 15:24:39.417589: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Oct 31 15:24:39.417591: | libevent_malloc: newref ptr-libevent@0x7f439c001fb8 size 128 Oct 31 15:24:39.417593: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.417595: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.417597: | flags: none (0x0) Oct 31 15:24:39.417598: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.417600: | SPI size: 4 (04) Oct 31 15:24:39.417602: | number of SPIs: 1 (00 01) Oct 31 15:24:39.417604: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.417606: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:39.417608: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:24:39.417610: | local SPIs: a1 2c 88 5a Oct 31 15:24:39.417612: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:24:39.417614: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.417615: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.417617: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.417619: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:24:39.417621: | emitting length of ISAKMP Message: 69 Oct 31 15:24:39.417630: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:39.417632: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.417634: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.417635: | e0 87 0d df 14 a9 bd 1f 6b 6c 5c fc 44 9a 85 94 Oct 31 15:24:39.417637: | 8a 51 11 08 c0 17 2a 6f 28 80 4e f4 79 66 d4 88 Oct 31 15:24:39.417638: | b8 be 57 30 23 Oct 31 15:24:39.417666: | sent 1 messages Oct 31 15:24:39.417671: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:24:39.417675: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744549.863139 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:24:39.417680: | #1 spent 0.162 (0.175) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:24:39.417684: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:39.417687: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:39.417690: | Message ID: updating counters for #1 Oct 31 15:24:39.417695: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744549.863139->744553.850489 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:39.417698: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.850489 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:39.417702: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.850489 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:39.417704: | announcing the state transition Oct 31 15:24:39.417706: "northnet-eastnets/0x2" #1: established IKE SA Oct 31 15:24:39.417713: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:39.417715: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.417716: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.417718: | e0 87 0d df 14 a9 bd 1f 6b 6c 5c fc 44 9a 85 94 Oct 31 15:24:39.417719: | 8a 51 11 08 c0 17 2a 6f 28 80 4e f4 79 66 d4 88 Oct 31 15:24:39.417721: | b8 be 57 30 23 Oct 31 15:24:39.417731: | sent 1 messages Oct 31 15:24:39.417733: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:24:39.417736: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:39.417740: | #1 spent 0.409 (0.432) milliseconds in ikev2_process_packet() Oct 31 15:24:39.417742: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:39.417744: | delref mdp@0x5587b7420158(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:39.417747: | delref logger@0x5587b741cd48(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:39.417748: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.417750: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.417753: | spent 0.422 (0.445) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:39.417759: | timer_event_cb: processing event@0x5587b741dce8 Oct 31 15:24:39.417760: | handling event EVENT_SA_REPLACE for child state #3 Oct 31 15:24:39.417762: | libevent_free: delref ptr-libevent@0x7f439c001fb8 Oct 31 15:24:39.417765: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x5587b741dce8 Oct 31 15:24:39.417768: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:39.417770: | picked newest_ipsec_sa #3 for #3 Oct 31 15:24:39.417772: | replacing stale CHILD SA Oct 31 15:24:39.417775: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:39.417779: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:24:39.417784: | newref alloc logger@0x5587b743d0f8(0->1) (in new_state() at state.c:576) Oct 31 15:24:39.417789: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:39.417792: | creating state object #4 at 0x5587b7435d18 Oct 31 15:24:39.417795: | State DB: adding IKEv2 state #4 in UNDEFINED Oct 31 15:24:39.417803: | pstats #4 ikev2.child started Oct 31 15:24:39.417807: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Oct 31 15:24:39.417812: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:39.417822: | Message ID: CHILD #1.#4 initializing (CHILD SA): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.850489 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:39.417829: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Oct 31 15:24:39.417835: | #4.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:24:39.417843: | suspend processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:39.417848: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:39.417862: | using existing local ESP/AH proposals for northnet-eastnets/0x2 (ESP/AH initiator emitting proposals): 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:39.417869: | #4 schedule rekey initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 to replace #3 using IKE# 1 pfs=MODP2048 Oct 31 15:24:39.417873: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x5587b741dce8 Oct 31 15:24:39.417876: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Oct 31 15:24:39.417879: | libevent_malloc: newref ptr-libevent@0x5587b7436ee8 size 128 Oct 31 15:24:39.417883: | RESET processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:24:39.417886: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x5587b74369b8 Oct 31 15:24:39.417888: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Oct 31 15:24:39.417890: | libevent_malloc: newref ptr-libevent@0x7f43a8006108 size 128 Oct 31 15:24:39.417894: | #3 spent 0.134 (0.134) milliseconds in timer_event_cb() EVENT_SA_REPLACE Oct 31 15:24:39.417896: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:24:39.417900: | timer_event_cb: processing event@0x5587b741dce8 Oct 31 15:24:39.417901: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Oct 31 15:24:39.417903: | libevent_free: delref ptr-libevent@0x5587b7436ee8 Oct 31 15:24:39.417905: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x5587b741dce8 Oct 31 15:24:39.417908: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:39.417912: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.417914: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.417916: | newref clone logger@0x5587b741cd48(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.417918: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:24:39.417919: | state #4 has no .st_event to delete Oct 31 15:24:39.417921: | #4 STATE_V2_REKEY_CHILD_I0: retransmits: cleared Oct 31 15:24:39.417923: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b741dce8 Oct 31 15:24:39.417925: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Oct 31 15:24:39.417926: | libevent_malloc: newref ptr-libevent@0x5587b7436ee8 size 128 Oct 31 15:24:39.417933: | #4 spent 0.0329 (0.0329) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:24:39.417936: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:39.417939: | timer_event_cb: processing event@0x5587b74369b8 Oct 31 15:24:39.417940: | handling event EVENT_SA_EXPIRE for child state #3 Oct 31 15:24:39.417942: | libevent_free: delref ptr-libevent@0x7f43a8006108 Oct 31 15:24:39.417944: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x5587b74369b8 Oct 31 15:24:39.417946: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:39.417949: | picked newest_ipsec_sa #3 for #3 Oct 31 15:24:39.417948: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 7 starting job Oct 31 15:24:39.417952: | un-established partial CHILD SA timeout (SA expired) Oct 31 15:24:39.417966: | pstats #3 ikev2.child re-failed exchange-timeout Oct 31 15:24:39.417968: | should_send_delete: no, just because Oct 31 15:24:39.417970: | pstats #3 ikev2.child deleted completed Oct 31 15:24:39.417973: | #3 main thread spent 2.76 (58.4) milliseconds helper thread spent 2.88 (3) milliseconds in total Oct 31 15:24:39.417976: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.417978: | should_send_delete: no, just because Oct 31 15:24:39.417980: "northnet-eastnets/0x2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.691814s and NOT sending notification Oct 31 15:24:39.417983: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:24:39.417986: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:39.417998: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:39.418003: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=168B Oct 31 15:24:39.418006: | unsuspending #3 MD (nil) Oct 31 15:24:39.418007: | should_send_delete: no, just because Oct 31 15:24:39.418009: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:24:39.418011: | state #3 has no .st_event to delete Oct 31 15:24:39.418013: | #3 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:24:39.418050: | running updown command "ipsec _updown" for verb down Oct 31 15:24:39.418056: | command executing down-client Oct 31 15:24:39.418060: | get_sa_info esp.684bdb8@192.1.2.23 Oct 31 15:24:39.418070: | get_sa_info esp.a12c885a@192.1.3.33 Oct 31 15:24:39.418122: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:39.418137: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:39.418161: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_S... Oct 31 15:24:39.418165: | popen cmd is 1512 chars long Oct 31 15:24:39.418168: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Oct 31 15:24:39.418171: | cmd( 80):/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:24:39.418174: | cmd( 160):UTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, : Oct 31 15:24:39.418176: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=us: Oct 31 15:24:39.418179: | cmd( 320):er-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_N: Oct 31 15:24:39.418181: | cmd( 400):ET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_P: Oct 31 15:24:39.418184: | cmd( 480):ROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' P: Oct 31 15:24:39.418187: | cmd( 560):LUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Oct 31 15:24:39.418191: | cmd( 640):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT=: Oct 31 15:24:39.418194: | cmd( 720):'192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.2: Oct 31 15:24:39.418196: | cmd( 800):55.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=On: Oct 31 15:24:39.418215: | cmd( 880):tario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for main: Oct 31 15:24:39.418217: | cmd( 960):ca, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO: Oct 31 15:24:39.418219: | cmd(1040):_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_: Oct 31 15:24:39.418220: | cmd(1120):NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUT: Oct 31 15:24:39.418222: | cmd(1200):H_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO: Oct 31 15:24:39.418223: | cmd(1280):='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF: Oct 31 15:24:39.418224: | cmd(1360):IGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES='168' VTI_IFACE='' VTI_ROUTING='no: Oct 31 15:24:39.418226: | cmd(1440):' VTI_SHARED='no' SPI_IN=0x684bdb8 SPI_OUT=0xa12c885a ipsec _updown 2>&1: Oct 31 15:24:39.419561: | "northnet-eastnets/0x2" #4: spent 1.59 (1.61) milliseconds in helper 7 processing job 7 for state #4: Child Rekey Initiator KE and nonce ni (pcr) Oct 31 15:24:39.419573: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 7 sending result back to state Oct 31 15:24:39.419576: | scheduling resume sending helper answer back to state for #4 Oct 31 15:24:39.419579: | libevent_malloc: newref ptr-libevent@0x7f43a0006108 size 128 Oct 31 15:24:39.419585: | helper thread 7 has nothing to do Oct 31 15:24:39.427248: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Oct 31 15:24:39.427259: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Oct 31 15:24:39.427262: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.427265: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:39.427288: | delete esp.684bdb8@192.1.2.23 Oct 31 15:24:39.427291: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.427301: | netlink response for Del SA esp.684bdb8@192.1.2.23 included non-error error Oct 31 15:24:39.427303: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.427307: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.427334: | raw_eroute result=success Oct 31 15:24:39.427341: | delete esp.a12c885a@192.1.3.33 Oct 31 15:24:39.427345: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.427357: | netlink response for Del SA esp.a12c885a@192.1.3.33 included non-error error Oct 31 15:24:39.427363: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.427366: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Oct 31 15:24:39.427371: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:24:39.427374: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:24:39.427377: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.427380: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.427383: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.427402: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.427412: | delref logger@0x5587b7413c48(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.427416: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.427419: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.427425: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Oct 31 15:24:39.427430: | can't expire unused IKE SA #1; it has the child #4 Oct 31 15:24:39.427434: | in statetime_stop() and could not find #3 Oct 31 15:24:39.427438: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:24:39.427457: | spent 0.00201 (0.00195) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:39.427467: | newref struct msg_digest@0x5587b7420158(0->1) (in read_message() at demux.c:103) Oct 31 15:24:39.427471: | newref alloc logger@0x5587b74369b8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:39.427478: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:39.427481: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.427484: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.427487: | d7 9f 2a 6f 41 da 1f 49 d8 e1 12 9f 61 a6 29 12 Oct 31 15:24:39.427489: | f5 d8 f5 7a 6e cb 9e b3 6f a7 a7 b3 7d af 84 40 Oct 31 15:24:39.427492: | 7d 45 1e a8 76 Oct 31 15:24:39.427496: | **parse ISAKMP Message: Oct 31 15:24:39.427502: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.427506: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.427510: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:39.427513: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.427516: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.427519: | flags: none (0x0) Oct 31 15:24:39.427523: | Message ID: 1 (00 00 00 01) Oct 31 15:24:39.427527: | length: 69 (00 00 00 45) Oct 31 15:24:39.427531: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:24:39.427535: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:24:39.427539: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:39.427546: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:39.427550: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:39.427554: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:39.427557: | #1 is idle Oct 31 15:24:39.427564: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.850489 