Oct 31 15:24:52.284627: | newref logger@0x562b969f1bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:52.284818: | delref logger@0x562b969f1bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:52.284824: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:52.284825: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:52.284829: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:52.285019: Initializing NSS Oct 31 15:24:52.285027: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:52.332272: FIPS Mode: NO Oct 31 15:24:52.332292: NSS crypto library initialized Oct 31 15:24:52.332324: FIPS mode disabled for pluto daemon Oct 31 15:24:52.332328: FIPS HMAC integrity support [disabled] Oct 31 15:24:52.332463: libcap-ng support [enabled] Oct 31 15:24:52.332475: Linux audit support [enabled] Oct 31 15:24:52.332497: Linux audit activated Oct 31 15:24:52.332505: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2150814 Oct 31 15:24:52.332508: core dump dir: /tmp Oct 31 15:24:52.332510: secrets file: /etc/ipsec.secrets Oct 31 15:24:52.332512: leak-detective enabled Oct 31 15:24:52.332514: NSS crypto [enabled] Oct 31 15:24:52.332515: XAUTH PAM support [enabled] Oct 31 15:24:52.332605: | libevent is using pluto's memory allocator Oct 31 15:24:52.332613: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:52.332628: | libevent_malloc: newref ptr-libevent@0x562b96a77678 size 40 Oct 31 15:24:52.332632: | libevent_malloc: newref ptr-libevent@0x562b96a07538 size 40 Oct 31 15:24:52.332639: | libevent_malloc: newref ptr-libevent@0x562b96a77b58 size 40 Oct 31 15:24:52.332642: | creating event base Oct 31 15:24:52.332645: | libevent_malloc: newref ptr-libevent@0x562b96a77e58 size 56 Oct 31 15:24:52.332648: | libevent_malloc: newref ptr-libevent@0x562b96a6e318 size 664 Oct 31 15:24:52.332660: | libevent_malloc: newref ptr-libevent@0x562b96aa4ca8 size 24 Oct 31 15:24:52.332663: | libevent_malloc: newref ptr-libevent@0x562b96aa4cf8 size 384 Oct 31 15:24:52.332674: | libevent_malloc: newref ptr-libevent@0x562b96aa4ea8 size 16 Oct 31 15:24:52.332677: | libevent_malloc: newref ptr-libevent@0x562b96a77ad8 size 40 Oct 31 15:24:52.332680: | libevent_malloc: newref ptr-libevent@0x562b96a77338 size 48 Oct 31 15:24:52.332686: | libevent_realloc: newref ptr-libevent@0x562b96a9b478 size 256 Oct 31 15:24:52.332692: | libevent_malloc: newref ptr-libevent@0x562b96aa4ee8 size 16 Oct 31 15:24:52.332698: | libevent_free: delref ptr-libevent@0x562b96a77e58 Oct 31 15:24:52.332701: | libevent initialized Oct 31 15:24:52.332706: | libevent_realloc: newref ptr-libevent@0x562b96a77e58 size 64 Oct 31 15:24:52.332710: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:52.332717: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:52.332719: NAT-Traversal support [enabled] Oct 31 15:24:52.332722: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:52.332728: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:52.332735: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:52.332754: | checking IKEv1 state table Oct 31 15:24:52.332765: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.332769: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:52.332774: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.332776: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:52.332779: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:52.332782: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:52.332784: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.332787: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.332791: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:52.332802: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:52.332805: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.332807: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.332810: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:52.332812: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:52.332815: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:52.332817: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:52.332820: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:52.332823: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:52.332825: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:52.332828: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:52.332831: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:52.332833: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:52.332836: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:52.332839: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:52.332845: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.332848: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:52.332850: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.332852: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:52.332855: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:52.332858: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:52.332860: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:52.332862: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:52.332865: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:52.332867: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:52.332870: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:52.332873: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:52.332876: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:52.332878: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:52.332882: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:52.332884: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:52.332887: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:52.332892: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:52.332896: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:52.332899: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:52.332901: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:52.332904: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:52.332906: | INFO: category: informational; flags: 0: Oct 31 15:24:52.332908: | -> INFO EVENT_NULL (informational) Oct 31 15:24:52.332911: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:52.332913: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:52.332916: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.332918: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:52.332920: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:52.332923: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:52.332925: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:52.332930: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:52.332934: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:52.332936: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:52.332939: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:52.332941: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:52.332944: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.332946: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:52.332949: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.332951: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:52.332957: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.332960: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:52.332966: | checking IKEv2 state table Oct 31 15:24:52.332971: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.332976: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:52.332983: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.332987: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:52.332991: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.332993: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:52.332996: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:52.332999: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:52.333001: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.333004: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:52.333011: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:52.333014: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:52.333016: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:52.333020: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:52.333022: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:52.333025: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:52.333030: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:52.333033: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:52.333036: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:52.333038: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:52.333041: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.333043: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:52.333049: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.333052: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:52.333055: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:52.333057: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:52.333059: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:52.333062: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.333064: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:52.333067: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.333070: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:52.333073: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.333076: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:52.333079: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.333081: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:52.333085: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.333092: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:52.333097: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:52.333100: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:52.333102: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:52.333104: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:52.333107: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:52.333110: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:52.333112: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:52.333115: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:52.333117: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:52.333121: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:52.333124: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:52.333127: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:52.333259: Encryption algorithms: Oct 31 15:24:52.333272: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:52.333278: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:52.333282: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:52.333287: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:52.333292: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:52.333297: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:52.333302: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:52.333306: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:52.333311: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:52.333316: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:52.333320: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:52.333325: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:52.333328: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:52.333333: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:52.333335: Hash algorithms: Oct 31 15:24:52.333338: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:52.333342: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:52.333346: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:52.333349: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:52.333352: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:52.333354: PRF algorithms: Oct 31 15:24:52.333358: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:52.333361: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:52.333365: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:52.333372: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:52.333375: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:52.333378: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:52.333380: Integrity algorithms: Oct 31 15:24:52.333384: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:52.333387: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:52.333391: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:52.333394: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:52.333399: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:52.333401: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:52.333405: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:52.333408: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:52.333411: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:52.333413: DH algorithms: Oct 31 15:24:52.333417: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:52.333421: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:52.333424: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:52.333427: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:52.333430: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:52.333433: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:52.333436: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:52.333439: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:52.333443: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:52.333446: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:52.333449: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:52.333451: testing CAMELLIA_CBC: Oct 31 15:24:52.333454: Camellia: 16 bytes with 128-bit key Oct 31 15:24:52.333533: Camellia: 16 bytes with 128-bit key Oct 31 15:24:52.333571: Camellia: 16 bytes with 256-bit key Oct 31 15:24:52.333625: Camellia: 16 bytes with 256-bit key Oct 31 15:24:52.333669: testing AES_GCM_16: Oct 31 15:24:52.333676: empty string Oct 31 15:24:52.333715: one block Oct 31 15:24:52.333754: two blocks Oct 31 15:24:52.333797: two blocks with associated data Oct 31 15:24:52.333842: testing AES_CTR: Oct 31 15:24:52.333847: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:52.333891: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:52.333935: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:52.333983: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:52.334030: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:52.334070: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:52.334118: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:52.334152: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:52.334186: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:52.334237: testing AES_CBC: Oct 31 15:24:52.334245: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:52.334274: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:52.334303: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:52.334333: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:52.334377: testing AES_XCBC: Oct 31 15:24:52.334381: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:52.334489: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:52.334570: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:52.334708: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:52.334871: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:52.334999: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:52.335147: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:52.335388: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:52.335472: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:52.335554: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:52.335770: testing HMAC_MD5: Oct 31 15:24:52.335777: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:52.336066: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:52.336257: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:52.336410: 8 CPU cores online Oct 31 15:24:52.336414: starting up 7 helper threads Oct 31 15:24:52.336451: started thread for helper 0 Oct 31 15:24:52.336459: | starting helper thread 1 Oct 31 15:24:52.336465: seccomp security disabled for crypto helper 1 Oct 31 15:24:52.336469: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:52.336473: | helper thread 1 has nothing to do Oct 31 15:24:52.336479: started thread for helper 1 Oct 31 15:24:52.336496: started thread for helper 2 Oct 31 15:24:52.336500: | starting helper thread 3 Oct 31 15:24:52.336505: seccomp security disabled for crypto helper 3 Oct 31 15:24:52.336508: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:52.336510: | helper thread 3 has nothing to do Oct 31 15:24:52.336517: started thread for helper 3 Oct 31 15:24:52.336520: | starting helper thread 4 Oct 31 15:24:52.336524: seccomp security disabled for crypto helper 4 Oct 31 15:24:52.336527: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:52.336529: | helper thread 4 has nothing to do Oct 31 15:24:52.336537: started thread for helper 4 Oct 31 15:24:52.336541: | starting helper thread 5 Oct 31 15:24:52.336544: seccomp security disabled for crypto helper 5 Oct 31 15:24:52.336547: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:52.336550: | helper thread 5 has nothing to do Oct 31 15:24:52.336557: started thread for helper 5 Oct 31 15:24:52.336561: | starting helper thread 6 Oct 31 15:24:52.336564: seccomp security disabled for crypto helper 6 Oct 31 15:24:52.336564: | starting helper thread 2 Oct 31 15:24:52.336576: seccomp security disabled for crypto helper 2 Oct 31 15:24:52.336581: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:52.336584: | helper thread 2 has nothing to do Oct 31 15:24:52.336594: started thread for helper 6 Oct 31 15:24:52.336567: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:52.336621: | helper thread 6 has nothing to do Oct 31 15:24:52.336651: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:52.336718: | Hard-wiring algorithms Oct 31 15:24:52.336724: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:52.336731: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:52.336734: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:52.336737: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:52.336740: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:52.336742: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:52.336745: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:52.336747: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:52.336750: | adding AES_CTR to kernel algorithm db Oct 31 15:24:52.336752: | adding AES_CBC to kernel algorithm db Oct 31 15:24:52.336754: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:52.336760: | adding NULL to kernel algorithm db Oct 31 15:24:52.336763: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:52.336770: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:52.336772: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:52.336775: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:52.336777: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:52.336780: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:52.336782: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:52.336784: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:52.336787: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:52.336789: | adding NONE to kernel algorithm db Oct 31 15:24:52.336815: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:52.336824: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:52.336826: | setup kernel fd callback Oct 31 15:24:52.336830: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x562b96aaffd8 Oct 31 15:24:52.336833: | libevent_malloc: newref ptr-libevent@0x562b96a755e8 size 128 Oct 31 15:24:52.336837: | libevent_malloc: newref ptr-libevent@0x562b96aa8ce8 size 16 Oct 31 15:24:52.336848: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x562b96ab1ff8 Oct 31 15:24:52.336852: | libevent_malloc: newref ptr-libevent@0x562b96a75698 size 128 Oct 31 15:24:52.336855: | libevent_malloc: newref ptr-libevent@0x562b96aa86a8 size 16 Oct 31 15:24:52.337110: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:52.337210: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:52.337411: | unbound context created - setting debug level to 5 Oct 31 15:24:52.337449: | /etc/hosts lookups activated Oct 31 15:24:52.337466: | /etc/resolv.conf usage activated Oct 31 15:24:52.337517: | outgoing-port-avoid set 0-65535 Oct 31 15:24:52.337545: | outgoing-port-permit set 32768-60999 Oct 31 15:24:52.337547: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:52.337550: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:52.337553: | Setting up events, loop start Oct 31 15:24:52.337556: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x562b96ab55d8 Oct 31 15:24:52.337559: | libevent_malloc: newref ptr-libevent@0x562b96ab2118 size 128 Oct 31 15:24:52.337563: | libevent_malloc: newref ptr-libevent@0x562b96aa90c8 size 16 Oct 31 15:24:52.337569: | libevent_realloc: newref ptr-libevent@0x562b96ab5648 size 256 Oct 31 15:24:52.337571: | libevent_malloc: newref ptr-libevent@0x562b96aa8d28 size 8 Oct 31 15:24:52.337574: | libevent_realloc: newref ptr-libevent@0x562b96aa8368 size 144 Oct 31 15:24:52.337576: | libevent_malloc: newref ptr-libevent@0x562b96a08548 size 152 Oct 31 15:24:52.337580: | libevent_malloc: newref ptr-libevent@0x562b96aa8ed8 size 16 Oct 31 15:24:52.337584: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:52.337588: | libevent_malloc: newref ptr-libevent@0x562b96ab5778 size 8 Oct 31 15:24:52.337594: | libevent_malloc: newref ptr-libevent@0x562b96a07598 size 152 Oct 31 15:24:52.337597: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:52.337603: | libevent_malloc: newref ptr-libevent@0x562b96ab57b8 size 8 Oct 31 15:24:52.337606: | libevent_malloc: newref ptr-libevent@0x562b96ab57f8 size 152 Oct 31 15:24:52.337608: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:52.337610: | libevent_malloc: newref ptr-libevent@0x562b96ab58c8 size 8 Oct 31 15:24:52.337613: | libevent_realloc: delref ptr-libevent@0x562b96aa8368 Oct 31 15:24:52.337615: | libevent_realloc: newref ptr-libevent@0x562b96ab5908 size 256 Oct 31 15:24:52.337617: | libevent_malloc: newref ptr-libevent@0x562b96ab5a38 size 152 Oct 31 15:24:52.337620: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:52.337965: | created addconn helper (pid:2150880) using fork+execve Oct 31 15:24:52.337985: | forked child 2150880 Oct 31 15:24:52.337998: seccomp security disabled Oct 31 15:24:52.348878: | starting helper thread 7 Oct 31 15:24:52.348897: seccomp security disabled for crypto helper 7 Oct 31 15:24:52.348904: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:52.348910: | helper thread 7 has nothing to do Oct 31 15:24:52.353379: | newref struct fd@0x562b96ab5b98(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.353394: | fd_accept: new fd-fd@0x562b96ab5b98 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.353412: | whack: options (impair|debug) Oct 31 15:24:52.353420: | old debugging base+cpu-usage + none Oct 31 15:24:52.353422: | new debugging = base+cpu-usage Oct 31 15:24:52.353429: | delref fd@0x562b96ab5b98(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.353436: | freeref fd-fd@0x562b96ab5b98 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.353444: | spent 0.074 (0.0739) milliseconds in whack Oct 31 15:24:52.378516: | newref struct fd@0x562b96ab5bd8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.378532: | fd_accept: new fd-fd@0x562b96ab5bd8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.378617: | whack: delete 'north-eastnets/0x1' Oct 31 15:24:52.378626: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.378629: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:52.378632: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.378634: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:52.378637: | whack: connection 'north-eastnets/0x1' Oct 31 15:24:52.378641: | addref fd@0x562b96ab5bd8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:52.378650: | newref string logger@0x562b96aa9488(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:52.378656: | Connection DB: adding connection "north-eastnets/0x1" $1 Oct 31 15:24:52.378663: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.378674: | added new connection north-eastnets/0x1 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:52.378709: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Oct 31 15:24:52.378712: | from whack: got --esp=aes128-sha2_512;modp3072 Oct 31 15:24:52.378734: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Oct 31 15:24:52.378786: | computed rsa CKAID Oct 31 15:24:52.378790: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.378792: | 88 aa 7c 5d Oct 31 15:24:52.378800: | keyid: *AQPl33O2P Oct 31 15:24:52.378802: | size: 274 Oct 31 15:24:52.378804: | n Oct 31 15:24:52.378806: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:52.378808: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:52.378810: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:52.378812: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:52.378814: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:52.378816: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:52.378818: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:52.378820: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:52.378822: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:52.378829: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:52.378831: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:52.378833: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:52.378835: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:52.378837: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:52.378839: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:52.378841: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:52.378843: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:52.378845: | a5 99 Oct 31 15:24:52.378847: | e Oct 31 15:24:52.378849: | 03 Oct 31 15:24:52.378851: | CKAID Oct 31 15:24:52.378853: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.378855: | 88 aa 7c 5d Oct 31 15:24:52.378862: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key Oct 31 15:24:52.378990: | spent 0.119 (0.119) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.378999: | no private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d: can't find the private key matching the NSS CKAID Oct 31 15:24:52.379003: | counting wild cards for @north is 0 Oct 31 15:24:52.379025: | computed rsa CKAID Oct 31 15:24:52.379030: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.379259: | 8a 82 25 f1 Oct 31 15:24:52.379273: | keyid: *AQO9bJbr3 Oct 31 15:24:52.379276: | size: 274 Oct 31 15:24:52.379278: | n Oct 31 15:24:52.379280: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:52.379282: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:52.379284: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:52.379286: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:52.379288: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:52.379290: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:52.379292: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:52.379294: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:52.379296: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:52.379298: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:52.379300: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:52.379302: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:52.379304: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:52.379306: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:52.379308: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:52.379309: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:52.379311: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:52.379313: | 48 ef Oct 31 15:24:52.379315: | e Oct 31 15:24:52.379318: | 03 Oct 31 15:24:52.379319: | CKAID Oct 31 15:24:52.379321: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.379322: | 8a 82 25 f1 Oct 31 15:24:52.379326: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:52.379429: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:52.379877: | copying key using reference slot Oct 31 15:24:52.383298: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:52.383316: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:52.383328: | spent 2.68 (3.99) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.383398: connection "north-eastnets/0x1": loaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:52.383405: | counting wild cards for @east is 0 Oct 31 15:24:52.383412: | updating connection from left.host_addr Oct 31 15:24:52.383416: | right host_nexthop 192.1.3.33 Oct 31 15:24:52.383425: | left host_port 500 Oct 31 15:24:52.383428: | updating connection from right.host_addr Oct 31 15:24:52.383432: | left host_nexthop 192.1.2.23 Oct 31 15:24:52.383434: | right host_port 500 Oct 31 15:24:52.383441: | orienting north-eastnets/0x1 Oct 31 15:24:52.383446: added IKEv2 connection "north-eastnets/0x1" Oct 31 15:24:52.383461: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:52.383473: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:52.383477: | delref logger@0x562b96aa9488(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:52.383481: | delref fd@0x562b96ab5bd8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:52.383483: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:52.383488: | delref fd@0x562b96ab5bd8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.383495: | freeref fd-fd@0x562b96ab5bd8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.383501: | spent 3.34 (5) milliseconds in whack Oct 31 15:24:52.383583: | newref struct fd@0x562b96ab7c48(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.383588: | fd_accept: new fd-fd@0x562b96ab7c48 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.383661: | whack: key Oct 31 15:24:52.383669: add keyid @north Oct 31 15:24:52.383672: | 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Oct 31 15:24:52.383674: | 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Oct 31 15:24:52.383677: | 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Oct 31 15:24:52.383679: | 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Oct 31 15:24:52.383681: | 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Oct 31 15:24:52.383683: | f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Oct 31 15:24:52.383686: | 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Oct 31 15:24:52.383688: | c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Oct 31 15:24:52.383690: | cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Oct 31 15:24:52.383692: | 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Oct 31 15:24:52.383694: | 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Oct 31 15:24:52.383696: | 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Oct 31 15:24:52.383699: | ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Oct 31 15:24:52.383701: | 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Oct 31 15:24:52.383703: | 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Oct 31 15:24:52.383705: | 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Oct 31 15:24:52.383707: | f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Oct 31 15:24:52.383709: | c7 5e a5 99 Oct 31 15:24:52.383788: | computed rsa CKAID Oct 31 15:24:52.383793: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.383796: | 88 aa 7c 5d Oct 31 15:24:52.383801: | keyid: *AQPl33O2P Oct 31 15:24:52.383804: | size: 274 Oct 31 15:24:52.383806: | n Oct 31 15:24:52.383808: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:52.383810: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:52.383812: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:52.383814: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:52.383816: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:52.383818: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:52.383820: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:52.383822: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:52.383824: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:52.383826: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:52.383828: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:52.383830: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:52.383835: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:52.383837: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:52.383839: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:52.383841: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:52.383843: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:52.383845: | a5 99 Oct 31 15:24:52.383847: | e Oct 31 15:24:52.383849: | 03 Oct 31 15:24:52.383851: | CKAID Oct 31 15:24:52.383853: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.383855: | 88 aa 7c 5d Oct 31 15:24:52.383859: | newref struct pubkey@0x562b96abbc98(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:52.383862: | addref pk@0x562b96abbc98(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:52.383865: | delref pkp@0x562b96abbc98(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:52.383869: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.383922: | spent 0.0513 (0.0513) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.383927: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:52.383930: | delref fd@0x562b96ab7c48(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.383939: | freeref fd-fd@0x562b96ab7c48 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.383943: | spent 0.256 (0.365) milliseconds in whack Oct 31 15:24:52.384000: | newref struct fd@0x562b96aa91a8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.384005: | fd_accept: new fd-fd@0x562b96aa91a8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.384014: | whack: key Oct 31 15:24:52.384018: add keyid @east Oct 31 15:24:52.384021: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:52.384023: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:52.384026: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:52.384028: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:52.384031: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:52.384033: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:52.384036: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:52.384038: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:52.384040: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:52.384042: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:52.384044: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:52.384046: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:52.384048: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:52.384050: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:52.384053: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:52.384055: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:52.384057: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:52.384059: | 51 51 48 ef Oct 31 15:24:52.384070: | computed rsa CKAID Oct 31 15:24:52.384073: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.384075: | 8a 82 25 f1 Oct 31 15:24:52.384080: | keyid: *AQO9bJbr3 Oct 31 15:24:52.384083: | size: 274 Oct 31 15:24:52.384085: | n Oct 31 15:24:52.384087: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:52.384089: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:52.384092: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:52.384094: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:52.384096: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:52.384099: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:52.384101: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:52.384103: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:52.384106: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:52.384111: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:52.384114: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:52.384116: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:52.384118: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:52.384121: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:52.384123: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:52.384125: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:52.384127: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:52.384130: | 48 ef Oct 31 15:24:52.384131: | e Oct 31 15:24:52.384133: | 03 Oct 31 15:24:52.384136: | CKAID Oct 31 15:24:52.384138: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.384140: | 8a 82 25 f1 Oct 31 15:24:52.384143: | newref struct pubkey@0x562b96abbf38(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:52.384147: | addref pk@0x562b96abbf38(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:52.384150: | delref pkp@0x562b96abbf38(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:52.384154: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.384156: | matched Oct 31 15:24:52.384158: | secrets entry for ckaid already exists Oct 31 15:24:52.384164: | spent 0.00858 (0.00823) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.384167: | delref fd@0x562b96aa91a8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.384173: | freeref fd-fd@0x562b96aa91a8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.384178: | spent 0.184 (0.184) milliseconds in whack Oct 31 15:24:52.384233: | newref struct fd@0x562b96aa9488(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.384242: | fd_accept: new fd-fd@0x562b96aa9488 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.384250: | whack: delete 'north-eastnets/0x2' Oct 31 15:24:52.384253: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.384256: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:52.384259: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.384261: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:52.384263: | whack: connection 'north-eastnets/0x2' Oct 31 15:24:52.384267: | addref fd@0x562b96aa9488(1->2) (in string_logger() at log.c:838) Oct 31 15:24:52.384270: | newref string logger@0x562b96ab6168(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:52.384273: | Connection DB: adding connection "north-eastnets/0x2" $2 Oct 31 15:24:52.384279: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.384286: | added new connection north-eastnets/0x2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:52.384313: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Oct 31 15:24:52.384316: | from whack: got --esp=aes128-sha2_512;modp3072 Oct 31 15:24:52.384333: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Oct 31 15:24:52.384351: | computed rsa CKAID Oct 31 15:24:52.384353: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.384355: | 88 aa 7c 5d Oct 31 15:24:52.384360: | keyid: *AQPl33O2P Oct 31 15:24:52.384362: | size: 274 Oct 31 15:24:52.384364: | n Oct 31 15:24:52.384366: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:52.384368: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:52.384436: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:52.384438: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:52.384439: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:52.384441: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:52.384442: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:52.384444: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:52.384448: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:52.384449: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:52.384451: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:52.384452: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:52.384454: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:52.384455: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:52.384457: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:52.384458: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:52.384460: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:52.384461: | a5 99 Oct 31 15:24:52.384463: | e Oct 31 15:24:52.384464: | 03 Oct 31 15:24:52.384466: | CKAID Oct 31 15:24:52.384467: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.384469: | 88 aa 7c 5d Oct 31 15:24:52.384473: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key Oct 31 15:24:52.384477: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.384518: | spent 0.0393 (0.0392) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.384526: | no private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d: can't find the private key matching the NSS CKAID Oct 31 15:24:52.384531: | counting wild cards for @north is 0 Oct 31 15:24:52.384550: | computed rsa CKAID Oct 31 15:24:52.384553: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.384555: | 8a 82 25 f1 Oct 31 15:24:52.384560: | keyid: *AQO9bJbr3 Oct 31 15:24:52.384563: | size: 274 Oct 31 15:24:52.384565: | n Oct 31 15:24:52.384568: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:52.384570: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:52.384573: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:52.384575: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:52.384578: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:52.384580: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:52.384582: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:52.384584: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:52.384585: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:52.384586: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:52.384588: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:52.384589: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:52.384590: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:52.384592: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:52.384593: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:52.384594: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:52.384596: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:52.384597: | 48 ef Oct 31 15:24:52.384598: | e Oct 31 15:24:52.384600: | 03 Oct 31 15:24:52.384601: | CKAID Oct 31 15:24:52.384602: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.384604: | 8a 82 25 f1 Oct 31 15:24:52.384607: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:52.384610: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.384612: | matched Oct 31 15:24:52.384613: | secrets entry for ckaid already exists Oct 31 15:24:52.384616: | spent 0.00521 (0.00502) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.384618: | counting wild cards for @east is 0 Oct 31 15:24:52.384621: | updating connection from left.host_addr Oct 31 15:24:52.384623: | right host_nexthop 192.1.3.33 Oct 31 15:24:52.384629: | left host_port 500 Oct 31 15:24:52.384635: | updating connection from right.host_addr Oct 31 15:24:52.384639: | left host_nexthop 192.1.2.23 Oct 31 15:24:52.384644: | right host_port 500 Oct 31 15:24:52.384648: | orienting north-eastnets/0x2 Oct 31 15:24:52.384651: added IKEv2 connection "north-eastnets/0x2" Oct 31 15:24:52.384662: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:52.384674: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.22.0/24 Oct 31 15:24:52.384678: | delref logger@0x562b96ab6168(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:52.384681: | delref fd@0x562b96aa9488(2->1) (in free_logger() at log.c:853) Oct 31 15:24:52.384684: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:52.384688: | delref fd@0x562b96aa9488(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.384692: | freeref fd-fd@0x562b96aa9488 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.384696: | spent 0.406 (0.468) milliseconds in whack Oct 31 15:24:52.384800: | newref struct fd@0x562b96abb278(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.384809: | fd_accept: new fd-fd@0x562b96abb278 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.384821: | whack: key Oct 31 15:24:52.384826: | delref pkp@0x562b96abbc98(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:52.384830: add keyid @north Oct 31 15:24:52.384833: | 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Oct 31 15:24:52.384836: | 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Oct 31 15:24:52.384838: | 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Oct 31 15:24:52.384840: | 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Oct 31 15:24:52.384843: | 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Oct 31 15:24:52.384845: | f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Oct 31 15:24:52.384847: | 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Oct 31 15:24:52.384850: | c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Oct 31 15:24:52.384852: | cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Oct 31 15:24:52.384854: | 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Oct 31 15:24:52.384856: | 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Oct 31 15:24:52.384858: | 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Oct 31 15:24:52.384861: | ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Oct 31 15:24:52.384863: | 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Oct 31 15:24:52.384865: | 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Oct 31 15:24:52.384867: | 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Oct 31 15:24:52.384869: | f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Oct 31 15:24:52.384871: | c7 5e a5 99 Oct 31 15:24:52.384881: | computed rsa CKAID Oct 31 15:24:52.384884: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.384886: | 88 aa 7c 5d Oct 31 15:24:52.384891: | keyid: *AQPl33O2P Oct 31 15:24:52.384894: | size: 274 Oct 31 15:24:52.384896: | n Oct 31 15:24:52.384898: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:52.384900: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:52.384903: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:52.384905: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:52.384907: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:52.384909: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:52.384911: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:52.384914: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:52.384916: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:52.384919: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:52.384921: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:52.384924: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:52.384926: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:52.384933: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:52.384936: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:52.384938: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:52.384940: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:52.384942: | a5 99 Oct 31 15:24:52.384944: | e Oct 31 15:24:52.384946: | 03 Oct 31 15:24:52.384948: | CKAID Oct 31 15:24:52.384950: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:52.384953: | 88 aa 7c 5d Oct 31 15:24:52.384956: | newref struct pubkey@0x562b96abb2b8(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:52.384960: | addref pk@0x562b96abb2b8(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:52.384963: | delref pkp@0x562b96abb2b8(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:52.384967: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.385013: | spent 0.0444 (0.0444) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.385018: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:52.385021: | delref fd@0x562b96abb278(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.385029: | freeref fd-fd@0x562b96abb278 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.385033: | spent 0.247 (0.298) milliseconds in whack Oct 31 15:24:52.385078: | newref struct fd@0x562b96ab5c18(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.385082: | fd_accept: new fd-fd@0x562b96ab5c18 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.385091: | whack: key Oct 31 15:24:52.385095: | delref pkp@0x562b96abbf38(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:52.385098: add keyid @east Oct 31 15:24:52.385100: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:52.385102: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:52.385104: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:52.385106: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:52.385109: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:52.385111: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:52.385113: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:52.385115: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:52.385117: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:52.385119: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:52.385121: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:52.385123: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:52.385125: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:52.385127: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:52.385129: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:52.385132: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:52.385134: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:52.385136: | 51 51 48 ef Oct 31 15:24:52.385145: | computed rsa CKAID Oct 31 15:24:52.385148: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.385150: | 8a 82 25 f1 Oct 31 15:24:52.385155: | keyid: *AQO9bJbr3 Oct 31 15:24:52.385158: | size: 274 Oct 31 15:24:52.385159: | n Oct 31 15:24:52.385162: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:52.385164: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:52.385166: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:52.385168: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:52.385170: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:52.385172: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:52.385174: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:52.385176: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:52.385181: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:52.385183: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:52.385185: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:52.385188: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:52.385190: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:52.385192: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:52.385194: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:52.385196: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:52.385271: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:52.385279: | 48 ef Oct 31 15:24:52.385282: | e Oct 31 15:24:52.385284: | 03 Oct 31 15:24:52.385287: | CKAID Oct 31 15:24:52.385289: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.385291: | 8a 82 25 f1 Oct 31 15:24:52.385295: | newref struct pubkey@0x562b96ab5c58(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:52.385298: | addref pk@0x562b96ab5c58(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:52.385302: | delref pkp@0x562b96ab5c58(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:52.385306: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.385309: | matched Oct 31 15:24:52.385311: | secrets entry for ckaid already exists Oct 31 15:24:52.385316: | spent 0.00859 (0.00836) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.385320: | delref fd@0x562b96ab5c18(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.385328: | freeref fd-fd@0x562b96ab5c18 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.385333: | spent 0.212 (0.26) milliseconds in whack Oct 31 15:24:52.385381: | newref struct fd@0x562b96ab5da8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.385387: | fd_accept: new fd-fd@0x562b96ab5da8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.385396: | whack: listen Oct 31 15:24:52.385398: listening for IKE messages Oct 31 15:24:52.385461: | Inspecting interface lo Oct 31 15:24:52.385469: | found lo with address 127.0.0.1 Oct 31 15:24:52.385472: | Inspecting interface eth0 Oct 31 15:24:52.385477: | found eth0 with address 192.0.2.254 Oct 31 15:24:52.385479: | Inspecting interface eth0 Oct 31 15:24:52.385483: | found eth0 with address 192.0.22.251 Oct 31 15:24:52.385485: | Inspecting interface eth0 Oct 31 15:24:52.385488: | found eth0 with address 192.0.22.254 Oct 31 15:24:52.385490: | Inspecting interface eth0 Oct 31 15:24:52.385494: | found eth0 with address 192.0.2.251 Oct 31 15:24:52.385496: | Inspecting interface eth1 Oct 31 15:24:52.385499: | found eth1 with address 192.1.2.23 Oct 31 15:24:52.385508: | newref struct iface_dev@0x562b96ab5f68(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.385525: Kernel supports NIC esp-hw-offload Oct 31 15:24:52.385534: | iface: marking eth1 add Oct 31 15:24:52.385538: | newref struct iface_dev@0x562b96ab77a8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.385542: | iface: marking eth0 add Oct 31 15:24:52.385545: | newref struct iface_dev@0x562b96ab7838(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.385548: | iface: marking eth0 add Oct 31 15:24:52.385551: | newref struct iface_dev@0x562b96ab78c8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.385554: | iface: marking eth0 add Oct 31 15:24:52.385557: | newref struct iface_dev@0x562b96ab7958(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.385560: | iface: marking eth0 add Oct 31 15:24:52.385563: | newref struct iface_dev@0x562b96ab79e8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.385566: | iface: marking lo add Oct 31 15:24:52.385635: | no interfaces to sort Oct 31 15:24:52.385653: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:52.385667: | addref ifd@0x562b96ab5f68(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385675: adding UDP interface eth1 192.1.2.23:500 Oct 31 15:24:52.385691: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:52.385703: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.385708: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.385712: | addref ifd@0x562b96ab5f68(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385716: adding UDP interface eth1 192.1.2.23:4500 Oct 31 15:24:52.385731: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:52.385740: | addref ifd@0x562b96ab77a8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385745: adding UDP interface eth0 192.0.2.251:500 Oct 31 15:24:52.385760: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:52.385768: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.385771: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.385774: | addref ifd@0x562b96ab77a8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385778: adding UDP interface eth0 192.0.2.251:4500 Oct 31 15:24:52.385792: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:52.385802: | addref ifd@0x562b96ab7838(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385806: adding UDP interface eth0 192.0.22.254:500 Oct 31 15:24:52.385822: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:52.385830: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.385833: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.385836: | addref ifd@0x562b96ab7838(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385840: adding UDP interface eth0 192.0.22.254:4500 Oct 31 15:24:52.385856: | MSG_ERRQUEUE enabled on fd 24 Oct 31 15:24:52.385865: | addref ifd@0x562b96ab78c8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385870: adding UDP interface eth0 192.0.22.251:500 Oct 31 15:24:52.385885: | MSG_ERRQUEUE enabled on fd 25 Oct 31 15:24:52.385893: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.385897: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.385900: | addref ifd@0x562b96ab78c8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.385903: adding UDP interface eth0 192.0.22.251:4500 Oct 31 15:24:52.385992: | MSG_ERRQUEUE enabled on fd 26 Oct 31 15:24:52.386006: | addref ifd@0x562b96ab7958(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.386011: adding UDP interface eth0 192.0.2.254:500 Oct 31 15:24:52.386090: | MSG_ERRQUEUE enabled on fd 27 Oct 31 15:24:52.386105: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.386110: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.386114: | addref ifd@0x562b96ab7958(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.386119: adding UDP interface eth0 192.0.2.254:4500 Oct 31 15:24:52.386138: | MSG_ERRQUEUE enabled on fd 28 Oct 31 15:24:52.386147: | addref ifd@0x562b96ab79e8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.386151: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:52.386166: | MSG_ERRQUEUE enabled on fd 29 Oct 31 15:24:52.386173: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.386176: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.386179: | addref ifd@0x562b96ab79e8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.386183: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:52.386189: | updating interfaces - listing interfaces that are going down Oct 31 15:24:52.386192: | updating interfaces - checking orientation Oct 31 15:24:52.386195: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:52.386197: | orienting north-eastnets/0x2 Oct 31 15:24:52.386208: | north-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:52.386211: | north-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:52.386214: | north-eastnets/0x2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:52.386218: | north-eastnets/0x2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:52.386221: | north-eastnets/0x2 doesn't match 192.0.22.251:4500 at all Oct 31 15:24:52.386227: | north-eastnets/0x2 doesn't match 192.0.22.251:500 at all Oct 31 15:24:52.386230: | north-eastnets/0x2 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:52.386233: | north-eastnets/0x2 doesn't match 192.0.22.254:500 at all Oct 31 15:24:52.386236: | north-eastnets/0x2 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:52.386239: | north-eastnets/0x2 doesn't match 192.0.2.251:500 at all Oct 31 15:24:52.386243: | north-eastnets/0x2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:52.386245: | oriented north-eastnets/0x2's that Oct 31 15:24:52.386247: | swapping ends so that that is this Oct 31 15:24:52.386252: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Oct 31 15:24:52.386260: | newref hp@0x562b96ab7b88(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:52.386263: | orienting north-eastnets/0x1 Oct 31 15:24:52.386267: | north-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:52.386270: | north-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:52.386273: | north-eastnets/0x1 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:52.386276: | north-eastnets/0x1 doesn't match 192.0.2.254:500 at all Oct 31 15:24:52.386279: | north-eastnets/0x1 doesn't match 192.0.22.251:4500 at all Oct 31 15:24:52.386282: | north-eastnets/0x1 doesn't match 192.0.22.251:500 at all Oct 31 15:24:52.386285: | north-eastnets/0x1 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:52.386288: | north-eastnets/0x1 doesn't match 192.0.22.254:500 at all Oct 31 15:24:52.386291: | north-eastnets/0x1 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:52.386294: | north-eastnets/0x1 doesn't match 192.0.2.251:500 at all Oct 31 15:24:52.386297: | north-eastnets/0x1 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:52.386299: | oriented north-eastnets/0x1's that Oct 31 15:24:52.386300: | swapping ends so that that is this Oct 31 15:24:52.386305: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:52.386309: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x562b96ab7b88: north-eastnets/0x2 Oct 31 15:24:52.386347: | libevent_malloc: newref ptr-libevent@0x562b96ab6378 size 128 Oct 31 15:24:52.386351: | libevent_malloc: newref ptr-libevent@0x562b96abcb68 size 16 Oct 31 15:24:52.386361: | setup callback for interface lo 127.0.0.1:4500 fd 29 on UDP Oct 31 15:24:52.386364: | libevent_malloc: newref ptr-libevent@0x562b96ab2068 size 128 Oct 31 15:24:52.386366: | libevent_malloc: newref ptr-libevent@0x562b96abcba8 size 16 Oct 31 15:24:52.386371: | setup callback for interface lo 127.0.0.1:500 fd 28 on UDP Oct 31 15:24:52.386373: | libevent_malloc: newref ptr-libevent@0x562b96a75798 size 128 Oct 31 15:24:52.386376: | libevent_malloc: newref ptr-libevent@0x562b96abcbe8 size 16 Oct 31 15:24:52.386380: | setup callback for interface eth0 192.0.2.254:4500 fd 27 on UDP Oct 31 15:24:52.386382: | libevent_malloc: newref ptr-libevent@0x562b96a6aa58 size 128 Oct 31 15:24:52.386385: | libevent_malloc: newref ptr-libevent@0x562b96abcc28 size 16 Oct 31 15:24:52.386389: | setup callback for interface eth0 192.0.2.254:500 fd 26 on UDP Oct 31 15:24:52.386392: | libevent_malloc: newref ptr-libevent@0x562b96a75898 size 128 Oct 31 15:24:52.386394: | libevent_malloc: newref ptr-libevent@0x562b96abcc68 size 16 Oct 31 15:24:52.386399: | setup callback for interface eth0 192.0.22.251:4500 fd 25 on UDP Oct 31 15:24:52.386402: | libevent_malloc: newref ptr-libevent@0x562b96a722b8 size 128 Oct 31 15:24:52.386405: | libevent_malloc: newref ptr-libevent@0x562b96abcca8 size 16 Oct 31 15:24:52.386409: | setup callback for interface eth0 192.0.22.251:500 fd 24 on UDP Oct 31 15:24:52.386412: | libevent_malloc: newref ptr-libevent@0x562b96a72208 size 128 Oct 31 15:24:52.386414: | libevent_malloc: newref ptr-libevent@0x562b96abcce8 size 16 Oct 31 15:24:52.386419: | setup callback for interface eth0 192.0.22.254:4500 fd 23 on UDP Oct 31 15:24:52.386421: | libevent_malloc: newref ptr-libevent@0x562b96abcd28 size 128 Oct 31 15:24:52.386424: | libevent_malloc: newref ptr-libevent@0x562b96abcdd8 size 16 Oct 31 15:24:52.386430: | setup callback for interface eth0 192.0.22.254:500 fd 22 on UDP Oct 31 15:24:52.386433: | libevent_malloc: newref ptr-libevent@0x562b96abce18 size 128 Oct 31 15:24:52.386436: | libevent_malloc: newref ptr-libevent@0x562b96abcec8 size 16 Oct 31 15:24:52.386441: | setup callback for interface eth0 192.0.2.251:4500 fd 21 on UDP Oct 31 15:24:52.386444: | libevent_malloc: newref ptr-libevent@0x562b96abcf08 size 128 Oct 31 15:24:52.386446: | libevent_malloc: newref ptr-libevent@0x562b96abcfb8 size 16 Oct 31 15:24:52.386451: | setup callback for interface eth0 192.0.2.251:500 fd 20 on UDP Oct 31 15:24:52.386456: | libevent_malloc: newref ptr-libevent@0x562b96abcff8 size 128 Oct 31 15:24:52.386458: | libevent_malloc: newref ptr-libevent@0x562b96abd0a8 size 16 Oct 31 15:24:52.386464: | setup callback for interface eth1 192.1.2.23:4500 fd 19 on UDP Oct 31 15:24:52.386467: | libevent_malloc: newref ptr-libevent@0x562b96abd0e8 size 128 Oct 31 15:24:52.386469: | libevent_malloc: newref ptr-libevent@0x562b96abd198 size 16 Oct 31 15:24:52.386475: | setup callback for interface eth1 192.1.2.23:500 fd 18 on UDP Oct 31 15:24:52.388100: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:52.388116: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:52.388121: forgetting secrets Oct 31 15:24:52.388149: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:52.388175: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:52.388227: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:52.388239: | old food groups: Oct 31 15:24:52.388242: | new food groups: Oct 31 15:24:52.388248: | delref fd@0x562b96ab5da8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.388254: | freeref fd-fd@0x562b96ab5da8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.388260: | spent 1.15 (2.89) milliseconds in whack Oct 31 15:24:52.388384: | newref struct fd@0x562b96abba38(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.388392: | fd_accept: new fd-fd@0x562b96abba38 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.388405: | whack: route Oct 31 15:24:52.388409: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.388414: | could_route called for north-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:52.388417: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:52.388421: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.388424: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:52.388427: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.388429: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:52.388433: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:52.388436: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:52.388440: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:52.388442: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.388445: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:52.388448: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.388450: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:52.388453: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:24:52.388457: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Oct 31 15:24:52.388464: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:52.388471: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:52.388475: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:52.388480: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:52.388551: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:52.388559: | route_and_eroute: firewall_notified: true Oct 31 15:24:52.388562: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:52.388565: | command executing prepare-client Oct 31 15:24:52.388594: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:24:52.388598: | popen cmd is 1083 chars long Oct 31 15:24:52.388601: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:24:52.388603: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:24:52.388606: | cmd( 160):UTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLI: Oct 31 15:24:52.388608: | cmd( 240):ENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:24:52.388610: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:24:52.388612: | cmd( 400):TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='19: Oct 31 15:24:52.388614: | cmd( 480):2.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.25: Oct 31 15:24:52.388616: | cmd( 560):5.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='x: Oct 31 15:24:52.388619: | cmd( 640):frm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_: Oct 31 15:24:52.388621: | cmd( 720):ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Oct 31 15:24:52.388623: | cmd( 800):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Oct 31 15:24:52.388625: | cmd( 880):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Oct 31 15:24:52.388627: | cmd( 960):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Oct 31 15:24:52.388630: | cmd(1040):' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:52.399119: | running updown command "ipsec _updown" for verb route Oct 31 15:24:52.399135: | command executing route-client Oct 31 15:24:52.399166: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V... Oct 31 15:24:52.399173: | popen cmd is 1081 chars long Oct 31 15:24:52.399176: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Oct 31 15:24:52.399178: | cmd( 80):x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:52.399180: | cmd( 160):O_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIEN: Oct 31 15:24:52.399182: | cmd( 240):T='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:24:52.399184: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Oct 31 15:24:52.399185: | cmd( 400):PE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.: Oct 31 15:24:52.399187: | cmd( 480):0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:24:52.399189: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:24:52.399191: | cmd( 640):m' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_AL: Oct 31 15:24:52.399193: | cmd( 720):LOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN: Oct 31 15:24:52.399195: | cmd( 800):_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='': Oct 31 15:24:52.399197: | cmd( 880): PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_C: Oct 31 15:24:52.399219: | cmd( 960):LIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' : Oct 31 15:24:52.399222: | cmd(1040):SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:52.414891: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414922: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414929: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414934: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414939: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414948: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414953: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414958: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414963: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414968: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.414972: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415174: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415185: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415190: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415194: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415283: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415295: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415300: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415305: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415520: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415534: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415551: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415564: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415631: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415643: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415647: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415651: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415654: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.415662: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:52.420767: | delref fd@0x562b96abba38(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.420788: | freeref fd-fd@0x562b96abba38 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.420798: | spent 0.784 (32.4) milliseconds in whack Oct 31 15:24:52.420818: | newref struct fd@0x562b96ab8318(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.420821: | fd_accept: new fd-fd@0x562b96ab8318 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.420832: | whack: status Oct 31 15:24:52.421168: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:52.421175: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:52.421331: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:52.421345: | delref fd@0x562b96ab8318(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.421351: | freeref fd-fd@0x562b96ab8318 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.421357: | spent 0.401 (0.547) milliseconds in whack Oct 31 15:24:52.421361: | kernel_process_msg_cb process netlink message Oct 31 15:24:52.421369: | netlink_get: XFRM_MSG_ACQUIRE message Oct 31 15:24:52.421371: | xfrm netlink msg len 376 Oct 31 15:24:52.421376: | xfrm acquire rtattribute type 5 ... Oct 31 15:24:52.421379: | ... xfrm template attribute with reqid:0, spi:0, proto:50 Oct 31 15:24:52.421381: | xfrm acquire rtattribute type 16 ... Oct 31 15:24:52.421383: | ... xfrm policy type ignored Oct 31 15:24:52.421394: | add bare shunt 0x562b969f50c8 192.0.2.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.421399: | stripping address 192.0.2.254 of is_endpoint=0 hport=8 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.421402: | stripping address 192.0.3.254 of is_endpoint=0 hport=0 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.421409: initiate on demand from 192.0.2.254:8 to 192.0.3.254:0 proto=1 because: acquire Oct 31 15:24:52.421415: | find_connection: looking for policy for connection: 192.0.2.254:1/8 -> 192.0.3.254:1/0 Oct 31 15:24:52.421417: | FOR_EACH_CONNECTION_... in find_connection_for_clients Oct 31 15:24:52.421423: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.2.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Oct 31 15:24:52.421426: | find_connection: first OK "north-eastnets/0x1" [pri:25214986]{0x562b96ab6978} (child none) Oct 31 15:24:52.421428: | find_connection: concluding with "north-eastnets/0x1" [pri:25214986]{0x562b96ab6978} kind=CK_PERMANENT Oct 31 15:24:52.421431: | assign hold, routing was prospective erouted, needs to be erouted HOLD Oct 31 15:24:52.421433: | assign_holdpass() need broad(er) shunt Oct 31 15:24:52.421436: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:52.421442: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.421448: | netlink_raw_eroute: SPI_HOLD implemented as no-op Oct 31 15:24:52.421451: | raw_eroute result=success Oct 31 15:24:52.421453: | assign_holdpass() eroute_connection() done Oct 31 15:24:52.421455: | fiddle_bare_shunt called Oct 31 15:24:52.421459: | subnet from endpoint 192.0.2.254:8 (in fiddle_bare_shunt() at kernel.c:1338) Oct 31 15:24:52.421463: | subnet from address 192.0.3.254 (in fiddle_bare_shunt() at kernel.c:1339) Oct 31 15:24:52.421466: | fiddle_bare_shunt with transport_proto 1 Oct 31 15:24:52.421468: | removing specific host-to-host bare shunt Oct 31 15:24:52.421473: | delete narrow %hold eroute 192.0.2.254/32:8 --1-> 192.0.3.254/32:0 => %hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.421476: | netlink_raw_eroute: SPI_PASS Oct 31 15:24:52.421480: | stripping address 192.0.2.254 of is_endpoint=1 hport=8 ipproto=0 (in selector_prefix() at ip_selector.c:153) Oct 31 15:24:52.421493: | raw_eroute result=success Oct 31 15:24:52.421497: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Oct 31 15:24:52.421505: | delete bare shunt 0x562b969f50c8 192.0.2.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.421507: assign_holdpass() delete_bare_shunt() failed Oct 31 15:24:52.421510: initiate_ondemand_body() failed to install negotiation_shunt, Oct 31 15:24:52.421512: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:52.421531: | newref alloc logger@0x562b96abae48(0->1) (in new_state() at state.c:576) Oct 31 15:24:52.421534: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:52.421536: | creating state object #1 at 0x562b96abd1d8 Oct 31 15:24:52.421539: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:52.421549: | pstats #1 ikev2.ike started Oct 31 15:24:52.421552: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:52.421556: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:52.421565: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744566.854355 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744566.854355 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:52.421570: | orienting north-eastnets/0x1 Oct 31 15:24:52.421574: | north-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:52.421578: | north-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:52.421581: | north-eastnets/0x1 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:52.421585: | north-eastnets/0x1 doesn't match 192.0.2.254:500 at all Oct 31 15:24:52.421588: | north-eastnets/0x1 doesn't match 192.0.22.251:4500 at all Oct 31 15:24:52.421591: | north-eastnets/0x1 doesn't match 192.0.22.251:500 at all Oct 31 15:24:52.421594: | north-eastnets/0x1 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:52.421598: | north-eastnets/0x1 doesn't match 192.0.22.254:500 at all Oct 31 15:24:52.421601: | north-eastnets/0x1 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:52.421604: | north-eastnets/0x1 doesn't match 192.0.2.251:500 at all Oct 31 15:24:52.421608: | north-eastnets/0x1 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:52.421610: | oriented north-eastnets/0x1's this Oct 31 15:24:52.421617: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:52.421620: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:24:52.421624: | queuing pending IPsec SA negotiating with 192.1.3.33 IKE SA #1 "north-eastnets/0x1" Oct 31 15:24:52.421628: "north-eastnets/0x1" #1: initiating IKEv2 connection Oct 31 15:24:52.421634: | constructing local IKE proposals for north-eastnets/0x1 (IKE SA initiator selecting KE) Oct 31 15:24:52.421639: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Oct 31 15:24:52.421645: | ... ikev2_proposal: 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:52.421648: "north-eastnets/0x1": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:24:52.421652: "north-eastnets/0x1": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:52.421657: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:52.421659: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:52.421662: | newref clone logger@0x562b96aa9108(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:52.421665: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:52.421667: | state #1 has no .st_event to delete Oct 31 15:24:52.421670: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:52.421673: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96abac28 Oct 31 15:24:52.421676: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:52.421679: | libevent_malloc: newref ptr-libevent@0x562b96ab7d48 size 128 Oct 31 15:24:52.421691: | #1 spent 0.283 (0.283) milliseconds in ikev2_parent_outI1() Oct 31 15:24:52.421698: | RESET processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:52.421702: | initiate on demand using RSASIG from 192.0.2.254 to 192.0.3.254 Oct 31 15:24:52.421704: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:52.421707: | netlink_get: XFRM_MSG_ACQUIRE message Oct 31 15:24:52.421901: | xfrm netlink msg len 376 Oct 31 15:24:52.421905: | xfrm acquire rtattribute type 5 ... Oct 31 15:24:52.421907: | ... xfrm template attribute with reqid:0, spi:0, proto:50 Oct 31 15:24:52.421909: | xfrm acquire rtattribute type 16 ... Oct 31 15:24:52.421911: | ... xfrm policy type ignored Oct 31 15:24:52.421918: | add bare shunt 0x562b96abac98 192.0.2.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.421922: | stripping address 192.0.2.251 of is_endpoint=0 hport=8 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.421926: | stripping address 192.0.3.254 of is_endpoint=0 hport=0 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.421932: initiate on demand from 192.0.2.251:8 to 192.0.3.254:0 proto=1 because: acquire Oct 31 15:24:52.421937: | find_connection: looking for policy for connection: 192.0.2.251:1/8 -> 192.0.3.254:1/0 Oct 31 15:24:52.421940: | FOR_EACH_CONNECTION_... in find_connection_for_clients Oct 31 15:24:52.421945: | find_connection: conn "north-eastnets/0x1" has compatible peers: 192.0.2.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Oct 31 15:24:52.421947: | find_connection: first OK "north-eastnets/0x1" [pri:25214986]{0x562b96ab6978} (child none) Oct 31 15:24:52.421950: | find_connection: concluding with "north-eastnets/0x1" [pri:25214986]{0x562b96ab6978} kind=CK_PERMANENT Oct 31 15:24:52.421953: | assign hold, routing was prospective erouted, needs to be erouted HOLD Oct 31 15:24:52.421955: | assign_holdpass() need broad(er) shunt Oct 31 15:24:52.421957: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:52.421963: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.421965: | netlink_raw_eroute: SPI_HOLD implemented as no-op Oct 31 15:24:52.421967: | raw_eroute result=success Oct 31 15:24:52.421970: | assign_holdpass() eroute_connection() done Oct 31 15:24:52.421972: | fiddle_bare_shunt called Oct 31 15:24:52.421976: | subnet from endpoint 192.0.2.251:8 (in fiddle_bare_shunt() at kernel.c:1338) Oct 31 15:24:52.421979: | subnet from address 192.0.3.254 (in fiddle_bare_shunt() at kernel.c:1339) Oct 31 15:24:52.421982: | fiddle_bare_shunt with transport_proto 1 Oct 31 15:24:52.421984: | removing specific host-to-host bare shunt Oct 31 15:24:52.421989: | delete narrow %hold eroute 192.0.2.251/32:8 --1-> 192.0.3.254/32:0 => %hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.421992: | netlink_raw_eroute: SPI_PASS Oct 31 15:24:52.421996: | stripping address 192.0.2.251 of is_endpoint=1 hport=8 ipproto=0 (in selector_prefix() at ip_selector.c:153) Oct 31 15:24:52.422328: | raw_eroute result=success Oct 31 15:24:52.422337: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Oct 31 15:24:52.422344: | delete bare shunt 0x562b96abac98 192.0.2.