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:39.427571: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:39.427574: | unpacking clear payload Oct 31 15:24:39.427577: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:39.427581: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:39.427584: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:24:39.427586: | flags: none (0x0) Oct 31 15:24:39.427590: | length: 41 (00 29) Oct 31 15:24:39.427593: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:24:39.427595: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:39.427610: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:24:39.427614: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:24:39.427618: | **parse IKEv2 Delete Payload: Oct 31 15:24:39.427621: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.427623: | flags: none (0x0) Oct 31 15:24:39.427627: | length: 12 (00 0c) Oct 31 15:24:39.427630: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.427633: | SPI size: 4 (04) Oct 31 15:24:39.427636: | number of SPIs: 1 (00 01) Oct 31 15:24:39.427639: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:24:39.427642: | selected state microcode Informational Request Oct 31 15:24:39.427649: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.850489 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:24:39.427654: | calling processor Informational Request Oct 31 15:24:39.427659: | an informational request should send a response Oct 31 15:24:39.427664: | opening output PBS information exchange reply packet Oct 31 15:24:39.427666: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:24:39.427671: | **emit ISAKMP Message: Oct 31 15:24:39.427678: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.427682: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.427685: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.427687: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.427690: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.427693: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:24:39.427697: | Message ID: 1 (00 00 00 01) Oct 31 15:24:39.427701: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.427704: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.427707: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.427710: | flags: none (0x0) Oct 31 15:24:39.427713: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.427716: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:39.427719: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.427727: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:24:39.427728: | SPI Oct 31 15:24:39.427730: | 0c 10 d1 90 Oct 31 15:24:39.427732: | delete IKEv2_SEC_PROTO_ESP SA(0x0c10d190) Oct 31 15:24:39.427734: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:39.427736: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:24:39.427738: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x0c10d190) Oct 31 15:24:39.427740: "northnet-eastnets/0x2" #1: received Delete SA payload: replace IPsec State #2 now Oct 31 15:24:39.427743: | #2 requesting EVENT_SA_REKEY-pe@0x5587b740a6f8 be deleted Oct 31 15:24:39.427745: | libevent_free: delref ptr-libevent@0x5587b7428378 Oct 31 15:24:39.427748: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5587b740a6f8 Oct 31 15:24:39.427750: | event_schedule: newref EVENT_SA_REPLACE-pe@0x5587b7413c48 Oct 31 15:24:39.427752: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Oct 31 15:24:39.427754: | libevent_malloc: newref ptr-libevent@0x7f43a80038b8 size 128 Oct 31 15:24:39.427756: | ****emit IKEv2 Delete Payload: Oct 31 15:24:39.427758: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.427760: | flags: none (0x0) Oct 31 15:24:39.427761: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.427763: | SPI size: 4 (04) Oct 31 15:24:39.427765: | number of SPIs: 1 (00 01) Oct 31 15:24:39.427767: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:39.427769: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:39.427771: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:24:39.427773: | local SPIs: 8c 58 fb a8 Oct 31 15:24:39.427775: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:24:39.427777: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.427778: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.427780: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.427782: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:24:39.427785: | emitting length of ISAKMP Message: 69 Oct 31 15:24:39.427796: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:39.427798: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.427799: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.427801: | db 26 55 ad dc 5d 60 70 19 99 e5 f0 d6 56 96 e5 Oct 31 15:24:39.427802: | af 17 2b 8e 7b f7 50 62 49 c1 12 04 e4 97 6b 4e Oct 31 15:24:39.427804: | 7a 39 fd db df Oct 31 15:24:39.427834: | sent 1 messages Oct 31 15:24:39.427839: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744553.850489 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:24:39.427843: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744553.850489 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:24:39.427849: | #1 spent 0.172 (0.189) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:24:39.427852: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:39.427856: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:39.427857: | Message ID: updating counters for #1 Oct 31 15:24:39.427862: | Message ID: IKE #1 updating responder received message request 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=0->1 ike.responder.last_contact=744553.850489->744553.860656 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:24:39.427865: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:39.427869: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:39.427870: | announcing the state transition Oct 31 15:24:39.427873: "northnet-eastnets/0x2" #1: established IKE SA Oct 31 15:24:39.427877: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:39.427879: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.427880: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:24:39.427882: | db 26 55 ad dc 5d 60 70 19 99 e5 f0 d6 56 96 e5 Oct 31 15:24:39.427883: | af 17 2b 8e 7b f7 50 62 49 c1 12 04 e4 97 6b 4e Oct 31 15:24:39.427885: | 7a 39 fd db df Oct 31 15:24:39.427895: | sent 1 messages Oct 31 15:24:39.427898: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:24:39.427901: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:39.427904: | #1 spent 0.432 (0.453) milliseconds in ikev2_process_packet() Oct 31 15:24:39.427906: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:39.427909: | delref mdp@0x5587b7420158(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:39.427911: | delref logger@0x5587b74369b8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:39.427912: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.427916: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.427919: | spent 0.447 (0.468) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:39.427925: | processing resume sending helper answer back to state for #4 Oct 31 15:24:39.427929: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:39.427931: | unsuspending #4 MD (nil) Oct 31 15:24:39.427933: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 7 Oct 31 15:24:39.427935: | job 7 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x5587b63bffe7 Oct 31 15:24:39.427937: | ikev2_child_outI_continue() for #4 STATE_V2_REKEY_CHILD_I0 Oct 31 15:24:39.427941: | DH secret MODP2048@0x7f43a0006ba8: transferring ownership from helper KE to state #4 Oct 31 15:24:39.427942: | adding CHILD SA #4 to IKE SA #1 message initiator queue Oct 31 15:24:39.427946: | Message ID: CHILD #1.#4 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:39.427948: | scheduling callback v2_msgid_schedule_next_initiator (#1) Oct 31 15:24:39.427950: | libevent_malloc: newref ptr-libevent@0x5587b7428378 size 128 Oct 31 15:24:39.427954: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:39.427956: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 with status STF_SUSPEND Oct 31 15:24:39.427958: | no MD to suspend Oct 31 15:24:39.427960: | delref logger@0x5587b741cd48(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:39.427962: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.427963: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.427965: | resume sending helper answer back to state for #4 suppresed complete_v2_state_transition() Oct 31 15:24:39.427967: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:39.427970: | #4 spent 0.0384 (0.0384) milliseconds in resume sending helper answer back to state Oct 31 15:24:39.427973: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:39.427975: | libevent_free: delref ptr-libevent@0x7f43a0006108 Oct 31 15:24:39.427978: | processing signal PLUTO_SIGCHLD Oct 31 15:24:39.427981: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:39.427984: | spent 0.00373 (0.00373) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:39.427988: | timer_event_cb: processing event@0x5587b7413c48 Oct 31 15:24:39.427990: | handling event EVENT_SA_REPLACE for child state #2 Oct 31 15:24:39.427992: | libevent_free: delref ptr-libevent@0x7f43a80038b8 Oct 31 15:24:39.427994: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x5587b7413c48 Oct 31 15:24:39.427997: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:39.428000: | picked newest_ipsec_sa #2 for #2 Oct 31 15:24:39.428002: | replacing stale CHILD SA Oct 31 15:24:39.428004: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:39.428007: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:24:39.428011: | newref alloc logger@0x5587b740a6f8(0->1) (in new_state() at state.c:576) Oct 31 15:24:39.428013: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:39.428014: | creating state object #5 at 0x5587b743dc98 Oct 31 15:24:39.428016: | State DB: adding IKEv2 state #5 in UNDEFINED Oct 31 15:24:39.428022: | pstats #5 ikev2.child started Oct 31 15:24:39.428024: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Oct 31 15:24:39.428027: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:39.428033: | Message ID: CHILD #1.#5 initializing (CHILD SA): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:39.428036: | child state #5: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Oct 31 15:24:39.428039: | #5.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:24:39.428041: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.428044: | suspend processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:39.428046: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:39.428049: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:24:39.428051: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnets/0x1 (ESP/AH initiator emitting proposals) Oct 31 15:24:39.428055: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:39.428060: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:39.428062: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:39.428065: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:39.428067: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:39.428070: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:39.428072: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:39.428074: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:39.428076: "northnet-eastnets/0x1": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:24:39.428079: "northnet-eastnets/0x1": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:39.428081: "northnet-eastnets/0x1": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:39.428084: "northnet-eastnets/0x1": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:39.428086: "northnet-eastnets/0x1": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:39.428090: | #5 schedule rekey initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 to replace #2 using IKE# 1 pfs=MODP2048 Oct 31 15:24:39.428092: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x5587b73f1eb8 Oct 31 15:24:39.428094: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Oct 31 15:24:39.428095: | libevent_malloc: newref ptr-libevent@0x7f43a0006108 size 128 Oct 31 15:24:39.428099: | RESET processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:24:39.428101: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x5587b741cd48 Oct 31 15:24:39.428102: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Oct 31 15:24:39.428104: | libevent_malloc: newref ptr-libevent@0x7f43a8006108 size 128 Oct 31 15:24:39.428108: | #2 spent 0.118 (0.118) milliseconds in timer_event_cb() EVENT_SA_REPLACE Oct 31 15:24:39.428109: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:24:39.428111: | libevent_free: delref ptr-libevent@0x5587b7428378 Oct 31 15:24:39.428113: | processing callback v2_msgid_schedule_next_initiator for #1 Oct 31 15:24:39.428116: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:828) Oct 31 15:24:39.428120: | Message ID: CHILD #1.#4 resuming SA using IKE SA (unack 0): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:39.428124: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:24:39.428127: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:24:39.428129: | unsuspending #4 MD (nil) Oct 31 15:24:39.428132: | opening output PBS reply packet Oct 31 15:24:39.428134: | **emit ISAKMP Message: Oct 31 15:24:39.428137: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.428139: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.428141: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.428143: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.428144: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:39.428146: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:39.428148: | Message ID: 3 (00 00 00 03) Oct 31 15:24:39.428150: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.428152: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.428154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.428156: | flags: none (0x0) Oct 31 15:24:39.428158: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.428159: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.428161: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.428174: | netlink_get_spi: allocated 0xf864a06b for esp.0@192.1.3.33 Oct 31 15:24:39.428176: | Emitting ikev2_proposals ... Oct 31 15:24:39.428178: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:39.428179: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.428181: | flags: none (0x0) Oct 31 15:24:39.428183: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:39.428185: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.428188: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:39.428190: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.428191: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.428193: | prop #: 1 (01) Oct 31 15:24:39.428195: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.428197: | spi size: 4 (04) Oct 31 15:24:39.428203: | # transforms: 3 (03) Oct 31 15:24:39.428210: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.428213: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:39.428216: | our spi: f8 64 a0 6b Oct 31 15:24:39.428218: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428221: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.428223: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:39.428224: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428226: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.428228: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.428230: | length/value: 256 (01 00) Oct 31 15:24:39.428232: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.428234: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:39.428236: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428237: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428240: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.428242: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.428244: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428247: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428249: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428251: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.428252: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:39.428254: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:39.428255: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428257: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428259: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428260: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:39.428262: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.428264: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:39.428266: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.428267: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.428269: | prop #: 2 (02) Oct 31 15:24:39.428271: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.428272: | spi size: 4 (04) Oct 31 15:24:39.428274: | # transforms: 3 (03) Oct 31 15:24:39.428276: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.428278: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.428280: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:39.428281: | our spi: f8 64 a0 6b Oct 31 15:24:39.428283: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428286: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.428288: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:39.428289: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428291: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.428293: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.428295: | length/value: 128 (00 80) Oct 31 15:24:39.428296: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.428298: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:39.428300: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428303: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.428304: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.428306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428307: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428311: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428313: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428315: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.428316: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:39.428318: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:39.428319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428321: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428323: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428324: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:39.428326: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.428328: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.428329: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.428331: | prop #: 3 (03) Oct 31 15:24:39.428333: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.428334: | spi size: 4 (04) Oct 31 15:24:39.428336: | # transforms: 5 (05) Oct 31 15:24:39.428338: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.428339: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.428341: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:39.428343: | our spi: f8 64 a0 6b Oct 31 15:24:39.428345: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428348: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.428349: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:39.428351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428353: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.428354: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.428356: | length/value: 256 (01 00) Oct 31 15:24:39.428358: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.428359: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428361: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428362: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.428364: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:39.428366: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428367: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428369: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428370: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428373: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.428375: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:39.428377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428380: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428382: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428384: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.428387: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.428389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428390: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428392: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428393: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428395: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.428396: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:39.428398: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:39.428400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428401: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428403: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428404: | emitting length of IKEv2 Proposal Substructure Payload: 56 Oct 31 15:24:39.428406: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.428408: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.428409: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:39.428411: | prop #: 4 (04) Oct 31 15:24:39.428413: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:39.428414: | spi size: 4 (04) Oct 31 15:24:39.428416: | # transforms: 5 (05) Oct 31 15:24:39.428418: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.428419: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.428421: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:39.428423: | our spi: f8 64 a0 6b Oct 31 15:24:39.428425: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428426: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428428: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.428429: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:39.428431: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428432: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.428434: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.428436: | length/value: 128 (00 80) Oct 31 15:24:39.428437: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.428439: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428442: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.428444: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:39.428445: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428447: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428449: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428451: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428454: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.428456: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:39.428457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428460: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428462: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428464: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.428467: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.428468: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428470: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428471: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428473: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.428475: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.428476: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:39.428478: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:39.428479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.428481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.428483: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.428484: | emitting length of IKEv2 Proposal Substructure Payload: 56 Oct 31 15:24:39.428486: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.428487: | emitting length of IKEv2 Security Association Payload: 196 Oct 31 15:24:39.428489: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:39.428491: "northnet-eastnets/0x2" #4: CHILD SA to rekey #3 vanished abort this exchange Oct 31 15:24:39.428493: | ikev2_child_sa_respond returned STF_INTERNAL_ERROR Oct 31 15:24:39.428497: | [RE]START processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:39.428499: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 with status STF_INTERNAL_ERROR Oct 31 15:24:39.428538: "northnet-eastnets/0x2" #4: state transition function for STATE_V2_REKEY_CHILD_I0 had internal error Oct 31 15:24:39.428544: | release_pending_whacks: state #4 has no whack fd Oct 31 15:24:39.428548: | delref mdp@NULL (in initiate_next() at ikev2_msgid.c:705) Oct 31 15:24:39.428553: | stop processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:24:39.428558: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:24:39.428563: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:832) Oct 31 15:24:39.428569: | spent 0.446 (0.452) milliseconds in callback v2_msgid_schedule_next_initiator Oct 31 15:24:39.428575: | timer_event_cb: processing event@0x5587b73f1eb8 Oct 31 15:24:39.428580: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Oct 31 15:24:39.428583: | libevent_free: delref ptr-libevent@0x7f43a0006108 Oct 31 15:24:39.428586: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x5587b73f1eb8 Oct 31 15:24:39.428592: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:39.428600: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.428602: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.428606: | newref clone logger@0x5587b7413c48(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.428609: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:24:39.428612: | state #5 has no .st_event to delete Oct 31 15:24:39.428615: | #5 STATE_V2_REKEY_CHILD_I0: retransmits: cleared Oct 31 15:24:39.428617: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b74369b8 Oct 31 15:24:39.428620: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Oct 31 15:24:39.428623: | libevent_malloc: newref ptr-libevent@0x7f43a0006108 size 128 Oct 31 15:24:39.428634: | #5 spent 0.058 (0.0581) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:24:39.428640: | stop processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:39.428640: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 1 starting job Oct 31 15:24:39.428643: | timer_event_cb: processing event@0x5587b741cd48 Oct 31 15:24:39.428653: | handling event EVENT_SA_EXPIRE for child state #2 Oct 31 15:24:39.428655: | libevent_free: delref ptr-libevent@0x7f43a8006108 Oct 31 15:24:39.428657: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x5587b741cd48 Oct 31 15:24:39.428660: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:39.428663: | picked newest_ipsec_sa #2 for #2 Oct 31 15:24:39.428665: | un-established partial CHILD SA timeout (SA expired) Oct 31 15:24:39.428667: | pstats #2 ikev2.child re-failed exchange-timeout Oct 31 15:24:39.428668: | should_send_delete: no, just because Oct 31 15:24:39.428670: | pstats #2 ikev2.child deleted completed Oct 31 15:24:39.428673: | #2 main thread spent 7.71 (114) milliseconds helper thread spent 0.925 (1.56) milliseconds in total Oct 31 15:24:39.428676: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.428678: | should_send_delete: no, just because Oct 31 15:24:39.428681: "northnet-eastnets/0x1" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.961374s and NOT sending notification Oct 31 15:24:39.428683: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:24:39.428685: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:39.428695: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:39.428707: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Oct 31 15:24:39.428712: | unsuspending #2 MD (nil) Oct 31 15:24:39.428715: | should_send_delete: no, just because Oct 31 15:24:39.428718: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:24:39.428721: | state #2 has no .st_event to delete Oct 31 15:24:39.428724: | #2 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:24:39.428772: | running updown command "ipsec _updown" for verb down Oct 31 15:24:39.428778: | command executing down-client Oct 31 15:24:39.428783: | get_sa_info esp.c10d190@192.1.2.23 Oct 31 15:24:39.428795: | get_sa_info esp.8c58fba8@192.1.3.33 Oct 31 15:24:39.428846: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:39.428858: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Oct 31 15:24:39.428882: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STA... Oct 31 15:24:39.428886: | popen cmd is 1510 chars long Oct 31 15:24:39.428889: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Oct 31 15:24:39.428891: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:24:39.428894: | cmd( 160):UTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, : Oct 31 15:24:39.428896: | cmd( 240):L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=us: Oct 31 15:24:39.428898: | cmd( 320):er-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_N: Oct 31 15:24:39.428901: | cmd( 400):ET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_P: Oct 31 15:24:39.428903: | cmd( 480):ROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' P: Oct 31 15:24:39.428905: | cmd( 560):LUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Oct 31 15:24:39.428908: | cmd( 640):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT=: Oct 31 15:24:39.428910: | cmd( 720):'192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255: Oct 31 15:24:39.428912: | cmd( 800):.