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.422348: assign_holdpass() delete_bare_shunt() failed Oct 31 15:24:52.422350: initiate_ondemand_body() failed to install negotiation_shunt, Oct 31 15:24:52.422353: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:52.422358: | Ignored already queued up pending IPsec SA negotiation with 192.1.3.33 "north-eastnets/0x1" Oct 31 15:24:52.422362: | initiate on demand using RSASIG from 192.0.2.251 to 192.0.3.254 Oct 31 15:24:52.422370: | spent 0.5 (1) milliseconds in kernel message Oct 31 15:24:52.422377: | processing signal PLUTO_SIGCHLD Oct 31 15:24:52.422382: | waitpid returned nothing left to do (all child processes are busy) Oct 31 15:24:52.422389: | spent 0.00716 (0.00713) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:52.422391: | processing signal PLUTO_SIGCHLD Oct 31 15:24:52.422395: | waitpid returned nothing left to do (all child processes are busy) Oct 31 15:24:52.422399: | spent 0.00338 (0.00338) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:52.422413: | newref struct fd@0x562b96ab72e8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.422416: | fd_accept: new fd-fd@0x562b96ab72e8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.422427: | whack: route Oct 31 15:24:52.422430: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.422433: | could_route called for north-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:52.422436: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:52.422439: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.422444: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:52.422447: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.422449: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:52.422453: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" prospective erouted; eroute owner: NULL Oct 31 15:24:52.422456: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:52.422458: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:52.422461: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.422463: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:52.422466: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:52.422468: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:52.422472: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" prospective erouted; eroute owner: NULL Oct 31 15:24:52.422475: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:north-eastnets/0x1 rosr:{0x562b96ab6ae8} and state: #0 Oct 31 15:24:52.422481: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:24:52.422486: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:24:52.422489: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:52.422492: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:52.422522: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:52.422525: | route_and_eroute: firewall_notified: true Oct 31 15:24:52.422529: | delref fd@0x562b96ab72e8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.422535: | freeref fd-fd@0x562b96ab72e8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.422540: | spent 0.132 (0.134) milliseconds in whack Oct 31 15:24:52.423258: | processing signal PLUTO_SIGCHLD Oct 31 15:24:52.423275: | waitpid returned pid 2150880 (exited with status 0) Oct 31 15:24:52.423279: | reaped addconn helper child (status 0) Oct 31 15:24:52.423283: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:52.423288: | spent 0.0189 (0.0188) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:52.424468: | "north-eastnets/0x1" #1: spent 1.8 (2.76) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:24:52.424480: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:52.424483: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:52.424486: | libevent_malloc: newref ptr-libevent@0x7f10c4006108 size 128 Oct 31 15:24:52.424495: | helper thread 1 has nothing to do Oct 31 15:24:52.424506: | processing resume sending helper answer back to state for #1 Oct 31 15:24:52.424519: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:52.424527: | unsuspending #1 MD (nil) Oct 31 15:24:52.424531: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:52.424534: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x562b9558bfe7 Oct 31 15:24:52.424537: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:24:52.424541: | DH secret MODP2048@0x7f10c4006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:52.424570: | opening output PBS reply packet Oct 31 15:24:52.424575: | **emit ISAKMP Message: Oct 31 15:24:52.424580: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.424584: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.424587: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:52.424590: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:52.424592: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:52.424596: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:52.424602: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.424605: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:52.424612: | using existing local IKE proposals for connection north-eastnets/0x1 (IKE SA initiator emitting local proposals): 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:52.424614: | Emitting ikev2_proposals ... Oct 31 15:24:52.424617: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:52.424620: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.424622: | flags: none (0x0) Oct 31 15:24:52.424625: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:52.424628: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.424632: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:52.424634: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:52.424637: | prop #: 1 (01) Oct 31 15:24:52.424639: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:52.424642: | spi size: 0 (00) Oct 31 15:24:52.424645: | # transforms: 4 (04) Oct 31 15:24:52.424647: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:52.424650: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.424653: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.424655: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:52.424657: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:52.424659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.424662: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:52.424665: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:52.424668: | length/value: 256 (01 00) Oct 31 15:24:52.424670: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:52.424673: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.424676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.424678: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.424680: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:52.424682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.424685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.424688: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.424690: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.424693: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.424695: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:52.424699: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:52.424702: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.424704: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.424707: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.424709: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.424712: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:52.424714: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.424717: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:52.424720: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.424722: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.424724: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.424727: | emitting length of IKEv2 Proposal Substructure Payload: 44 Oct 31 15:24:52.424729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:52.424731: | emitting length of IKEv2 Security Association Payload: 48 Oct 31 15:24:52.424734: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:52.424736: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:52.424739: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.424741: | flags: none (0x0) Oct 31 15:24:52.424743: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:52.424746: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:52.424749: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.424753: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:52.424755: | ikev2 g^x: Oct 31 15:24:52.424758: | 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 33 11 15 27 Oct 31 15:24:52.424760: | af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 01 7a 68 13 Oct 31 15:24:52.424762: | a6 0f 4f 11 44 30 90 26 67 bb c1 41 13 28 ed e4 Oct 31 15:24:52.424765: | 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 3a df a2 c4 Oct 31 15:24:52.424767: | 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc 03 a0 f5 64 Oct 31 15:24:52.424770: | 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 2a 19 d4 0c Oct 31 15:24:52.424772: | aa 76 62 c6 cf 31 56 f2 8d 74 95 69 ef 73 86 32 Oct 31 15:24:52.424774: | ab ac 85 f5 67 fd ac d4 2d a2 ac 56 85 ad c0 52 Oct 31 15:24:52.424776: | fa e9 02 38 3c 15 0a 11 67 eb 19 bf 42 61 c5 2f Oct 31 15:24:52.424778: | 60 4b b3 7c b1 0c 84 32 8c ba 37 8a 26 ce 65 60 Oct 31 15:24:52.424780: | 25 af e5 6a c1 b0 64 87 b1 52 82 25 d8 df 8d ce Oct 31 15:24:52.424782: | ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 5f 9e e7 6c Oct 31 15:24:52.424784: | a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 5c 3f 68 d2 Oct 31 15:24:52.424787: | a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 08 c4 aa 12 Oct 31 15:24:52.424789: | 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd ee 06 bb b8 Oct 31 15:24:52.424791: | 3d 64 fb ae cd cb 32 5b e3 0f fe af 7c d0 04 f5 Oct 31 15:24:52.424793: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:52.424796: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:52.424799: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.424801: | flags: none (0x0) Oct 31 15:24:52.424804: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:52.424808: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.424811: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:52.424813: | IKEv2 nonce: Oct 31 15:24:52.424816: | c7 ab 3b 55 7c 29 81 36 e6 d7 1d ae c2 f5 a4 e1 Oct 31 15:24:52.424818: | 50 94 30 d9 d7 92 32 e4 77 14 37 1c 49 21 53 05 Oct 31 15:24:52.424820: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:52.424823: | adding a v2N Payload Oct 31 15:24:52.424826: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.424828: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.424830: | flags: none (0x0) Oct 31 15:24:52.424833: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.424835: | SPI size: 0 (00) Oct 31 15:24:52.424838: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:52.424840: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.424842: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.424845: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:52.424847: | adding a v2N Payload Oct 31 15:24:52.424849: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.424851: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.424853: | flags: none (0x0) Oct 31 15:24:52.424856: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.424858: | SPI size: 0 (00) Oct 31 15:24:52.424861: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:52.424863: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.424866: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.424868: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:52.424871: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:52.424873: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:52.424876: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:52.424878: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:52.424881: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:52.424883: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:52.424886: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:52.424889: | nat: IKE.SPIr is zero Oct 31 15:24:52.424904: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:52.424907: | natd_hash: icookie= Oct 31 15:24:52.424909: | 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.424911: | natd_hash: rcookie= Oct 31 15:24:52.424913: | 00 00 00 00 00 00 00 00 Oct 31 15:24:52.424915: | natd_hash: ip= Oct 31 15:24:52.424918: | c0 01 02 17 Oct 31 15:24:52.424920: | natd_hash: port= Oct 31 15:24:52.424922: | 01 f4 Oct 31 15:24:52.424924: | natd_hash: hash= Oct 31 15:24:52.424926: | cd 8a 01 4e 16 66 df c8 51 92 76 15 da 6e eb 50 Oct 31 15:24:52.424928: | cc 6f 43 f4 Oct 31 15:24:52.424930: | adding a v2N Payload Oct 31 15:24:52.424932: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.424934: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.424937: | flags: none (0x0) Oct 31 15:24:52.424939: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.424943: | SPI size: 0 (00) Oct 31 15:24:52.424945: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:52.424948: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.424951: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.424955: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:52.424958: | Notify data: Oct 31 15:24:52.424960: | cd 8a 01 4e 16 66 df c8 51 92 76 15 da 6e eb 50 Oct 31 15:24:52.424962: | cc 6f 43 f4 Oct 31 15:24:52.424965: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:52.424967: | nat: IKE.SPIr is zero Oct 31 15:24:52.424975: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:52.424978: | natd_hash: icookie= Oct 31 15:24:52.424980: | 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.424982: | natd_hash: rcookie= Oct 31 15:24:52.424984: | 00 00 00 00 00 00 00 00 Oct 31 15:24:52.424986: | natd_hash: ip= Oct 31 15:24:52.424988: | c0 01 03 21 Oct 31 15:24:52.424990: | natd_hash: port= Oct 31 15:24:52.424992: | 01 f4 Oct 31 15:24:52.424994: | natd_hash: hash= Oct 31 15:24:52.424996: | e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 3e 05 Oct 31 15:24:52.424998: | 93 21 9a 9a Oct 31 15:24:52.425000: | adding a v2N Payload Oct 31 15:24:52.425002: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.425005: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.425007: | flags: none (0x0) Oct 31 15:24:52.425009: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.425012: | SPI size: 0 (00) Oct 31 15:24:52.425014: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:52.425017: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.425019: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.425022: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:52.425024: | Notify data: Oct 31 15:24:52.425027: | e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 3e 05 Oct 31 15:24:52.425029: | 93 21 9a 9a Oct 31 15:24:52.425031: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:52.425033: | emitting length of ISAKMP Message: 454 Oct 31 15:24:52.425041: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:52.425045: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:52.425048: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:52.425050: | Message ID: updating counters for #1 Oct 31 15:24:52.425053: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:52.425060: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744566.854355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:52.425065: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.425068: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Oct 31 15:24:52.425071: | libevent_malloc: newref ptr-libevent@0x562b96ab75d8 size 128 Oct 31 15:24:52.425076: | #1 STATE_PARENT_I0: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744566.85786 Oct 31 15:24:52.425082: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744566.854355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:52.425087: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744566.854355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:52.425091: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:52.425094: | announcing the state transition Oct 31 15:24:52.425098: "north-eastnets/0x1" #1: sent IKE_SA_INIT request Oct 31 15:24:52.425112: | sending 454 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:52.425114: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.425116: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.425118: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.425120: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:52.425123: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:52.425125: | 00 0e 00 00 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 Oct 31 15:24:52.425127: | 33 11 15 27 af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 Oct 31 15:24:52.425129: | 01 7a 68 13 a6 0f 4f 11 44 30 90 26 67 bb c1 41 Oct 31 15:24:52.425131: | 13 28 ed e4 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 Oct 31 15:24:52.425133: | 3a df a2 c4 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc Oct 31 15:24:52.425136: | 03 a0 f5 64 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 Oct 31 15:24:52.425138: | 2a 19 d4 0c aa 76 62 c6 cf 31 56 f2 8d 74 95 69 Oct 31 15:24:52.425140: | ef 73 86 32 ab ac 85 f5 67 fd ac d4 2d a2 ac 56 Oct 31 15:24:52.425142: | 85 ad c0 52 fa e9 02 38 3c 15 0a 11 67 eb 19 bf Oct 31 15:24:52.425144: | 42 61 c5 2f 60 4b b3 7c b1 0c 84 32 8c ba 37 8a Oct 31 15:24:52.425146: | 26 ce 65 60 25 af e5 6a c1 b0 64 87 b1 52 82 25 Oct 31 15:24:52.425148: | d8 df 8d ce ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 Oct 31 15:24:52.425150: | 5f 9e e7 6c a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 Oct 31 15:24:52.425152: | 5c 3f 68 d2 a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 Oct 31 15:24:52.425154: | 08 c4 aa 12 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd Oct 31 15:24:52.425156: | ee 06 bb b8 3d 64 fb ae cd cb 32 5b e3 0f fe af Oct 31 15:24:52.425159: | 7c d0 04 f5 29 00 00 24 c7 ab 3b 55 7c 29 81 36 Oct 31 15:24:52.425161: | e6 d7 1d ae c2 f5 a4 e1 50 94 30 d9 d7 92 32 e4 Oct 31 15:24:52.425163: | 77 14 37 1c 49 21 53 05 29 00 00 08 00 00 40 2e Oct 31 15:24:52.425165: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:52.425167: | 00 1c 00 00 40 04 cd 8a 01 4e 16 66 df c8 51 92 Oct 31 15:24:52.425169: | 76 15 da 6e eb 50 cc 6f 43 f4 00 00 00 1c 00 00 Oct 31 15:24:52.425172: | 40 05 e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 Oct 31 15:24:52.425174: | 3e 05 93 21 9a 9a Oct 31 15:24:52.425269: | sent 1 messages Oct 31 15:24:52.425278: | checking that a retransmit timeout_event was already Oct 31 15:24:52.425282: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:52.425286: | libevent_free: delref ptr-libevent@0x562b96ab7d48 Oct 31 15:24:52.425289: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96abac28 Oct 31 15:24:52.425293: | delref logger@0x562b96aa9108(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:52.425296: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:52.425299: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:52.425302: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:52.425305: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:52.425313: | #1 spent 0.712 (0.784) milliseconds in resume sending helper answer back to state Oct 31 15:24:52.425319: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:52.425322: | libevent_free: delref ptr-libevent@0x7f10c4006108 Oct 31 15:24:52.425331: | kernel_process_msg_cb process netlink message Oct 31 15:24:52.425338: | netlink_get: XFRM_MSG_ACQUIRE message Oct 31 15:24:52.425341: | xfrm netlink msg len 376 Oct 31 15:24:52.425353: | xfrm acquire rtattribute type 5 ... Oct 31 15:24:52.425356: | ... xfrm template attribute with reqid:0, spi:0, proto:50 Oct 31 15:24:52.425358: | xfrm acquire rtattribute type 16 ... Oct 31 15:24:52.425360: | ... xfrm policy type ignored Oct 31 15:24:52.425369: | add bare shunt 0x562b96ab9d48 192.0.22.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.425376: | stripping address 192.0.22.254 of is_endpoint=0 hport=8 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.425381: | stripping address 192.0.3.254 of is_endpoint=0 hport=0 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.425388: initiate on demand from 192.0.22.254:8 to 192.0.3.254:0 proto=1 because: acquire Oct 31 15:24:52.425395: | find_connection: looking for policy for connection: 192.0.22.254:1/8 -> 192.0.3.254:1/0 Oct 31 15:24:52.425398: | FOR_EACH_CONNECTION_... in find_connection_for_clients Oct 31 15:24:52.425405: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.22.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Oct 31 15:24:52.425408: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x562b96ab8448} (child none) Oct 31 15:24:52.425411: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x562b96ab8448} kind=CK_PERMANENT Oct 31 15:24:52.425415: | assign hold, routing was prospective erouted, needs to be erouted HOLD Oct 31 15:24:52.425417: | assign_holdpass() need broad(er) shunt Oct 31 15:24:52.425419: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:52.425427: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.425430: | netlink_raw_eroute: SPI_HOLD implemented as no-op Oct 31 15:24:52.425432: | raw_eroute result=success Oct 31 15:24:52.425434: | assign_holdpass() eroute_connection() done Oct 31 15:24:52.425436: | fiddle_bare_shunt called Oct 31 15:24:52.425441: | subnet from endpoint 192.0.22.254:8 (in fiddle_bare_shunt() at kernel.c:1338) Oct 31 15:24:52.425445: | subnet from address 192.0.3.254 (in fiddle_bare_shunt() at kernel.c:1339) Oct 31 15:24:52.425448: | fiddle_bare_shunt with transport_proto 1 Oct 31 15:24:52.425450: | removing specific host-to-host bare shunt Oct 31 15:24:52.425456: | delete narrow %hold eroute 192.0.22.254/32:8 --1-> 192.0.3.254/32:0 => %hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.425458: | netlink_raw_eroute: SPI_PASS Oct 31 15:24:52.425463: | stripping address 192.0.22.254 of is_endpoint=1 hport=8 ipproto=0 (in selector_prefix() at ip_selector.c:153) Oct 31 15:24:52.425477: | raw_eroute result=success Oct 31 15:24:52.425481: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Oct 31 15:24:52.425487: | delete bare shunt 0x562b96ab9d48 192.0.22.254/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.425490: assign_holdpass() delete_bare_shunt() failed Oct 31 15:24:52.425492: initiate_ondemand_body() failed to install negotiation_shunt, Oct 31 15:24:52.425495: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:52.425499: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:24:52.425504: "north-eastnets/0x2": queuing pending IPsec SA negotiating with 192.1.3.33 IKE SA #1 "north-eastnets/0x1" Oct 31 15:24:52.425509: | initiate on demand using RSASIG from 192.0.22.254 to 192.0.3.254 Oct 31 15:24:52.425516: | spent 0.173 (0.179) milliseconds in kernel message Oct 31 15:24:52.425526: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:52.425530: | **parse ISAKMP Message (raw): Oct 31 15:24:52.425533: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.425537: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.425541: | next payload type: 33 (21) Oct 31 15:24:52.425544: | ISAKMP version: 32 (20) Oct 31 15:24:52.425547: | exchange type: 34 (22) Oct 31 15:24:52.425550: | flags: 8 (08) Oct 31 15:24:52.425553: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.425557: | length: 454 (00 00 01 c6) Oct 31 15:24:52.425561: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:52.425563: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:52.425565: | rejected packet: Oct 31 15:24:52.425571: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.425574: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.425576: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.425579: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:52.425581: | control: Oct 31 15:24:52.425583: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:52.425585: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:52.425586: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.425588: | name: Oct 31 15:24:52.425590: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.425601: "north-eastnets/0x1" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:52.425607: | spent 0.0831 (0.0832) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:52.425611: | spent 0.0914 (0.0914) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:52.427279: | kernel_process_msg_cb process netlink message Oct 31 15:24:52.427298: | netlink_get: XFRM_MSG_ACQUIRE message Oct 31 15:24:52.427302: | xfrm netlink msg len 376 Oct 31 15:24:52.427307: | xfrm acquire rtattribute type 5 ... Oct 31 15:24:52.427310: | ... xfrm template attribute with reqid:0, spi:0, proto:50 Oct 31 15:24:52.427312: | xfrm acquire rtattribute type 16 ... Oct 31 15:24:52.427314: | ... xfrm policy type ignored Oct 31 15:24:52.427324: | add bare shunt 0x562b96ab9ed8 192.0.22.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.427329: | stripping address 192.0.22.251 of is_endpoint=0 hport=8 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.427333: | stripping address 192.0.3.254 of is_endpoint=0 hport=0 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:24:52.427341: initiate on demand from 192.0.22.251:8 to 192.0.3.254:0 proto=1 because: acquire Oct 31 15:24:52.427347: | find_connection: looking for policy for connection: 192.0.22.251:1/8 -> 192.0.3.254:1/0 Oct 31 15:24:52.427350: | FOR_EACH_CONNECTION_... in find_connection_for_clients Oct 31 15:24:52.427356: | find_connection: conn "north-eastnets/0x2" has compatible peers: 192.0.22.0/24:0 -> 192.0.3.0/24:0 [pri: 25214986] Oct 31 15:24:52.427359: | find_connection: first OK "north-eastnets/0x2" [pri:25214986]{0x562b96ab8448} (child none) Oct 31 15:24:52.427363: | find_connection: concluding with "north-eastnets/0x2" [pri:25214986]{0x562b96ab8448} kind=CK_PERMANENT Oct 31 15:24:52.427366: | assign hold, routing was prospective erouted, needs to be erouted HOLD Oct 31 15:24:52.427368: | assign_holdpass() need broad(er) shunt Oct 31 15:24:52.427371: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:52.427378: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => %hold>%hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.427381: | netlink_raw_eroute: SPI_HOLD implemented as no-op Oct 31 15:24:52.427383: | raw_eroute result=success Oct 31 15:24:52.427386: | assign_holdpass() eroute_connection() done Oct 31 15:24:52.427388: | fiddle_bare_shunt called Oct 31 15:24:52.427393: | subnet from endpoint 192.0.22.251:8 (in fiddle_bare_shunt() at kernel.c:1338) Oct 31 15:24:52.427397: | subnet from address 192.0.3.254 (in fiddle_bare_shunt() at kernel.c:1339) Oct 31 15:24:52.427400: | fiddle_bare_shunt with transport_proto 1 Oct 31 15:24:52.427402: | removing specific host-to-host bare shunt Oct 31 15:24:52.427408: | delete narrow %hold eroute 192.0.22.251/32:8 --1-> 192.0.3.254/32:0 => %hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:52.427416: | netlink_raw_eroute: SPI_PASS Oct 31 15:24:52.427421: | stripping address 192.0.22.251 of is_endpoint=1 hport=8 ipproto=0 (in selector_prefix() at ip_selector.c:153) Oct 31 15:24:52.427433: | raw_eroute result=success Oct 31 15:24:52.427436: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Oct 31 15:24:52.427445: | delete bare shunt 0x562b96ab9ed8 192.0.22.251/32:8 --1--> 192.0.3.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:24:52.427448: assign_holdpass() delete_bare_shunt() failed Oct 31 15:24:52.427450: initiate_ondemand_body() failed to install negotiation_shunt, Oct 31 15:24:52.427453: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:52.427458: | Ignored already queued up pending IPsec SA negotiation with 192.1.3.33 "north-eastnets/0x2" Oct 31 15:24:52.427462: | initiate on demand using RSASIG from 192.0.22.251 to 192.0.3.254 Oct 31 15:24:52.427470: | spent 0.168 (0.172) milliseconds in kernel message Oct 31 15:24:52.475572: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:52.475585: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:52.475589: | libevent_free: delref ptr-libevent@0x562b96ab75d8 Oct 31 15:24:52.475592: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.475599: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:52.475602: | IKEv2 retransmit event Oct 31 15:24:52.475605: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:52.475608: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Oct 31 15:24:52.475611: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:52.475614: | #1 STATE_PARENT_I1: retransmits: current time 744566.908409 Oct 31 15:24:52.475615: | #1 STATE_PARENT_I1: retransmits: retransmit count 0 exceeds limit? NO Oct 31 15:24:52.475617: | #1 STATE_PARENT_I1: retransmits: deltatime 0.05 exceeds limit? NO Oct 31 15:24:52.475619: | #1 STATE_PARENT_I1: retransmits: monotime 0.050549 exceeds limit? NO Oct 31 15:24:52.475622: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.475624: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Oct 31 15:24:52.475626: | libevent_malloc: newref ptr-libevent@0x562b96ab75d8 size 128 Oct 31 15:24:52.475630: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.05 seconds for response Oct 31 15:24:52.475635: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:52.475637: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.475638: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.475640: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.475641: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:52.475642: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:52.475644: | 00 0e 00 00 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 Oct 31 15:24:52.475645: | 33 11 15 27 af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 Oct 31 15:24:52.475646: | 01 7a 68 13 a6 0f 4f 11 44 30 90 26 67 bb c1 41 Oct 31 15:24:52.475648: | 13 28 ed e4 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 Oct 31 15:24:52.475649: | 3a df a2 c4 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc Oct 31 15:24:52.475650: | 03 a0 f5 64 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 Oct 31 15:24:52.475652: | 2a 19 d4 0c aa 76 62 c6 cf 31 56 f2 8d 74 95 69 Oct 31 15:24:52.475653: | ef 73 86 32 ab ac 85 f5 67 fd ac d4 2d a2 ac 56 Oct 31 15:24:52.475654: | 85 ad c0 52 fa e9 02 38 3c 15 0a 11 67 eb 19 bf Oct 31 15:24:52.475656: | 42 61 c5 2f 60 4b b3 7c b1 0c 84 32 8c ba 37 8a Oct 31 15:24:52.475657: | 26 ce 65 60 25 af e5 6a c1 b0 64 87 b1 52 82 25 Oct 31 15:24:52.475659: | d8 df 8d ce ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 Oct 31 15:24:52.475660: | 5f 9e e7 6c a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 Oct 31 15:24:52.475661: | 5c 3f 68 d2 a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 Oct 31 15:24:52.475663: | 08 c4 aa 12 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd Oct 31 15:24:52.475667: | ee 06 bb b8 3d 64 fb ae cd cb 32 5b e3 0f fe af Oct 31 15:24:52.475668: | 7c d0 04 f5 29 00 00 24 c7 ab 3b 55 7c 29 81 36 Oct 31 15:24:52.475670: | e6 d7 1d ae c2 f5 a4 e1 50 94 30 d9 d7 92 32 e4 Oct 31 15:24:52.475671: | 77 14 37 1c 49 21 53 05 29 00 00 08 00 00 40 2e Oct 31 15:24:52.475672: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:52.475674: | 00 1c 00 00 40 04 cd 8a 01 4e 16 66 df c8 51 92 Oct 31 15:24:52.475675: | 76 15 da 6e eb 50 cc 6f 43 f4 00 00 00 1c 00 00 Oct 31 15:24:52.475676: | 40 05 e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 Oct 31 15:24:52.475678: | 3e 05 93 21 9a 9a Oct 31 15:24:52.475732: | sent 1 messages Oct 31 15:24:52.475741: | #1 spent 0.135 (0.168) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:52.475748: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:52.475763: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:52.475769: | **parse ISAKMP Message (raw): Oct 31 15:24:52.475774: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.475778: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.475781: | next payload type: 33 (21) Oct 31 15:24:52.475785: | ISAKMP version: 32 (20) Oct 31 15:24:52.475788: | exchange type: 34 (22) Oct 31 15:24:52.475791: | flags: 8 (08) Oct 31 15:24:52.475795: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.475799: | length: 454 (00 00 01 c6) Oct 31 15:24:52.475805: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:52.475809: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:52.475812: | rejected packet: Oct 31 15:24:52.475815: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.475817: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.475819: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.475822: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:52.475824: | control: Oct 31 15:24:52.475827: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:52.475829: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:52.475832: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.475834: | name: Oct 31 15:24:52.475837: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.475846: "north-eastnets/0x1" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:52.475854: | spent 0.0934 (0.0936) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:52.475859: | spent 0.1 (0.1) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:52.527051: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:52.527073: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:52.527081: | libevent_free: delref ptr-libevent@0x562b96ab75d8 Oct 31 15:24:52.527085: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.527099: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:52.527105: | IKEv2 retransmit event Oct 31 15:24:52.527111: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:52.527116: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Oct 31 15:24:52.527120: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 2 Oct 31 15:24:52.527126: | #1 STATE_PARENT_I1: retransmits: current time 744566.95992 Oct 31 15:24:52.527131: | #1 STATE_PARENT_I1: retransmits: retransmit count 1 exceeds limit? NO Oct 31 15:24:52.527134: | #1 STATE_PARENT_I1: retransmits: deltatime 0.1 exceeds limit? NO Oct 31 15:24:52.527137: | #1 STATE_PARENT_I1: retransmits: monotime 0.10206 exceeds limit? NO Oct 31 15:24:52.527145: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.527148: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #1 Oct 31 15:24:52.527152: | libevent_malloc: newref ptr-libevent@0x562b96ab75d8 size 128 Oct 31 15:24:52.527158: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.1 seconds for response Oct 31 15:24:52.527167: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:52.527170: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.527173: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.527175: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.527180: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:52.527183: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:52.527185: | 00 0e 00 00 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 Oct 31 15:24:52.527188: | 33 11 15 27 af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 Oct 31 15:24:52.527190: | 01 7a 68 13 a6 0f 4f 11 44 30 90 26 67 bb c1 41 Oct 31 15:24:52.527192: | 13 28 ed e4 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 Oct 31 15:24:52.527194: | 3a df a2 c4 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc Oct 31 15:24:52.527196: | 03 a0 f5 64 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 Oct 31 15:24:52.527202: | 2a 19 d4 0c aa 76 62 c6 cf 31 56 f2 8d 74 95 69 Oct 31 15:24:52.527208: | ef 73 86 32 ab ac 85 f5 67 fd ac d4 2d a2 ac 56 Oct 31 15:24:52.527210: | 85 ad c0 52 fa e9 02 38 3c 15 0a 11 67 eb 19 bf Oct 31 15:24:52.527212: | 42 61 c5 2f 60 4b b3 7c b1 0c 84 32 8c ba 37 8a Oct 31 15:24:52.527215: | 26 ce 65 60 25 af e5 6a c1 b0 64 87 b1 52 82 25 Oct 31 15:24:52.527217: | d8 df 8d ce ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 Oct 31 15:24:52.527219: | 5f 9e e7 6c a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 Oct 31 15:24:52.527222: | 5c 3f 68 d2 a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 Oct 31 15:24:52.527224: | 08 c4 aa 12 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd Oct 31 15:24:52.527227: | ee 06 bb b8 3d 64 fb ae cd cb 32 5b e3 0f fe af Oct 31 15:24:52.527229: | 7c d0 04 f5 29 00 00 24 c7 ab 3b 55 7c 29 81 36 Oct 31 15:24:52.527231: | e6 d7 1d ae c2 f5 a4 e1 50 94 30 d9 d7 92 32 e4 Oct 31 15:24:52.527234: | 77 14 37 1c 49 21 53 05 29 00 00 08 00 00 40 2e Oct 31 15:24:52.527236: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:52.527241: | 00 1c 00 00 40 04 cd 8a 01 4e 16 66 df c8 51 92 Oct 31 15:24:52.527244: | 76 15 da 6e eb 50 cc 6f 43 f4 00 00 00 1c 00 00 Oct 31 15:24:52.527246: | 40 05 e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 Oct 31 15:24:52.527248: | 3e 05 93 21 9a 9a Oct 31 15:24:52.527301: | sent 1 messages Oct 31 15:24:52.527310: | #1 spent 0.22 (0.26) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:52.527314: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:52.527325: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:52.527328: | **parse ISAKMP Message (raw): Oct 31 15:24:52.527331: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.527334: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.527336: | next payload type: 33 (21) Oct 31 15:24:52.527337: | ISAKMP version: 32 (20) Oct 31 15:24:52.527339: | exchange type: 34 (22) Oct 31 15:24:52.527341: | flags: 8 (08) Oct 31 15:24:52.527343: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.527345: | length: 454 (00 00 01 c6) Oct 31 15:24:52.527347: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:52.527349: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:52.527350: | rejected packet: Oct 31 15:24:52.527352: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.527353: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.527355: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.527358: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:52.527359: | control: Oct 31 15:24:52.527361: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:52.527362: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:52.527364: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.527365: | name: Oct 31 15:24:52.527366: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.527372: "north-eastnets/0x1" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:52.527377: | spent 0.054 (0.0541) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:52.527380: | spent 0.0587 (0.0586) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:52.627563: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:52.627579: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:52.627583: | libevent_free: delref ptr-libevent@0x562b96ab75d8 Oct 31 15:24:52.627587: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.627595: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:52.627599: | IKEv2 retransmit event Oct 31 15:24:52.627604: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:52.627608: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Oct 31 15:24:52.627611: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 3 Oct 31 15:24:52.627616: | #1 STATE_PARENT_I1: retransmits: current time 744567.06041 Oct 31 15:24:52.627618: | #1 STATE_PARENT_I1: retransmits: retransmit count 2 exceeds limit? NO Oct 31 15:24:52.627621: | #1 STATE_PARENT_I1: retransmits: deltatime 0.2 exceeds limit? NO Oct 31 15:24:52.627624: | #1 STATE_PARENT_I1: retransmits: monotime 0.20255 exceeds limit? NO Oct 31 15:24:52.627627: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.627630: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #1 Oct 31 15:24:52.627633: | libevent_malloc: newref ptr-libevent@0x562b96ab75d8 size 128 Oct 31 15:24:52.627638: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.2 seconds for response Oct 31 15:24:52.627645: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:52.627647: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.627650: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.627652: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.627653: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:52.627655: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:52.627657: | 00 0e 00 00 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 Oct 31 15:24:52.627659: | 33 11 15 27 af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 Oct 31 15:24:52.627661: | 01 7a 68 13 a6 0f 4f 11 44 30 90 26 67 bb c1 41 Oct 31 15:24:52.627663: | 13 28 ed e4 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 Oct 31 15:24:52.627665: | 3a df a2 c4 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc Oct 31 15:24:52.627667: | 03 a0 f5 64 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 Oct 31 15:24:52.627668: | 2a 19 d4 0c aa 76 62 c6 cf 31 56 f2 8d 74 95 69 Oct 31 15:24:52.627670: | ef 73 86 32 ab ac 85 f5 67 fd ac d4 2d a2 ac 56 Oct 31 15:24:52.627672: | 85 ad c0 52 fa e9 02 38 3c 15 0a 11 67 eb 19 bf Oct 31 15:24:52.627674: | 42 61 c5 2f 60 4b b3 7c b1 0c 84 32 8c ba 37 8a Oct 31 15:24:52.627676: | 26 ce 65 60 25 af e5 6a c1 b0 64 87 b1 52 82 25 Oct 31 15:24:52.627678: | d8 df 8d ce ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 Oct 31 15:24:52.627680: | 5f 9e e7 6c a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 Oct 31 15:24:52.627685: | 5c 3f 68 d2 a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 Oct 31 15:24:52.627687: | 08 c4 aa 12 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd Oct 31 15:24:52.627689: | ee 06 bb b8 3d 64 fb ae cd cb 32 5b e3 0f fe af Oct 31 15:24:52.627691: | 7c d0 04 f5 29 00 00 24 c7 ab 3b 55 7c 29 81 36 Oct 31 15:24:52.627693: | e6 d7 1d ae c2 f5 a4 e1 50 94 30 d9 d7 92 32 e4 Oct 31 15:24:52.627695: | 77 14 37 1c 49 21 53 05 29 00 00 08 00 00 40 2e Oct 31 15:24:52.627697: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:52.627699: | 00 1c 00 00 40 04 cd 8a 01 4e 16 66 df c8 51 92 Oct 31 15:24:52.627701: | 76 15 da 6e eb 50 cc 6f 43 f4 00 00 00 1c 00 00 Oct 31 15:24:52.627703: | 40 05 e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 Oct 31 15:24:52.627705: | 3e 05 93 21 9a 9a Oct 31 15:24:52.627764: | sent 1 messages Oct 31 15:24:52.627774: | #1 spent 0.168 (0.21) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:52.627779: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:52.627790: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:52.627795: | **parse ISAKMP Message (raw): Oct 31 15:24:52.627799: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.627803: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.627805: | next payload type: 33 (21) Oct 31 15:24:52.627808: | ISAKMP version: 32 (20) Oct 31 15:24:52.627810: | exchange type: 34 (22) Oct 31 15:24:52.627813: | flags: 8 (08) Oct 31 15:24:52.627816: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.627820: | length: 454 (00 00 01 c6) Oct 31 15:24:52.627824: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:52.627827: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:52.627829: | rejected packet: Oct 31 15:24:52.627831: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.627833: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.627835: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.627837: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:52.627839: | control: Oct 31 15:24:52.627841: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:52.627843: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:52.627844: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.627846: | name: Oct 31 15:24:52.627848: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.627856: "north-eastnets/0x1" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:52.627862: | spent 0.0736 (0.0737) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:52.627866: | spent 0.0796 (0.0796) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:52.828992: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:52.829012: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:52.829017: | libevent_free: delref ptr-libevent@0x562b96ab75d8 Oct 31 15:24:52.829021: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.829030: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:52.829035: | IKEv2 retransmit event Oct 31 15:24:52.829040: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:52.829044: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Oct 31 15:24:52.829049: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 4 Oct 31 15:24:52.829053: | #1 STATE_PARENT_I1: retransmits: current time 744567.261848 Oct 31 15:24:52.829056: | #1 STATE_PARENT_I1: retransmits: retransmit count 3 exceeds limit? NO Oct 31 15:24:52.829063: | #1 STATE_PARENT_I1: retransmits: deltatime 0.4 exceeds limit? NO Oct 31 15:24:52.829066: | #1 STATE_PARENT_I1: retransmits: monotime 0.403988 exceeds limit? NO Oct 31 15:24:52.829070: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:52.829073: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #1 Oct 31 15:24:52.829076: | libevent_malloc: newref ptr-libevent@0x562b96ab75d8 size 128 Oct 31 15:24:52.829081: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.4 seconds for response Oct 31 15:24:52.829089: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:52.829092: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.829095: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.829097: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.829099: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:52.829101: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:52.829103: | 00 0e 00 00 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 Oct 31 15:24:52.829105: | 33 11 15 27 af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 Oct 31 15:24:52.829107: | 01 7a 68 13 a6 0f 4f 11 44 30 90 26 67 bb c1 41 Oct 31 15:24:52.829110: | 13 28 ed e4 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 Oct 31 15:24:52.829112: | 3a df a2 c4 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc Oct 31 15:24:52.829114: | 03 a0 f5 64 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 Oct 31 15:24:52.829116: | 2a 19 d4 0c aa 76 62 c6 cf 31 56 f2 8d 74 95 69 Oct 31 15:24:52.829118: | ef 73 86 32 ab ac 