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Onta: Oct 31 15:24:39.428915: | cmd( 880):rio, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca: Oct 31 15:24:39.428917: | cmd( 960):, E=testing@libreswan.org' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157875' PLUTO_C: Oct 31 15:24:39.428919: | cmd(1040):ONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO: Oct 31 15:24:39.428921: | cmd(1120):+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: Oct 31 15:24:39.428924: | cmd(1200):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': Oct 31 15:24:39.428926: | cmd(1280):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: Oct 31 15:24:39.428928: | cmd(1360):URED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES='168' VTI_IFACE='' VTI_ROUTING='no' : Oct 31 15:24:39.428931: | cmd(1440):VTI_SHARED='no' SPI_IN=0xc10d190 SPI_OUT=0x8c58fba8 ipsec _updown 2>&1: Oct 31 15:24:39.429844: | "northnet-eastnets/0x1" #5: spent 1.19 (1.2) milliseconds in helper 1 processing job 8 for state #5: Child Rekey Initiator KE and nonce ni (pcr) Oct 31 15:24:39.429852: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:39.429855: | scheduling resume sending helper answer back to state for #5 Oct 31 15:24:39.429857: | libevent_malloc: newref ptr-libevent@0x7f43b4007658 size 128 Oct 31 15:24:39.429862: | helper thread 1 has nothing to do Oct 31 15:24:39.437667: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:24:39.437689: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:24:39.437694: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.437698: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:39.437810: | delete esp.c10d190@192.1.2.23 Oct 31 15:24:39.437819: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.437845: | netlink response for Del SA esp.c10d190@192.1.2.23 included non-error error Oct 31 15:24:39.437852: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.437862: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.437907: | raw_eroute result=success Oct 31 15:24:39.437915: | delete esp.8c58fba8@192.1.3.33 Oct 31 15:24:39.437919: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:39.437947: | netlink response for Del SA esp.8c58fba8@192.1.3.33 included non-error error Oct 31 15:24:39.437954: | in connection_discard for connection northnet-eastnets/0x1 Oct 31 15:24:39.437958: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Oct 31 15:24:39.437963: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:24:39.437967: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:24:39.437970: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.437972: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.437975: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.437983: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.437993: | delref logger@0x5587b73fda08(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.437997: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.438001: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.438007: | State DB: found IKEv2 state #5 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Oct 31 15:24:39.438011: | can't expire unused IKE SA #1; it has the child #5 Oct 31 15:24:39.438015: | in statetime_stop() and could not find #2 Oct 31 15:24:39.438019: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:24:39.438121: | spent 0.0113 (0.00382) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:39.438135: | newref struct msg_digest@0x5587b742c3c8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:39.438139: | newref alloc logger@0x5587b73f1eb8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:39.438146: | *received 65 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:39.438149: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.438151: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Oct 31 15:24:39.438154: | be db 59 48 25 ff f6 09 b2 7c 2e ad f4 c0 37 9e Oct 31 15:24:39.438156: | f5 41 34 c5 6b ee ee df fb 2f c9 2d bc 6f 07 51 Oct 31 15:24:39.438158: | 46 Oct 31 15:24:39.438163: | **parse ISAKMP Message: Oct 31 15:24:39.438170: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.438176: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.438180: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:39.438183: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.438187: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.438191: | flags: none (0x0) Oct 31 15:24:39.438197: | Message ID: 2 (00 00 00 02) Oct 31 15:24:39.438352: | length: 65 (00 00 00 41) Oct 31 15:24:39.438357: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:24:39.438363: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:24:39.438368: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:39.438384: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:39.438390: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:24:39.438394: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:39.438397: | #1 is idle Oct 31 15:24:39.438404: | Message ID: IKE #1 not a duplicate - message request 2 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:39.438409: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:39.438411: | unpacking clear payload Oct 31 15:24:39.438414: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:39.438418: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:39.438420: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:24:39.438422: | flags: none (0x0) Oct 31 15:24:39.438425: | length: 37 (00 25) Oct 31 15:24:39.438428: | processing payload: ISAKMP_NEXT_v2SK (len=33) Oct 31 15:24:39.438430: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:39.438452: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:24:39.438456: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:24:39.438460: | **parse IKEv2 Delete Payload: Oct 31 15:24:39.438463: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.438465: | flags: none (0x0) Oct 31 15:24:39.438468: | length: 8 (00 08) Oct 31 15:24:39.438471: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:39.438474: | SPI size: 0 (00) Oct 31 15:24:39.438477: | number of SPIs: 0 (00 00) Oct 31 15:24:39.438480: | processing payload: ISAKMP_NEXT_v2D (len=0) Oct 31 15:24:39.438482: | selected state microcode Informational Request Oct 31 15:24:39.438489: | Message ID: IKE #1 responder starting message request 2: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 ike.wip.initiator=-1 ike.wip.responder=-1->2 Oct 31 15:24:39.438492: | calling processor Informational Request Oct 31 15:24:39.438498: | an informational request should send a response Oct 31 15:24:39.438505: | opening output PBS information exchange reply packet Oct 31 15:24:39.438508: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:24:39.438512: | **emit ISAKMP Message: Oct 31 15:24:39.438518: | initiator SPI: fb 8d aa 53 8c db 80 3b Oct 31 15:24:39.438523: | responder SPI: 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.438526: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.438529: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.438539: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:39.438543: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:24:39.438548: | Message ID: 2 (00 00 00 02) Oct 31 15:24:39.438551: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.438555: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:39.438557: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.438560: | flags: none (0x0) Oct 31 15:24:39.438563: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:39.438566: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:39.438570: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:39.438582: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:39.438585: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:39.438588: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:39.438590: | emitting length of IKEv2 Encryption Payload: 29 Oct 31 15:24:39.438595: | emitting length of ISAKMP Message: 57 Oct 31 15:24:39.438607: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:39.438609: | fb 8d aa 53 8c db 80 3b 3f 19 47 b1 d8 fa 3e ec Oct 31 15:24:39.438611: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Oct 31 15:24:39.438612: | 00 31 39 b4 d9 77 ce 4c b2 45 84 a7 fc 57 c3 b8 Oct 31 15:24:39.438614: | 69 86 5c 92 22 7e 14 c1 0c Oct 31 15:24:39.438653: | sent 1 messages Oct 31 15:24:39.438659: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744553.860656 ike.wip.initiator=-1 ike.wip.responder=2 Oct 31 15:24:39.438666: | Message ID: IKE #1 updating responder sent message response 2: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744550.247287 ike.responder.sent=1->2 ike.responder.recv=1 ike.responder.last_contact=744553.860656 ike.wip.initiator=-1 ike.wip.responder=2 Oct 31 15:24:39.438672: | pstats #5 ikev2.child deleted other Oct 31 15:24:39.438679: | #5 main thread spent 0.058 (0.0581) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:24:39.438686: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.438692: | start processing: state #5 connection "northnet-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.438696: | should_send_delete: no, just because Oct 31 15:24:39.438702: "northnet-eastnets/0x1" #5: deleting other state #5 connection (STATE_V2_REKEY_CHILD_I0) "northnet-eastnets/0x1" aged 0.010688s and NOT sending notification Oct 31 15:24:39.438706: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => delete Oct 31 15:24:39.438711: | unsuspending #5 MD (nil) Oct 31 15:24:39.438714: | should_send_delete: no, just because Oct 31 15:24:39.438718: | child state #5: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Oct 31 15:24:39.438722: | state #5 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:39.438728: | libevent_free: delref ptr-libevent@0x7f43a0006108 Oct 31 15:24:39.438731: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b74369b8 Oct 31 15:24:39.438734: | #5 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:24:39.438739: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.438747: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.438762: | raw_eroute result=success Oct 31 15:24:39.438768: | in connection_discard for connection northnet-eastnets/0x1 Oct 31 15:24:39.438771: | State DB: deleting IKEv2 state #5 in CHILDSA_DEL Oct 31 15:24:39.438777: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:24:39.438781: | releasing #5's fd-fd@(nil) because deleting state Oct 31 15:24:39.438784: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.438787: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.438791: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.438798: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.438805: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.438811: | delref logger@0x5587b740a6f8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.438815: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.438818: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.438823: | pstats #4 ikev2.child deleted other Oct 31 15:24:39.438828: | #4 main thread spent 0.0712 (0.0713) milliseconds helper thread spent 1.59 (1.61) milliseconds in total Oct 31 15:24:39.438835: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.438840: | start processing: state #4 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.438842: | should_send_delete: no, just because Oct 31 15:24:39.438847: "northnet-eastnets/0x2" #4: deleting other state #4 (STATE_V2_REKEY_CHILD_I0) aged 0.021062s and NOT sending notification Oct 31 15:24:39.438849: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => delete Oct 31 15:24:39.438852: | unsuspending #4 MD (nil) Oct 31 15:24:39.438854: | should_send_delete: no, just because Oct 31 15:24:39.438857: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Oct 31 15:24:39.438860: | state #4 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:39.438865: | libevent_free: delref ptr-libevent@0x5587b7436ee8 Oct 31 15:24:39.438869: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b741dce8 Oct 31 15:24:39.438873: | #4 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:24:39.438878: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.438888: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:39.438904: | raw_eroute result=success Oct 31 15:24:39.438909: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.438913: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Oct 31 15:24:39.438918: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:24:39.438920: | releasing #4's fd-fd@(nil) because deleting state Oct 31 15:24:39.438923: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.438925: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.438928: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.438942: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.438947: | resume processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.438953: | delref logger@0x5587b743d0f8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.438957: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.438960: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.438964: | State DB: IKEv2 state not found (delete_ike_family) Oct 31 15:24:39.438967: | pstats #1 ikev2.ike deleted completed Oct 31 15:24:39.438974: | #1 main thread spent 14.7 (21.1) milliseconds helper thread spent 18.9 (23.4) milliseconds in total Oct 31 15:24:39.438981: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.438984: | should_send_delete: no, just because Oct 31 15:24:39.438990: "northnet-eastnets/0x2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 4.008687s and NOT sending notification Oct 31 15:24:39.438994: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:24:39.439124: | unsuspending #1 MD (nil) Oct 31 15:24:39.439130: | should_send_delete: no, just because Oct 31 15:24:39.439134: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:39.439139: | libevent_free: delref ptr-libevent@0x5587b74408b8 Oct 31 15:24:39.439143: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5587b74158b8 Oct 31 15:24:39.439147: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:24:39.439152: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:24:39.439156: | picked newest_isakmp_sa #0 for #1 Oct 31 15:24:39.439161: "northnet-eastnets/0x2" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:24:39.439166: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 0 seconds Oct 31 15:24:39.439173: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Oct 31 15:24:39.439179: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.439183: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:24:39.439187: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:24:39.439190: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:24:39.439192: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.439195: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.439202: | delref pkp@0x7f43a40042a8(2->1) (in delete_state() at state.c:1202) Oct 31 15:24:39.439219: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.439225: | delref pkp@0x7f43a40042a8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.439229: | delref pkp@0x7f43a40011d8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.439233: | delref pkp@0x7f43a4000e38(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.439236: | delref pkp@0x7f43a4003f58(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.439239: | delref pkp@0x7f43a4003bb8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.439255: | delref logger@0x5587b73fdd88(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.439258: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.439261: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.439265: | in statetime_stop() and could not find #1 Oct 31 15:24:39.439268: | XXX: processor 'Informational Request' for #1 deleted state MD.ST Oct 31 15:24:39.439270: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:39.439273: | in statetime_stop() and could not find #1 Oct 31 15:24:39.439276: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:39.439279: | delref mdp@0x5587b742c3c8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:39.439282: | delref logger@0x5587b73f1eb8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:39.439285: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.439287: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.439294: | spent 0.956 (1.25) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:39.439303: | processing resume sending helper answer back to state for #5 Oct 31 15:24:39.439308: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 1 Oct 31 15:24:39.439311: | job 8 for #5: Child Rekey Initiator KE and nonce ni (build KE and nonce): was cancelled; ignoring respose Oct 31 15:24:39.439321: | delref logger@0x5587b7413c48(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:39.439324: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.439327: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.439333: | (#5) spent 0.0241 (0.024) milliseconds in resume sending helper answer back to state Oct 31 15:24:39.439336: | libevent_free: delref ptr-libevent@0x7f43b4007658 Oct 31 15:24:39.439340: | processing signal PLUTO_SIGCHLD Oct 31 15:24:39.439345: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:39.439349: | spent 0.00529 (0.00529) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:39.439356: | processing global timer EVENT_REVIVE_CONNS Oct 31 15:24:39.439360: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:39.439363: "northnet-eastnets/0x2": initiating connection which received a Delete/Notify but must remain up per local policy Oct 31 15:24:39.439367: | connection 'northnet-eastnets/0x2' +POLICY_UP Oct 31 15:24:39.439370: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:39.439379: | newref alloc logger@0x5587b74369b8(0->1) (in new_state() at state.c:576) Oct 31 15:24:39.439382: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:39.439385: | creating state object #6 at 0x5587b743dc98 Oct 31 15:24:39.439390: | State DB: adding IKEv2 state #6 in UNDEFINED Oct 31 15:24:39.439397: | pstats #6 ikev2.ike started Oct 31 15:24:39.439401: | parent state #6: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:39.439405: | #6.