85 f5 67 fd ac d4 2d a2 ac 56 Oct 31 15:24:52.829120: | 85 ad c0 52 fa e9 02 38 3c 15 0a 11 67 eb 19 bf Oct 31 15:24:52.829123: | 42 61 c5 2f 60 4b b3 7c b1 0c 84 32 8c ba 37 8a Oct 31 15:24:52.829125: | 26 ce 65 60 25 af e5 6a c1 b0 64 87 b1 52 82 25 Oct 31 15:24:52.829127: | d8 df 8d ce ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 Oct 31 15:24:52.829129: | 5f 9e e7 6c a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 Oct 31 15:24:52.829131: | 5c 3f 68 d2 a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 Oct 31 15:24:52.829133: | 08 c4 aa 12 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd Oct 31 15:24:52.829135: | ee 06 bb b8 3d 64 fb ae cd cb 32 5b e3 0f fe af Oct 31 15:24:52.829137: | 7c d0 04 f5 29 00 00 24 c7 ab 3b 55 7c 29 81 36 Oct 31 15:24:52.829139: | e6 d7 1d ae c2 f5 a4 e1 50 94 30 d9 d7 92 32 e4 Oct 31 15:24:52.829141: | 77 14 37 1c 49 21 53 05 29 00 00 08 00 00 40 2e Oct 31 15:24:52.829143: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:52.829145: | 00 1c 00 00 40 04 cd 8a 01 4e 16 66 df c8 51 92 Oct 31 15:24:52.829147: | 76 15 da 6e eb 50 cc 6f 43 f4 00 00 00 1c 00 00 Oct 31 15:24:52.829149: | 40 05 e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 Oct 31 15:24:52.829151: | 3e 05 93 21 9a 9a Oct 31 15:24:52.829246: | sent 1 messages Oct 31 15:24:52.829260: | #1 spent 0.214 (0.267) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:52.829267: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:52.829279: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:52.829284: | **parse ISAKMP Message (raw): Oct 31 15:24:52.829289: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:52.829293: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.829296: | next payload type: 33 (21) Oct 31 15:24:52.829300: | ISAKMP version: 32 (20) Oct 31 15:24:52.829302: | exchange type: 34 (22) Oct 31 15:24:52.829305: | flags: 8 (08) Oct 31 15:24:52.829308: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.829312: | length: 454 (00 00 01 c6) Oct 31 15:24:52.829316: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:52.829319: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:52.829321: | rejected packet: Oct 31 15:24:52.829326: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:52.829328: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:52.829330: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:52.829332: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:52.829334: | control: Oct 31 15:24:52.829337: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:52.829339: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:52.829341: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.829343: | name: Oct 31 15:24:52.829345: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:52.829354: "north-eastnets/0x1" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:52.829361: | spent 0.0832 (0.0848) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:52.829366: | spent 0.0887 (0.091) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:53.229777: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:53.229790: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:53.229794: | libevent_free: delref ptr-libevent@0x562b96ab75d8 Oct 31 15:24:53.229797: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:53.229804: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:53.229807: | IKEv2 retransmit event Oct 31 15:24:53.229811: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:53.229814: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Oct 31 15:24:53.229817: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 5 Oct 31 15:24:53.229820: | #1 STATE_PARENT_I1: retransmits: current time 744567.662615 Oct 31 15:24:53.229822: | #1 STATE_PARENT_I1: retransmits: retransmit count 4 exceeds limit? NO Oct 31 15:24:53.229824: | #1 STATE_PARENT_I1: retransmits: deltatime 0.8 exceeds limit? NO Oct 31 15:24:53.229826: | #1 STATE_PARENT_I1: retransmits: monotime 0.804755 exceeds limit? NO Oct 31 15:24:53.229828: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:53.229831: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #1 Oct 31 15:24:53.229833: | libevent_malloc: newref ptr-libevent@0x562b96ab75d8 size 128 Oct 31 15:24:53.229852: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 0.8 seconds for response Oct 31 15:24:53.229857: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:53.229859: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:53.229861: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:53.229862: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:53.229863: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:53.229865: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:53.229866: | 00 0e 00 00 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 Oct 31 15:24:53.229867: | 33 11 15 27 af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 Oct 31 15:24:53.229869: | 01 7a 68 13 a6 0f 4f 11 44 30 90 26 67 bb c1 41 Oct 31 15:24:53.229870: | 13 28 ed e4 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 Oct 31 15:24:53.229872: | 3a df a2 c4 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc Oct 31 15:24:53.229873: | 03 a0 f5 64 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 Oct 31 15:24:53.229874: | 2a 19 d4 0c aa 76 62 c6 cf 31 56 f2 8d 74 95 69 Oct 31 15:24:53.229876: | ef 73 86 32 ab ac 85 f5 67 fd ac d4 2d a2 ac 56 Oct 31 15:24:53.229877: | 85 ad c0 52 fa e9 02 38 3c 15 0a 11 67 eb 19 bf Oct 31 15:24:53.229878: | 42 61 c5 2f 60 4b b3 7c b1 0c 84 32 8c ba 37 8a Oct 31 15:24:53.229880: | 26 ce 65 60 25 af e5 6a c1 b0 64 87 b1 52 82 25 Oct 31 15:24:53.229883: | d8 df 8d ce ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 Oct 31 15:24:53.229884: | 5f 9e e7 6c a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 Oct 31 15:24:53.229886: | 5c 3f 68 d2 a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 Oct 31 15:24:53.229887: | 08 c4 aa 12 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd Oct 31 15:24:53.229888: | ee 06 bb b8 3d 64 fb ae cd cb 32 5b e3 0f fe af Oct 31 15:24:53.229890: | 7c d0 04 f5 29 00 00 24 c7 ab 3b 55 7c 29 81 36 Oct 31 15:24:53.229891: | e6 d7 1d ae c2 f5 a4 e1 50 94 30 d9 d7 92 32 e4 Oct 31 15:24:53.229892: | 77 14 37 1c 49 21 53 05 29 00 00 08 00 00 40 2e Oct 31 15:24:53.229894: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:53.229895: | 00 1c 00 00 40 04 cd 8a 01 4e 16 66 df c8 51 92 Oct 31 15:24:53.229896: | 76 15 da 6e eb 50 cc 6f 43 f4 00 00 00 1c 00 00 Oct 31 15:24:53.229898: | 40 05 e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 Oct 31 15:24:53.229899: | 3e 05 93 21 9a 9a Oct 31 15:24:53.229969: | sent 1 messages Oct 31 15:24:53.229977: | #1 spent 0.163 (0.2) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:53.229981: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:53.229990: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:53.229993: | **parse ISAKMP Message (raw): Oct 31 15:24:53.229996: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:53.229999: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:53.230001: | next payload type: 33 (21) Oct 31 15:24:53.230003: | ISAKMP version: 32 (20) Oct 31 15:24:53.230004: | exchange type: 34 (22) Oct 31 15:24:53.230006: | flags: 8 (08) Oct 31 15:24:53.230008: | Message ID: 0 (00 00 00 00) Oct 31 15:24:53.230010: | length: 454 (00 00 01 c6) Oct 31 15:24:53.230013: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:53.230014: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:53.230016: | rejected packet: Oct 31 15:24:53.230017: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:53.230019: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:53.230020: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:53.230021: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:53.230023: | control: Oct 31 15:24:53.230024: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:53.230025: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:53.230027: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:53.230028: | name: Oct 31 15:24:53.230029: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:53.230035: "north-eastnets/0x1" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:53.230039: | spent 0.0519 (0.0519) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:53.230042: | spent 0.0562 (0.0562) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:54.030799: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:54.030856: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:54.030879: | libevent_free: delref ptr-libevent@0x562b96ab75d8 Oct 31 15:24:54.030895: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:54.030920: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:54.030934: | IKEv2 retransmit event Oct 31 15:24:54.030950: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:54.030962: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #1 attempt 2 of 0 Oct 31 15:24:54.030974: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 6 Oct 31 15:24:54.030997: | #1 STATE_PARENT_I1: retransmits: current time 744568.463788 Oct 31 15:24:54.031006: | #1 STATE_PARENT_I1: retransmits: retransmit count 5 exceeds limit? NO Oct 31 15:24:54.031015: | #1 STATE_PARENT_I1: retransmits: deltatime 1.6 exceeds limit? NO Oct 31 15:24:54.031024: | #1 STATE_PARENT_I1: retransmits: monotime 1.605928 exceeds limit? NO Oct 31 15:24:54.031035: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:54.031044: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #1 Oct 31 15:24:54.031054: | libevent_malloc: newref ptr-libevent@0x562b96ab75d8 size 128 Oct 31 15:24:54.031069: "north-eastnets/0x1" #1: STATE_PARENT_I1: retransmission; will wait 1.6 seconds for response Oct 31 15:24:54.031090: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:54.031098: | 39 a0 1b dc 13 1c ca 88 00 00 00 00 00 00 00 00 Oct 31 15:24:54.031105: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:54.031112: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:54.031119: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:54.031125: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:54.031132: | 00 0e 00 00 4d 61 7b 57 e1 81 0e 19 19 c6 60 c2 Oct 31 15:24:54.031139: | 33 11 15 27 af 1f 43 c6 47 c6 90 fb 8e 36 6a e6 Oct 31 15:24:54.031145: | 01 7a 68 13 a6 0f 4f 11 44 30 90 26 67 bb c1 41 Oct 31 15:24:54.031152: | 13 28 ed e4 9a 1c 19 15 00 38 ce ac 46 e1 5e c0 Oct 31 15:24:54.031158: | 3a df a2 c4 90 f6 81 e1 c7 76 92 8e b3 2c 2d dc Oct 31 15:24:54.031165: | 03 a0 f5 64 6f 7e f3 12 8e 35 37 23 55 cb 8a 39 Oct 31 15:24:54.031172: | 2a 19 d4 0c aa 76 62 c6 cf 31 56 f2 8d 74 95 69 Oct 31 15:24:54.031178: | ef 73 86 32 ab ac 85 f5 67 fd ac d4 2d a2 ac 56 Oct 31 15:24:54.031252: | 85 ad c0 52 fa e9 02 38 3c 15 0a 11 67 eb 19 bf Oct 31 15:24:54.031281: | 42 61 c5 2f 60 4b b3 7c b1 0c 84 32 8c ba 37 8a Oct 31 15:24:54.031297: | 26 ce 65 60 25 af e5 6a c1 b0 64 87 b1 52 82 25 Oct 31 15:24:54.031309: | d8 df 8d ce ff 58 e4 ed 4e 0e 0e 18 d6 c2 8b 83 Oct 31 15:24:54.031322: | 5f 9e e7 6c a8 20 db c4 45 a6 a5 a4 b1 3f 02 f2 Oct 31 15:24:54.031334: | 5c 3f 68 d2 a4 4b 45 53 07 d6 a3 e5 b4 cb 84 27 Oct 31 15:24:54.031346: | 08 c4 aa 12 8f b5 12 b3 e2 e7 9e 5a 95 63 7b cd Oct 31 15:24:54.031359: | ee 06 bb b8 3d 64 fb ae cd cb 32 5b e3 0f fe af Oct 31 15:24:54.031371: | 7c d0 04 f5 29 00 00 24 c7 ab 3b 55 7c 29 81 36 Oct 31 15:24:54.031384: | e6 d7 1d ae c2 f5 a4 e1 50 94 30 d9 d7 92 32 e4 Oct 31 15:24:54.031396: | 77 14 37 1c 49 21 53 05 29 00 00 08 00 00 40 2e Oct 31 15:24:54.031408: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:54.031420: | 00 1c 00 00 40 04 cd 8a 01 4e 16 66 df c8 51 92 Oct 31 15:24:54.031431: | 76 15 da 6e eb 50 cc 6f 43 f4 00 00 00 1c 00 00 Oct 31 15:24:54.031443: | 40 05 e1 ba 35 f4 2b e6 f9 be 8d f6 29 bc 76 66 Oct 31 15:24:54.031454: | 3e 05 93 21 9a 9a Oct 31 15:24:54.031580: | sent 1 messages Oct 31 15:24:54.031632: | #1 spent 0.719 (0.825) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:54.031681: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:54.797023: | spent 0.00239 (0.00246) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:54.797046: | newref struct msg_digest@0x562b96abde78(0->1) (in read_message() at demux.c:103) Oct 31 15:24:54.797050: | newref alloc logger@0x562b96aa9108(0->1) (in read_message() at demux.c:103) Oct 31 15:24:54.797057: | *received 454 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:54.797060: | 2f db aa cf a4 4d 20 39 00 00 00 00 00 00 00 00 Oct 31 15:24:54.797062: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:54.797064: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:54.797068: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:54.797070: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:54.797072: | 00 0e 00 00 dd 22 5b 2d 0f 1c fd dc 7b 30 39 c8 Oct 31 15:24:54.797074: | 2b f3 39 c4 b2 d0 da 68 a0 b5 20 fe b7 a8 07 3e Oct 31 15:24:54.797076: | 0b de 79 2d 75 90 8a 7f 53 d2 d6 d1 01 f1 27 0e Oct 31 15:24:54.797077: | f5 36 66 28 be 89 94 35 91 04 fa 3c ef 43 e4 d0 Oct 31 15:24:54.797079: | f4 7e 92 8d 9b 53 15 3e 98 9a 30 81 e0 8f ff 4d Oct 31 15:24:54.797081: | d3 ee 0b 5e c8 f2 ca b7 25 57 66 5c ad cd bc 39 Oct 31 15:24:54.797083: | cf 6e 66 5b 15 3e 52 6a 00 cf ec 67 c9 5e 14 64 Oct 31 15:24:54.797085: | b5 77 4f 61 46 f6 7a c1 33 4a 98 00 a2 4d 5e 15 Oct 31 15:24:54.797087: | ee a6 fe 0a e2 52 2b a3 e1 7c 2c 2f e4 fb 98 8c Oct 31 15:24:54.797089: | bb 03 cf dd d9 c9 ee 2a 63 e8 19 42 17 b4 18 6c Oct 31 15:24:54.797091: | ac 41 a9 9c ab 14 c8 65 c6 be fa d1 d1 7c af 1e Oct 31 15:24:54.797092: | 42 c8 d7 d8 4f 06 a4 f4 57 e8 cb 51 4f 23 cf fc Oct 31 15:24:54.797094: | 83 f5 f6 ae 4f 9e c2 d7 e8 4b 74 b7 6b 68 ef a4 Oct 31 15:24:54.797095: | 56 70 04 c3 27 49 5b 73 35 8b 8c 6b 17 61 18 b6 Oct 31 15:24:54.797096: | 17 f9 13 48 a9 0a be 43 a9 2c 29 db 60 3e 9d 16 Oct 31 15:24:54.797098: | b0 f4 0e 78 fe bb 09 33 ac 6a bd 9f a9 28 81 1f Oct 31 15:24:54.797100: | 28 4b 68 1c 29 00 00 24 d4 54 5e 5f 6b 55 c1 ba Oct 31 15:24:54.797102: | f6 b1 b0 fd 37 92 8f 1c f9 e6 1d af 21 b5 a0 d1 Oct 31 15:24:54.797104: | 03 1a 6f 08 51 6c 51 d2 29 00 00 08 00 00 40 2e Oct 31 15:24:54.797109: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:54.797111: | 00 1c 00 00 40 04 40 11 51 9b d0 4f 43 2a 8c 95 Oct 31 15:24:54.797114: | 98 f6 5c 37 a3 12 2e 60 9a 1e 00 00 00 1c 00 00 Oct 31 15:24:54.797116: | 40 05 ba e7 12 8f 9f 7b d4 70 60 7f 1e bc 2a 73 Oct 31 15:24:54.797118: | 9c 9d 98 8b 88 df Oct 31 15:24:54.797123: | **parse ISAKMP Message: Oct 31 15:24:54.797128: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:24:54.797132: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:54.797135: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:54.797138: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:54.797141: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:54.797144: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:54.797148: | Message ID: 0 (00 00 00 00) Oct 31 15:24:54.797152: | length: 454 (00 00 01 c6) Oct 31 15:24:54.797155: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:54.797158: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Oct 31 15:24:54.797161: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:54.797163: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:54.797166: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:54.797167: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:54.797169: | flags: none (0x0) Oct 31 15:24:54.797171: | length: 48 (00 30) Oct 31 15:24:54.797172: | processing payload: ISAKMP_NEXT_v2SA (len=44) Oct 31 15:24:54.797174: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:54.797177: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:54.797179: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:54.797184: | flags: none (0x0) Oct 31 15:24:54.797188: | length: 264 (01 08) Oct 31 15:24:54.797191: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:54.797193: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:54.797196: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:54.797203: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:54.797209: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:54.797212: | flags: none (0x0) Oct 31 15:24:54.797215: | length: 36 (00 24) Oct 31 15:24:54.797220: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:54.797222: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:54.797225: | ***parse IKEv2 Notify Payload: Oct 31 15:24:54.797228: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:54.797230: | flags: none (0x0) Oct 31 15:24:54.797234: | length: 8 (00 08) Oct 31 15:24:54.797237: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.797240: | SPI size: 0 (00) Oct 31 15:24:54.797243: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:54.797245: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:54.797248: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:54.797250: | ***parse IKEv2 Notify Payload: Oct 31 15:24:54.797251: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:54.797253: | flags: none (0x0) Oct 31 15:24:54.797255: | length: 14 (00 0e) Oct 31 15:24:54.797269: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.797271: | SPI size: 0 (00) Oct 31 15:24:54.797272: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:54.797274: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:54.797275: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:54.797276: | ***parse IKEv2 Notify Payload: Oct 31 15:24:54.797278: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:54.797279: | flags: none (0x0) Oct 31 15:24:54.797281: | length: 28 (00 1c) Oct 31 15:24:54.797282: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.797284: | SPI size: 0 (00) Oct 31 15:24:54.797285: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:54.797287: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:54.797288: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:54.797290: | ***parse IKEv2 Notify Payload: Oct 31 15:24:54.797291: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.797293: | flags: none (0x0) Oct 31 15:24:54.797294: | length: 28 (00 1c) Oct 31 15:24:54.797296: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.797297: | SPI size: 0 (00) Oct 31 15:24:54.797299: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:54.797300: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:54.797302: | DDOS disabled and no cookie sent, continuing Oct 31 15:24:54.797304: | looking for message matching transition from STATE_PARENT_R0 Oct 31 15:24:54.797305: | trying Respond to IKE_SA_INIT Oct 31 15:24:54.797307: | matched unencrypted message Oct 31 15:24:54.797311: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Oct 31 15:24:54.797315: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:54.797317: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:54.797319: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (north-eastnets/0x1) Oct 31 15:24:54.797320: | find_next_host_connection returns "north-eastnets/0x1" Oct 31 15:24:54.797322: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:54.797324: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (north-eastnets/0x2) Oct 31 15:24:54.797326: | find_next_host_connection returns "north-eastnets/0x2" Oct 31 15:24:54.797327: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:54.797329: | find_next_host_connection returns Oct 31 15:24:54.797331: | found connection: "north-eastnets/0x1" with policy ECDSA+IKEV2_ALLOW Oct 31 15:24:54.797349: | newref alloc logger@0x562b96abac28(0->1) (in new_state() at state.c:576) Oct 31 15:24:54.797351: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:54.797353: | creating state object #2 at 0x562b96abf888 Oct 31 15:24:54.797355: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:54.797362: | pstats #2 ikev2.ike started Oct 31 15:24:54.797365: | parent state #2: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Oct 31 15:24:54.797368: | #2.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:54.797373: | Message ID: IKE #2 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744569.230166 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744569.230166 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:54.797376: | orienting north-eastnets/0x1 Oct 31 15:24:54.797379: | north-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:54.797381: | north-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:54.797383: | north-eastnets/0x1 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:54.797385: | north-eastnets/0x1 doesn't match 192.0.2.254:500 at all Oct 31 15:24:54.797387: | north-eastnets/0x1 doesn't match 192.0.22.251:4500 at all Oct 31 15:24:54.797389: | north-eastnets/0x1 doesn't match 192.0.22.251:500 at all Oct 31 15:24:54.797391: | north-eastnets/0x1 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:54.797393: | north-eastnets/0x1 doesn't match 192.0.22.254:500 at all Oct 31 15:24:54.797395: | north-eastnets/0x1 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:54.797398: | north-eastnets/0x1 doesn't match 192.0.2.251:500 at all Oct 31 15:24:54.797400: | north-eastnets/0x1 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:54.797401: | oriented north-eastnets/0x1's this Oct 31 15:24:54.797406: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1758) Oct 31 15:24:54.797410: | Message ID: IKE #2 responder starting message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.230166 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:54.797411: | calling processor Respond to IKE_SA_INIT Oct 31 15:24:54.797415: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:54.797420: | using existing local IKE proposals for connection north-eastnets/0x1 (IKE SA responder matching remote proposals): 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:54.797421: | comparing remote proposals against IKE responder 1 local proposals Oct 31 15:24:54.797424: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:54.797425: | local proposal 1 type PRF has 1 transforms Oct 31 15:24:54.797427: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:54.797428: | local proposal 1 type DH has 1 transforms Oct 31 15:24:54.797430: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:54.797432: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:54.797434: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:54.797436: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:54.797437: | length: 44 (00 2c) Oct 31 15:24:54.797439: | prop #: 1 (01) Oct 31 15:24:54.797441: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:54.797442: | spi size: 0 (00) Oct 31 15:24:54.797444: | # transforms: 4 (04) Oct 31 15:24:54.797446: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:54.797448: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:54.797449: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.797451: | length: 12 (00 0c) Oct 31 15:24:54.797453: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:54.797454: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:54.797456: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:54.797457: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:54.797459: | length/value: 256 (01 00) Oct 31 15:24:54.797462: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:54.797465: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:54.797466: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.797468: | length: 8 (00 08) Oct 31 15:24:54.797469: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:54.797471: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:54.797473: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:54.797474: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:54.797476: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.797477: | length: 8 (00 08) Oct 31 15:24:54.797479: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:54.797480: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:54.797482: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:54.797484: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:54.797485: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:54.797487: | length: 8 (00 08) Oct 31 15:24:54.797488: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:54.797489: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:54.797491: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:54.797494: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Oct 31 15:24:54.797497: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Oct 31 15:24:54.797498: | remote proposal 1 matches local proposal 1 Oct 31 15:24:54.797502: "north-eastnets/0x1" #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Oct 31 15:24:54.797505: | accepted IKE proposal ikev2_proposal: 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:54.797506: | converting proposal to internal trans attrs Oct 31 15:24:54.797510: | nat: IKE.SPIr is zero Oct 31 15:24:54.797516: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:54.797517: | natd_hash: icookie= Oct 31 15:24:54.797519: | 2f db aa cf a4 4d 20 39 Oct 31 15:24:54.797520: | natd_hash: rcookie= Oct 31 15:24:54.797522: | 00 00 00 00 00 00 00 00 Oct 31 15:24:54.797523: | natd_hash: ip= Oct 31 15:24:54.797524: | c0 01 02 17 Oct 31 15:24:54.797526: | natd_hash: port= Oct 31 15:24:54.797527: | 01 f4 Oct 31 15:24:54.797528: | natd_hash: hash= Oct 31 15:24:54.797530: | ba e7 12 8f 9f 7b d4 70 60 7f 1e bc 2a 73 9c 9d Oct 31 15:24:54.797531: | 98 8b 88 df Oct 31 15:24:54.797532: | nat: IKE.SPIr is zero Oct 31 15:24:54.797536: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:54.797537: | natd_hash: icookie= Oct 31 15:24:54.797538: | 2f db aa cf a4 4d 20 39 Oct 31 15:24:54.797540: | natd_hash: rcookie= Oct 31 15:24:54.797541: | 00 00 00 00 00 00 00 00 Oct 31 15:24:54.797542: | natd_hash: ip= Oct 31 15:24:54.797543: | c0 01 03 21 Oct 31 15:24:54.797545: | natd_hash: port= Oct 31 15:24:54.797546: | 01 f4 Oct 31 15:24:54.797547: | natd_hash: hash= Oct 31 15:24:54.797549: | 40 11 51 9b d0 4f 43 2a 8c 95 98 f6 5c 37 a3 12 Oct 31 15:24:54.797550: | 2e 60 9a 1e Oct 31 15:24:54.797552: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:54.797553: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:54.797554: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:54.797556: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Oct 31 15:24:54.797558: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:54.797559: | hash algorithm identifier (network ordered) Oct 31 15:24:54.797561: | 00 02 Oct 31 15:24:54.797562: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:54.797564: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:54.797579: | hash algorithm identifier (network ordered) Oct 31 15:24:54.797580: | 00 03 Oct 31 15:24:54.797582: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:54.797583: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:54.797584: | hash algorithm identifier (network ordered) Oct 31 15:24:54.797586: | 00 04 Oct 31 15:24:54.797587: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:54.797592: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:54.797593: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:54.797595: | newref clone logger@0x562b96aa9418(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:54.797597: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): adding job to queue Oct 31 15:24:54.797599: | state #2 has no .st_event to delete Oct 31 15:24:54.797603: | #2 STATE_PARENT_R0: retransmits: cleared Oct 31 15:24:54.797608: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ab76c8 Oct 31 15:24:54.797611: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Oct 31 15:24:54.797614: | libevent_malloc: newref ptr-libevent@0x562b96aba028 size 128 Oct 31 15:24:54.797625: | #2 spent 0.209 (0.209) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch() Oct 31 15:24:54.797631: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:54.797635: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Oct 31 15:24:54.797639: | suspending state #2 and saving MD 0x562b96abde78 Oct 31 15:24:54.797643: | addref md@0x562b96abde78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:54.797634: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): helper 3 starting job Oct 31 15:24:54.797646: | #2 is busy; has suspended MD 0x562b96abde78 Oct 31 15:24:54.797661: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1760) Oct 31 15:24:54.797667: | #2 spent 0.644 (0.651) milliseconds in ikev2_process_packet() Oct 31 15:24:54.797670: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:54.797673: | delref mdp@0x562b96abde78(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:54.797676: | spent 0.655 (0.661) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:54.798860: | "north-eastnets/0x1" #2: spent 1.21 (1.23) milliseconds in helper 3 processing job 2 for state #2: ikev2_inI1outR1 KE (pcr) Oct 31 15:24:54.798870: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): helper thread 3 sending result back to state Oct 31 15:24:54.798873: | scheduling resume sending helper answer back to state for #2 Oct 31 15:24:54.798875: | libevent_malloc: newref ptr-libevent@0x7f10bc006108 size 128 Oct 31 15:24:54.798882: | helper thread 3 has nothing to do Oct 31 15:24:54.798890: | processing resume sending helper answer back to state for #2 Oct 31 15:24:54.798898: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:54.798902: | unsuspending #2 MD 0x562b96abde78 Oct 31 15:24:54.798904: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): processing response from helper 3 Oct 31 15:24:54.798918: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): calling continuation function 0x562b9558bfe7 Oct 31 15:24:54.798921: | ikev2_parent_inI1outR1_continue() for #2 STATE_PARENT_R0: calculated ke+nonce, sending R1 Oct 31 15:24:54.798925: | opening output PBS reply packet Oct 31 15:24:54.798927: | **emit ISAKMP Message: Oct 31 15:24:54.798930: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:24:54.798933: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:54.798934: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:54.798938: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:54.798940: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:54.798941: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:54.798944: | Message ID: 0 (00 00 00 00) Oct 31 15:24:54.798946: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:54.798948: | emitting ikev2_proposal ... Oct 31 15:24:54.798949: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:54.798951: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.798952: | flags: none (0x0) Oct 31 15:24:54.798954: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:54.798956: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:54.798959: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:54.798961: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:54.798963: | prop #: 1 (01) Oct 31 15:24:54.798964: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:54.798966: | spi size: 0 (00) Oct 31 15:24:54.798968: | # transforms: 4 (04) Oct 31 15:24:54.798969: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:54.798971: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:54.798973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.798974: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:54.798976: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:54.798977: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:54.798979: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:54.798981: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:54.798983: | length/value: 256 (01 00) Oct 31 15:24:54.798984: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:54.798986: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:54.798987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.798989: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:54.798990: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:54.798992: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.798994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:54.798996: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:54.798997: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:54.798998: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.799000: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:54.799001: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:54.799003: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.799004: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:54.799006: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:54.799007: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:54.799009: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:54.799010: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:54.799011: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:54.799013: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:54.799015: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:54.799017: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:54.799018: | emitting length of IKEv2 Proposal Substructure Payload: 44 Oct 31 15:24:54.799020: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:54.799021: | emitting length of IKEv2 Security Association Payload: 48 Oct 31 15:24:54.799022: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:54.799025: | DH secret MODP2048@0x7f10bc006ba8: transferring ownership from helper KE to state #2 Oct 31 15:24:54.799027: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:54.799028: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.799030: | flags: none (0x0) Oct 31 15:24:54.799031: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:54.799033: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:54.799034: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:54.799036: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:54.799038: | ikev2 g^x: Oct 31 15:24:54.799039: | 02 9c d5 f6 7c 65 ce 83 31 ff 86 fe 8f 24 c5 b6 Oct 31 15:24:54.799041: | 5b 01 4a 2d a5 39 6c df d2 57 1f bf 5d 0a df 48 Oct 31 15:24:54.799042: | 57 fc c5 47 86 93 5e b3 d8 a1 40 21 d6 5a 07 b7 Oct 31 15:24:54.799043: | ae a0 3b 51 cf 8a ab e2 21 be 1f eb ad d5 9f 7d Oct 31 15:24:54.799045: | 6c bf 2f 2a 0d e6 c4 f7 24 63 89 1a 9c c9 10 e2 Oct 31 15:24:54.799046: | fd 86 89 8b d5 0e b6 03 87 aa bc e5 44 94 7e a8 Oct 31 15:24:54.799047: | 38 2e 16 6d c9 c5 20 83 28 b8 e8 04 0f fd 1a b1 Oct 31 15:24:54.799049: | 65 d9 f6 cc b6 40 9c 54 d1 3c a0 45 91 66 be f2 Oct 31 15:24:54.799050: | c3 db 56 3f a5 8e 9e 9d 70 5a 9b 2d 0d 31 c8 c7 Oct 31 15:24:54.799051: | 1f 6a 69 3f 6b f8 a4 3b 12 88 66 13 5b ad 56 f1 Oct 31 15:24:54.799053: | aa 9f 5b f5 e4 fd 15 01 ab ff b0 85 99 a0 25 fe Oct 31 15:24:54.799054: | 19 52 3f 23 1f fd ee ed dd 43 74 74 92 32 32 27 Oct 31 15:24:54.799055: | 86 ac ad 43 6c fd bd a7 6a ea 12 44 43 24 c8 34 Oct 31 15:24:54.799057: | 95 d3 9d c9 83 d5 31 63 18 c2 07 cd 47 53 d7 b4 Oct 31 15:24:54.799058: | d0 d1 c8 d1 4f 6f 92 74 4a 29 e4 bf 94 27 bc dc Oct 31 15:24:54.799059: | 25 d1 c7 52 6b 50 ca 35 83 ed 15 18 34 d4 bf f0 Oct 31 15:24:54.799061: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:54.799062: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:54.799064: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.799065: | flags: none (0x0) Oct 31 15:24:54.799067: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:54.799068: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:54.799070: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:54.799071: | IKEv2 nonce: Oct 31 15:24:54.799073: | 80 50 16 df 8e d4 42 f2 bb fc 32 4f 6c 52 f1 fb Oct 31 15:24:54.799074: | cf dd d2 e9 ef ee aa b7 fd 8b de 34 11 dd 8b 6b Oct 31 15:24:54.799076: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:54.799078: | adding a v2N Payload Oct 31 15:24:54.799079: | ***emit IKEv2 Notify Payload: Oct 31 15:24:54.799081: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.799082: | flags: none (0x0) Oct 31 15:24:54.799084: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.799085: | SPI size: 0 (00) Oct 31 15:24:54.799090: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:54.799092: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:54.799094: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:54.799095: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:54.799097: | adding a v2N Payload Oct 31 15:24:54.799098: | ***emit IKEv2 Notify Payload: Oct 31 15:24:54.799099: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.799101: | flags: none (0x0) Oct 31 15:24:54.799102: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.799104: | SPI size: 0 (00) Oct 31 15:24:54.799105: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:54.799107: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:54.799108: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:54.799110: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:54.799112: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:54.799113: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:54.799115: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:54.799116: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:54.799118: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:54.799119: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:54.799121: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:54.799131: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:54.799133: | natd_hash: icookie= Oct 31 15:24:54.799134: | 2f db aa cf a4 4d 20 39 Oct 31 15:24:54.799136: | natd_hash: rcookie= Oct 31 15:24:54.799137: | 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:54.799138: | natd_hash: ip= Oct 31 15:24:54.799140: | c0 01 02 17 Oct 31 15:24:54.799141: | natd_hash: port= Oct 31 15:24:54.799142: | 01 f4 Oct 31 15:24:54.799144: | natd_hash: hash= Oct 31 15:24:54.799145: | 7e 01 17 ef c3 bc 71 48 04 d4 c3 47 3c 99 74 03 Oct 31 15:24:54.799146: | 53 3e 8f f5 Oct 31 15:24:54.799148: | adding a v2N Payload Oct 31 15:24:54.799149: | ***emit IKEv2 Notify Payload: Oct 31 15:24:54.799151: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.799152: | flags: none (0x0) Oct 31 15:24:54.799153: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.799155: | SPI size: 0 (00) Oct 31 15:24:54.799156: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:54.799158: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:54.799160: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:54.799162: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:54.799164: | Notify data: Oct 31 15:24:54.799168: | 7e 01 17 ef c3 bc 71 48 04 d4 c3 47 3c 99 74 03 Oct 31 15:24:54.799171: | 53 3e 8f f5 Oct 31 15:24:54.799174: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:54.799183: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:54.799186: | natd_hash: icookie= Oct 31 15:24:54.799188: | 2f db aa cf a4 4d 20 39 Oct 31 15:24:54.799190: | natd_hash: rcookie= Oct 31 15:24:54.799192: | 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:54.799195: | natd_hash: ip= Oct 31 15:24:54.799197: | c0 01 03 21 Oct 31 15:24:54.799233: | natd_hash: port= Oct 31 15:24:54.799236: | 01 f4 Oct 31 15:24:54.799238: | natd_hash: hash= Oct 31 15:24:54.799240: | de 43 10 52 23 d1 e0 ef e7 e2 e8 e2 50 78 49 4c Oct 31 15:24:54.799245: | f1 88 c1 48 Oct 31 15:24:54.799246: | adding a v2N Payload Oct 31 15:24:54.799248: | ***emit IKEv2 Notify Payload: Oct 31 15:24:54.799250: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:54.799252: | flags: none (0x0) Oct 31 15:24:54.799254: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:54.799259: | SPI size: 0 (00) Oct 31 15:24:54.799263: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:54.799266: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:54.799269: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:54.799272: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:54.799274: | Notify data: Oct 31 15:24:54.799276: | de 43 10 52 23 d1 e0 ef e7 e2 e8 e2 50 78 49 4c Oct 31 15:24:54.799279: | f1 88 c1 48 Oct 31 15:24:54.799281: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:54.799284: | emitting length of ISAKMP Message: 454 Oct 31 15:24:54.799291: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:54.799296: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Oct 31 15:24:54.799299: | transitioning from state STATE_PARENT_R0 to state STATE_PARENT_R1 Oct 31 15:24:54.799302: | Message ID: updating counters for #2 Oct 31 15:24:54.799308: | Message ID: IKE #2 updating responder received message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=-1 ike.responder.recv=-1->0 ike.responder.last_contact=744569.230166->744569.2321 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:54.799312: | Message ID: IKE #2 updating responder sent message response 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=-1->0 ike.responder.recv=0 ike.responder.last_contact=744569.2321 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:54.799316: | Message ID: IKE #2 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.2321 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:54.799318: | parent state #2: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Oct 31 15:24:54.799320: | announcing the state transition Oct 31 15:24:54.799324: "north-eastnets/0x1" #2: sent IKE_SA_INIT reply {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Oct 31 15:24:54.799329: | sending 454 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #2) Oct 31 15:24:54.799330: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:54.799345: | 21 20 22 20 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:54.799346: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:54.799348: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:54.799349: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:54.799350: | 00 0e 00 00 02 9c d5 f6 7c 65 ce 83 31 ff 86 fe Oct 31 15:24:54.799351: | 8f 24 c5 b6 5b 01 4a 2d a5 39 6c df d2 57 1f bf Oct 31 15:24:54.799353: | 5d 0a df 48 57 fc c5 47 86 93 5e b3 d8 a1 40 21 Oct 31 15:24:54.799354: | d6 5a 07 b7 ae a0 3b 51 cf 8a ab e2 21 be 1f eb Oct 31 