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:39.439414: | Message ID: IKE #6 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744553.872205 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744553.872205 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:39.439417: | orienting northnet-eastnets/0x2 Oct 31 15:24:39.439422: | northnet-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:39.439428: | northnet-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:39.439433: | northnet-eastnets/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:24:39.439438: | northnet-eastnets/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:24:39.439443: | northnet-eastnets/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:24:39.439446: | oriented northnet-eastnets/0x2's this Oct 31 15:24:39.439455: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:39.439461: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:24:39.439467: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #6 "northnet-eastnets/0x2" Oct 31 15:24:39.439471: "northnet-eastnets/0x2" #6: initiating IKEv2 connection Oct 31 15:24:39.439491: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator selecting KE): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:39.439498: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.439501: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.439504: | newref clone logger@0x5587b743fc08(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.439507: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:39.439510: | state #6 has no .st_event to delete Oct 31 15:24:39.439513: | #6 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:39.439516: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5587b741cd48 Oct 31 15:24:39.439519: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Oct 31 15:24:39.439523: | libevent_malloc: newref ptr-libevent@0x7f43a8006108 size 128 Oct 31 15:24:39.439533: | #6 spent 0.165 (0.165) milliseconds in ikev2_parent_outI1() Oct 31 15:24:39.439539: | RESET processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:39.439539: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): helper 2 starting job Oct 31 15:24:39.439545: | spent 0.185 (0.185) milliseconds in global timer EVENT_REVIVE_CONNS Oct 31 15:24:39.440757: | "northnet-eastnets/0x2" #6: spent 1.21 (1.22) milliseconds in helper 2 processing job 9 for state #6: ikev2_outI1 KE (pcr) Oct 31 15:24:39.440768: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): helper thread 2 sending result back to state Oct 31 15:24:39.440772: | scheduling resume sending helper answer back to state for #6 Oct 31 15:24:39.440776: | libevent_malloc: newref ptr-libevent@0x7f43ac00cc18 size 128 Oct 31 15:24:39.440784: | helper thread 2 has nothing to do Oct 31 15:24:39.440792: | processing resume sending helper answer back to state for #6 Oct 31 15:24:39.440803: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:39.440811: | unsuspending #6 MD (nil) Oct 31 15:24:39.440815: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): processing response from helper 2 Oct 31 15:24:39.440818: | job 9 for #6: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x5587b63bffe7 Oct 31 15:24:39.440821: | ikev2_parent_outI1_continue() for #6 STATE_PARENT_I0 Oct 31 15:24:39.440826: | DH secret MODP2048@0x7f43ac00e908: transferring ownership from helper KE to state #6 Oct 31 15:24:39.440831: | opening output PBS reply packet Oct 31 15:24:39.440834: | **emit ISAKMP Message: Oct 31 15:24:39.440839: | initiator SPI: fc d0 e1 e7 44 dd 22 f1 Oct 31 15:24:39.440843: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:39.440846: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:39.440849: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:39.440852: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:39.440855: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:39.440859: | Message ID: 0 (00 00 00 00) Oct 31 15:24:39.440862: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:39.440880: | using existing local IKE proposals for connection northnet-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:39.440885: | Emitting ikev2_proposals ... Oct 31 15:24:39.440888: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:39.440892: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.440895: | flags: none (0x0) Oct 31 15:24:39.440900: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:39.440903: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.440909: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:39.440914: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.440917: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.440922: | prop #: 1 (01) Oct 31 15:24:39.440925: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:39.440928: | spi size: 0 (00) Oct 31 15:24:39.440932: | # transforms: 11 (0b) Oct 31 15:24:39.440936: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.440941: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.440943: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.440946: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.440948: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:39.440951: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.440954: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.440957: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.440960: | length/value: 256 (01 00) Oct 31 15:24:39.440963: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.440966: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.440968: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.440971: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.440973: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:39.440981: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.440984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.440988: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.440991: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.440994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.440998: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.441001: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:39.441004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441011: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441015: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:39.441018: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441022: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441025: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441028: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.441032: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441035: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441038: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441042: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441044: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441046: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441049: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:39.441052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441054: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441056: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441059: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441061: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441064: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441066: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:39.441069: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441074: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441077: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441080: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441085: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:39.441087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441094: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441097: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441100: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441102: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441105: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:39.441108: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441110: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441113: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441116: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441123: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:39.441126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441131: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441134: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441139: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441141: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:39.441144: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441149: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441152: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441154: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.441157: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441159: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:39.441162: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441164: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441167: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441170: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:39.441172: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.441176: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:39.441179: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.441182: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.441185: | prop #: 2 (02) Oct 31 15:24:39.441187: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:39.441190: | spi size: 0 (00) Oct 31 15:24:39.441193: | # transforms: 11 (0b) Oct 31 15:24:39.441196: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.441219: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.441224: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441230: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.441233: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:39.441236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441240: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.441243: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.441248: | length/value: 128 (00 80) Oct 31 15:24:39.441251: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.441255: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441258: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441261: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.441264: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:39.441268: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441271: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441274: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441277: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441283: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.441285: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:39.441288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441290: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441293: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441296: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:39.441298: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441301: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441303: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441305: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.441308: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441313: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441315: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441318: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441320: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441322: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:39.441325: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441327: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441330: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441332: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441336: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441339: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441341: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:39.441343: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441346: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441348: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441350: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441352: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441355: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441357: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:39.441359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441364: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441367: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441371: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441374: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:39.441376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441379: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441381: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441384: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441386: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441388: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441390: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:39.441393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441397: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441400: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441402: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441404: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441407: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:39.441409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441412: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441414: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441417: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441419: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.441422: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441424: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:39.441428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441439: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441442: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:39.441446: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.441451: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.441455: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.441459: | prop #: 3 (03) Oct 31 15:24:39.441462: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:39.441466: | spi size: 0 (00) Oct 31 15:24:39.441469: | # transforms: 13 (0d) Oct 31 15:24:39.441473: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.441476: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.441480: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441482: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441485: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.441487: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:39.441490: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441492: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.441495: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.441498: | length/value: 256 (01 00) Oct 31 15:24:39.441501: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.441504: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441506: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441509: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.441511: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:39.441514: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441517: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441519: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441522: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441525: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441527: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.441530: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:39.441532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441535: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441538: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441540: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441543: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441546: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.441548: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:39.441551: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441554: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441558: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441560: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441566: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.441568: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:39.441571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441576: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441579: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441584: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441586: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.441589: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441592: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441595: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441598: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441600: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441602: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441605: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:39.441608: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441610: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441613: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441615: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441620: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441623: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:39.441625: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441628: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441631: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441633: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441636: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441638: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441641: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:39.441643: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441646: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441648: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441651: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441654: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441658: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441660: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:39.441663: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441665: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441668: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441670: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441673: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441678: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:39.441682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441688: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441692: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441698: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441701: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:39.441705: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441711: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441714: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441718: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.441721: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441724: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:39.441727: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441733: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441736: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:39.441738: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.441742: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:39.441745: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:39.441748: | prop #: 4 (04) Oct 31 15:24:39.441750: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:39.441753: | spi size: 0 (00) Oct 31 15:24:39.441756: | # transforms: 13 (0d) Oct 31 15:24:39.441760: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:39.441764: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:39.441767: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441771: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441774: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:39.441777: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:39.441783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441786: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:39.441790: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:39.441794: | length/value: 128 (00 80) Oct 31 15:24:39.441797: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:39.441801: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441807: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.441810: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:39.441813: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441818: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441821: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441825: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:39.441828: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:39.441831: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441834: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441836: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441839: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441841: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441844: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.441846: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:39.441849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441852: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441854: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441857: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441862: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:39.441865: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:39.441868: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441870: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441873: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441876: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441881: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441883: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.441886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441893: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441896: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441898: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441903: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:39.441906: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441911: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441914: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441917: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441919: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441922: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:39.441924: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441927: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441930: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441932: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441940: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:39.441942: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441945: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441947: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441950: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441953: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441955: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441958: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:39.441960: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441963: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441965: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441968: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441975: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:39.441978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.441984: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.441987: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.441990: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.441993: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.441999: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:39.442002: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.442006: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.442009: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.442012: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:39.442016: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:39.442019: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:39.442022: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:39.442025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:39.442028: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:39.442032: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:39.442035: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:39.442038: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:39.442040: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:24:39.442043: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:39.442045: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:39.442048: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.442050: | flags: none (0x0) Oct 31 15:24:39.442053: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:39.442057: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:39.442059: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.442063: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:39.442065: | ikev2 g^x: Oct 31 15:24:39.442068: | 4b 8d 49 e4 5f 95 bd b3 69 9e a5 79 2e cd bd 82 Oct 31 15:24:39.442070: | 77 81 07 00 bf 88 5e da e4 36 b1 5e fb a1 29 ca Oct 31 15:24:39.442073: | 52 1e 86 58 62 7f 23 cd 83 37 06 b4 6d 5d 8d 1b Oct 31 15:24:39.442075: | 1e 95 64 7b f0 5b 55 52 d5 81 f5 0f e8 b4 1e cc Oct 31 15:24:39.442077: | cc 57 22 95 0a 08 0a 86 e6 d3 4b 8d 76 2c ed 9b Oct 31 15:24:39.442079: | 96 75 c9 2d 5d 8d fb 8f 1d 5d 81 50 86 44 6f 2e Oct 31 15:24:39.442082: | 51 42 1d 93 39 1f 27 2a d5 8f 0c 65 0d 90 00 95 Oct 31 15:24:39.442084: | c8 fc 6c 8d 0e 09 d8 b2 f0 02 0d 6b 1d d6 b2 29 Oct 31 15:24:39.442087: | bd b9 a8 31 1a c6 82 42 28 47 17 29 aa 70 9a d8 Oct 31 15:24:39.442090: | e8 f2 f8 6b 22 9a 07 33 d0 5e fc 95 52 8f 65 ab Oct 31 15:24:39.442093: | 56 6d 30 74 8e 2a d4 a5 0f ce 9d 30 e4 29 34 d0 Oct 31 15:24:39.442096: | 13 ae 42 b6 6b 2f 6f b5 97 0e 06 a5 6d da 29 0f Oct 31 15:24:39.442099: | 1c 5e 75 2c f8 d8 7c b6 42 d5 a1 ed 18 f6 d3 60 Oct 31 15:24:39.442102: | 87 bd 45 27 81 ec d1 85 5b 01 38 eb 9c 7f f4 29 Oct 31 15:24:39.442105: | f5 10 b5 72 63 a8 ca c7 70 eb 29 96 c5 d3 74 db Oct 31 15:24:39.442108: | d6 7a 11 e6 77 e1 de 1f eb da 16 b4 19 34 7d 26 Oct 31 15:24:39.442112: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:39.442115: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:39.442119: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.442122: | flags: none (0x0) Oct 31 15:24:39.442126: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:39.442131: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.442136: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:39.442139: | IKEv2 nonce: Oct 31 15:24:39.442142: | 4b 62 67 83 03 07 fe 67 33 41 e7 da 10 d0 a7 27 Oct 31 15:24:39.442144: | dc ff 85 9e f3 97 a7 70 4f a0 c1 3c 44 39 2e bb Oct 31 15:24:39.442147: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:39.442149: | adding a v2N Payload Oct 31 15:24:39.442152: | ***emit IKEv2 Notify Payload: Oct 31 15:24:39.442154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.442157: | flags: none (0x0) Oct 31 15:24:39.442160: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:39.442162: | SPI size: 0 (00) Oct 31 15:24:39.442165: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:39.442168: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:39.442171: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.442173: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:39.442176: | adding a v2N Payload Oct 31 15:24:39.442179: | ***emit IKEv2 Notify Payload: Oct 31 15:24:39.442182: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.442184: | flags: none (0x0) Oct 31 15:24:39.442186: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:39.442189: | SPI size: 0 (00) Oct 31 15:24:39.442192: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:39.442195: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:39.442197: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.442208: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:39.442212: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:39.442215: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:39.442218: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:39.442220: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:39.442223: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:39.442226: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:39.442229: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:39.442232: | nat: IKE.SPIr is zero Oct 31 15:24:39.442250: | natd_hash: hasher=0x5587b64b1f80(20) Oct 31 15:24:39.442253: | natd_hash: icookie= Oct 31 15:24:39.442256: | fc d0 e1 e7 44 dd 22 f1 Oct 31 15:24:39.442258: | natd_hash: rcookie= Oct 31 15:24:39.442260: | 00 00 00 00 00 00 00 00 Oct 31 15:24:39.442262: | natd_hash: ip= Oct 31 15:24:39.442265: | c0 01 03 21 Oct 31 15:24:39.442267: | natd_hash: port= Oct 31 15:24:39.442269: | 01 f4 Oct 31 15:24:39.442271: | natd_hash: hash= Oct 31 15:24:39.442274: | c4 00 19 0f a5 4e 44 d0 12 4e c7 d3 0b e4 3a 82 Oct 31 15:24:39.442276: | 63 49 ee 76 Oct 31 15:24:39.442279: | adding a v2N Payload Oct 31 15:24:39.442281: | ***emit IKEv2 Notify Payload: Oct 31 15:24:39.442284: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.442286: | flags: none (0x0) Oct 31 15:24:39.442289: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:39.442292: | SPI size: 0 (00) Oct 31 15:24:39.442295: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:39.442298: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:39.442300: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.442305: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:39.442307: | Notify data: Oct 31 15:24:39.442310: | c4 00 19 0f a5 4e 44 d0 12 4e c7 d3 0b e4 3a 82 Oct 31 15:24:39.442312: | 63 49 ee 76 Oct 31 