15:24:54.799355: | ad d5 9f 7d 6c bf 2f 2a 0d e6 c4 f7 24 63 89 1a Oct 31 15:24:54.799357: | 9c c9 10 e2 fd 86 89 8b d5 0e b6 03 87 aa bc e5 Oct 31 15:24:54.799358: | 44 94 7e a8 38 2e 16 6d c9 c5 20 83 28 b8 e8 04 Oct 31 15:24:54.799359: | 0f fd 1a b1 65 d9 f6 cc b6 40 9c 54 d1 3c a0 45 Oct 31 15:24:54.799361: | 91 66 be f2 c3 db 56 3f a5 8e 9e 9d 70 5a 9b 2d Oct 31 15:24:54.799362: | 0d 31 c8 c7 1f 6a 69 3f 6b f8 a4 3b 12 88 66 13 Oct 31 15:24:54.799365: | 5b ad 56 f1 aa 9f 5b f5 e4 fd 15 01 ab ff b0 85 Oct 31 15:24:54.799366: | 99 a0 25 fe 19 52 3f 23 1f fd ee ed dd 43 74 74 Oct 31 15:24:54.799367: | 92 32 32 27 86 ac ad 43 6c fd bd a7 6a ea 12 44 Oct 31 15:24:54.799369: | 43 24 c8 34 95 d3 9d c9 83 d5 31 63 18 c2 07 cd Oct 31 15:24:54.799370: | 47 53 d7 b4 d0 d1 c8 d1 4f 6f 92 74 4a 29 e4 bf Oct 31 15:24:54.799371: | 94 27 bc dc 25 d1 c7 52 6b 50 ca 35 83 ed 15 18 Oct 31 15:24:54.799373: | 34 d4 bf f0 29 00 00 24 80 50 16 df 8e d4 42 f2 Oct 31 15:24:54.799374: | bb fc 32 4f 6c 52 f1 fb cf dd d2 e9 ef ee aa b7 Oct 31 15:24:54.799375: | fd 8b de 34 11 dd 8b 6b 29 00 00 08 00 00 40 2e Oct 31 15:24:54.799377: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:54.799378: | 00 1c 00 00 40 04 7e 01 17 ef c3 bc 71 48 04 d4 Oct 31 15:24:54.799379: | c3 47 3c 99 74 03 53 3e 8f f5 00 00 00 1c 00 00 Oct 31 15:24:54.799381: | 40 05 de 43 10 52 23 d1 e0 ef e7 e2 e8 e2 50 78 Oct 31 15:24:54.799382: | 49 4c f1 88 c1 48 Oct 31 15:24:54.799419: | sent 1 messages Oct 31 15:24:54.799434: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:54.799437: | libevent_free: delref ptr-libevent@0x562b96aba028 Oct 31 15:24:54.799439: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ab76c8 Oct 31 15:24:54.799442: | event_schedule: newref EVENT_SO_DISCARD-pe@0x562b96aba028 Oct 31 15:24:54.799443: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #2 Oct 31 15:24:54.799445: | libevent_malloc: newref ptr-libevent@0x562b96ac17b8 size 128 Oct 31 15:24:54.799448: | delref logger@0x562b96aa9418(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:54.799450: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:54.799451: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:54.799453: | resume sending helper answer back to state for #2 suppresed complete_v2_state_transition() Oct 31 15:24:54.799455: | delref mdp@0x562b96abde78(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:54.799457: | delref logger@0x562b96aa9108(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:54.799459: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:54.799460: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:54.799465: | #2 spent 0.511 (0.562) milliseconds in resume sending helper answer back to state Oct 31 15:24:54.799468: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:54.799470: | libevent_free: delref ptr-libevent@0x7f10bc006108 Oct 31 15:24:55.037217: | spent 0.00255 (0.00249) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.037238: | newref struct msg_digest@0x562b96abde78(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.037243: | newref alloc logger@0x562b96aa9108(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.037250: | *received 454 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:55.037253: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.037255: | 21 20 22 20 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.037258: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.037260: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.037263: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:55.037265: | 00 0e 00 00 b6 16 05 74 7e 43 a9 e3 db 50 ab 7a Oct 31 15:24:55.037267: | 2a a5 91 88 04 a8 b4 c9 f3 60 45 16 a7 30 ee b0 Oct 31 15:24:55.037270: | bf 2c f4 61 db f1 b7 73 ef bf fe 50 b2 ab 13 b6 Oct 31 15:24:55.037272: | 27 1c ba 93 c1 82 13 09 80 cf 9c bf d2 43 fc 91 Oct 31 15:24:55.037274: | f0 86 68 01 b6 9c 4d e5 87 0a e4 3d c6 3c 01 1e Oct 31 15:24:55.037276: | b4 71 66 80 b7 ec 29 4e 7b 0c 2c c1 92 52 7b f8 Oct 31 15:24:55.037278: | 8d ea e0 a1 a2 f7 07 92 d4 34 3e 11 79 5e ea e3 Oct 31 15:24:55.037279: | cf da 34 b7 f6 49 79 75 9c 2b 7c c2 94 66 2d 6b Oct 31 15:24:55.037282: | 83 b4 bb 76 a9 85 fc 9c 08 00 4e d2 bf b5 a6 83 Oct 31 15:24:55.037284: | 3e 4a de b9 9c 69 23 8f 04 69 a4 84 5b d0 c9 47 Oct 31 15:24:55.037285: | 4e 33 c9 91 ab 61 7a ab a5 65 08 4d 99 dd cc df Oct 31 15:24:55.037286: | 8e ac f5 7d 1d 76 17 c6 ff fd 69 4a fe 29 09 80 Oct 31 15:24:55.037288: | 8e 83 59 a9 58 a1 35 c8 3e e1 b4 5c 9f 41 a9 ad Oct 31 15:24:55.037289: | d7 21 93 b0 cb d0 e9 66 57 13 e6 b1 1c 32 d8 01 Oct 31 15:24:55.037290: | ec c2 94 6a b4 0e 73 a6 73 fb f5 62 01 ea e6 bd Oct 31 15:24:55.037292: | c4 0b a8 c8 21 df 8d 2f 7a fb 45 a7 b7 fd 94 1a Oct 31 15:24:55.037293: | 0c 3e c7 b7 29 00 00 24 1d 53 54 71 c2 1a 8c 37 Oct 31 15:24:55.037294: | 92 34 4d 0c a0 91 d6 19 7a c0 f5 9f 6e 33 e4 ea Oct 31 15:24:55.037296: | ee 0c 32 f7 6e 21 91 b7 29 00 00 08 00 00 40 2e Oct 31 15:24:55.037297: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:55.037298: | 00 1c 00 00 40 04 5f f7 1d 21 b4 bb 4a 39 1b 35 Oct 31 15:24:55.037300: | 9e 2a 9e 08 8f 78 26 df d5 d3 00 00 00 1c 00 00 Oct 31 15:24:55.037301: | 40 05 4f cc 52 e4 75 bd ec 54 ec 5b 5a f7 90 d3 Oct 31 15:24:55.037302: | b7 5a 9e 35 b6 27 Oct 31 15:24:55.037306: | **parse ISAKMP Message: Oct 31 15:24:55.037309: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:55.037311: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.037313: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:55.037315: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.037316: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.037318: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:55.037320: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.037322: | length: 454 (00 00 01 c6) Oct 31 15:24:55.037324: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:55.037327: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:24:55.037330: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:55.037332: | #1 is idle Oct 31 15:24:55.037333: | #1 idle Oct 31 15:24:55.037334: | unpacking clear payloads Oct 31 15:24:55.037336: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:55.037338: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:55.037340: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:55.037342: | flags: none (0x0) Oct 31 15:24:55.037344: | length: 48 (00 30) Oct 31 15:24:55.037345: | processing payload: ISAKMP_NEXT_v2SA (len=44) Oct 31 15:24:55.037347: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:55.037349: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:55.037350: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:55.037351: | flags: none (0x0) Oct 31 15:24:55.037353: | length: 264 (01 08) Oct 31 15:24:55.037355: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.037356: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:55.037358: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.037359: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:55.037361: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.037362: | flags: none (0x0) Oct 31 15:24:55.037364: | length: 36 (00 24) Oct 31 15:24:55.037365: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:55.037367: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.037369: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.037370: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.037371: | flags: none (0x0) Oct 31 15:24:55.037373: | length: 8 (00 08) Oct 31 15:24:55.037375: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.037376: | SPI size: 0 (00) Oct 31 15:24:55.037378: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.037380: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:55.037383: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.037384: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.037386: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.037387: | flags: none (0x0) Oct 31 15:24:55.037389: | length: 14 (00 0e) Oct 31 15:24:55.037390: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.037392: | SPI size: 0 (00) Oct 31 15:24:55.037394: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:55.037395: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:55.037397: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.037398: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.037399: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.037401: | flags: none (0x0) Oct 31 15:24:55.037403: | length: 28 (00 1c) Oct 31 15:24:55.037404: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.037406: | SPI size: 0 (00) Oct 31 15:24:55.037407: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.037408: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.037410: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.037411: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.037413: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.037414: | flags: none (0x0) Oct 31 15:24:55.037416: | length: 28 (00 1c) Oct 31 15:24:55.037418: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.037423: | SPI size: 0 (00) Oct 31 15:24:55.037424: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.037426: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.037428: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:24:55.037429: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:24:55.037431: | message has errors Oct 31 15:24:55.037432: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:24:55.037434: | message has errors Oct 31 15:24:55.037435: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:24:55.037437: | message has errors Oct 31 15:24:55.037438: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:55.037439: | matched unencrypted message Oct 31 15:24:55.037444: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:24:55.037446: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:55.037449: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.037450: | hash algorithm identifier (network ordered) Oct 31 15:24:55.037451: | 00 02 Oct 31 15:24:55.037453: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:55.037454: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.037456: | hash algorithm identifier (network ordered) Oct 31 15:24:55.037457: | 00 03 Oct 31 15:24:55.037458: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:55.037460: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.037461: | hash algorithm identifier (network ordered) Oct 31 15:24:55.037462: | 00 04 Oct 31 15:24:55.037464: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:55.037465: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:24:55.037470: | using existing local IKE proposals for connection north-eastnets/0x1 (IKE SA initiator accepting remote proposal): 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:55.037473: | comparing remote proposals against IKE initiator (accepting) 1 local proposals Oct 31 15:24:55.037476: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:55.037478: | local proposal 1 type PRF has 1 transforms Oct 31 15:24:55.037479: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:55.037481: | local proposal 1 type DH has 1 transforms Oct 31 15:24:55.037482: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:55.037484: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:55.037486: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.037488: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.037490: | length: 44 (00 2c) Oct 31 15:24:55.037492: | prop #: 1 (01) Oct 31 15:24:55.037493: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.037495: | spi size: 0 (00) Oct 31 15:24:55.037496: | # transforms: 4 (04) Oct 31 15:24:55.037499: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:55.037501: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.037502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.037504: | length: 12 (00 0c) Oct 31 15:24:55.037505: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.037507: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.037509: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.037510: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.037512: | length/value: 256 (01 00) Oct 31 15:24:55.037515: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:55.037516: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.037518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.037520: | length: 8 (00 08) Oct 31 15:24:55.037521: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.037522: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.037525: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:55.037526: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.037528: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.037529: | length: 8 (00 08) Oct 31 15:24:55.037531: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.037532: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.037534: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:55.037536: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.037537: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.037539: | length: 8 (00 08) Oct 31 15:24:55.037540: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.037542: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.037544: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:55.037546: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Oct 31 15:24:55.037549: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Oct 31 15:24:55.037551: | remote proposal 1 matches local proposal 1 Oct 31 15:24:55.037553: | remote accepted the proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Oct 31 15:24:55.037555: | converting proposal to internal trans attrs Oct 31 15:24:55.037569: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:55.037570: | natd_hash: icookie= Oct 31 15:24:55.037572: | 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:55.037573: | natd_hash: rcookie= Oct 31 15:24:55.037575: | 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.037576: | natd_hash: ip= Oct 31 15:24:55.037577: | c0 01 02 17 Oct 31 15:24:55.037579: | natd_hash: port= Oct 31 15:24:55.037580: | 01 f4 Oct 31 15:24:55.037581: | natd_hash: hash= Oct 31 15:24:55.037584: | 4f cc 52 e4 75 bd ec 54 ec 5b 5a f7 90 d3 b7 5a Oct 31 15:24:55.037585: | 9e 35 b6 27 Oct 31 15:24:55.037589: | natd_hash: hasher=0x562b9567df80(20) Oct 31 15:24:55.037591: | natd_hash: icookie= Oct 31 15:24:55.037592: | 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:55.037593: | natd_hash: rcookie= Oct 31 15:24:55.037595: | 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.037596: | natd_hash: ip= Oct 31 15:24:55.037597: | c0 01 03 21 Oct 31 15:24:55.037598: | natd_hash: port= Oct 31 15:24:55.037600: | 01 f4 Oct 31 15:24:55.037601: | natd_hash: hash= Oct 31 15:24:55.037602: | 5f f7 1d 21 b4 bb 4a 39 1b 35 9e 2a 9e 08 8f 78 Oct 31 15:24:55.037604: | 26 df d5 d3 Oct 31 15:24:55.037606: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:55.037607: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:55.037608: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:55.037611: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Oct 31 15:24:55.037616: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Oct 31 15:24:55.037618: | DH secret MODP2048@0x7f10c4006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:55.037621: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.037623: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:55.037625: | newref clone logger@0x562b96aa9418(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.037627: | job 3 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:55.037628: | state #1 has no .st_event to delete Oct 31 15:24:55.037634: | #1 requesting EVENT_RETRANSMIT-pe@0x562b96ab9cd8 be deleted Oct 31 15:24:55.037636: | libevent_free: delref ptr-libevent@0x562b96ab75d8 Oct 31 15:24:55.037638: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.037640: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.037642: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ab75d8 Oct 31 15:24:55.037644: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.037646: | libevent_malloc: newref ptr-libevent@0x7f10bc006108 size 128 Oct 31 15:24:55.037655: | #1 spent 0.202 (0.205) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:24:55.037660: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.037664: | job 3 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 4 starting job Oct 31 15:24:55.037665: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:55.037674: | suspending state #1 and saving MD 0x562b96abde78 Oct 31 15:24:55.037677: | addref md@0x562b96abde78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.037679: | #1 is busy; has suspended MD 0x562b96abde78 Oct 31 15:24:55.037683: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:24:55.037688: | #1 spent 0.471 (0.479) milliseconds in ikev2_process_packet() Oct 31 15:24:55.037691: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.037694: | delref mdp@0x562b96abde78(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.037698: | spent 0.481 (0.489) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.038372: | calculating skeyseed using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey-size=32 salt-size=0 Oct 31 15:24:55.038524: | "north-eastnets/0x1" #1: spent 0.81 (0.858) milliseconds in helper 4 processing job 3 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:24:55.038530: | job 3 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 4 sending result back to state Oct 31 15:24:55.038534: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.038537: | libevent_malloc: newref ptr-libevent@0x7f10c0010a78 size 128 Oct 31 15:24:55.038549: | helper thread 4 has nothing to do Oct 31 15:24:55.038559: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.038571: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.038576: | unsuspending #1 MD 0x562b96abde78 Oct 31 15:24:55.038580: | job 3 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 4 Oct 31 15:24:55.038583: | job 3 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x562b9558bfe7 Oct 31 15:24:55.038586: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:24:55.038590: | DH secret MODP2048@0x7f10c4006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:55.038594: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:24:55.038615: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:55.038630: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@north of kind RSA Oct 31 15:24:55.038725: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:55.038967: | copying key using reference slot Oct 31 15:24:55.040490: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:55.040500: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:55.040507: "north-eastnets/0x1" #1: reloaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:55.040509: | connection north-eastnets/0x1's RSA private key found in NSS DB using CKAID Oct 31 15:24:55.040514: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.040515: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:55.040518: | newref clone logger@0x562b96ab9cd8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.040520: | job 4 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:55.040522: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.040526: | libevent_free: delref ptr-libevent@0x7f10bc006108 Oct 31 15:24:55.040528: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ab75d8 Oct 31 15:24:55.040530: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.040532: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ac1148 Oct 31 15:24:55.040534: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.040536: | libevent_malloc: newref ptr-libevent@0x562b96ac1098 size 128 Oct 31 15:24:55.040546: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.040549: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:55.040551: | suspending state #1 and saving MD 0x562b96abde78 Oct 31 15:24:55.040554: | addref md@0x562b96abde78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.040558: | #1 is busy; has suspended MD 0x562b96abde78 Oct 31 15:24:55.040564: | delref logger@0x562b96aa9418(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.040567: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.040569: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.040573: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:55.040576: | delref mdp@0x562b96abde78(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:55.040583: | job 4 for #1: computing responder signature (signature): helper 5 starting job Oct 31 15:24:55.040593: | hash to sign Oct 31 15:24:55.040596: | f1 6e 77 c4 13 e5 42 9f 26 76 a1 e8 b0 22 a5 4e Oct 31 15:24:55.040598: | 43 18 b1 88 94 d2 2c 7d 68 e0 63 41 33 d0 dd 05 Oct 31 15:24:55.040600: | cb 75 88 b3 6b 36 78 aa e7 41 b2 44 83 bc 10 a8 Oct 31 15:24:55.040584: | #1 spent 1.96 (2.01) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.040602: | 71 cb 04 91 b6 fd 27 5a c7 ed 2d e0 e8 af f9 ec Oct 31 15:24:55.040611: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.040614: | RSA_sign_hash: Started using NSS Oct 31 15:24:55.040618: | libevent_free: delref ptr-libevent@0x7f10c0010a78 Oct 31 15:24:55.046010: | RSA_sign_hash: Ended using NSS Oct 31 15:24:55.046033: | "north-eastnets/0x1" #1: spent 5.36 (5.42) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:55.046037: | "north-eastnets/0x1" #1: spent 5.39 (5.44) milliseconds in v2_auth_signature() Oct 31 15:24:55.046041: | "north-eastnets/0x1" #1: spent 5.4 (5.46) milliseconds in helper 5 processing job 4 for state #1: computing responder signature (signature) Oct 31 15:24:55.046043: | job 4 for #1: computing responder signature (signature): helper thread 5 sending result back to state Oct 31 15:24:55.046046: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.046050: | libevent_malloc: newref ptr-libevent@0x7f10b4000d38 size 128 Oct 31 15:24:55.046058: | helper thread 5 has nothing to do Oct 31 15:24:55.046071: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.046092: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.046098: | unsuspending #1 MD 0x562b96abde78 Oct 31 15:24:55.046102: | job 4 for #1: computing responder signature (signature): processing response from helper 5 Oct 31 15:24:55.046105: | job 4 for #1: computing responder signature (signature): calling continuation function 0x562b954ba77f Oct 31 15:24:55.046111: | newref alloc logger@0x562b96aa9418(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.046114: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:55.046117: | creating state object #3 at 0x562b96ac5868 Oct 31 15:24:55.046120: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:24:55.046126: | pstats #3 ikev2.child started Oct 31 15:24:55.046129: | duplicating state object #1 "north-eastnets/0x1" as #3 for IPSEC SA Oct 31 15:24:55.046135: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:55.046145: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744566.854355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:55.046150: | child state #3: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:24:55.046154: | #3.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:55.046162: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744566.854355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:24:55.046169: | Message ID: CHILD #1.#3 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744566.854355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:24:55.046174: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #3 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:24:55.046182: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.046186: | libevent_free: delref ptr-libevent@0x562b96ac1098 Oct 31 15:24:55.046190: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ac1148 Oct 31 15:24:55.046193: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.046197: | event_schedule: newref EVENT_SA_REPLACE-pe@0x562b96ac1098 Oct 31 15:24:55.046209: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1 Oct 31 15:24:55.046215: | libevent_malloc: newref ptr-libevent@0x7f10c0010a78 size 128 Oct 31 15:24:55.046219: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:24:55.046226: | opening output PBS reply packet Oct 31 15:24:55.046229: | **emit ISAKMP Message: Oct 31 15:24:55.046234: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:55.046238: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.046245: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.046248: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.046251: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.046254: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.046257: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.046261: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.046264: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:55.046267: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.046269: | flags: none (0x0) Oct 31 15:24:55.046273: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:55.046275: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.046279: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:55.046291: | IKEv2 CERT: send a certificate? Oct 31 15:24:55.046293: | IKEv2 CERT: no certificate to send Oct 31 15:24:55.046296: | IDr payload will be sent Oct 31 15:24:55.046298: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:24:55.046301: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.046303: | flags: none (0x0) Oct 31 15:24:55.046306: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.046309: | reserved: 00 00 00 Oct 31 15:24:55.046312: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:24:55.046314: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.046318: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:24:55.046321: | my identity: 65 61 73 74 Oct 31 15:24:55.046323: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Oct 31 15:24:55.046326: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:55.046328: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.046331: | flags: none (0x0) Oct 31 15:24:55.046333: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.046336: | reserved: 00 00 00 Oct 31 15:24:55.046338: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:55.046341: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.046344: | emitting 5 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:24:55.046347: | their IDr: 6e 6f 72 74 68 Oct 31 15:24:55.046350: | emitting length of IKEv2 Identification - Responder - Payload: 13 Oct 31 15:24:55.046352: | not sending INITIAL_CONTACT Oct 31 15:24:55.046354: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:55.046357: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.046359: | flags: none (0x0) Oct 31 15:24:55.046362: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:55.046365: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:55.046367: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.046370: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:55.046375: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:55.046377: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:55.046380: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:55.046382: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:55.046384: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:55.046386: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:55.046388: | 03 02 01 40 Oct 31 15:24:55.046391: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:55.046394: | signature: Oct 31 15:24:55.046396: | 63 19 2a 28 7a 7a 9d 4e 62 3a 33 22 27 48 2f 7b Oct 31 15:24:55.046398: | 0f 61 88 f4 d7 b4 05 8e 5d 72 80 4a 2a e7 3c d8 Oct 31 15:24:55.046401: | 2a 3e b7 b6 95 5f 89 88 6e 3b 30 2a 39 d8 6f 31 Oct 31 15:24:55.046403: | 2f 5e c3 a5 74 b1 bb a6 e6 13 a5 12 8a 78 74 ac Oct 31 15:24:55.046406: | a8 46 69 6b 9a e0 c7 ac c6 37 83 13 76 14 e5 8e Oct 31 15:24:55.046408: | bb 0f d7 49 ac 00 9a 7e 92 bb cc b8 f3 41 76 ea Oct 31 15:24:55.046410: | ba 71 1d 3f 64 36 16 ef f2 0a 21 58 9f f1 bc 71 Oct 31 15:24:55.046412: | 3c 9f 5b a0 29 ce bf aa 02 05 01 a8 61 3e b9 36 Oct 31 15:24:55.046414: | e8 3c fd 31 ec 32 43 8a 02 f5 b3 55 05 b8 f5 25 Oct 31 15:24:55.046416: | ed c0 1c ec a8 3a d8 68 99 f5 0d 0e 88 c2 c7 e1 Oct 31 15:24:55.046419: | 58 d7 33 2e 1c 6b 0e 13 46 11 b6 26 a2 b8 f1 6f Oct 31 15:24:55.046421: | c9 5a 92 71 f3 9a 02 e7 f2 6f 35 ca 8a 10 6a 52 Oct 31 15:24:55.046424: | e0 c6 ab 90 32 ba b5 46 a0 a9 53 25 65 32 19 82 Oct 31 15:24:55.046426: | be b3 0d b3 73 10 9e f1 6c 79 e5 67 3e 47 04 8d Oct 31 15:24:55.046428: | 9d 2c 15 35 31 93 d9 91 3f 65 fa 1e ef 50 1e 5a Oct 31 15:24:55.046430: | 82 a5 b1 6e 0e 78 c9 f7 e0 ef 96 79 05 1a cd 12 Oct 31 15:24:55.046432: | 50 d9 8a 7b 66 7b dd fb 8f aa 5c bc 08 49 34 06 Oct 31 15:24:55.046435: | 20 c0 Oct 31 15:24:55.046438: | emitting length of IKEv2 Authentication Payload: 350 Oct 31 15:24:55.046440: | getting first pending from state #1 Oct 31 15:24:55.046443: | delref fd@NULL (in first_pending() at pending.c:318) Oct 31 15:24:55.046446: | addref fd@NULL (in first_pending() at pending.c:319) Oct 31 15:24:55.046449: | Switching Child connection for #3 to "north-eastnets/0x2" from "north-eastnets/0x1" Oct 31 15:24:55.046453: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:24:55.046474: | netlink_get_spi: allocated 0xde706675 for esp.0@192.1.2.23 Oct 31 15:24:55.046478: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x2 (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:24:55.046484: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Oct 31 15:24:55.046492: | ... ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:24:55.046496: "north-eastnets/0x2": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:24:55.046500: "north-eastnets/0x2": 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:24:55.046503: | Emitting ikev2_proposals ... Oct 31 15:24:55.046506: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:55.046508: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.046511: | flags: none (0x0) Oct 31 15:24:55.046514: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.046516: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.046520: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.046523: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.046526: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.046529: | prop #: 1 (01) Oct 31 15:24:55.046532: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.046537: | spi size: 4 (04) Oct 31 15:24:55.046540: | # transforms: 3 (03) Oct 31 15:24:55.046542: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.046546: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.046549: | our spi: de 70 66 75 Oct 31 15:24:55.046552: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.046555: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.046557: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.046560: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.046562: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.046565: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.046568: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.046571: | length/value: 128 (00 80) Oct 31 15:24:55.046574: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.046577: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.046579: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.046582: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.046584: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.046587: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.046590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.046592: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.046596: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.046598: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.046600: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.046603: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.046606: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.046609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.046611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.046613: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.046616: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:55.046618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.046620: | emitting length of IKEv2 Security Association Payload: 44 Oct 31 15:24:55.046623: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.046627: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:55.046630: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.046632: | flags: none (0x0) Oct 31 15:24:55.046635: | number of TS: 1 (01) Oct 31 15:24:55.046637: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:55.046640: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.046642: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.046645: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.046648: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.046652: | start port: 0 (00 00) Oct 31 15:24:55.046655: | end port: 65535 (ff ff) Oct 31 15:24:55.046660: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.046663: | IP start: c0 00 16 00 Oct 31 15:24:55.046666: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.046669: | IP end: c0 00 16 ff Oct 31 15:24:55.046671: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.046674: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:55.046676: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:55.046678: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.046681: | flags: none (0x0) Oct 31 15:24:55.046684: | number of TS: 1 (01) Oct 31 15:24:55.046686: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:55.046689: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.046691: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.046693: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.046696: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.046699: | start port: 0 (00 00) Oct 31 15:24:55.046701: | end port: 65535 (ff ff) Oct 31 15:24:55.046709: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.046712: | IP start: c0 00 03 00 Oct 31 15:24:55.046714: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.046718: | IP end: c0 00 03 ff Oct 31 15:24:55.046720: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.046723: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:55.046725: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:55.046728: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:55.046731: | adding 13 bytes of padding (including 1 byte padding-length) Oct 31 15:24:55.046734: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046737: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046740: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046743: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046745: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046748: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046750: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046752: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046755: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046758: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046761: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046763: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046765: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.046768: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:55.046770: | emitting length of IKEv2 Encryption Payload: 516 Oct 31 15:24:55.046773: | emitting length of ISAKMP Message: 544 Oct 31 15:24:55.046779: | **parse ISAKMP Message: Oct 31 15:24:55.046783: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:55.046787: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.046789: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:55.046792: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.046794: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.046798: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.046802: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.046805: | length: 544 (00 00 02 20) Oct 31 15:24:55.046808: | **parse IKEv2 Encryption Payload: Oct 31 15:24:55.046810: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:55.046813: | flags: none (0x0) Oct 31 15:24:55.046816: | length: 516 (02 04) Oct 31 15:24:55.046818: | opening output PBS reply frag packet Oct 31 15:24:55.046821: | **emit ISAKMP Message: Oct 31 15:24:55.046824: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:55.046828: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.046831: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.046833: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.046835: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.046837: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.046841: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.046844: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.046846: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:55.046849: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:55.046851: | flags: none (0x0) Oct 31 15:24:55.046854: | fragment number: 1 (00 01) Oct 31 15:24:55.046857: | total fragments: 1 (00 01) Oct 31 15:24:55.046860: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Oct 31 15:24:55.046863: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:55.046865: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:55.046868: | emitting 16 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:55.046872: | emitting 467 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:55.046879: | cleartext fragment: Oct 31 15:24:55.046881: | 24 00 00 0c 02 00 00 00 65 61 73 74 27 00 00 0d Oct 31 15:24:55.046883: | 02 00 00 00 6e 6f 72 74 68 21 00 01 5e 0e 00 00 Oct 31 15:24:55.046885: | 00 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 Oct 31 15:24:55.046887: | 34 a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 Oct 31 15:24:55.046889: | 05 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 Oct 31 15:24:55.046891: | 08 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 Oct 31 15:24:55.046894: | a2 03 02 01 40 63 19 2a 28 7a 7a 9d 4e 62 3a 33 Oct 31 15:24:55.046896: | 22 27 48 2f 7b 0f 61 88 f4 d7 b4 05 8e 5d 72 80 Oct 31 15:24:55.046898: | 4a 2a e7 3c d8 2a 3e b7 b6 95 5f 89 88 6e 3b 30 Oct 31 15:24:55.046901: | 2a 39 d8 6f 31 2f 5e c3 a5 74 b1 bb a6 e6 13 a5 Oct 31 15:24:55.046903: | 12 8a 78 74 ac a8 46 69 6b 9a e0 c7 ac c6 37 83 Oct 31 15:24:55.046905: | 13 76 14 e5 8e bb 0f d7 49 ac 00 9a 7e 92 bb cc Oct 31 15:24:55.046907: | b8 f3 41 76 ea ba 71 1d 3f 64 36 16 ef f2 0a 21 Oct 31 15:24:55.046910: | 58 9f f1 bc 71 3c 9f 5b a0 29 ce bf aa 02 05 01 Oct 31 15:24:55.046912: | a8 61 3e b9 36 e8 3c fd 31 ec 32 43 8a 02 f5 b3 Oct 31 15:24:55.046914: | 55 05 b8 f5 25 ed c0 1c ec a8 3a d8 68 99 f5 0d Oct 31 15:24:55.046916: | 0e 88 c2 c7 e1 58 d7 33 2e 1c 6b 0e 13 46 11 b6 Oct 31 15:24:55.046918: | 26 a2 b8 f1 6f c9 5a 92 71 f3 9a 02 e7 f2 6f 35 Oct 31 15:24:55.046920: | ca 8a 10 6a 52 e0 c6 ab 90 32 ba b5 46 a0 a9 53 Oct 31 15:24:55.046922: | 25 65 32 19 82 be b3 0d b3 73 10 9e f1 6c 79 e5 Oct 31 15:24:55.046924: | 67 3e 47 04 8d 9d 2c 15 35 31 93 d9 91 3f 65 fa Oct 31 15:24:55.046926: | 1e ef 50 1e 5a 82 a5 b1 6e 0e 78 c9 f7 e0 ef 96 Oct 31 15:24:55.046929: | 79 05 1a cd 12 50 d9 8a 7b 66 7b dd fb 8f aa 5c Oct 31 15:24:55.046931: | bc 08 49 34 06 20 c0 2c 00 00 2c 00 00 00 28 01 Oct 31 15:24:55.046933: | 03 04 03 de 70 66 75 03 00 00 0c 01 00 00 0c 80 Oct 31 15:24:55.046935: | 0e 00 80 03 00 00 08 03 00 00 0e 00 00 00 08 05 Oct 31 15:24:55.046939: | 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 Oct 31 15:24:55.046941: | 00 ff ff c0 00 16 00 c0 00 16 ff 00 00 00 18 01 Oct 31 15:24:55.046943: | 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 00 c0 Oct 31 15:24:55.046945: | 00 03 ff Oct 31 15:24:55.046948: | adding 13 bytes of padding (including 1 byte padding-length) Oct 31 15:24:55.046951: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046953: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046956: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046958: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046961: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046963: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046966: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046968: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046971: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046973: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046976: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046978: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046981: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.046983: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:55.046986: | emitting length of IKEv2 Encrypted Fragment: 520 Oct 31 15:24:55.046988: | emitting length of ISAKMP Message: 548 Oct 31 15:24:55.047029: | recording fragment 1 Oct 31 15:24:55.047035: | delref logger@0x562b96ab9cd8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.047038: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.047041: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.047044: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #3 Oct 31 15:24:55.047050: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.047055: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.047059: | #3 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:55.047062: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:24:55.047064: | Message ID: updating counters for #3 Oct 31 15:24:55.047071: | Message ID: CHILD #1.#3 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744566.854355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.047079: | Message ID: CHILD #1.#3 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744566.854355->744569.479863 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:24:55.047085: | Message ID: CHILD #1.