15:24:39.442315: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:39.442318: | nat: IKE.SPIr is zero Oct 31 15:24:39.442329: | natd_hash: hasher=0x5587b64b1f80(20) Oct 31 15:24:39.442333: | natd_hash: icookie= Oct 31 15:24:39.442336: | fc d0 e1 e7 44 dd 22 f1 Oct 31 15:24:39.442339: | natd_hash: rcookie= Oct 31 15:24:39.442342: | 00 00 00 00 00 00 00 00 Oct 31 15:24:39.442345: | natd_hash: ip= Oct 31 15:24:39.442348: | c0 01 02 17 Oct 31 15:24:39.442350: | natd_hash: port= Oct 31 15:24:39.442353: | 01 f4 Oct 31 15:24:39.442356: | natd_hash: hash= Oct 31 15:24:39.442359: | 71 2d 39 78 f0 92 68 9e 8e 83 e1 51 97 b7 bd b9 Oct 31 15:24:39.442362: | 36 82 e7 4f Oct 31 15:24:39.442365: | adding a v2N Payload Oct 31 15:24:39.442368: | ***emit IKEv2 Notify Payload: Oct 31 15:24:39.442371: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:39.442374: | flags: none (0x0) Oct 31 15:24:39.442376: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:39.442379: | SPI size: 0 (00) Oct 31 15:24:39.442382: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:39.442385: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:39.442387: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:39.442390: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:39.442393: | Notify data: Oct 31 15:24:39.442395: | 71 2d 39 78 f0 92 68 9e 8e 83 e1 51 97 b7 bd b9 Oct 31 15:24:39.442398: | 36 82 e7 4f Oct 31 15:24:39.442400: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:39.442403: | emitting length of ISAKMP Message: 842 Oct 31 15:24:39.442411: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:39.442416: | #6 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:39.442420: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:39.442422: | Message ID: updating counters for #6 Oct 31 15:24:39.442425: | Message ID: IKE #6 skipping update_recv as MD is fake Oct 31 15:24:39.442432: | Message ID: IKE #6 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744553.872205 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744553.872205 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:39.442437: "northnet-eastnets/0x2" #6: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:39.442442: | event_schedule: newref EVENT_RETRANSMIT-pe@0x5587b7413c48 Oct 31 15:24:39.442445: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #6 Oct 31 15:24:39.442448: | libevent_malloc: newref ptr-libevent@0x5587b743fc78 size 128 Oct 31 15:24:39.442454: | #6 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744553.875236 Oct 31 15:24:39.442461: | Message ID: IKE #6 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744553.872205 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744553.872205 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:39.442467: | Message ID: IKE #6 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744553.872205 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744553.872205 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:39.442471: | parent state #6: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:39.442476: | announcing the state transition Oct 31 15:24:39.442480: "northnet-eastnets/0x2" #6: sent IKE_SA_INIT request Oct 31 15:24:39.442488: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #6) Oct 31 15:24:39.442491: | fc d0 e1 e7 44 dd 22 f1 00 00 00 00 00 00 00 00 Oct 31 15:24:39.442493: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:39.442496: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:39.442498: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:39.442500: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:39.442503: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:39.442505: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:39.442507: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:39.442510: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:39.442512: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:39.442514: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:39.442517: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:39.442519: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:39.442522: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:39.442524: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:39.442526: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:39.442529: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:39.442531: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:39.442534: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:39.442536: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:39.442538: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:39.442540: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:39.442542: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:39.442545: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:39.442547: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:39.442549: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:39.442552: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:39.442555: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:39.442558: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:39.442562: | 28 00 01 08 00 0e 00 00 4b 8d 49 e4 5f 95 bd b3 Oct 31 15:24:39.442565: | 69 9e a5 79 2e cd bd 82 77 81 07 00 bf 88 5e da Oct 31 15:24:39.442568: | e4 36 b1 5e fb a1 29 ca 52 1e 86 58 62 7f 23 cd Oct 31 15:24:39.442571: | 83 37 06 b4 6d 5d 8d 1b 1e 95 64 7b f0 5b 55 52 Oct 31 15:24:39.442574: | d5 81 f5 0f e8 b4 1e cc cc 57 22 95 0a 08 0a 86 Oct 31 15:24:39.442577: | e6 d3 4b 8d 76 2c ed 9b 96 75 c9 2d 5d 8d fb 8f Oct 31 15:24:39.442580: | 1d 5d 81 50 86 44 6f 2e 51 42 1d 93 39 1f 27 2a Oct 31 15:24:39.442583: | d5 8f 0c 65 0d 90 00 95 c8 fc 6c 8d 0e 09 d8 b2 Oct 31 15:24:39.442586: | f0 02 0d 6b 1d d6 b2 29 bd b9 a8 31 1a c6 82 42 Oct 31 15:24:39.442589: | 28 47 17 29 aa 70 9a d8 e8 f2 f8 6b 22 9a 07 33 Oct 31 15:24:39.442592: | d0 5e fc 95 52 8f 65 ab 56 6d 30 74 8e 2a d4 a5 Oct 31 15:24:39.442609: | 0f ce 9d 30 e4 29 34 d0 13 ae 42 b6 6b 2f 6f b5 Oct 31 15:24:39.442611: | 97 0e 06 a5 6d da 29 0f 1c 5e 75 2c f8 d8 7c b6 Oct 31 15:24:39.442614: | 42 d5 a1 ed 18 f6 d3 60 87 bd 45 27 81 ec d1 85 Oct 31 15:24:39.442616: | 5b 01 38 eb 9c 7f f4 29 f5 10 b5 72 63 a8 ca c7 Oct 31 15:24:39.442618: | 70 eb 29 96 c5 d3 74 db d6 7a 11 e6 77 e1 de 1f Oct 31 15:24:39.442621: | eb da 16 b4 19 34 7d 26 29 00 00 24 4b 62 67 83 Oct 31 15:24:39.442623: | 03 07 fe 67 33 41 e7 da 10 d0 a7 27 dc ff 85 9e Oct 31 15:24:39.442625: | f3 97 a7 70 4f a0 c1 3c 44 39 2e bb 29 00 00 08 Oct 31 15:24:39.442630: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:39.442632: | 00 04 29 00 00 1c 00 00 40 04 c4 00 19 0f a5 4e Oct 31 15:24:39.442634: | 44 d0 12 4e c7 d3 0b e4 3a 82 63 49 ee 76 00 00 Oct 31 15:24:39.442637: | 00 1c 00 00 40 05 71 2d 39 78 f0 92 68 9e 8e 83 Oct 31 15:24:39.442639: | e1 51 97 b7 bd b9 36 82 e7 4f Oct 31 15:24:39.442704: | sent 1 messages Oct 31 15:24:39.442709: | checking that a retransmit timeout_event was already Oct 31 15:24:39.442712: | state #6 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:39.442716: | libevent_free: delref ptr-libevent@0x7f43a8006108 Oct 31 15:24:39.442720: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5587b741cd48 Oct 31 15:24:39.442724: | delref logger@0x5587b743fc08(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:39.442728: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.442730: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.442734: | resume sending helper answer back to state for #6 suppresed complete_v2_state_transition() Oct 31 15:24:39.442737: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:39.442744: | #6 spent 1.86 (1.93) milliseconds in resume sending helper answer back to state Oct 31 15:24:39.442749: | stop processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:39.442752: | libevent_free: delref ptr-libevent@0x7f43ac00cc18 Oct 31 15:24:39.936652: | newref struct fd@0x5587b73f1c78(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.936671: | fd_accept: new fd-fd@0x5587b73f1c78 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:39.936686: shutting down Oct 31 15:24:39.936696: | leaking fd-fd@0x5587b73f1c78's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:24:39.936700: | delref fd@0x5587b73f1c78(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:39.936704: | freeref fd-fd@0x5587b73f1c78 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:39.936717: | shutting down helper thread 3 Oct 31 15:24:39.936759: | helper thread 3 exited Oct 31 15:24:39.936771: | shutting down helper thread 4 Oct 31 15:24:39.936802: | helper thread 4 exited Oct 31 15:24:39.936812: | shutting down helper thread 5 Oct 31 15:24:39.936837: | helper thread 5 exited Oct 31 15:24:39.936847: | shutting down helper thread 6 Oct 31 15:24:39.936868: | helper thread 6 exited Oct 31 15:24:39.936876: | shutting down helper thread 7 Oct 31 15:24:39.936900: | helper thread 7 exited Oct 31 15:24:39.936912: | shutting down helper thread 1 Oct 31 15:24:39.936921: | helper thread 1 exited Oct 31 15:24:39.936933: | shutting down helper thread 2 Oct 31 15:24:39.936958: | helper thread 2 exited Oct 31 15:24:39.936962: 7 helper threads shutdown Oct 31 15:24:39.936966: | delref root_certs@0x5587b74277d8(1->0) (in free_root_certs() at root_certs.c:127) Oct 31 15:24:39.936969: destroying root certificate cache Oct 31 15:24:39.936977: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:39.936979: forgetting secrets Oct 31 15:24:39.936993: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:39.936997: | delref pkp@0x5587b741afa8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937002: | delref pkp@0x5587b741b9d8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937005: | delref pkp@0x5587b741b638(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937008: | delref pkp@0x5587b741e148(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937011: | delref pkp@0x5587b741e038(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937013: | delref pkp@0x5587b741e388(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937020: | delref pkp@0x5587b741d908(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937025: | delref pkp@0x5587b741d748(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:39.937034: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:24:39.937037: | removing pending policy for no connection {0x5587b741ddb8} Oct 31 15:24:39.937040: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:24:39.937043: | pass 0 Oct 31 15:24:39.937045: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.937048: | state #6 Oct 31 15:24:39.937056: | start processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:39.937059: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:39.937062: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:39.937066: | pstats #6 ikev2.ike deleted other Oct 31 15:24:39.937072: | #6 main thread spent 2.03 (2.1) milliseconds helper thread spent 1.21 (1.22) milliseconds in total Oct 31 15:24:39.937077: | [RE]START processing: state #6 connection "northnet-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:39.937080: | should_send_delete: no, not established Oct 31 15:24:39.937084: "northnet-eastnets/0x2" #6: deleting state (STATE_PARENT_I1) aged 0.497704s and NOT sending notification Oct 31 15:24:39.937086: | parent state #6: PARENT_I1(half-open IKE SA) => delete Oct 31 15:24:39.937089: | unsuspending #6 MD (nil) Oct 31 15:24:39.937090: | should_send_delete: no, not established Oct 31 15:24:39.937092: | state #6 has no .st_event to delete Oct 31 15:24:39.937094: | #6 requesting EVENT_RETRANSMIT-pe@0x5587b7413c48 be deleted Oct 31 15:24:39.937098: | libevent_free: delref ptr-libevent@0x5587b743fc78 Oct 31 15:24:39.937100: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x5587b7413c48 Oct 31 15:24:39.937102: | #6 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:39.937105: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:24:39.937107: | picked newest_isakmp_sa #0 for #6 Oct 31 15:24:39.937109: "northnet-eastnets/0x2" #6: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:24:39.937112: | add revival: connection 'northnet-eastnets/0x2' added to the list and scheduled for 5 seconds Oct 31 15:24:39.937114: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Oct 31 15:24:39.937119: | in connection_discard for connection northnet-eastnets/0x2 Oct 31 15:24:39.937120: | State DB: deleting IKEv2 state #6 in PARENT_I1 Oct 31 15:24:39.937123: | parent state #6: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Oct 31 15:24:39.937125: | releasing #6's fd-fd@(nil) because deleting state Oct 31 15:24:39.937127: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.937128: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:39.937130: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:39.937142: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:39.937146: | delref logger@0x5587b74369b8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:39.937148: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.937151: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.937156: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:39.937160: | pass 1 Oct 31 15:24:39.937162: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.937170: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Oct 31 15:24:39.937177: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Oct 31 15:24:39.937181: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.937266: | priority calculation of connection "northnet-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:39.937287: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:39.937294: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.937297: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:39.937299: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.937302: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:39.937305: | route owner of "northnet-eastnets/0x2" unrouted: NULL Oct 31 15:24:39.937308: | running updown command "ipsec _updown" for verb unroute Oct 31 15:24:39.937311: | command executing unroute-client Oct 31 15:24:39.937360: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+... Oct 31 15:24:39.937365: | popen cmd is 1335 chars long Oct 31 15:24:39.937368: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:39.937370: | cmd( 80):ets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:39.937373: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:39.937375: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E: Oct 31 15:24:39.937377: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN: Oct 31 15:24:39.937380: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M: Oct 31 15:24:39.937382: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.2: Oct 31 15:24:39.937384: | cmd( 560):3' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Oct 31 15:24:39.937386: | cmd( 640):CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLI: Oct 31 15:24:39.937389: | cmd( 720):ENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='2: Oct 31 15:24:39.937391: | cmd( 800):55.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO: Oct 31 15:24:39.937393: | cmd( 880):_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+P: Oct 31 15:24:39.937395: | cmd( 960):FS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANE: Oct 31 15:24:39.937398: | cmd(1040):NT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PE: Oct 31 15:24:39.937400: | cmd(1120):ER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=': Oct 31 15:24:39.937402: | cmd(1200):0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT: Oct 31 15:24:39.937404: | cmd(1280):I_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:39.964605: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964628: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964632: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964636: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964646: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964657: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964670: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964682: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964694: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964705: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964717: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964730: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964742: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964812: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964956: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.964996: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965028: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965182: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965245: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965280: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965308: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965337: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965373: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965411: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965443: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965452: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965465: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965478: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965491: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965503: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965515: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965528: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965540: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965552: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965580: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965770: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.965861: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966010: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966041: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966068: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966230: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966270: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966301: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966329: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.966361: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:39.977905: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:39.977923: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:39.977929: | newref clone logger@0x5587b73f20d8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:39.977934: | flush revival: connection 'northnet-eastnets/0x2' revival flushed Oct 31 15:24:39.977938: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:39.977941: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:39.977956: | Connection DB: deleting connection $2 Oct 31 15:24:39.977961: | delref logger@0x5587b73f20d8(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:39.977967: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:39.977970: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:39.977974: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:24:39.977977: | pass 0 Oct 31 15:24:39.977979: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.977982: | pass 1 Oct 31 15:24:39.977984: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:39.977993: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:24:39.977999: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:24:39.978003: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.978044: | priority calculation of connection "northnet-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:39.978056: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:39.978059: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:39.978062: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:39.978066: | route owner of "northnet-eastnets/0x1" unrouted: NULL Oct 31 15:24:39.978069: | running updown command "ipsec _updown" for verb unroute Oct 31 15:24:39.978072: | command executing unroute-client Oct 31 15:24:39.978129: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ES... Oct 31 15:24:39.978133: | popen cmd is 1333 chars long Oct 31 15:24:39.978136: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:24:39.978139: | cmd( 80):ets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:39.978141: | cmd( 160): PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontari: Oct 31 15:24:39.978144: | cmd( 240):o, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E: Oct 31 15:24:39.978147: | cmd( 320):=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIEN: Oct 31 15:24:39.978149: | cmd( 400):T_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_M: Oct 31 15:24:39.978152: | cmd( 480):Y_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.2: Oct 31 15:24:39.978154: | cmd( 560):3' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Oct 31 15:24:39.978157: | cmd( 640):CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLI: Oct 31 15:24:39.978160: | cmd( 720):ENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255: Oct 31 15:24:39.978162: | cmd( 800):.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_S: Oct 31 15:24:39.978165: | cmd( 880):TACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:24:39.978167: | cmd( 960):+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT: Oct 31 15:24:39.978172: | cmd(1040):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Oct 31 15:24:39.978175: | cmd(1120):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Oct 31 15:24:39.978178: | cmd(1200): PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_: Oct 31 15:24:39.978185: | cmd(1280):SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:40.001785: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001806: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001811: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001827: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001845: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001858: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001874: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001888: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001901: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001915: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001927: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001943: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001958: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001971: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001984: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.001999: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002015: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002029: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002042: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002054: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002067: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002085: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002102: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002114: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002128: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002142: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002159: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002176: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002191: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002216: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002229: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002246: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002267: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002286: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002300: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002521: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002537: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002550: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002563: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002644: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002650: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002653: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002659: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002661: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.002665: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:40.009508: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:40.009527: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:40.009534: | newref clone logger@0x5587b741ad48(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:40.009541: | delref hp@0x5587b7412088(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:24:40.009544: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Oct 31 15:24:40.009548: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:40.009551: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:40.009586: | Connection DB: deleting connection $1 Oct 31 15:24:40.009594: | delref logger@0x5587b741ad48(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:40.009598: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:40.009601: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:40.009605: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:24:40.009607: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:24:40.009612: | iface: marking eth1 dead Oct 31 15:24:40.009615: | iface: marking eth0 dead Oct 31 15:24:40.009618: | iface: marking lo dead Oct 31 15:24:40.009620: | updating interfaces - listing interfaces that are going down Oct 31 15:24:40.009627: shutting down interface lo 127.0.0.1:4500 Oct 31 15:24:40.009634: shutting down interface lo 127.0.0.1:500 Oct 31 15:24:40.009640: shutting down interface eth0 192.0.3.254:4500 Oct 31 15:24:40.009645: shutting down interface eth0 192.0.3.254:500 Oct 31 15:24:40.009649: shutting down interface eth1 192.1.3.33:4500 Oct 31 15:24:40.009652: shutting down interface eth1 192.1.3.33:500 Oct 31 15:24:40.009655: | updating interfaces - deleting the dead Oct 31 15:24:40.009661: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:24:40.009670: | libevent_free: delref ptr-libevent@0x5587b7406a58 Oct 31 15:24:40.009675: | delref id@0x5587b740ac28(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009687: | libevent_free: delref ptr-libevent@0x5587b73ca388 Oct 31 15:24:40.009691: | delref id@0x5587b740ac28(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009699: | libevent_free: delref ptr-libevent@0x5587b73ca588 Oct 31 15:24:40.009702: | delref id@0x5587b740ab58(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009711: | libevent_free: delref ptr-libevent@0x5587b73ca488 Oct 31 15:24:40.009715: | delref id@0x5587b740ab58(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009723: | libevent_free: delref ptr-libevent@0x5587b73c6e38 Oct 31 15:24:40.009728: | delref id@0x5587b740aa28(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009735: | libevent_free: delref ptr-libevent@0x5587b73c6d38 Oct 31 15:24:40.009738: | delref id@0x5587b740aa28(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009744: | delref id@0x5587b740aa28(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009748: | delref id@0x5587b740ab58(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009751: | delref id@0x5587b740ac28(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:40.009754: | updating interfaces - checking orientation Oct 31 15:24:40.009756: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:40.011965: | libevent_free: delref ptr-libevent@0x5587b7406b08 Oct 31 15:24:40.011980: | free_event_entry: delref EVENT_NULL-pe@0x5587b7409f48 Oct 31 15:24:40.011990: | libevent_free: delref ptr-libevent@0x5587b73ca288 Oct 31 15:24:40.011993: | free_event_entry: delref EVENT_NULL-pe@0x5587b74069e8 Oct 31 15:24:40.011998: | libevent_free: delref ptr-libevent@0x5587b73ca188 Oct 31 15:24:40.012000: | free_event_entry: delref EVENT_NULL-pe@0x5587b7402fd8 Oct 31 15:24:40.012008: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:24:40.012011: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:24:40.012014: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:24:40.012017: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:24:40.012019: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:24:40.012022: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:24:40.012024: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:24:40.012026: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:24:40.012029: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:24:40.012034: | libevent_free: delref ptr-libevent@0x5587b735eb68 Oct 31 15:24:40.012037: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:24:40.012040: | libevent_free: delref ptr-libevent@0x5587b734b278 Oct 31 15:24:40.012042: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:24:40.012045: | libevent_free: delref ptr-libevent@0x5587b740a168 Oct 31 15:24:40.012048: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:24:40.012051: | libevent_free: delref ptr-libevent@0x5587b740a3a8 Oct 31 15:24:40.012054: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:24:40.012056: | releasing event base Oct 31 15:24:40.012240: | libevent_free: delref ptr-libevent@0x5587b740a278 Oct 31 15:24:40.012249: | libevent_free: delref ptr-libevent@0x5587b73c0528 Oct 31 15:24:40.012255: | libevent_free: delref ptr-libevent@0x5587b73f97f8 Oct 31 15:24:40.012258: | libevent_free: delref ptr-libevent@0x5587b7428148 Oct 31 15:24:40.012261: | libevent_free: delref ptr-libevent@0x5587b73f9848 Oct 31 15:24:40.012263: | libevent_free: delref ptr-libevent@0x5587b73fd9c8 Oct 31 15:24:40.012266: | libevent_free: delref ptr-libevent@0x5587b73fd7d8 Oct 31 15:24:40.012273: | libevent_free: delref ptr-libevent@0x5587b73f9888 Oct 31 15:24:40.012275: | libevent_free: delref ptr-libevent@0x5587b73fd5e8 Oct 31 15:24:40.012277: | libevent_free: delref ptr-libevent@0x5587b73fcfa8 Oct 31 15:24:40.012280: | libevent_free: delref ptr-libevent@0x5587b740b708 Oct 31 15:24:40.012282: | libevent_free: delref ptr-libevent@0x5587b740b6c8 Oct 31 15:24:40.012284: | libevent_free: delref ptr-libevent@0x5587b740b688 Oct 31 15:24:40.012286: | libevent_free: delref ptr-libevent@0x5587b740b648 Oct 31 15:24:40.012288: | libevent_free: delref ptr-libevent@0x5587b740b608 Oct 31 15:24:40.012291: | libevent_free: delref ptr-libevent@0x5587b740ae98 Oct 31 15:24:40.012293: | libevent_free: delref ptr-libevent@0x5587b73effc8 Oct 31 15:24:40.012295: | libevent_free: delref ptr-libevent@0x5587b740a128 Oct 31 15:24:40.012297: | libevent_free: delref ptr-libevent@0x5587b740a0e8 Oct 31 15:24:40.012300: | libevent_free: delref ptr-libevent@0x5587b73fd628 Oct 31 15:24:40.012302: | libevent_free: delref ptr-libevent@0x5587b740a238 Oct 31 15:24:40.012304: | libevent_free: delref ptr-libevent@0x5587b7409fb8 Oct 31 15:24:40.012307: | libevent_free: delref ptr-libevent@0x5587b73cc7c8 Oct 31 15:24:40.012310: | libevent_free: delref ptr-libevent@0x5587b73cc748 Oct 31 15:24:40.012312: | libevent_free: delref ptr-libevent@0x5587b73c2e58 Oct 31 15:24:40.012314: | releasing global libevent data Oct 31 15:24:40.012317: | libevent_free: delref ptr-libevent@0x5587b735b998 Oct 31 15:24:40.012320: | libevent_free: delref ptr-libevent@0x5587b73c02d8 Oct 31 15:24:40.012322: | libevent_free: delref ptr-libevent@0x5587b73cc848 Oct 31 15:24:40.012382: leak detective found no leaks