#3 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.479863 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:24:55.047088: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.047093: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #3 Oct 31 15:24:55.047096: | libevent_malloc: newref ptr-libevent@0x562b96ac11b8 size 128 Oct 31 15:24:55.047101: | #3 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744569.479884 Oct 31 15:24:55.047107: | Message ID: CHILD #1.#3 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744569.479863 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:24:55.047113: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.479863 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.047117: | child state #3: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:24:55.047119: | announcing the state transition Oct 31 15:24:55.047124: "north-eastnets/0x1" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Oct 31 15:24:55.047132: | sending 548 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.047134: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.047137: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:55.047139: | 00 01 00 01 51 47 8a 54 1a 62 45 4b e2 33 f5 e6 Oct 31 15:24:55.047141: | 07 59 aa 45 48 e1 67 61 6e fb 6b ce 70 34 57 8d Oct 31 15:24:55.047143: | 6e ea 6a d4 0b f3 e0 f5 98 59 57 3e f9 42 cc 3a Oct 31 15:24:55.047145: | 28 d9 64 9b 41 d1 c3 4b 53 60 b5 bb 93 89 90 80 Oct 31 15:24:55.047147: | 68 9c c3 62 c8 e0 68 fa 62 29 ca cd b5 d1 28 fb Oct 31 15:24:55.047149: | 6c e3 4f 54 0c 6a b4 37 2a ac f6 6f 70 51 62 ed Oct 31 15:24:55.047151: | 63 d6 47 7e fc cf d6 c1 8a e5 c8 56 38 65 1d 90 Oct 31 15:24:55.047154: | 87 2d ef 93 98 1f 86 b4 5b 33 c7 36 d5 2a d9 8a Oct 31 15:24:55.047156: | db b2 23 7e 4a c9 7b 33 20 48 19 ac 22 e1 0d e8 Oct 31 15:24:55.047157: | e6 39 e7 5b 2c 9e 09 82 85 91 44 92 3c d1 c2 c7 Oct 31 15:24:55.047160: | 78 bd 40 2d b6 a3 20 ce 1e 89 d4 f0 7c 2b 32 e1 Oct 31 15:24:55.047162: | 98 93 17 f7 83 f5 3b fa 4d 94 49 09 7d 05 6d d5 Oct 31 15:24:55.047164: | c6 b9 c1 79 de 80 91 fa 45 be de 89 11 b3 ef 52 Oct 31 15:24:55.047166: | cc 24 53 4f e0 f8 d1 e4 33 e9 b4 21 ea 2a 8e d1 Oct 31 15:24:55.047168: | 6d 5a 29 b7 9f 5a 12 78 cc db 08 f6 a7 b9 a4 c2 Oct 31 15:24:55.047170: | f8 50 39 ad c2 ff cd ef 98 a6 c2 89 e5 bf 22 5c Oct 31 15:24:55.047172: | df f8 62 60 a3 08 1d a8 11 92 8a 26 0a 8b 00 6f Oct 31 15:24:55.047175: | 73 9d 43 ad 3d 7e 89 c2 04 55 c8 50 b1 cd 37 db Oct 31 15:24:55.047177: | 79 4e 98 75 10 75 78 be a3 8a 87 2b 90 30 f2 3b Oct 31 15:24:55.047179: | 0b b5 6a d0 8b fa 70 bf de 71 14 4a 4c d2 fb cf Oct 31 15:24:55.047180: | 33 a5 67 af ad 10 98 99 05 49 83 61 a2 0d 52 9d Oct 31 15:24:55.047182: | da 43 b6 45 2a 02 dc 67 52 55 08 c2 e7 2f 2b e4 Oct 31 15:24:55.047185: | 14 e3 0b 40 93 b0 84 6e 48 f4 a7 1d f8 49 56 e8 Oct 31 15:24:55.047187: | 33 0d ab 8f 70 68 2b 54 f6 92 20 65 11 85 e4 b0 Oct 31 15:24:55.047189: | 13 3b 8f e3 3b 16 7f b5 47 0f f2 28 94 ad 0f ee Oct 31 15:24:55.047191: | 09 a2 b0 f4 6f 1b db 64 ea 0b c9 b5 04 22 06 bb Oct 31 15:24:55.047193: | 94 92 7f f0 49 d3 4f d8 a5 d3 cd c0 d0 02 40 7f Oct 31 15:24:55.047195: | 9b 35 d0 3c 0d 32 1c 85 94 f2 43 b2 a7 8f f3 8d Oct 31 15:24:55.047197: | 60 e4 00 97 9a 93 2e 1b 7d 20 7f a6 f5 46 18 e0 Oct 31 15:24:55.047211: | d3 ea 15 2d df d4 b0 1e 00 28 f5 21 6a ff e3 65 Oct 31 15:24:55.047214: | 75 88 24 35 6f af bf af 82 b2 ca 2c 47 4e eb 6c Oct 31 15:24:55.047219: | be 7e f8 35 fc f7 02 9f 36 04 d0 a1 7f be 36 ac Oct 31 15:24:55.047221: | d6 9b 12 d3 Oct 31 15:24:55.047270: | sent 1 messages Oct 31 15:24:55.047274: | checking that a retransmit timeout_event was already Oct 31 15:24:55.047276: | state #3 has no .st_event to delete Oct 31 15:24:55.047280: | delref mdp@0x562b96abde78(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.047283: | delref logger@0x562b96aa9108(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.047285: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.047287: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.047294: | #1 spent 1.14 (1.19) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.047300: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.047303: | libevent_free: delref ptr-libevent@0x7f10b4000d38 Oct 31 15:24:55.097373: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:55.097390: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:24:55.097393: | libevent_free: delref ptr-libevent@0x562b96ac11b8 Oct 31 15:24:55.097396: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.097421: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.097425: | IKEv2 retransmit event Oct 31 15:24:55.097429: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.097432: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:24:55.097435: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:55.097438: | #3 STATE_PARENT_I2: retransmits: current time 744569.530233 Oct 31 15:24:55.097440: | #3 STATE_PARENT_I2: retransmits: retransmit count 0 exceeds limit? NO Oct 31 15:24:55.097442: | #3 STATE_PARENT_I2: retransmits: deltatime 0.05 exceeds limit? NO Oct 31 15:24:55.097443: | #3 STATE_PARENT_I2: retransmits: monotime 0.050349 exceeds limit? NO Oct 31 15:24:55.097446: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.097448: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #3 Oct 31 15:24:55.097451: | libevent_malloc: newref ptr-libevent@0x7f10b4000d38 size 128 Oct 31 15:24:55.097454: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.05 seconds for response Oct 31 15:24:55.097460: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.097462: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.097463: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:55.097464: | 00 01 00 01 51 47 8a 54 1a 62 45 4b e2 33 f5 e6 Oct 31 15:24:55.097466: | 07 59 aa 45 48 e1 67 61 6e fb 6b ce 70 34 57 8d Oct 31 15:24:55.097467: | 6e ea 6a d4 0b f3 e0 f5 98 59 57 3e f9 42 cc 3a Oct 31 15:24:55.097469: | 28 d9 64 9b 41 d1 c3 4b 53 60 b5 bb 93 89 90 80 Oct 31 15:24:55.097470: | 68 9c c3 62 c8 e0 68 fa 62 29 ca cd b5 d1 28 fb Oct 31 15:24:55.097471: | 6c e3 4f 54 0c 6a b4 37 2a ac f6 6f 70 51 62 ed Oct 31 15:24:55.097473: | 63 d6 47 7e fc cf d6 c1 8a e5 c8 56 38 65 1d 90 Oct 31 15:24:55.097474: | 87 2d ef 93 98 1f 86 b4 5b 33 c7 36 d5 2a d9 8a Oct 31 15:24:55.097475: | db b2 23 7e 4a c9 7b 33 20 48 19 ac 22 e1 0d e8 Oct 31 15:24:55.097477: | e6 39 e7 5b 2c 9e 09 82 85 91 44 92 3c d1 c2 c7 Oct 31 15:24:55.097478: | 78 bd 40 2d b6 a3 20 ce 1e 89 d4 f0 7c 2b 32 e1 Oct 31 15:24:55.097479: | 98 93 17 f7 83 f5 3b fa 4d 94 49 09 7d 05 6d d5 Oct 31 15:24:55.097481: | c6 b9 c1 79 de 80 91 fa 45 be de 89 11 b3 ef 52 Oct 31 15:24:55.097482: | cc 24 53 4f e0 f8 d1 e4 33 e9 b4 21 ea 2a 8e d1 Oct 31 15:24:55.097484: | 6d 5a 29 b7 9f 5a 12 78 cc db 08 f6 a7 b9 a4 c2 Oct 31 15:24:55.097485: | f8 50 39 ad c2 ff cd ef 98 a6 c2 89 e5 bf 22 5c Oct 31 15:24:55.097489: | df f8 62 60 a3 08 1d a8 11 92 8a 26 0a 8b 00 6f Oct 31 15:24:55.097490: | 73 9d 43 ad 3d 7e 89 c2 04 55 c8 50 b1 cd 37 db Oct 31 15:24:55.097492: | 79 4e 98 75 10 75 78 be a3 8a 87 2b 90 30 f2 3b Oct 31 15:24:55.097493: | 0b b5 6a d0 8b fa 70 bf de 71 14 4a 4c d2 fb cf Oct 31 15:24:55.097494: | 33 a5 67 af ad 10 98 99 05 49 83 61 a2 0d 52 9d Oct 31 15:24:55.097496: | da 43 b6 45 2a 02 dc 67 52 55 08 c2 e7 2f 2b e4 Oct 31 15:24:55.097497: | 14 e3 0b 40 93 b0 84 6e 48 f4 a7 1d f8 49 56 e8 Oct 31 15:24:55.097499: | 33 0d ab 8f 70 68 2b 54 f6 92 20 65 11 85 e4 b0 Oct 31 15:24:55.097500: | 13 3b 8f e3 3b 16 7f b5 47 0f f2 28 94 ad 0f ee Oct 31 15:24:55.097501: | 09 a2 b0 f4 6f 1b db 64 ea 0b c9 b5 04 22 06 bb Oct 31 15:24:55.097503: | 94 92 7f f0 49 d3 4f d8 a5 d3 cd c0 d0 02 40 7f Oct 31 15:24:55.097504: | 9b 35 d0 3c 0d 32 1c 85 94 f2 43 b2 a7 8f f3 8d Oct 31 15:24:55.097505: | 60 e4 00 97 9a 93 2e 1b 7d 20 7f a6 f5 46 18 e0 Oct 31 15:24:55.097507: | d3 ea 15 2d df d4 b0 1e 00 28 f5 21 6a ff e3 65 Oct 31 15:24:55.097508: | 75 88 24 35 6f af bf af 82 b2 ca 2c 47 4e eb 6c Oct 31 15:24:55.097509: | be 7e f8 35 fc f7 02 9f 36 04 d0 a1 7f be 36 ac Oct 31 15:24:55.097511: | d6 9b 12 d3 Oct 31 15:24:55.097542: | sent 1 messages Oct 31 15:24:55.097549: | #3 spent 0.156 (0.176) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.097552: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.148682: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:55.148695: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:24:55.148699: | libevent_free: delref ptr-libevent@0x7f10b4000d38 Oct 31 15:24:55.148703: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.148710: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.148714: | IKEv2 retransmit event Oct 31 15:24:55.148720: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.148725: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:24:55.148729: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:55.148734: | #3 STATE_PARENT_I2: retransmits: current time 744569.581529 Oct 31 15:24:55.148737: | #3 STATE_PARENT_I2: retransmits: retransmit count 1 exceeds limit? NO Oct 31 15:24:55.148740: | #3 STATE_PARENT_I2: retransmits: deltatime 0.1 exceeds limit? NO Oct 31 15:24:55.148743: | #3 STATE_PARENT_I2: retransmits: monotime 0.101645 exceeds limit? NO Oct 31 15:24:55.148746: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.148749: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #3 Oct 31 15:24:55.148753: | libevent_malloc: newref ptr-libevent@0x7f10b4000d38 size 128 Oct 31 15:24:55.148758: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.1 seconds for response Oct 31 15:24:55.148766: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.148768: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.148771: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:55.148773: | 00 01 00 01 51 47 8a 54 1a 62 45 4b e2 33 f5 e6 Oct 31 15:24:55.148775: | 07 59 aa 45 48 e1 67 61 6e fb 6b ce 70 34 57 8d Oct 31 15:24:55.148777: | 6e ea 6a d4 0b f3 e0 f5 98 59 57 3e f9 42 cc 3a Oct 31 15:24:55.148780: | 28 d9 64 9b 41 d1 c3 4b 53 60 b5 bb 93 89 90 80 Oct 31 15:24:55.148782: | 68 9c c3 62 c8 e0 68 fa 62 29 ca cd b5 d1 28 fb Oct 31 15:24:55.148784: | 6c e3 4f 54 0c 6a b4 37 2a ac f6 6f 70 51 62 ed Oct 31 15:24:55.148787: | 63 d6 47 7e fc cf d6 c1 8a e5 c8 56 38 65 1d 90 Oct 31 15:24:55.148792: | 87 2d ef 93 98 1f 86 b4 5b 33 c7 36 d5 2a d9 8a Oct 31 15:24:55.148794: | db b2 23 7e 4a c9 7b 33 20 48 19 ac 22 e1 0d e8 Oct 31 15:24:55.148796: | e6 39 e7 5b 2c 9e 09 82 85 91 44 92 3c d1 c2 c7 Oct 31 15:24:55.148799: | 78 bd 40 2d b6 a3 20 ce 1e 89 d4 f0 7c 2b 32 e1 Oct 31 15:24:55.148801: | 98 93 17 f7 83 f5 3b fa 4d 94 49 09 7d 05 6d d5 Oct 31 15:24:55.148803: | c6 b9 c1 79 de 80 91 fa 45 be de 89 11 b3 ef 52 Oct 31 15:24:55.148806: | cc 24 53 4f e0 f8 d1 e4 33 e9 b4 21 ea 2a 8e d1 Oct 31 15:24:55.148808: | 6d 5a 29 b7 9f 5a 12 78 cc db 08 f6 a7 b9 a4 c2 Oct 31 15:24:55.148810: | f8 50 39 ad c2 ff cd ef 98 a6 c2 89 e5 bf 22 5c Oct 31 15:24:55.148812: | df f8 62 60 a3 08 1d a8 11 92 8a 26 0a 8b 00 6f Oct 31 15:24:55.148815: | 73 9d 43 ad 3d 7e 89 c2 04 55 c8 50 b1 cd 37 db Oct 31 15:24:55.148817: | 79 4e 98 75 10 75 78 be a3 8a 87 2b 90 30 f2 3b Oct 31 15:24:55.148819: | 0b b5 6a d0 8b fa 70 bf de 71 14 4a 4c d2 fb cf Oct 31 15:24:55.148822: | 33 a5 67 af ad 10 98 99 05 49 83 61 a2 0d 52 9d Oct 31 15:24:55.148824: | da 43 b6 45 2a 02 dc 67 52 55 08 c2 e7 2f 2b e4 Oct 31 15:24:55.148826: | 14 e3 0b 40 93 b0 84 6e 48 f4 a7 1d f8 49 56 e8 Oct 31 15:24:55.148833: | 33 0d ab 8f 70 68 2b 54 f6 92 20 65 11 85 e4 b0 Oct 31 15:24:55.148835: | 13 3b 8f e3 3b 16 7f b5 47 0f f2 28 94 ad 0f ee Oct 31 15:24:55.148837: | 09 a2 b0 f4 6f 1b db 64 ea 0b c9 b5 04 22 06 bb Oct 31 15:24:55.148840: | 94 92 7f f0 49 d3 4f d8 a5 d3 cd c0 d0 02 40 7f Oct 31 15:24:55.148842: | 9b 35 d0 3c 0d 32 1c 85 94 f2 43 b2 a7 8f f3 8d Oct 31 15:24:55.148844: | 60 e4 00 97 9a 93 2e 1b 7d 20 7f a6 f5 46 18 e0 Oct 31 15:24:55.148847: | d3 ea 15 2d df d4 b0 1e 00 28 f5 21 6a ff e3 65 Oct 31 15:24:55.148849: | 75 88 24 35 6f af bf af 82 b2 ca 2c 47 4e eb 6c Oct 31 15:24:55.148852: | be 7e f8 35 fc f7 02 9f 36 04 d0 a1 7f be 36 ac Oct 31 15:24:55.148854: | d6 9b 12 d3 Oct 31 15:24:55.148902: | sent 1 messages Oct 31 15:24:55.148911: | #3 spent 0.199 (0.229) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.148917: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.250166: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:55.250186: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:24:55.250192: | libevent_free: delref ptr-libevent@0x7f10b4000d38 Oct 31 15:24:55.250196: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.250220: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.250226: | IKEv2 retransmit event Oct 31 15:24:55.250233: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.250238: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:24:55.250243: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:55.250249: | #3 STATE_PARENT_I2: retransmits: current time 744569.683043 Oct 31 15:24:55.250252: | #3 STATE_PARENT_I2: retransmits: retransmit count 2 exceeds limit? NO Oct 31 15:24:55.250256: | #3 STATE_PARENT_I2: retransmits: deltatime 0.2 exceeds limit? NO Oct 31 15:24:55.250259: | #3 STATE_PARENT_I2: retransmits: monotime 0.203159 exceeds limit? NO Oct 31 15:24:55.250263: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.250267: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #3 Oct 31 15:24:55.250271: | libevent_malloc: newref ptr-libevent@0x7f10b4000d38 size 128 Oct 31 15:24:55.250277: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.2 seconds for response Oct 31 15:24:55.250286: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.250290: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.250297: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:55.250300: | 00 01 00 01 51 47 8a 54 1a 62 45 4b e2 33 f5 e6 Oct 31 15:24:55.250302: | 07 59 aa 45 48 e1 67 61 6e fb 6b ce 70 34 57 8d Oct 31 15:24:55.250305: | 6e ea 6a d4 0b f3 e0 f5 98 59 57 3e f9 42 cc 3a Oct 31 15:24:55.250308: | 28 d9 64 9b 41 d1 c3 4b 53 60 b5 bb 93 89 90 80 Oct 31 15:24:55.250310: | 68 9c c3 62 c8 e0 68 fa 62 29 ca cd b5 d1 28 fb Oct 31 15:24:55.250313: | 6c e3 4f 54 0c 6a b4 37 2a ac f6 6f 70 51 62 ed Oct 31 15:24:55.250316: | 63 d6 47 7e fc cf d6 c1 8a e5 c8 56 38 65 1d 90 Oct 31 15:24:55.250318: | 87 2d ef 93 98 1f 86 b4 5b 33 c7 36 d5 2a d9 8a Oct 31 15:24:55.250321: | db b2 23 7e 4a c9 7b 33 20 48 19 ac 22 e1 0d e8 Oct 31 15:24:55.250324: | e6 39 e7 5b 2c 9e 09 82 85 91 44 92 3c d1 c2 c7 Oct 31 15:24:55.250326: | 78 bd 40 2d b6 a3 20 ce 1e 89 d4 f0 7c 2b 32 e1 Oct 31 15:24:55.250329: | 98 93 17 f7 83 f5 3b fa 4d 94 49 09 7d 05 6d d5 Oct 31 15:24:55.250332: | c6 b9 c1 79 de 80 91 fa 45 be de 89 11 b3 ef 52 Oct 31 15:24:55.250334: | cc 24 53 4f e0 f8 d1 e4 33 e9 b4 21 ea 2a 8e d1 Oct 31 15:24:55.250337: | 6d 5a 29 b7 9f 5a 12 78 cc db 08 f6 a7 b9 a4 c2 Oct 31 15:24:55.250339: | f8 50 39 ad c2 ff cd ef 98 a6 c2 89 e5 bf 22 5c Oct 31 15:24:55.250342: | df f8 62 60 a3 08 1d a8 11 92 8a 26 0a 8b 00 6f Oct 31 15:24:55.250344: | 73 9d 43 ad 3d 7e 89 c2 04 55 c8 50 b1 cd 37 db Oct 31 15:24:55.250346: | 79 4e 98 75 10 75 78 be a3 8a 87 2b 90 30 f2 3b Oct 31 15:24:55.250349: | 0b b5 6a d0 8b fa 70 bf de 71 14 4a 4c d2 fb cf Oct 31 15:24:55.250351: | 33 a5 67 af ad 10 98 99 05 49 83 61 a2 0d 52 9d Oct 31 15:24:55.250354: | da 43 b6 45 2a 02 dc 67 52 55 08 c2 e7 2f 2b e4 Oct 31 15:24:55.250356: | 14 e3 0b 40 93 b0 84 6e 48 f4 a7 1d f8 49 56 e8 Oct 31 15:24:55.250359: | 33 0d ab 8f 70 68 2b 54 f6 92 20 65 11 85 e4 b0 Oct 31 15:24:55.250361: | 13 3b 8f e3 3b 16 7f b5 47 0f f2 28 94 ad 0f ee Oct 31 15:24:55.250364: | 09 a2 b0 f4 6f 1b db 64 ea 0b c9 b5 04 22 06 bb Oct 31 15:24:55.250367: | 94 92 7f f0 49 d3 4f d8 a5 d3 cd c0 d0 02 40 7f Oct 31 15:24:55.250369: | 9b 35 d0 3c 0d 32 1c 85 94 f2 43 b2 a7 8f f3 8d Oct 31 15:24:55.250372: | 60 e4 00 97 9a 93 2e 1b 7d 20 7f a6 f5 46 18 e0 Oct 31 15:24:55.250375: | d3 ea 15 2d df d4 b0 1e 00 28 f5 21 6a ff e3 65 Oct 31 15:24:55.250377: | 75 88 24 35 6f af bf af 82 b2 ca 2c 47 4e eb 6c Oct 31 15:24:55.250380: | be 7e f8 35 fc f7 02 9f 36 04 d0 a1 7f be 36 ac Oct 31 15:24:55.250382: | d6 9b 12 d3 Oct 31 15:24:55.250434: | sent 1 messages Oct 31 15:24:55.250446: | #3 spent 0.238 (0.279) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.250453: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.450645: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:55.450662: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:24:55.450666: | libevent_free: delref ptr-libevent@0x7f10b4000d38 Oct 31 15:24:55.450670: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.450678: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.450683: | IKEv2 retransmit event Oct 31 15:24:55.450690: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.450695: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:24:55.450700: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:55.450705: | #3 STATE_PARENT_I2: retransmits: current time 744569.883499 Oct 31 15:24:55.450712: | #3 STATE_PARENT_I2: retransmits: retransmit count 3 exceeds limit? NO Oct 31 15:24:55.450716: | #3 STATE_PARENT_I2: retransmits: deltatime 0.4 exceeds limit? NO Oct 31 15:24:55.450722: | #3 STATE_PARENT_I2: retransmits: monotime 0.403615 exceeds limit? NO Oct 31 15:24:55.450726: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.450730: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #3 Oct 31 15:24:55.450734: | libevent_malloc: newref ptr-libevent@0x7f10b4000d38 size 128 Oct 31 15:24:55.450740: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.4 seconds for response Oct 31 15:24:55.450749: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.450752: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.450755: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:55.450757: | 00 01 00 01 51 47 8a 54 1a 62 45 4b e2 33 f5 e6 Oct 31 15:24:55.450760: | 07 59 aa 45 48 e1 67 61 6e fb 6b ce 70 34 57 8d Oct 31 15:24:55.450763: | 6e ea 6a d4 0b f3 e0 f5 98 59 57 3e f9 42 cc 3a Oct 31 15:24:55.450765: | 28 d9 64 9b 41 d1 c3 4b 53 60 b5 bb 93 89 90 80 Oct 31 15:24:55.450768: | 68 9c c3 62 c8 e0 68 fa 62 29 ca cd b5 d1 28 fb Oct 31 15:24:55.450771: | 6c e3 4f 54 0c 6a b4 37 2a ac f6 6f 70 51 62 ed Oct 31 15:24:55.450773: | 63 d6 47 7e fc cf d6 c1 8a e5 c8 56 38 65 1d 90 Oct 31 15:24:55.450776: | 87 2d ef 93 98 1f 86 b4 5b 33 c7 36 d5 2a d9 8a Oct 31 15:24:55.450779: | db b2 23 7e 4a c9 7b 33 20 48 19 ac 22 e1 0d e8 Oct 31 15:24:55.450781: | e6 39 e7 5b 2c 9e 09 82 85 91 44 92 3c d1 c2 c7 Oct 31 15:24:55.450784: | 78 bd 40 2d b6 a3 20 ce 1e 89 d4 f0 7c 2b 32 e1 Oct 31 15:24:55.450787: | 98 93 17 f7 83 f5 3b fa 4d 94 49 09 7d 05 6d d5 Oct 31 15:24:55.450789: | c6 b9 c1 79 de 80 91 fa 45 be de 89 11 b3 ef 52 Oct 31 15:24:55.450792: | cc 24 53 4f e0 f8 d1 e4 33 e9 b4 21 ea 2a 8e d1 Oct 31 15:24:55.450795: | 6d 5a 29 b7 9f 5a 12 78 cc db 08 f6 a7 b9 a4 c2 Oct 31 15:24:55.450797: | f8 50 39 ad c2 ff cd ef 98 a6 c2 89 e5 bf 22 5c Oct 31 15:24:55.450800: | df f8 62 60 a3 08 1d a8 11 92 8a 26 0a 8b 00 6f Oct 31 15:24:55.450803: | 73 9d 43 ad 3d 7e 89 c2 04 55 c8 50 b1 cd 37 db Oct 31 15:24:55.450805: | 79 4e 98 75 10 75 78 be a3 8a 87 2b 90 30 f2 3b Oct 31 15:24:55.450808: | 0b b5 6a d0 8b fa 70 bf de 71 14 4a 4c d2 fb cf Oct 31 15:24:55.450811: | 33 a5 67 af ad 10 98 99 05 49 83 61 a2 0d 52 9d Oct 31 15:24:55.450813: | da 43 b6 45 2a 02 dc 67 52 55 08 c2 e7 2f 2b e4 Oct 31 15:24:55.450816: | 14 e3 0b 40 93 b0 84 6e 48 f4 a7 1d f8 49 56 e8 Oct 31 15:24:55.450819: | 33 0d ab 8f 70 68 2b 54 f6 92 20 65 11 85 e4 b0 Oct 31 15:24:55.450821: | 13 3b 8f e3 3b 16 7f b5 47 0f f2 28 94 ad 0f ee Oct 31 15:24:55.450824: | 09 a2 b0 f4 6f 1b db 64 ea 0b c9 b5 04 22 06 bb Oct 31 15:24:55.450826: | 94 92 7f f0 49 d3 4f d8 a5 d3 cd c0 d0 02 40 7f Oct 31 15:24:55.450834: | 9b 35 d0 3c 0d 32 1c 85 94 f2 43 b2 a7 8f f3 8d Oct 31 15:24:55.450836: | 60 e4 00 97 9a 93 2e 1b 7d 20 7f a6 f5 46 18 e0 Oct 31 15:24:55.450839: | d3 ea 15 2d df d4 b0 1e 00 28 f5 21 6a ff e3 65 Oct 31 15:24:55.450842: | 75 88 24 35 6f af bf af 82 b2 ca 2c 47 4e eb 6c Oct 31 15:24:55.450844: | be 7e f8 35 fc f7 02 9f 36 04 d0 a1 7f be 36 ac Oct 31 15:24:55.450847: | d6 9b 12 d3 Oct 31 15:24:55.450896: | sent 1 messages Oct 31 15:24:55.450905: | #3 spent 0.226 (0.26) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.450911: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.851296: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:55.851317: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:24:55.851322: | libevent_free: delref ptr-libevent@0x7f10b4000d38 Oct 31 15:24:55.851326: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.851335: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.851343: | IKEv2 retransmit event Oct 31 15:24:55.851349: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.851353: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:24:55.851357: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:55.851362: | #3 STATE_PARENT_I2: retransmits: current time 744570.284157 Oct 31 15:24:55.851365: | #3 STATE_PARENT_I2: retransmits: retransmit count 4 exceeds limit? NO Oct 31 15:24:55.851368: | #3 STATE_PARENT_I2: retransmits: deltatime 0.8 exceeds limit? NO Oct 31 15:24:55.851371: | #3 STATE_PARENT_I2: retransmits: monotime 0.804273 exceeds limit? NO Oct 31 15:24:55.851375: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:55.851377: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #3 Oct 31 15:24:55.851381: | libevent_malloc: newref ptr-libevent@0x7f10b4000d38 size 128 Oct 31 15:24:55.851387: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 0.8 seconds for response Oct 31 15:24:55.851395: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.851397: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:55.851400: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:55.851402: | 00 01 00 01 51 47 8a 54 1a 62 45 4b e2 33 f5 e6 Oct 31 15:24:55.851404: | 07 59 aa 45 48 e1 67 61 6e fb 6b ce 70 34 57 8d Oct 31 15:24:55.851407: | 6e ea 6a d4 0b f3 e0 f5 98 59 57 3e f9 42 cc 3a Oct 31 15:24:55.851409: | 28 d9 64 9b 41 d1 c3 4b 53 60 b5 bb 93 89 90 80 Oct 31 15:24:55.851411: | 68 9c c3 62 c8 e0 68 fa 62 29 ca cd b5 d1 28 fb Oct 31 15:24:55.851413: | 6c e3 4f 54 0c 6a b4 37 2a ac f6 6f 70 51 62 ed Oct 31 15:24:55.851415: | 63 d6 47 7e fc cf d6 c1 8a e5 c8 56 38 65 1d 90 Oct 31 15:24:55.851417: | 87 2d ef 93 98 1f 86 b4 5b 33 c7 36 d5 2a d9 8a Oct 31 15:24:55.851419: | db b2 23 7e 4a c9 7b 33 20 48 19 ac 22 e1 0d e8 Oct 31 15:24:55.851422: | e6 39 e7 5b 2c 9e 09 82 85 91 44 92 3c d1 c2 c7 Oct 31 15:24:55.851424: | 78 bd 40 2d b6 a3 20 ce 1e 89 d4 f0 7c 2b 32 e1 Oct 31 15:24:55.851426: | 98 93 17 f7 83 f5 3b fa 4d 94 49 09 7d 05 6d d5 Oct 31 15:24:55.851428: | c6 b9 c1 79 de 80 91 fa 45 be de 89 11 b3 ef 52 Oct 31 15:24:55.851430: | cc 24 53 4f e0 f8 d1 e4 33 e9 b4 21 ea 2a 8e d1 Oct 31 15:24:55.851432: | 6d 5a 29 b7 9f 5a 12 78 cc db 08 f6 a7 b9 a4 c2 Oct 31 15:24:55.851435: | f8 50 39 ad c2 ff cd ef 98 a6 c2 89 e5 bf 22 5c Oct 31 15:24:55.851437: | df f8 62 60 a3 08 1d a8 11 92 8a 26 0a 8b 00 6f Oct 31 15:24:55.851439: | 73 9d 43 ad 3d 7e 89 c2 04 55 c8 50 b1 cd 37 db Oct 31 15:24:55.851441: | 79 4e 98 75 10 75 78 be a3 8a 87 2b 90 30 f2 3b Oct 31 15:24:55.851444: | 0b b5 6a d0 8b fa 70 bf de 71 14 4a 4c d2 fb cf Oct 31 15:24:55.851446: | 33 a5 67 af ad 10 98 99 05 49 83 61 a2 0d 52 9d Oct 31 15:24:55.851448: | da 43 b6 45 2a 02 dc 67 52 55 08 c2 e7 2f 2b e4 Oct 31 15:24:55.851450: | 14 e3 0b 40 93 b0 84 6e 48 f4 a7 1d f8 49 56 e8 Oct 31 15:24:55.851452: | 33 0d ab 8f 70 68 2b 54 f6 92 20 65 11 85 e4 b0 Oct 31 15:24:55.851454: | 13 3b 8f e3 3b 16 7f b5 47 0f f2 28 94 ad 0f ee Oct 31 15:24:55.851456: | 09 a2 b0 f4 6f 1b db 64 ea 0b c9 b5 04 22 06 bb Oct 31 15:24:55.851458: | 94 92 7f f0 49 d3 4f d8 a5 d3 cd c0 d0 02 40 7f Oct 31 15:24:55.851460: | 9b 35 d0 3c 0d 32 1c 85 94 f2 43 b2 a7 8f f3 8d Oct 31 15:24:55.851462: | 60 e4 00 97 9a 93 2e 1b 7d 20 7f a6 f5 46 18 e0 Oct 31 15:24:55.851464: | d3 ea 15 2d df d4 b0 1e 00 28 f5 21 6a ff e3 65 Oct 31 15:24:55.851467: | 75 88 24 35 6f af bf af 82 b2 ca 2c 47 4e eb 6c Oct 31 15:24:55.851469: | be 7e f8 35 fc f7 02 9f 36 04 d0 a1 7f be 36 ac Oct 31 15:24:55.851471: | d6 9b 12 d3 Oct 31 15:24:55.851537: | sent 1 messages Oct 31 15:24:55.851550: | #3 spent 0.217 (0.252) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.851560: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:56.652240: | timer_event_cb: processing event@0x562b96ab9cd8 Oct 31 15:24:56.652262: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:24:56.652270: | libevent_free: delref ptr-libevent@0x7f10b4000d38 Oct 31 15:24:56.652276: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:56.652287: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:56.652293: | IKEv2 retransmit event Oct 31 15:24:56.652303: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:56.652310: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:24:56.652316: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:56.652323: | #3 STATE_PARENT_I2: retransmits: current time 744571.085117 Oct 31 15:24:56.652327: | #3 STATE_PARENT_I2: retransmits: retransmit count 5 exceeds limit? NO Oct 31 15:24:56.652332: | #3 STATE_PARENT_I2: retransmits: deltatime 1.6 exceeds limit? NO Oct 31 15:24:56.652337: | #3 STATE_PARENT_I2: retransmits: monotime 1.605233 exceeds limit? NO Oct 31 15:24:56.652342: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:56.652347: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #3 Oct 31 15:24:56.652352: | libevent_malloc: newref ptr-libevent@0x7f10b4000d38 size 128 Oct 31 15:24:56.652360: "north-eastnets/0x2" #3: STATE_PARENT_I2: retransmission; will wait 1.6 seconds for response Oct 31 15:24:56.652371: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:56.652376: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:56.652380: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:56.652384: | 00 01 00 01 51 47 8a 54 1a 62 45 4b e2 33 f5 e6 Oct 31 15:24:56.652387: | 07 59 aa 45 48 e1 67 61 6e fb 6b ce 70 34 57 8d Oct 31 15:24:56.652390: | 6e ea 6a d4 0b f3 e0 f5 98 59 57 3e f9 42 cc 3a Oct 31 15:24:56.652393: | 28 d9 64 9b 41 d1 c3 4b 53 60 b5 bb 93 89 90 80 Oct 31 15:24:56.652396: | 68 9c c3 62 c8 e0 68 fa 62 29 ca cd b5 d1 28 fb Oct 31 15:24:56.652400: | 6c e3 4f 54 0c 6a b4 37 2a ac f6 6f 70 51 62 ed Oct 31 15:24:56.652403: | 63 d6 47 7e fc cf d6 c1 8a e5 c8 56 38 65 1d 90 Oct 31 15:24:56.652407: | 87 2d ef 93 98 1f 86 b4 5b 33 c7 36 d5 2a d9 8a Oct 31 15:24:56.652410: | db b2 23 7e 4a c9 7b 33 20 48 19 ac 22 e1 0d e8 Oct 31 15:24:56.652413: | e6 39 e7 5b 2c 9e 09 82 85 91 44 92 3c d1 c2 c7 Oct 31 15:24:56.652416: | 78 bd 40 2d b6 a3 20 ce 1e 89 d4 f0 7c 2b 32 e1 Oct 31 15:24:56.652420: | 98 93 17 f7 83 f5 3b fa 4d 94 49 09 7d 05 6d d5 Oct 31 15:24:56.652424: | c6 b9 c1 79 de 80 91 fa 45 be de 89 11 b3 ef 52 Oct 31 15:24:56.652427: | cc 24 53 4f e0 f8 d1 e4 33 e9 b4 21 ea 2a 8e d1 Oct 31 15:24:56.652430: | 6d 5a 29 b7 9f 5a 12 78 cc db 08 f6 a7 b9 a4 c2 Oct 31 15:24:56.652433: | f8 50 39 ad c2 ff cd ef 98 a6 c2 89 e5 bf 22 5c Oct 31 15:24:56.652436: | df f8 62 60 a3 08 1d a8 11 92 8a 26 0a 8b 00 6f Oct 31 15:24:56.652440: | 73 9d 43 ad 3d 7e 89 c2 04 55 c8 50 b1 cd 37 db Oct 31 15:24:56.652443: | 79 4e 98 75 10 75 78 be a3 8a 87 2b 90 30 f2 3b Oct 31 15:24:56.652447: | 0b b5 6a d0 8b fa 70 bf de 71 14 4a 4c d2 fb cf Oct 31 15:24:56.652450: | 33 a5 67 af ad 10 98 99 05 49 83 61 a2 0d 52 9d Oct 31 15:24:56.652454: | da 43 b6 45 2a 02 dc 67 52 55 08 c2 e7 2f 2b e4 Oct 31 15:24:56.652457: | 14 e3 0b 40 93 b0 84 6e 48 f4 a7 1d f8 49 56 e8 Oct 31 15:24:56.652460: | 33 0d ab 8f 70 68 2b 54 f6 92 20 65 11 85 e4 b0 Oct 31 15:24:56.652464: | 13 3b 8f e3 3b 16 7f b5 47 0f f2 28 94 ad 0f ee Oct 31 15:24:56.652472: | 09 a2 b0 f4 6f 1b db 64 ea 0b c9 b5 04 22 06 bb Oct 31 15:24:56.652475: | 94 92 7f f0 49 d3 4f d8 a5 d3 cd c0 d0 02 40 7f Oct 31 15:24:56.652478: | 9b 35 d0 3c 0d 32 1c 85 94 f2 43 b2 a7 8f f3 8d Oct 31 15:24:56.652481: | 60 e4 00 97 9a 93 2e 1b 7d 20 7f a6 f5 46 18 e0 Oct 31 15:24:56.652485: | d3 ea 15 2d df d4 b0 1e 00 28 f5 21 6a ff e3 65 Oct 31 15:24:56.652488: | 75 88 24 35 6f af bf af 82 b2 ca 2c 47 4e eb 6c Oct 31 15:24:56.652491: | be 7e f8 35 fc f7 02 9f 36 04 d0 a1 7f be 36 ac Oct 31 15:24:56.652494: | d6 9b 12 d3 Oct 31 15:24:56.652550: | sent 1 messages Oct 31 15:24:56.652563: | #3 spent 0.293 (0.321) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:56.652571: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:56.812755: | spent 0.00342 (0.00339) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:56.812784: | newref struct msg_digest@0x562b96abde78(0->1) (in read_message() at demux.c:103) Oct 31 15:24:56.812791: | newref alloc logger@0x562b96ac1148(0->1) (in read_message() at demux.c:103) Oct 31 15:24:56.812802: | *received 548 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:56.812806: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:56.812809: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:56.812813: | 00 01 00 01 b4 e9 4a 6b 25 f3 3e b6 84 24 3c 3e Oct 31 15:24:56.812816: | 04 13 8e 03 e1 21 e8 bf 73 ab fa 8d 3f 55 ef 27 Oct 31 15:24:56.812819: | 81 21 97 64 87 4c 42 91 f2 22 55 88 15 53 38 c3 Oct 31 15:24:56.812823: | 6c 96 30 8e 37 2e 95 d4 94 7d 23 38 c2 7c 8e 9f Oct 31 15:24:56.812825: | d6 15 e9 3e 3f f6 3a 98 63 b3 c4 9c 29 3f e7 c8 Oct 31 15:24:56.812828: | 7f c6 82 4b 6e a5 71 10 f3 f5 ad 40 36 06 c6 cf Oct 31 15:24:56.812831: | 21 89 f0 56 c3 a9 d5 02 f7 30 68 80 49 75 83 c4 Oct 31 15:24:56.812834: | d5 e6 95 21 15 17 c1 a6 1e 8e 94 df 0d 8f fd 39 Oct 31 15:24:56.812837: | 75 28 54 06 58 ad 60 7f 7e 10 05 d0 aa bf 1a e9 Oct 31 15:24:56.812840: | 0f 84 1f 85 42 35 53 01 b4 be 79 f4 03 2d fd 39 Oct 31 15:24:56.812843: | 67 53 01 9e a9 e4 bb 81 02 b9 1b ad 8b ac 09 4d Oct 31 15:24:56.812846: | 8f e7 48 c2 43 a5 82 53 3f 0b 0d e6 a8 1d c8 77 Oct 31 15:24:56.812849: | 5b ba 01 44 b1 c0 45 a1 05 c5 cf 4c 19 7d 9d fc Oct 31 15:24:56.812852: | 65 f6 1b 3e 43 b4 a7 0b 47 f4 f7 39 5c 3a f8 ef Oct 31 15:24:56.812854: | 9d 64 74 6c 9a 94 7e aa d8 c6 eb b0 a8 73 5d 5e Oct 31 15:24:56.812857: | be fc 89 3c 2e fe 5b 18 8a b3 f7 e6 f1 d7 dd 9d Oct 31 15:24:56.812860: | c9 09 fc d3 10 f8 89 0f b0 22 80 10 b6 5b 69 c7 Oct 31 15:24:56.812863: | 87 25 a0 5f 6a 12 44 d5 3b 3a 61 d5 fb d2 a7 da Oct 31 15:24:56.812866: | 89 75 bc a4 60 4c aa da 23 1b 99 e0 6f 45 5f 3c Oct 31 15:24:56.812869: | f4 1c 02 4f 14 2e d4 47 83 96 05 6f f2 6a 45 fb Oct 31 15:24:56.812872: | 49 1f eb 39 0a 89 58 b0 ef bc 91 a7 fc 02 78 cd Oct 31 15:24:56.812875: | bf 2f bf e9 d9 cc 57 77 89 e4 0e 62 b9 1a d6 1d Oct 31 15:24:56.812878: | 31 ed 5f 3d e3 22 db 83 d2 40 75 8a 44 f6 42 01 Oct 31 15:24:56.812882: | f8 1a b3 8e 94 f4 8a a9 b2 af 84 1d 56 20 89 40 Oct 31 15:24:56.812884: | dc b1 b6 dc ab dd 80 4b df cb 5f 65 ca fb 37 1c Oct 31 15:24:56.812888: | ad 91 09 1e b1 d0 bf 8b 98 77 de 3f 8e 4f db 16 Oct 31 15:24:56.812890: | e0 a4 0b c6 0b 80 5b 0c 28 79 85 20 23 b1 2b ef Oct 31 15:24:56.812893: | 61 1c 39 53 ba 0e a6 f2 e9 e9 70 54 ec 19 78 db Oct 31 15:24:56.812896: | e6 4c 70 a0 2d ab 1f 87 55 ec 71 96 3c 38 6f 6c Oct 31 15:24:56.812899: | 39 95 27 fd b3 4a 57 da 94 d7 11 2e 35 45 e6 2a Oct 31 15:24:56.812902: | 9d ea 2f 2c 16 e1 c9 6d 49 c9 d9 4d ab c3 70 1b Oct 31 15:24:56.812905: | ef c2 d0 35 59 2b 0a ef 96 f2 75 08 98 cf c8 af Oct 31 15:24:56.812908: | ee 19 40 17 Oct 31 15:24:56.812914: | **parse ISAKMP Message: Oct 31 15:24:56.812924: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:24:56.812930: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:56.812934: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:56.812938: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.812941: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:56.812945: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:56.812951: | Message ID: 1 (00 00 00 01) Oct 31 15:24:56.812956: | length: 548 (00 00 02 24) Oct 31 15:24:56.812960: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:56.812966: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:56.812972: | State DB: found IKEv2 state #2 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:56.812983: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:56.812988: | #2 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:56.812992: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:56.812996: | #2 is idle Oct 31 15:24:56.813005: | Message ID: IKE #2 not a duplicate - message request 1 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.2321 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:56.813012: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:56.813016: | unpacking clear payload Oct 31 15:24:56.813019: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:56.813024: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:56.813028: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:56.813031: | flags: none (0x0) Oct 31 15:24:56.813036: | length: 520 (02 08) Oct 31 15:24:56.813040: | fragment number: 1 (00 01) Oct 31 15:24:56.813044: | total fragments: 1 (00 01) Oct 31 15:24:56.813048: | processing payload: ISAKMP_NEXT_v2SKF (len=512) Oct 31 15:24:56.813051: | #2 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:56.813062: | received IKE encrypted fragment number '1', total number '1', next payload '35' Oct 31 15:24:56.813068: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:56.813072: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:56.813077: | ikev2 parent ikev2_ike_sa_process_auth_request_no_skeyid(): calculating g^{xy} in order to decrypt I2 Oct 31 15:24:56.813081: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Oct 31 15:24:56.813086: | DH secret MODP2048@0x7f10bc006ba8: transferring ownership from state #2 to helper IKEv2 DH Oct 31 15:24:56.813093: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:56.813096: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:56.813101: | newref clone logger@0x562b96ab75d8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:56.813105: | job 5 for #2: ikev2_inI2outR2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:56.813109: | state #2 deleting .st_event EVENT_SO_DISCARD Oct 31 15:24:56.813115: | libevent_free: delref ptr-libevent@0x562b96ac17b8 Oct 31 15:24:56.813119: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x562b96aba028 Oct 31 15:24:56.813123: | #2 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:56.813128: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96aa9108 Oct 31 15:24:56.813132: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Oct 31 15:24:56.813136: | libevent_malloc: newref ptr-libevent@0x562b96ac17b8 size 128 Oct 31 15:24:56.813151: | #2 spent 0.0709 (0.0707) milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in v2_dispatch() Oct 31 15:24:56.813159: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.813163: | job 5 for #2: ikev2_inI2outR2 KE (compute dh (V2)): helper 2 starting job Oct 31 15:24:56.813168: | #2 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:56.813181: | suspending state #2 and saving MD 0x562b96abde78 Oct 31 15:24:56.813186: | addref md@0x562b96abde78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:56.813189: | #2 is busy; has suspended MD 0x562b96abde78 Oct 31 15:24:56.813195: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:56.813227: | #2 spent 0.45 (0.481) milliseconds in ikev2_process_packet() Oct 31 15:24:56.813236: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:56.813241: | delref mdp@0x562b96abde78(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:56.813248: | spent 0.471 (0.502) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:56.813959: | calculating skeyseed using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey-size=32 salt-size=0 Oct 31 15:24:56.814087: | "north-eastnets/0x1" #2: spent 0.902 (0.924) milliseconds in helper 2 processing job 5 for state #2: ikev2_inI2outR2 KE (pcr) Oct 31 15:24:56.814092: | job 5 for #2: ikev2_inI2outR2 KE (compute dh (V2)): helper thread 2 sending result back to state Oct 31 15:24:56.814095: | scheduling resume sending helper answer back to state for #2 Oct 31 15:24:56.814098: | libevent_malloc: newref ptr-libevent@0x7f10b8012a78 size 128 Oct 31 15:24:56.814104: | libevent_realloc: delref ptr-libevent@0x562b96a77e58 Oct 31 15:24:56.814106: | libevent_realloc: newref ptr-libevent@0x562b96ac11b8 size 128 Oct 31 15:24:56.814115: | helper thread 2 has nothing to do Oct 31 15:24:56.814126: | processing resume sending helper answer back to state for #2 Oct 31 15:24:56.814137: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:56.814142: | unsuspending #2 MD 0x562b96abde78 Oct 31 15:24:56.814145: | job 5 for #2: ikev2_inI2outR2 KE (compute dh (V2)): processing response from helper 2 Oct 31 15:24:56.814148: | job 5 for #2: ikev2_inI2outR2 KE (compute dh (V2)): calling continuation function 0x562b9558bfe7 Oct 31 15:24:56.814151: | ikev2_ike_sa_process_auth_request_no_skeyid_continue() for #2 STATE_PARENT_R1: calculating g^{xy}, sending R2 Oct 31 15:24:56.814154: | DH secret MODP2048@0x7f10bc006ba8: transferring ownership from helper IKEv2 DH to state #2 Oct 31 15:24:56.814157: | #2 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:56.814160: | already have all fragments, skipping fragment collection Oct 31 15:24:56.814162: | already have all fragments, skipping fragment collection Oct 31 15:24:56.814204: | authenticator matched Oct 31 15:24:56.814227: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:56.814233: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Oct 31 15:24:56.814238: | **parse IKEv2 Identification - Initiator - Payload: Oct 31 15:24:56.814242: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:56.814245: | flags: none (0x0) Oct 31 15:24:56.814250: | length: 13 (00 0d) Oct 31 15:24:56.814253: | ID type: ID_FQDN (0x2) Oct 31 15:24:56.814256: | reserved: 00 00 00 Oct 31 15:24:56.814258: | processing payload: ISAKMP_NEXT_v2IDi (len=5) Oct 31 15:24:56.814260: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:56.814263: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:56.814265: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:56.814267: | flags: none (0x0) Oct 31 15:24:56.814270: | length: 12 (00 0c) Oct 31 15:24:56.814272: | ID type: ID_FQDN (0x2) Oct 31 15:24:56.814274: | reserved: 00 00 00 Oct 31 15:24:56.814276: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:24:56.814278: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:56.814281: | **parse IKEv2 Authentication Payload: Oct 31 15:24:56.814286: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:56.814288: | flags: none (0x0) Oct 31 15:24:56.814290: | length: 350 (01 5e) Oct 31 15:24:56.814292: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:56.814295: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:24:56.814296: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:56.814299: | **parse IKEv2 Security Association Payload: Oct 31 15:24:56.814301: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:56.814303: | flags: none (0x0) Oct 31 15:24:56.814305: | length: 44 (00 2c) Oct 31 15:24:56.814307: | processing payload: ISAKMP_NEXT_v2SA (len=40) Oct 31 15:24:56.814309: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:56.814311: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:56.814313: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:56.814315: | flags: none (0x0) Oct 31 15:24:56.814318: | length: 24 (00 18) Oct 31 15:24:56.814320: | number of TS: 1 (01) Oct 31 15:24:56.814322: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:56.814324: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:56.814326: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:56.814328: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.814330: | flags: none (0x0) Oct 31 15:24:56.814333: | length: 24 (00 18) Oct 31 15:24:56.814335: | number of TS: 1 (01) Oct 31 15:24:56.814337: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:56.814339: | selected state microcode Responder: process IKE_AUTH request Oct 31 15:24:56.814346: | Message ID: IKE #2 responder starting message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.2321 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:24:56.814349: | calling processor Responder: process IKE_AUTH request Oct 31 15:24:56.814356: "north-eastnets/0x1" #2: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Oct 31 15:24:56.814358: | no certs to decode Oct 31 15:24:56.814364: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:56.814367: | received IDr payload - extracting our alleged ID Oct 31 15:24:56.814370: | refine_host_connection for IKEv2: starting with "north-eastnets/0x1" Oct 31 15:24:56.814375: | match_id a=@north Oct 31 15:24:56.814377: | b=@north Oct 31 15:24:56.814379: | results matched Oct 31 15:24:56.814382: | refine_host_connection: checking "north-eastnets/0x1" against "north-eastnets/0x1", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Oct 31 15:24:56.814384: | warning: not switching back to template of current instance Oct 31 15:24:56.814386: | peer expects us to be @east (ID_FQDN) according to its IDr payload Oct 31 15:24:56.814389: | this connection's local id is @east (ID_FQDN) Oct 31 15:24:56.814391: | refine_host_connection: checked "north-eastnets/0x1" against "north-eastnets/0x1", now for see if best Oct 31 15:24:56.814397: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@north of kind RSA Oct 31 15:24:56.814400: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:56.814402: | matched Oct 31 15:24:56.814404: | secrets entry for ckaid already exists Oct 31 15:24:56.814406: | connection north-eastnets/0x1's RSA private key found in NSS DB using CKAID Oct 31 15:24:56.814408: | returning because exact peer id match Oct 31 15:24:56.814410: | offered CA: '%none' Oct 31 15:24:56.814413: "north-eastnets/0x1" #2: IKEv2 mode peer ID is ID_FQDN: '@north' Oct 31 15:24:56.814432: | verifying AUTH payload Oct 31 15:24:56.814435: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:56.814438: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:56.814442: | ASN.1 blob for hash algo Oct 31 15:24:56.814444: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:56.814446: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:56.814448: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:56.814459: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:56.814465: | 03 02 01 40 Oct 31 15:24:56.814489: | required RSA CA is '%any' Oct 31 15:24:56.814494: | trying all remote certificates public keys for RSA key that matches ID: @north Oct 31 15:24:56.814499: | trying all preloaded keys public keys for RSA key that matches ID: @north Oct 31 15:24:56.814503: | skipping '@east' with wrong ID Oct 31 15:24:56.814507: | trying '@north' issued by CA '%any' Oct 31 15:24:56.814513: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:56.814516: | 8a c1 31 df 80 f6 6b 2e 8a 90 be d9 25 a6 6f 2c Oct 31 15:24:56.814518: | e4 bd 09 15 71 a1 3f f9 65 74 85 75 c8 26 d4 84 Oct 31 15:24:56.814520: | 58 71 a3 9a d6 a8 84 c9 0b 3b 41 3c 07 6f 3d 22 Oct 31 15:24:56.814522: | fd be 73 7e 8a 23 53 4c 26 dc 8a 5e 10 3d 31 43 Oct 31 15:24:56.814616: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:56.814623: | addref pk@0x562b96abb2b8(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:56.814626: | an RSA Sig check passed with *AQPl33O2P [preloaded keys] Oct 31 15:24:56.814632: | #2 spent 0.114 (0.118) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:56.814636: "north-eastnets/0x1" #2: authenticated using RSA with SHA2_512 Oct 31 15:24:56.814640: | #2 spent 0.166 (0.169) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:56.814660: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:56.814673: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@north of kind RSA Oct 31 15:24:56.814676: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:56.814678: | matched Oct 31 15:24:56.814680: | secrets entry for ckaid already exists Oct 31 15:24:56.814682: | connection north-eastnets/0x1's RSA private key found in NSS DB using CKAID Oct 31 15:24:56.814686: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:56.814688: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:56.814691: | newref clone logger@0x562b96aba028(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:56.814693: | job 6 for #2: computing responder signature (signature): adding job to queue Oct 31 15:24:56.814696: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:56.814699: | libevent_free: delref ptr-libevent@0x562b96ac17b8 Oct 31 15:24:56.814701: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96aa9108 Oct 31 15:24:56.814704: | #2 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:56.814707: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ac3878 Oct 31 15:24:56.814709: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Oct 31 15:24:56.814712: | libevent_malloc: newref ptr-libevent@0x562b96ac5698 size 128 Oct 31 15:24:56.814720: | ikev2_parent_inI2outR2_continue_tail returned STF_SUSPEND Oct 31 15:24:56.814725: | #2 spent 0.363 (0.371) milliseconds in processing: Responder: process IKE_AUTH request in v2_dispatch() Oct 31 15:24:56.814730: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.814734: | #2 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:56.814736: | suspending state #2 and saving MD 0x562b96abde78 Oct 31 15:24:56.814738: | addref md@0x562b96abde78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:56.814738: | job 6 for #2: computing responder signature (signature): helper 6 starting job Oct 31 15:24:56.814754: | hash to sign Oct 31 15:24:56.814760: | 86 a0 e3 a7 f3 f7 d0 52 24 e3 11 92 91 75 46 99 Oct 31 15:24:56.814769: | ed 45 72 1f 06 fd bd 6a 9f e1 e8 60 9a 46 75 df Oct 31 15:24:56.814742: | #2 is busy; has suspended MD 0x562b96abde78 Oct 31 15:24:56.814772: | ca 1d 59 1d 03 24 90 6b 3b f7 f8 eb 19 9b da 62 Oct 31 15:24:56.814791: | fd 76 6b d9 f5 1b f4 ff a5 ab 1c e2 22 24 dc 91 Oct 31 15:24:56.814797: | RSA_sign_hash: Started using NSS Oct 31 15:24:56.814782: | delref logger@0x562b96ab75d8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:56.814831: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.814834: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.814837: | resume sending helper answer back to state for #2 suppresed complete_v2_state_transition() Oct 31 15:24:56.814840: | delref mdp@0x562b96abde78(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:56.814845: | #2 spent 0.671 (0.702) milliseconds in resume sending helper answer back to state Oct 31 15:24:56.814849: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:56.814852: | libevent_free: delref ptr-libevent@0x7f10b8012a78 Oct 31 15:24:56.819828: | RSA_sign_hash: Ended using NSS Oct 31 15:24:56.819851: | "north-eastnets/0x1" #2: spent 4.94 (5.05) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:56.819856: | "north-eastnets/0x1" #2: spent 4.99 (5.1) milliseconds in v2_auth_signature() Oct 31 15:24:56.819861: | "north-eastnets/0x1" #2: spent 5.01 (5.13) milliseconds in helper 6 processing job 6 for state #2: computing responder signature (signature) Oct 31 15:24:56.819864: | job 6 for #2: computing responder signature (signature): helper thread 6 sending result back to state Oct 31 15:24:56.819868: | scheduling resume sending helper answer back to state for #2 Oct 31 15:24:56.819872: | libevent_malloc: newref ptr-libevent@0x7f10ac000d38 size 128 Oct 31 15:24:56.819882: | helper thread 6 has nothing to do Oct 31 15:24:56.819919: | processing resume sending helper answer back to state for #2 Oct 31 15:24:56.819933: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:56.819938: | unsuspending #2 MD 0x562b96abde78 Oct 31 15:24:56.819941: | job 6 for #2: computing responder signature (signature): processing response from helper 6 Oct 31 15:24:56.819944: | job 6 for #2: computing responder signature (signature): calling continuation function 0x562b954ba77f Oct 31 15:24:56.819948: | parent state #2: PARENT_R1(half-open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:56.819952: | #2 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:56.819955: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:56.819958: | libevent_free: delref ptr-libevent@0x562b96ac5698 Oct 31 15:24:56.819961: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ac3878 Oct 31 15:24:56.819965: | event_schedule: newref EVENT_SA_REKEY-pe@0x562b96ac3878 Oct 31 15:24:56.819968: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #2 Oct 31 15:24:56.819970: | libevent_malloc: newref ptr-libevent@0x7f10b8012a78 size 128 Oct 31 15:24:56.820042: | pstats #2 ikev2.ike established Oct 31 15:24:56.820050: | opening output PBS reply packet Oct 31 15:24:56.820053: | **emit ISAKMP Message: Oct 31 15:24:56.820058: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:24:56.820061: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:56.820063: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:56.820066: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.820068: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:56.820071: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:56.820074: | Message ID: 1 (00 00 00 01) Oct 31 15:24:56.820077: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:56.820080: | IKEv2 CERT: send a certificate? Oct 31 15:24:56.820085: | IKEv2 CERT: no certificate to send Oct 31 15:24:56.820088: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:56.820090: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.820092: | flags: none (0x0) Oct 31 15:24:56.820095: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:56.820097: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.820101: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:56.820113: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:56.820115: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:56.820118: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.820119: | flags: none (0x0) Oct 31 15:24:56.820122: | ID type: ID_FQDN (0x2) Oct 31 15:24:56.820125: | reserved: 00 00 00 Oct 31 15:24:56.820127: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:56.820129: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.820132: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Oct 31 15:24:56.820135: | my identity: 65 61 73 74 Oct 31 15:24:56.820137: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:24:56.820139: | added IDr payload to packet Oct 31 15:24:56.820141: | CHILD SA proposals received Oct 31 15:24:56.820143: | going to assemble AUTH payload Oct 31 15:24:56.820146: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:56.820148: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.820150: | flags: none (0x0) Oct 31 15:24:56.820152: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:56.820154: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:56.820156: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.820159: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:56.820161: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:56.820163: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:56.820165: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:56.820167: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:56.820169: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:56.820171: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:56.820173: | 03 02 01 40 Oct 31 15:24:56.820175: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:56.820177: | signature: Oct 31 15:24:56.820179: | 6e 45 47 eb d9 91 06 d6 b3 e8 0f c1 70 68 94 17 Oct 31 15:24:56.820181: | 16 ec f6 7c b0 a2 a7 36 c5 ba c1 12 1d 4f b1 33 Oct 31 15:24:56.820183: | 6c de cb 43 f2 5f ff 9a 20 03 d3 4d 0c 07 51 c9 Oct 31 15:24:56.820185: | f5 45 af 3e fa d6 00 40 e8 a0 3a be 03 c3 8c af Oct 31 15:24:56.820187: | 86 f6 9c b4 10 bd 64 94 f4 6a f8 a4 7d b4 01 dd Oct 31 15:24:56.820189: | 80 05 70 43 97 dd 0a 68 2b f4 3c 7e 7f c2 dd 4a Oct 31 15:24:56.820190: | 7c ac b0 46 c3 17 9b 34 5b 9f 23 cd 44 3e f4 74 Oct 31 15:24:56.820192: | 6b b2 50 b4 98 7c 1f 3f 7c c9 89 64 32 db 55 62 Oct 31 15:24:56.820194: | 5c 58 65 90 e2 72 26 9b 99 f1 b0 9d 09 85 b2 b4 Oct 31 15:24:56.820196: | 73 b2 13 cc 23 22 71 09 3a aa 00 7b 47 e4 c1 f6 Oct 31 15:24:56.820204: | 89 b6 9d 02 0e 0a 8b fa 4b 02 98 43 d8 b8 dc 92 Oct 31 15:24:56.820212: | 46 10 1c 71 c4 fa 14 ce 57 ec fa 4d c1 db 01 e2 Oct 31 15:24:56.820215: | f6 3d bc 5a fd 8f 57 e2 10 4e 0e 4c 36 09 b3 d2 Oct 31 15:24:56.820219: | 9e c4 02 41 13 96 6a f1 d3 6d bd 41 cf 7e ff 18 Oct 31 15:24:56.820222: | fe 67 83 c0 d3 3d 0f 96 35 36 31 09 14 1b c2 75 Oct 31 15:24:56.820225: | f3 0c bb 09 cb 1d 55 cc 91 f3 b7 76 d7 d0 4b 56 Oct 31 15:24:56.820228: | 3e b7 85 ad 69 31 d6 22 b2 63 91 da 0b e5 d4 65 Oct 31 15:24:56.820231: | e0 a8 Oct 31 15:24:56.820233: | emitting length of IKEv2 Authentication Payload: 350 Oct 31 15:24:56.820238: | newref alloc logger@0x562b96ab75d8(0->1) (in new_state() at state.c:576) Oct 31 15:24:56.820241: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:56.820243: | creating state object #4 at 0x562b96ac1f38 Oct 31 15:24:56.820246: | State DB: adding IKEv2 state #4 in UNDEFINED Oct 31 15:24:56.820253: | pstats #4 ikev2.child started Oct 31 15:24:56.820256: | duplicating state object #2 "north-eastnets/0x1" as #4 for IPSEC SA Oct 31 15:24:56.820261: | #4 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:56.820270: | Message ID: CHILD #2.#4 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.2321 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:56.820273: | child state #4: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_R0(ignore) Oct 31 15:24:56.820277: | #4.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:56.820282: | Message ID: IKE #2 switching from IKE SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.2321 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:24:56.820287: | Message ID: CHILD #2.#4 switching to CHILD SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.2321 child.wip.initiator=-1 child.wip.responder=-1->1 Oct 31 15:24:56.820291: | switching IKEv2 MD.ST from IKE #2 ESTABLISHED_IKE_SA to CHILD #4 V2_IKE_AUTH_CHILD_R0 (in ike_auth_child_responder() at ikev2_parent.c:3282) Oct 31 15:24:56.820294: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:56.820300: | TSi: parsing 1 traffic selectors Oct 31 15:24:56.820307: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:56.820311: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.820315: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.820320: | length: 16 (00 10) Oct 31 15:24:56.820324: | start port: 0 (00 00) Oct 31 15:24:56.820329: | end port: 65535 (ff ff) Oct 31 15:24:56.820334: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:56.820337: | TS low Oct 31 15:24:56.820341: | c0 00 03 00 Oct 31 15:24:56.820345: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:56.820348: | TS high Oct 31 15:24:56.820352: | c0 00 03 ff Oct 31 15:24:56.820355: | TSi: parsed 1 traffic selectors Oct 31 15:24:56.820359: | TSr: parsing 1 traffic selectors Oct 31 15:24:56.820362: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:56.820364: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.820366: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.820377: | length: 16 (00 10) Oct 31 15:24:56.820385: | start port: 0 (00 00) Oct 31 15:24:56.820389: | end port: 65535 (ff ff) Oct 31 15:24:56.820394: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:56.820397: | TS low Oct 31 15:24:56.820400: | c0 00 02 00 Oct 31 15:24:56.820404: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:56.820408: | TS high Oct 31 15:24:56.820411: | c0 00 02 ff Oct 31 15:24:56.820415: | TSr: parsed 1 traffic selectors Oct 31 15:24:56.820418: | looking for best SPD in current connection Oct 31 15:24:56.820428: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:56.820438: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.820446: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:56.820449: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:56.820451: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:56.820454: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:56.820456: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:56.820460: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.820465: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:56.820468: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:56.820470: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:56.820472: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:56.820474: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:56.820477: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:56.820479: | found better spd route for TSi[0],TSr[0] Oct 31 15:24:56.820481: | looking for better host pair Oct 31 15:24:56.820486: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:56.820490: | checking hostpair 192.0.2.0/24:0 -> 192.0.3.0/24:0 is found Oct 31 15:24:56.820492: | investigating connection "north-eastnets/0x1" as a better match Oct 31 15:24:56.820495: | match_id a=@north Oct 31 15:24:56.820497: | b=@north Oct 31 15:24:56.820499: | results matched Oct 31 15:24:56.820504: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:56.820508: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.820513: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:56.820515: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:56.820517: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:56.820519: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:56.820521: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:56.820525: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.820530: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:56.820532: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:56.820534: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:56.820536: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:56.820538: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:56.820540: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:56.820542: | investigating connection "north-eastnets/0x2" as a better match Oct 31 15:24:56.820545: | match_id a=@north Oct 31 15:24:56.820547: | b=@north Oct 31 15:24:56.820549: | results matched Oct 31 15:24:56.820553: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:56.820556: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.820561: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:56.820567: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:56.820573: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:56.820578: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:56.820582: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:56.820589: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.820599: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: NO Oct 31 15:24:56.820605: | did not find a better connection using host pair Oct 31 15:24:56.820611: | printing contents struct traffic_selector Oct 31 15:24:56.820614: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:56.820618: | ipprotoid: 0 Oct 31 15:24:56.820621: | port range: 0-65535 Oct 31 15:24:56.820627: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:56.820631: | printing contents struct traffic_selector Oct 31 15:24:56.820634: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:56.820637: | ipprotoid: 0 Oct 31 15:24:56.820644: | port range: 0-65535 Oct 31 15:24:56.820657: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:56.820663: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Oct 31 15:24:56.820671: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Oct 31 15:24:56.820681: | ... ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:24:56.820686: "north-eastnets/0x1": local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): Oct 31 15:24:56.820693: "north-eastnets/0x1": 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:24:56.820697: | comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Oct 31 15:24:56.820702: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:56.820705: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:56.820707: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:56.820709: | local proposal 1 type DH has 1 transforms Oct 31 15:24:56.820711: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:56.820714: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:56.820717: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.820725: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:56.820728: | length: 40 (00 28) Oct 31 15:24:56.820730: | prop #: 1 (01) Oct 31 15:24:56.820732: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:56.820735: | spi size: 4 (04) Oct 31 15:24:56.820737: | # transforms: 3 (03) Oct 31 15:24:56.820740: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:56.820742: | remote SPI Oct 31 15:24:56.820744: | 1e 00 32 67 Oct 31 15:24:56.820746: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:56.820749: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.820751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.820754: | length: 12 (00 0c) Oct 31 15:24:56.820756: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.820758: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:56.820761: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.820763: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.820766: | length/value: 128 (00 80) Oct 31 15:24:56.820769: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:56.820772: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.820774: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.820778: | length: 8 (00 08) Oct 31 15:24:56.820785: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.820790: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:56.820795: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:56.820800: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.820803: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.820808: | length: 8 (00 08) Oct 31 15:24:56.820811: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:56.820815: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:56.820820: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:56.820830: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Oct 31 15:24:56.820837: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Oct 31 15:24:56.820841: | remote proposal 1 matches local proposal 1 Oct 31 15:24:56.820849: "north-eastnets/0x1" #4: proposal 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-DISABLED SPI=1e003267 chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Oct 31 15:24:56.820853: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-DISABLED SPI=1e003267 Oct 31 15:24:56.820856: | converting proposal to internal trans attrs Oct 31 15:24:56.820876: | netlink_get_spi: allocated 0x323e8a54 for esp.0@192.1.2.23 Oct 31 15:24:56.820879: | emitting ikev2_proposal ... Oct 31 15:24:56.820881: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:56.820883: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.820886: | flags: none (0x0) Oct 31 15:24:56.820889: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:56.820891: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.820895: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.820897: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:56.820899: | prop #: 1 (01) Oct 31 15:24:56.820901: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:56.820904: | spi size: 4 (04) Oct 31 15:24:56.820906: | # transforms: 3 (03) Oct 31 15:24:56.820908: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.820912: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:56.820914: | our spi: 32 3e 8a 54 Oct 31 15:24:56.820917: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.820919: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.820921: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.820923: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:56.820925: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.820928: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.820930: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.820933: | length/value: 128 (00 80) Oct 31 15:24:56.820935: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.820938: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.820940: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.820942: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.820944: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:56.820946: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.820948: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.820951: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.820953: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.820955: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.820957: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:56.820959: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:56.820961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.820963: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.820967: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.820970: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:56.820972: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.820974: | emitting length of IKEv2 Security Association Payload: 44 Oct 31 15:24:56.820976: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:56.820979: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:56.820981: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.820983: | flags: none (0x0) Oct 31 15:24:56.820985: | number of TS: 1 (01) Oct 31 15:24:56.820988: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:56.820990: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.820992: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:56.820994: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.820996: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.820999: | start port: 0 (00 00) Oct 31 15:24:56.821002: | end port: 65535 (ff ff) Oct 31 15:24:56.821004: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:56.821007: | IP start: c0 00 03 00 Oct 31 15:24:56.821009: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:56.821012: | IP end: c0 00 03 ff Oct 31 15:24:56.821014: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:56.821016: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:56.821018: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:56.821020: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.821022: | flags: none (0x0) Oct 31 15:24:56.821024: | number of TS: 1 (01) Oct 31 15:24:56.821026: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:56.821029: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.821031: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:56.821033: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.821035: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.821037: | start port: 0 (00 00) Oct 31 15:24:56.821040: | end port: 65535 (ff ff) Oct 31 15:24:56.821042: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:56.821045: | IP start: c0 00 02 00 Oct 31 15:24:56.821047: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:56.821049: | IP end: c0 00 02 ff Oct 31 15:24:56.821051: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:56.821053: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:56.821056: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:56.821059: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:24:56.821132: | FOR_EACH_CONNECTION_... in IKE_SA_established Oct 31 15:24:56.821136: | install_ipsec_sa() for #4: inbound and outbound Oct 31 15:24:56.821139: | could_route called for north-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:56.821141: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:56.821144: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:56.821146: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:56.821149: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:56.821155: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:56.821158: | route owner of "north-eastnets/0x1" prospective erouted: self; eroute owner: self Oct 31 15:24:56.821161: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:56.821164: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:56.821167: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:56.821170: | setting IPsec SA replay-window to 32 Oct 31 15:24:56.821173: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:24:56.821175: | netlink: enabling tunnel mode Oct 31 15:24:56.821177: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:56.821179: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:56.821182: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:56.821259: | netlink response for Add SA esp.1e003267@192.1.3.33 included non-error error Oct 31 15:24:56.821268: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:56.821271: | set up outgoing SA, ref=0/0 Oct 31 15:24:56.821273: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:56.821276: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:56.821278: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:56.821281: | setting IPsec SA replay-window to 32 Oct 31 15:24:56.821283: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:24:56.821286: | netlink: enabling tunnel mode Oct 31 15:24:56.821288: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:56.821290: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:56.821292: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:56.821338: | netlink response for Add SA esp.323e8a54@192.1.2.23 included non-error error Oct 31 15:24:56.821346: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:56.821349: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:56.821353: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:56.821356: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:56.821359: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:56.821363: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:56.821375: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:56.821381: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:56.821418: | raw_eroute result=success Oct 31 15:24:56.821427: | set up incoming SA, ref=0/0 Oct 31 15:24:56.821433: | sr for #4: prospective erouted Oct 31 15:24:56.821437: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:56.821441: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:56.821444: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:56.821448: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:56.821452: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:56.821456: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:56.821461: | route owner of "north-eastnets/0x1" prospective erouted: self; eroute owner: self Oct 31 15:24:56.821466: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:north-eastnets/0x1 esr:{(nil)} ro:north-eastnets/0x1 rosr:{(nil)} and state: #4 Oct 31 15:24:56.821469: | we are replacing an eroute Oct 31 15:24:56.821474: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:56.821487: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:56.821491: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:56.821513: | raw_eroute result=success Oct 31 15:24:56.821519: | running updown command "ipsec _updown" for verb up Oct 31 15:24:56.821521: | command executing up-client Oct 31 15:24:56.821526: | get_sa_info esp.1e003267@192.1.3.33 Oct 31 15:24:56.821535: | get_sa_info esp.323e8a54@192.1.2.23 Oct 31 15:24:56.821563: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'... Oct 31 15:24:56.821566: | popen cmd is 1137 chars long Oct 31 15:24:56.821569: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Oct 31 15:24:56.821571: | cmd( 80): PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_N: Oct 31 15:24:56.821573: | cmd( 160):EXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT=': Oct 31 15:24:56.821575: | cmd( 240):192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Oct 31 15:24:56.821577: | cmd( 320):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Oct 31 15:24:56.821579: | cmd( 400):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.: Oct 31 15:24:56.821580: | cmd( 480):0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' P: Oct 31 15:24:56.821582: | cmd( 560):LUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' P: Oct 31 15:24:56.821584: | cmd( 640):LUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKE: Oct 31 15:24:56.821586: | cmd( 720):V2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: Oct 31 15:24:56.821588: | cmd( 800):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: Oct 31 15:24:56.821590: | cmd( 880):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: Oct 31 15:24:56.821592: | cmd( 960):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_: Oct 31 15:24:56.821594: | cmd(1040):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1e003267 SPI_OUT=0x323e8a54 i: Oct 31 15:24:56.821596: | cmd(1120):psec _updown 2>&1: Oct 31 15:24:56.835336: | route_and_eroute: firewall_notified: true Oct 31 15:24:56.835358: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x562b96ab6ae8,sr=0x562b96ab6ae8} to #4 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:56.835444: | ISAKMP_v2_IKE_AUTH: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #2 Oct 31 15:24:56.835456: | adding 10 bytes of padding (including 1 byte padding-length) Oct 31 15:24:56.835463: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835468: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835472: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835481: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835485: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835494: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835498: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835502: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835505: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835509: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.835514: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:56.835518: | emitting length of IKEv2 Encryption Payload: 500 Oct 31 15:24:56.835522: | emitting length of ISAKMP Message: 528 Oct 31 15:24:56.835591: | recording outgoing fragment failed Oct 31 15:24:56.835603: | delref logger@0x562b96aba028(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:56.835608: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.835611: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.835616: | XXX: resume sending helper answer back to state for #2 switched MD.ST to #4 Oct 31 15:24:56.835626: | suspend processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.835633: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.835640: | #4 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_R0 PARENT_R1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:56.835644: | transitioning from state STATE_PARENT_R1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:56.835648: | Message ID: updating counters for #4 Oct 31 15:24:56.835660: | Message ID: CHILD #2.#4 updating responder received message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0 ike.responder.recv=0->1 ike.responder.last_contact=744569.2321->744571.268447 child.wip.initiator=-1 child.wip.responder=1->-1 Oct 31 15:24:56.835669: | Message ID: CHILD #2.#4 updating responder sent message response 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=0->1 ike.responder.recv=1 ike.responder.last_contact=744571.268447 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:56.835678: | Message ID: IKE #2 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744571.268447 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:56.835683: | child state #4: V2_IKE_AUTH_CHILD_R0(ignore) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:56.835687: | pstats #4 ikev2.child established Oct 31 15:24:56.835691: | announcing the state transition Oct 31 15:24:56.835703: "north-eastnets/0x1" #4: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:56.835710: | NAT-T: encaps is 'auto' Oct 31 15:24:56.835719: "north-eastnets/0x1" #4: IPsec SA established tunnel mode {ESP=>0x1e003267 <0x323e8a54 xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Oct 31 15:24:56.835729: | sending 528 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #2) Oct 31 15:24:56.835733: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:56.835736: | 2e 20 23 20 00 00 00 01 00 00 02 10 24 00 01 f4 Oct 31 15:24:56.835739: | 49 c8 ed e9 33 1f 19 7e 39 e2 a2 c9 a2 39 d1 e0 Oct 31 15:24:56.835741: | 29 be 16 35 8d d9 db bb 8b d7 67 c5 a4 cc e2 75 Oct 31 15:24:56.835744: | 98 a7 a5 0f 0c bc 26 b0 62 93 af 5e 27 b1 96 26 Oct 31 15:24:56.835747: | 2a 49 1e 18 69 9b 7c c1 c7 db 3b 9a b7 d7 9e 80 Oct 31 15:24:56.835753: | ff f0 30 92 5e 46 1b 73 7e a2 43 2e 71 b4 b0 42 Oct 31 15:24:56.835756: | fe 8d f9 73 c8 47 9b 54 a7 d6 e2 e9 ff 0e 73 74 Oct 31 15:24:56.835760: | a6 1b 01 23 b7 c0 7c b1 a2 89 8e 14 23 be 67 cd Oct 31 15:24:56.835762: | 4f ab b4 30 e8 de e0 38 02 23 21 00 af 9c 83 76 Oct 31 15:24:56.835765: | 59 1b b1 e6 b1 42 58 bf c4 5a 43 c1 02 8e c2 59 Oct 31 15:24:56.835767: | c3 44 79 a6 ca fb af 00 19 1a e4 a2 9a 3a 67 55 Oct 31 15:24:56.835770: | b7 27 75 b0 4d ed ee d5 fb ff 34 45 98 66 91 6f Oct 31 15:24:56.835773: | e8 a3 13 74 48 75 c8 b9 e2 31 4e e8 f2 81 d9 f3 Oct 31 15:24:56.835776: | 38 52 ba d0 cf 35 93 c4 ae 1f 8e 8a 81 4d 35 dd Oct 31 15:24:56.835778: | f1 c9 9c 41 a9 44 30 37 e3 8c d2 d4 92 a8 27 1f Oct 31 15:24:56.835781: | 2b 8a 52 65 1f 4d 58 07 4f 49 13 ae aa a9 4c b3 Oct 31 15:24:56.835783: | f7 1a 01 31 4a da 1c 80 f5 f1 f1 35 21 bd 82 b5 Oct 31 15:24:56.835786: | af fc d4 9e 9d bd ae 52 8f ec 4b 81 fa 3e 7a e7 Oct 31 15:24:56.835789: | a3 6e 2c a4 8d c7 1a eb 2d b0 67 bf 9c 52 35 55 Oct 31 15:24:56.835792: | 5f 78 f0 d8 9c 10 17 9e dc 53 62 ff 53 15 81 0c Oct 31 15:24:56.835795: | 95 63 a8 d5 ea 5c 27 a0 64 3c c2 46 a9 cb 49 a6 Oct 31 15:24:56.835797: | 7f f3 5b 76 77 02 80 20 d8 07 52 99 34 46 a6 5b Oct 31 15:24:56.835800: | 34 91 2b 60 30 68 7b a6 cc d0 94 7c 50 87 76 5e Oct 31 15:24:56.835803: | f8 60 8b 1b 89 a2 21 aa b3 fe 8c 40 c9 48 3f 1c Oct 31 15:24:56.835806: | f7 35 d7 4a cb 1f d4 e3 00 9f 93 df 4a 6c eb a3 Oct 31 15:24:56.835809: | b7 2a 33 68 7f 96 8f b1 57 d4 7c 32 b7 d3 99 a3 Oct 31 15:24:56.835812: | c2 43 9e cd 63 a6 68 9c 29 59 db 49 48 7b 0d 82 Oct 31 15:24:56.835815: | 2c cb 0d 4e 59 9b 28 5d ae ac c7 0a 12 0f 89 d8 Oct 31 15:24:56.835817: | 63 4b 4e dc 47 66 a9 06 58 bf 6e 68 16 57 f1 3c Oct 31 15:24:56.835821: | d7 de 84 d2 b8 8c 92 ef e8 77 91 9e 33 ea 84 f4 Oct 31 15:24:56.835823: | 0d 7f 08 32 f9 28 cf 45 47 e4 3b a3 92 72 b7 f2 Oct 31 15:24:56.835825: | d2 2b 06 49 e0 6d d2 d1 60 81 60 29 a3 4d ec c9 Oct 31 15:24:56.835860: | sent 1 messages Oct 31 15:24:56.835865: | releasing #4's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:56.835868: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:56.835870: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:56.835874: | unpending #4's IKE SA #2 Oct 31 15:24:56.835878: | unpending state #2 connection "north-eastnets/0x1" Oct 31 15:24:56.835881: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:56.835884: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:56.835887: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:56.835891: | #4 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:56.835894: | state #4 has no .st_event to delete Oct 31 15:24:56.835898: | event_schedule: newref EVENT_SA_REKEY-pe@0x562b96aba028 Oct 31 15:24:56.835902: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #4 Oct 31 15:24:56.835907: | libevent_malloc: newref ptr-libevent@0x562b96ac9178 size 128 Oct 31 15:24:56.835914: | delref mdp@0x562b96abde78(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:56.835919: | delref logger@0x562b96ac1148(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:56.835923: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.835926: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.835938: | #2 spent 2.3 (16) milliseconds in resume sending helper answer back to state Oct 31 15:24:56.835945: | stop processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:56.835951: | libevent_free: delref ptr-libevent@0x7f10ac000d38 Oct 31 15:24:56.835966: | processing signal PLUTO_SIGCHLD Oct 31 15:24:56.835974: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:56.835983: | spent 0.00987 (0.00975) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:57.174866: | spent 0.00235 (0.00231) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:57.174947: | newref struct msg_digest@0x562b96abde78(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.174953: | newref alloc logger@0x562b96ac1268(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.174961: | *received 528 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:57.174964: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.174966: | 2e 20 23 20 00 00 00 01 00 00 02 10 24 00 01 f4 Oct 31 15:24:57.174969: | 22 f4 ee c9 46 9f 12 7a 67 a4 0b 35 ac b5 30 7a Oct 31 15:24:57.174971: | 9d 58 89 1e fe ee 07 4a 66 07 97 55 25 6d bc ae Oct 31 15:24:57.174974: | e9 5e d0 6d 20 ee 5a cd 6a 56 44 f9 1a 83 4d 2f Oct 31 15:24:57.174976: | 41 7d ac 0a 7a ad a0 bd 54 d2 8d 53 6e ec 83 58 Oct 31 15:24:57.174979: | 07 c2 40 af cf 07 fa 3e f3 59 54 81 0b 8c ca ef Oct 31 15:24:57.174981: | 3d d9 19 24 66 5c d9 f2 28 bc b5 e6 b2 1f ea 10 Oct 31 15:24:57.174984: | 75 8a 73 6b 07 e9 bd 82 c1 ff 8a cb a5 64 f5 37 Oct 31 15:24:57.174986: | 61 c9 28 e4 e5 53 f1 ef c1 6b af ce a3 6c 3e af Oct 31 15:24:57.174988: | 28 bb b8 f3 68 da 73 b1 b5 b9 37 05 21 16 47 aa Oct 31 15:24:57.174991: | 62 15 22 de 0b e5 48 8c fa e7 60 6e 61 ad 71 28 Oct 31 15:24:57.174993: | 9e 74 9e 84 1c d2 f0 5f a0 3b dd d7 03 20 bc 40 Oct 31 15:24:57.174996: | af 1e cb c3 22 0b 47 9d 54 ec 7c 48 09 eb eb eb Oct 31 15:24:57.174998: | be 04 27 2e 26 dc df 69 5f 90 20 73 13 96 ce 91 Oct 31 15:24:57.175001: | d5 9e a7 41 a7 65 ed 65 75 b1 bc c3 8c b6 2f 35 Oct 31 15:24:57.175003: | 9f 10 c0 b2 7c 2e 87 b0 a7 e0 c0 58 b2 c1 b2 74 Oct 31 15:24:57.175006: | 02 15 7d 2d cb 9d 1d 65 38 ad 91 f9 ac f6 c1 f6 Oct 31 15:24:57.175008: | 44 10 08 dd 3a f5 72 d3 16 5f 80 e6 c4 13 09 fa Oct 31 15:24:57.175010: | 2d 3b 58 c0 c9 25 de b5 f9 b5 7b 1a 25 d1 01 05 Oct 31 15:24:57.175013: | 83 04 19 80 2e 8f 43 32 e5 f6 86 e3 3d 2a 46 69 Oct 31 15:24:57.175015: | 11 b9 70 0b 77 36 39 c6 1a b7 49 bb 98 6e b9 0a Oct 31 15:24:57.175017: | 62 07 3d 90 92 86 d7 09 ff 20 74 ec f8 8c b2 54 Oct 31 15:24:57.175020: | 17 23 f9 8c b4 3e 93 c9 60 e1 b6 67 c9 f7 b4 3e Oct 31 15:24:57.175022: | 6b bb c8 84 33 28 ac 21 8a 09 ad e2 43 46 60 f6 Oct 31 15:24:57.175024: | f0 df 41 27 28 96 58 8e 61 ea 7f a2 bf 8c 21 69 Oct 31 15:24:57.175031: | fa df c3 5a 80 fd 5c c6 10 e7 54 a7 9c 6f 1d 3f Oct 31 15:24:57.175033: | 16 8c 64 67 37 23 f0 6c 4a 1e 73 77 f8 17 83 ee Oct 31 15:24:57.175035: | 32 38 b7 cd e4 fe 05 b8 fa 41 53 7e 76 98 e6 12 Oct 31 15:24:57.175038: | 6c 63 df 87 3e 2e 60 99 dc ff ca f5 05 7d 93 be Oct 31 15:24:57.175040: | 1e a0 97 a0 96 ed 1f 56 f4 dd 82 5f a0 26 41 f3 Oct 31 15:24:57.175042: | b7 35 ee a0 30 33 09 5a a7 71 87 87 8e 9a 40 e8 Oct 31 15:24:57.175044: | ad 0c 82 c5 a1 80 20 07 7a 59 52 2f 91 1e 93 60 Oct 31 15:24:57.175050: | **parse ISAKMP Message: Oct 31 15:24:57.175055: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:57.175059: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.175062: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:57.175065: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.175067: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:57.175070: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:57.175074: | Message ID: 1 (00 00 00 01) Oct 31 15:24:57.175078: | length: 528 (00 00 02 10) Oct 31 15:24:57.175081: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:57.175085: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:57.175090: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:57.175098: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:57.175104: | State DB: found IKEv2 state #3 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:57.175107: | #3 is idle Oct 31 15:24:57.175110: | #3 idle Oct 31 15:24:57.175115: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:57.175120: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:57.175122: | unpacking clear payload Oct 31 15:24:57.175125: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:57.175128: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:57.175131: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:57.175134: | flags: none (0x0) Oct 31 15:24:57.175137: | length: 500 (01 f4) Oct 31 15:24:57.175140: | processing payload: ISAKMP_NEXT_v2SK (len=496) Oct 31 15:24:57.175143: | #3 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:57.175175: | authenticator matched Oct 31 15:24:57.175187: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:57.175190: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:57.175194: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:57.175197: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:57.175216: | flags: none (0x0) Oct 31 15:24:57.175220: | length: 13 (00 0d) Oct 31 15:24:57.175222: | ID type: ID_FQDN (0x2) Oct 31 15:24:57.175225: | reserved: 00 00 00 Oct 31 15:24:57.175228: | processing payload: ISAKMP_NEXT_v2IDr (len=5) Oct 31 15:24:57.175231: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:57.175234: | **parse IKEv2 Authentication Payload: Oct 31 15:24:57.175236: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:57.175239: | flags: none (0x0) Oct 31 15:24:57.175241: | length: 350 (01 5e) Oct 31 15:24:57.175244: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:57.175246: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:24:57.175249: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:57.175251: | **parse IKEv2 Security Association Payload: Oct 31 15:24:57.175254: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:57.175256: | flags: none (0x0) Oct 31 15:24:57.175259: | length: 44 (00 2c) Oct 31 15:24:57.175266: | processing payload: ISAKMP_NEXT_v2SA (len=40) Oct 31 15:24:57.175269: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:57.175272: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:57.175274: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:57.175276: | flags: none (0x0) Oct 31 15:24:57.175279: | length: 24 (00 18) Oct 31 15:24:57.175282: | number of TS: 1 (01) Oct 31 15:24:57.175285: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:57.175287: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:57.175290: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:57.175292: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.175294: | flags: none (0x0) Oct 31 15:24:57.175297: | length: 24 (00 18) Oct 31 15:24:57.175300: | number of TS: 1 (01) Oct 31 15:24:57.175303: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:57.175306: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:24:57.175308: | calling processor Initiator: process IKE_AUTH response Oct 31 15:24:57.175312: | no certs to decode Oct 31 15:24:57.175318: | offered CA: '%none' Oct 31 15:24:57.175322: "north-eastnets/0x2" #3: IKEv2 mode peer ID is ID_FQDN: '@north' Oct 31 15:24:57.175347: | verifying AUTH payload Oct 31 15:24:57.175352: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:57.175355: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:57.175357: | ASN.1 blob for hash algo Oct 31 15:24:57.175360: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:57.175365: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:57.175367: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:57.175370: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:57.175372: | 03 02 01 40 Oct 31 15:24:57.175391: | required RSA CA is '%any' Oct 31 15:24:57.175395: | trying all remote certificates public keys for RSA key that matches ID: @north Oct 31 15:24:57.175397: | trying all preloaded keys public keys for RSA key that matches ID: @north Oct 31 15:24:57.175401: | skipping '@east' with wrong ID Oct 31 15:24:57.175404: | trying '@north' issued by CA '%any' Oct 31 15:24:57.175407: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:57.175410: | cd f9 3c 6a 0a 87 a9 d8 09 79 fe 96 15 23 82 4c Oct 31 15:24:57.175412: | a9 9f c0 ba 5e 96 33 98 3e c0 ab d5 18 b2 55 16 Oct 31 15:24:57.175415: | ee 1d 86 4a 5a 9c e4 70 13 4c d0 8a cc 38 0f 22 Oct 31 15:24:57.175417: | 0f ed b5 80 4c 67 fb bb 2c 64 49 10 ad c5 60 9c Oct 31 15:24:57.175482: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:57.175488: | addref pk@0x562b96abb2b8(2->3) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:57.175491: | an RSA Sig check passed with *AQPl33O2P [preloaded keys] Oct 31 15:24:57.175497: | #1 spent 0.0872 (0.0874) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:57.175501: "north-eastnets/0x1" #1: authenticated using RSA with SHA2_512 Oct 31 15:24:57.175506: | #1 spent 0.129 (0.129) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:57.175510: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:57.175514: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:24:57.175517: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:24:57.175521: | libevent_free: delref ptr-libevent@0x7f10c0010a78 Oct 31 15:24:57.175524: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x562b96ac1098 Oct 31 15:24:57.175528: | event_schedule: newref EVENT_SA_REKEY-pe@0x562b96ac57c8 Oct 31 15:24:57.175531: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:24:57.175534: | libevent_malloc: newref ptr-libevent@0x7f10ac000d38 size 128 Oct 31 15:24:57.175591: | pstats #1 ikev2.ike established Oct 31 15:24:57.175597: | TSi: parsing 1 traffic selectors Oct 31 15:24:57.175601: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:57.175604: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.175607: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.175611: | length: 16 (00 10) Oct 31 15:24:57.175619: | start port: 0 (00 00) Oct 31 15:24:57.175623: | end port: 65535 (ff ff) Oct 31 15:24:57.175625: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:57.175628: | TS low Oct 31 15:24:57.175630: | c0 00 16 00 Oct 31 15:24:57.175633: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:57.175635: | TS high Oct 31 15:24:57.175637: | c0 00 16 ff Oct 31 15:24:57.175639: | TSi: parsed 1 traffic selectors Oct 31 15:24:57.175642: | TSr: parsing 1 traffic selectors Oct 31 15:24:57.175645: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:57.175647: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.175650: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.175653: | length: 16 (00 10) Oct 31 15:24:57.175656: | start port: 0 (00 00) Oct 31 15:24:57.175659: | end port: 65535 (ff ff) Oct 31 15:24:57.175662: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:57.175664: | TS low Oct 31 15:24:57.175666: | c0 00 03 00 Oct 31 15:24:57.175668: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:57.175670: | TS high Oct 31 15:24:57.175672: | c0 00 03 ff Oct 31 15:24:57.175675: | TSr: parsed 1 traffic selectors Oct 31 15:24:57.175682: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:24:57.175687: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.175698: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:24:57.175707: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:57.175709: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:57.175712: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:57.175716: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:57.175720: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.175727: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:57.175730: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:57.175733: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:57.175735: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:57.175738: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:57.175740: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:57.175742: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:24:57.175745: | printing contents struct traffic_selector Oct 31 15:24:57.175747: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:57.175749: | ipprotoid: 0 Oct 31 15:24:57.175751: | port range: 0-65535 Oct 31 15:24:57.175755: | ip range: 192.0.22.0-192.0.22.255 Oct 31 15:24:57.175757: | printing contents struct traffic_selector Oct 31 15:24:57.175760: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:57.175762: | ipprotoid: 0 Oct 31 15:24:57.175764: | port range: 0-65535 Oct 31 15:24:57.175768: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:57.175775: | using existing local ESP/AH proposals for north-eastnets/0x2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:24:57.175778: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Oct 31 15:24:57.175782: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:57.175785: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:57.175791: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:57.175793: | local proposal 1 type DH has 1 transforms Oct 31 15:24:57.175796: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:57.175799: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:57.175803: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.175805: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:57.175809: | length: 40 (00 28) Oct 31 15:24:57.175811: | prop #: 1 (01) Oct 31 15:24:57.175814: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:57.175817: | spi size: 4 (04) Oct 31 15:24:57.175819: | # transforms: 3 (03) Oct 31 15:24:57.175823: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:57.175825: | remote SPI Oct 31 15:24:57.175827: | f0 40 d5 0e Oct 31 15:24:57.175830: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:57.175833: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.175836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.175839: | length: 12 (00 0c) Oct 31 15:24:57.175841: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.175843: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:57.175846: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.175848: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.175851: | length/value: 128 (00 80) Oct 31 15:24:57.175855: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:57.175858: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.175860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.175863: | length: 8 (00 08) Oct 31 15:24:57.175866: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.175870: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:57.175874: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:57.175876: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.175879: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.175882: | length: 8 (00 08) Oct 31 15:24:57.175884: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:57.175886: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:57.175890: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:57.175893: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Oct 31 15:24:57.175902: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Oct 31 15:24:57.175905: | remote proposal 1 matches local proposal 1 Oct 31 15:24:57.175908: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Oct 31 15:24:57.175913: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-DISABLED SPI=f040d50e Oct 31 15:24:57.175916: | converting proposal to internal trans attrs Oct 31 15:24:57.175921: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:24:57.175989: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:24:57.175993: | could_route called for north-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:57.175996: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:57.175999: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.176002: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:57.176004: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.176007: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:57.176011: | route owner of "north-eastnets/0x2" prospective erouted: "north-eastnets/0x1" erouted; eroute owner: self Oct 31 15:24:57.176015: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:57.176018: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:57.176021: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:57.176025: | setting IPsec SA replay-window to 32 Oct 31 15:24:57.176028: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:24:57.176031: | netlink: enabling tunnel mode Oct 31 15:24:57.176033: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:57.176035: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:57.176038: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:57.176101: | netlink response for Add SA esp.f040d50e@192.1.3.33 included non-error error Oct 31 15:24:57.176106: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:57.176108: | set up outgoing SA, ref=0/0 Oct 31 15:24:57.176111: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:57.176114: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:57.176116: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:57.176120: | setting IPsec SA replay-window to 32 Oct 31 15:24:57.176123: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:24:57.176126: | netlink: enabling tunnel mode Oct 31 15:24:57.176128: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:57.176130: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:57.176133: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:57.176170: | netlink response for Add SA esp.de706675@192.1.2.23 included non-error error Oct 31 15:24:57.176180: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:57.176182: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:57.176184: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:57.176187: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:57.176189: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:57.176191: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:57.176212: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:57.176219: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:57.176245: | raw_eroute result=success Oct 31 15:24:57.176248: | set up incoming SA, ref=0/0 Oct 31 15:24:57.176251: | sr for #3: prospective erouted Oct 31 15:24:57.176253: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:57.176256: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:57.176259: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.176261: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:57.176264: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.176266: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:57.176270: | route owner of "north-eastnets/0x2" prospective erouted: "north-eastnets/0x1" erouted; eroute owner: self Oct 31 15:24:57.176274: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:north-eastnets/0x2 esr:{(nil)} ro:north-eastnets/0x1 rosr:{0x562b96ab6ae8} and state: #3 Oct 31 15:24:57.176276: | we are replacing an eroute Oct 31 15:24:57.176279: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:57.176289: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:57.176292: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:57.176305: | raw_eroute result=success Oct 31 15:24:57.176308: | running updown command "ipsec _updown" for verb up Oct 31 15:24:57.176311: | command executing up-client Oct 31 15:24:57.176316: | get_sa_info esp.f040d50e@192.1.3.33 Oct 31 15:24:57.176325: | get_sa_info esp.de706675@192.1.2.23 Oct 31 15:24:57.176358: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157897' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:24:57.176362: | popen cmd is 1139 chars long Oct 31 15:24:57.176365: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2': Oct 31 15:24:57.176367: | cmd( 80): PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_N: Oct 31 15:24:57.176370: | cmd( 160):EXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT=': Oct 31 15:24:57.176372: | cmd( 240):192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.25: Oct 31 15:24:57.176374: | cmd( 320):5.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYP: Oct 31 15:24:57.176378: | cmd( 400):E='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:24:57.176381: | cmd( 480):3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:24:57.176383: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:24:57.176385: | cmd( 640): PLUTO_ADDTIME='1604157897' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+I: Oct 31 15:24:57.176387: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLU: Oct 31 15:24:57.176390: | cmd( 800):TO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_: Oct 31 15:24:57.176392: | cmd( 880):INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUT: Oct 31 15:24:57.176394: | cmd( 960):O_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VT: Oct 31 15:24:57.176396: | cmd(1040):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf040d50e SPI_OUT=0xde706675: Oct 31 15:24:57.176399: | cmd(1120): ipsec _updown 2>&1: Oct 31 15:24:57.292273: | route_and_eroute: firewall_notified: true Oct 31 15:24:57.292294: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x562b96ab85b8,sr=0x562b96ab85b8} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:57.292361: | inR2: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Oct 31 15:24:57.292374: | #3 spent 1.23 (117) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:24:57.292383: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.292389: | #3 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:57.292393: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:57.292395: | Message ID: updating counters for #3 Oct 31 15:24:57.292403: | Message ID: CHILD #1.#3 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.479863 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:57.292407: | #3 requesting EVENT_RETRANSMIT-pe@0x562b96ab9cd8 be deleted Oct 31 15:24:57.292413: | libevent_free: delref ptr-libevent@0x7f10b4000d38 Oct 31 15:24:57.292417: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ab9cd8 Oct 31 15:24:57.292420: | #3 STATE_PARENT_I2: retransmits: cleared Oct 31 15:24:57.292427: | Message ID: CHILD #1.#3 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744569.479863->744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:24:57.292433: | Message ID: CHILD #1.#3 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:57.292439: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.292443: | child state #3: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:57.292447: | pstats #3 ikev2.child established Oct 31 15:24:57.292450: | announcing the state transition Oct 31 15:24:57.292459: "north-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:57.292464: | NAT-T: encaps is 'auto' Oct 31 15:24:57.292474: "north-eastnets/0x2" #3: IPsec SA established tunnel mode {ESP=>0xf040d50e <0xde706675 xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Oct 31 15:24:57.292477: | releasing #3's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:57.292480: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:57.292482: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:57.292485: | unpending #3's IKE SA #1 Oct 31 15:24:57.292488: | unpending state #1 connection "north-eastnets/0x2" Oct 31 15:24:57.292492: | delete from pending Child SA with 192.1.3.33 "north-eastnets/0x2" Oct 31 15:24:57.292494: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:24:57.292497: | removing pending policy for no connection {0x562b96ab9e48} Oct 31 15:24:57.292500: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:24:57.292506: | newref alloc logger@0x562b96ac1098(0->1) (in new_state() at state.c:576) Oct 31 15:24:57.292509: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:57.292512: | creating state object #5 at 0x562b96ac9508 Oct 31 15:24:57.292515: | State DB: adding IKEv2 state #5 in UNDEFINED Oct 31 15:24:57.292523: | pstats #5 ikev2.child started Oct 31 15:24:57.292527: | duplicating state object #1 "north-eastnets/0x1" as #5 for IPSEC SA Oct 31 15:24:57.292532: | #5 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:57.292541: | Message ID: CHILD #1.#5 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:57.292545: | child state #5: UNDEFINED(ignore) => V2_NEW_CHILD_I0(established IKE SA) Oct 31 15:24:57.292549: | #5.st_v2_transition NULL -> V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:24:57.292555: | suspend processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:57.292560: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:57.292563: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:24:57.292566: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x1 (ESP/AH initiator emitting proposals) Oct 31 15:24:57.292572: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Oct 31 15:24:57.292579: | ... ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:24:57.292583: "north-eastnets/0x1": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:24:57.292587: "north-eastnets/0x1": 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:24:57.292593: | #5 schedule initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 using IKE# 1 pfs=MODP3072 Oct 31 15:24:57.292597: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x562b96ac1148 Oct 31 15:24:57.292600: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #5 Oct 31 15:24:57.292603: | libevent_malloc: newref ptr-libevent@0x562b96ab9ac8 size 128 Oct 31 15:24:57.292610: | RESET processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:24:57.292613: | delete from pending Child SA with 192.1.3.33 "north-eastnets/0x1" Oct 31 15:24:57.292616: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:24:57.292618: | removing pending policy for no connection {0x562b969f51c8} Oct 31 15:24:57.292621: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:57.292624: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:57.292626: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:57.292632: | #3 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:24:57.292635: | state #3 has no .st_event to delete Oct 31 15:24:57.292638: | event_schedule: newref EVENT_SA_REKEY-pe@0x562b96ac6748 Oct 31 15:24:57.292641: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #3 Oct 31 15:24:57.292644: | libevent_malloc: newref ptr-libevent@0x562b96ac67c8 size 128 Oct 31 15:24:57.292647: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:57.292653: | #1 spent 1.32 (117) milliseconds Oct 31 15:24:57.292656: | #1 spent 1.9 (118) milliseconds in ikev2_process_packet() Oct 31 15:24:57.292659: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:57.292663: | delref mdp@0x562b96abde78(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.292665: | delref logger@0x562b96ac1268(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.292668: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.292671: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.292676: | spent 1.92 (118) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:57.292689: | timer_event_cb: processing event@0x562b96ac1148 Oct 31 15:24:57.292692: | handling event EVENT_v2_INITIATE_CHILD for child state #5 Oct 31 15:24:57.292695: | libevent_free: delref ptr-libevent@0x562b96ab9ac8 Oct 31 15:24:57.292697: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x562b96ac1148 Oct 31 15:24:57.292703: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.292710: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:57.292712: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:57.292715: | newref clone logger@0x562b96ac1268(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:57.292718: | job 7 for #5: Child Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:24:57.292720: | state #5 has no .st_event to delete Oct 31 15:24:57.292723: | #5 STATE_V2_NEW_CHILD_I0: retransmits: cleared Oct 31 15:24:57.292726: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ab7d48 Oct 31 15:24:57.292728: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Oct 31 15:24:57.292731: | libevent_malloc: newref ptr-libevent@0x562b96ab9ac8 size 128 Oct 31 15:24:57.292741: | #5 spent 0.0509 (0.0509) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:24:57.292747: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.292748: | job 7 for #5: Child Initiator KE and nonce ni (build KE and nonce): helper 7 starting job Oct 31 15:24:57.292750: | processing signal PLUTO_SIGCHLD Oct 31 15:24:57.292767: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:57.292773: | spent 0.00536 (0.00528) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:57.305127: | "north-eastnets/0x1" #5: spent 5.27 (12.4) milliseconds in helper 7 processing job 7 for state #5: Child Initiator KE and nonce ni (pcr) Oct 31 15:24:57.305142: | job 7 for #5: Child Initiator KE and nonce ni (build KE and nonce): helper thread 7 sending result back to state Oct 31 15:24:57.305147: | scheduling resume sending helper answer back to state for #5 Oct 31 15:24:57.305151: | libevent_malloc: newref ptr-libevent@0x7f10b0006578 size 128 Oct 31 15:24:57.305163: | helper thread 7 has nothing to do Oct 31 15:24:57.305205: | processing resume sending helper answer back to state for #5 Oct 31 15:24:57.305221: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:57.305226: | unsuspending #5 MD (nil) Oct 31 15:24:57.305229: | job 7 for #5: Child Initiator KE and nonce ni (build KE and nonce): processing response from helper 7 Oct 31 15:24:57.305233: | job 7 for #5: Child Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x562b9558bfe7 Oct 31 15:24:57.305239: | ikev2_child_outI_continue() for #5 STATE_V2_NEW_CHILD_I0 Oct 31 15:24:57.305243: | DH secret MODP3072@0x7f10b0007128: transferring ownership from helper KE to state #5 Oct 31 15:24:57.305246: | adding CHILD SA #5 to IKE SA #1 message initiator queue Oct 31 15:24:57.305254: | Message ID: CHILD #1.#5 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:57.305258: | scheduling callback v2_msgid_schedule_next_initiator (#1) Oct 31 15:24:57.305260: | libevent_malloc: newref ptr-libevent@0x562b96ac5698 size 128 Oct 31 15:24:57.305266: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.305271: | #5 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_SUSPEND Oct 31 15:24:57.305273: | no MD to suspend Oct 31 15:24:57.305277: | delref logger@0x562b96ac1268(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:57.305280: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.305282: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.305286: | resume sending helper answer back to state for #5 suppresed complete_v2_state_transition() Oct 31 15:24:57.305289: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:57.305295: | #5 spent 0.0674 (0.0673) milliseconds in resume sending helper answer back to state Oct 31 15:24:57.305300: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:57.305303: | libevent_free: delref ptr-libevent@0x7f10b0006578 Oct 31 15:24:57.305309: | libevent_free: delref ptr-libevent@0x562b96ac5698 Oct 31 15:24:57.305311: | processing callback v2_msgid_schedule_next_initiator for #1 Oct 31 15:24:57.305317: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in callback_handler() at server.c:828) Oct 31 15:24:57.305324: | Message ID: CHILD #1.#5 resuming SA using IKE SA (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:57.305329: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:24:57.305333: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:24:57.305336: | unsuspending #5 MD (nil) Oct 31 15:24:57.305341: | opening output PBS reply packet Oct 31 15:24:57.305345: | **emit ISAKMP Message: Oct 31 15:24:57.305350: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:57.305354: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.305356: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:57.305359: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.305362: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:57.305365: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:57.305369: | Message ID: 2 (00 00 00 02) Oct 31 15:24:57.305372: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:57.305376: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:57.305378: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.305381: | flags: none (0x0) Oct 31 15:24:57.305384: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:57.305386: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.305389: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:57.305414: | netlink_get_spi: allocated 0xbd68e0ed for esp.0@192.1.2.23 Oct 31 15:24:57.305417: | Emitting ikev2_proposals ... Oct 31 15:24:57.305420: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:57.305423: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.305425: | flags: none (0x0) Oct 31 15:24:57.305428: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:57.305430: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.305435: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.305438: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:57.305441: | prop #: 1 (01) Oct 31 15:24:57.305444: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:57.305446: | spi size: 4 (04) Oct 31 15:24:57.305449: | # transforms: 4 (04) Oct 31 15:24:57.305452: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:57.305455: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:57.305458: | our spi: bd 68 e0 ed Oct 31 15:24:57.305461: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.305463: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.305466: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.305468: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:57.305471: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.305473: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.305477: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.305480: | length/value: 128 (00 80) Oct 31 15:24:57.305483: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:57.305485: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.305488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.305490: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.305492: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:57.305495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.305498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.305500: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.305503: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.305505: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.305507: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.305510: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.305512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.305515: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.305518: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.305520: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.305522: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.305524: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:57.305527: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:57.305529: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.305531: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.305536: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.305538: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:57.305541: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:57.305543: | emitting length of IKEv2 Security Association Payload: 52 Oct 31 15:24:57.305545: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:57.305548: | ****emit IKEv2 Nonce Payload: Oct 31 15:24:57.305550: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.305553: | flags: none (0x0) Oct 31 15:24:57.305556: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:57.305558: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.305561: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:57.305563: | IKEv2 nonce: Oct 31 15:24:57.305566: | b9 ee 1e 5b 77 cc 0a 89 e5 01 10 9d eb 5e f3 e9 Oct 31 15:24:57.305568: | 0d 98 83 f1 8d 3f 31 49 80 12 2b 19 8e 04 a0 c9 Oct 31 15:24:57.305570: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:57.305573: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:24:57.305576: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.305578: | flags: none (0x0) Oct 31 15:24:57.305580: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.305583: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:57.305585: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.305588: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:57.305591: | ikev2 g^x: Oct 31 15:24:57.305593: | 22 ea 7d 8d 45 02 5b 7c 21 24 79 a6 65 a5 77 2d Oct 31 15:24:57.305596: | 60 63 11 ed 22 e1 aa 34 28 6b 45 2c 11 14 9d 05 Oct 31 15:24:57.305598: | 40 4b 06 a6 55 cf cb 4c 3d 1d cc 40 10 38 47 95 Oct 31 15:24:57.305600: | 06 41 60 78 f0 06 24 9c a1 27 9c 78 00 16 b8 b9 Oct 31 15:24:57.305602: | 69 91 ee f5 94 2c 00 61 35 4e 1b 1e 82 66 c0 58 Oct 31 15:24:57.305604: | aa b9 44 c8 71 a1 32 85 87 a4 0a a3 4b e2 a7 07 Oct 31 15:24:57.305606: | e4 ca 57 1e 24 9b 1f 1e ed ce 8f 3f a4 1f 14 c6 Oct 31 15:24:57.305608: | 4e fc 5e 8b ee a4 a3 0f c7 73 87 eb 61 2b e5 6e Oct 31 15:24:57.305610: | 6c 00 00 33 d9 f6 41 3b c1 82 21 e7 f2 32 fc 52 Oct 31 15:24:57.305612: | 87 cb 3b cc 2a 4f f4 15 37 b4 85 1f 3e 52 a6 69 Oct 31 15:24:57.305614: | 07 0a 13 8c 4a db a5 5e 20 95 bb cb 33 27 b4 a7 Oct 31 15:24:57.305616: | d2 b9 09 1d 26 af 8d 7f 05 9e 23 97 d0 a9 28 92 Oct 31 15:24:57.305618: | 40 cf 22 f0 d4 7c 5d a1 4b c4 40 2e df 0e c7 33 Oct 31 15:24:57.305621: | d7 c4 69 94 9a 6c d1 91 49 99 8b e5 7a b5 ac 44 Oct 31 15:24:57.305623: | f1 01 40 17 72 b1 25 b4 7f 5b 54 b3 55 7d bd 03 Oct 31 15:24:57.305625: | 9f 4e 6b 22 67 72 fd d5 f5 31 42 b4 52 7d 5a 03 Oct 31 15:24:57.305627: | dc cf 2b 45 f4 cb e6 92 45 f9 89 56 d3 93 e7 40 Oct 31 15:24:57.305629: | 8a d1 96 23 17 a1 31 0e d5 14 79 13 56 61 b4 de Oct 31 15:24:57.305632: | 4e f2 8c a6 4e 55 7d c0 08 53 fe 0b ea 7e ca e5 Oct 31 15:24:57.305634: | 13 91 e3 9c a3 d2 d8 6a 9b 17 5b 65 13 4f db 83 Oct 31 15:24:57.305636: | 37 07 7a 72 b7 d1 a7 c2 0a 68 5f bc b8 4b cd 87 Oct 31 15:24:57.305638: | 4c 58 4c be 59 5b aa 66 a0 a2 90 b8 20 32 d1 9a Oct 31 15:24:57.305640: | 38 2e 93 08 d0 55 3c a1 8a a2 20 e2 33 b9 10 b0 Oct 31 15:24:57.305642: | bb 34 65 67 03 c5 1b a7 98 0c 6e dd eb 5a f8 b7 Oct 31 15:24:57.305644: | emitting length of IKEv2 Key Exchange Payload: 392 Oct 31 15:24:57.305650: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:57.305653: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.305655: | flags: none (0x0) Oct 31 15:24:57.305658: | number of TS: 1 (01) Oct 31 15:24:57.305661: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:57.305663: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.305666: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:57.305669: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.305672: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.305675: | start port: 0 (00 00) Oct 31 15:24:57.305678: | end port: 65535 (ff ff) Oct 31 15:24:57.305681: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:57.305684: | IP start: c0 00 02 00 Oct 31 15:24:57.305687: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:57.305690: | IP end: c0 00 02 ff Oct 31 15:24:57.305692: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:57.305695: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:57.305697: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:57.305699: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.305702: | flags: none (0x0) Oct 31 15:24:57.305705: | number of TS: 1 (01) Oct 31 15:24:57.305708: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:57.305710: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.305713: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:57.305715: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.305717: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.305720: | start port: 0 (00 00) Oct 31 15:24:57.305723: | end port: 65535 (ff ff) Oct 31 15:24:57.305726: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:57.305729: | IP start: c0 00 03 00 Oct 31 15:24:57.305732: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:57.305735: | IP end: c0 00 03 ff Oct 31 15:24:57.305737: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:57.305740: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:57.305742: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:57.305745: | adding 16 bytes of padding (including 1 byte padding-length) Oct 31 15:24:57.305748: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305750: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305753: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305756: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305758: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305761: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305763: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305765: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305768: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305771: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305773: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305778: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305781: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305783: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305786: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305788: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.305791: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:57.305793: | emitting length of IKEv2 Encryption Payload: 580 Oct 31 15:24:57.305796: | emitting length of ISAKMP Message: 608 Oct 31 15:24:57.305840: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.305846: | #5 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_OK Oct 31 15:24:57.305849: | transitioning from state STATE_V2_NEW_CHILD_I0 to state STATE_V2_NEW_CHILD_I1 Oct 31 15:24:57.305851: | Message ID: updating counters for #5 Oct 31 15:24:57.305854: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:57.305860: | Message ID: CHILD #1.#5 scheduling EVENT_RETRANSMIT: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=2 child.wip.responder=-1 Oct 31 15:24:57.305864: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.305867: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #5 Oct 31 15:24:57.305870: | libevent_malloc: newref ptr-libevent@0x562b96ab9bf8 size 128 Oct 31 15:24:57.305875: | #5 STATE_V2_NEW_CHILD_I0: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744571.73866 Oct 31 15:24:57.305881: | Message ID: CHILD #1.#5 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1->2 child.wip.responder=-1 Oct 31 15:24:57.305888: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.305892: | child state #5: V2_NEW_CHILD_I0(established IKE SA) => V2_NEW_CHILD_I1(established IKE SA) Oct 31 15:24:57.305894: | announcing the state transition Oct 31 15:24:57.305898: "north-eastnets/0x1" #5: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:24:57.305906: | sending 608 bytes for STATE_V2_NEW_CHILD_I0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:57.305908: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.305911: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:57.305913: | 1f a3 e7 6b f5 b1 a5 39 6b e3 64 59 54 77 3e f7 Oct 31 15:24:57.305915: | 30 a8 e1 61 e7 3f 8b 1d db 22 32 b0 7c 90 e4 8a Oct 31 15:24:57.305917: | 9f ff a8 aa 6c 67 55 b3 68 47 eb 65 be e9 a3 75 Oct 31 15:24:57.305919: | b9 cb d3 4c 4e b8 e5 51 90 57 17 54 86 21 65 c4 Oct 31 15:24:57.305921: | 23 d5 38 05 d9 f1 a3 68 07 ef 4b 8a 83 db 8e 65 Oct 31 15:24:57.305923: | a8 89 5a 5f 59 03 7a b5 8d 27 9d 40 26 74 3d c2 Oct 31 15:24:57.305925: | 12 a2 73 62 04 87 fb ef 4b a0 08 22 b7 ac ac 10 Oct 31 15:24:57.305928: | 61 f4 9b 6e d3 28 b9 84 ac fd ef 0b 8a d0 fa 1a Oct 31 15:24:57.305930: | b5 a0 06 a1 91 78 af 6f 1f e7 63 d5 04 22 17 29 Oct 31 15:24:57.305932: | 60 24 2b 94 6d 86 81 00 64 1a cf 57 92 d1 7a f7 Oct 31 15:24:57.305934: | bc 9d 4a a2 d1 25 7d 7d 22 1a 23 1f d7 5b 6e b0 Oct 31 15:24:57.305936: | 5d 06 b1 45 db d0 47 50 0a 50 5c 47 b2 2c 59 ff Oct 31 15:24:57.305940: | e4 44 49 53 8c 06 ae de 57 73 0d 90 ba 50 42 fe Oct 31 15:24:57.305943: | 61 86 e0 23 40 7d ec 8c 78 ba f2 c4 81 f3 4a 4f Oct 31 15:24:57.305945: | ab 33 b6 02 19 f6 45 97 04 7f b5 01 b8 12 a1 cc Oct 31 15:24:57.305947: | a4 41 87 50 a4 ba ea 4d 39 96 3f c7 6d 5e 78 00 Oct 31 15:24:57.305949: | 7a e8 6d 68 ca 45 1c 7b 95 c4 ae cb eb b0 86 c0 Oct 31 15:24:57.305951: | ba 82 50 41 2c 92 2a 15 96 c4 d6 c6 27 74 6c 33 Oct 31 15:24:57.305953: | 5c 3b 07 7e 88 0e 9b 68 b8 70 e3 6c 9a d2 5c 8b Oct 31 15:24:57.305955: | 8a f5 ba 1d 10 9d 28 cc 22 22 2b dc e1 27 65 67 Oct 31 15:24:57.305957: | 4f 32 27 7e d9 b8 f1 04 0b 09 e7 c4 a6 86 bc fa Oct 31 15:24:57.305959: | ca 3c 05 e0 8b 96 43 c7 da 5a 36 3b 28 dc 64 bd Oct 31 15:24:57.305962: | 5e c6 61 85 f6 9f 21 ee 7b 28 e5 3c 45 2b 09 b6 Oct 31 15:24:57.305964: | ca ea f6 0a 3d e6 82 0f af 3b 19 92 c6 46 79 91 Oct 31 15:24:57.305966: | 34 b6 c0 6b 1b a6 a7 1d 7a 15 23 14 08 2c 64 b6 Oct 31 15:24:57.305968: | 3a ce a8 38 aa 47 b4 6d 7f d9 e4 f6 df 19 ef 45 Oct 31 15:24:57.305970: | 60 a0 41 a3 79 67 f0 d8 c9 93 ac 46 be ad 89 60 Oct 31 15:24:57.305972: | b5 1f df 65 0a 79 3e d6 15 e8 b8 71 0b 6e 7f 9f Oct 31 15:24:57.305975: | 99 ba db ad 52 94 d8 01 e8 11 02 0a f7 18 43 c5 Oct 31 15:24:57.305977: | 90 91 33 dd 75 ab ab e7 47 09 d0 aa 71 03 ad a7 Oct 31 15:24:57.305979: | 65 c1 7c 9d 97 28 6c 0b ee 0e 4c 83 c3 ca 34 91 Oct 31 15:24:57.305981: | 04 4b d2 4b 21 f4 1b 1e e8 47 1a 96 81 d2 87 07 Oct 31 15:24:57.305983: | 56 f4 6e b5 fe 2e 7c c5 d2 42 3f 21 17 2e 1c 1b Oct 31 15:24:57.305985: | 0f 54 cd f7 ce 37 ce ed 30 d1 3c 94 86 c3 f0 a2 Oct 31 15:24:57.305987: | ab d5 df 7b d2 1b 8c d9 b2 c6 64 4a 7f f9 80 84 Oct 31 15:24:57.305989: | 0d 30 0c 39 5b 76 ce 64 9c 54 ed dd 91 fe 98 51 Oct 31 15:24:57.306013: | sent 1 messages Oct 31 15:24:57.306018: | checking that a retransmit timeout_event was already Oct 31 15:24:57.306021: | state #5 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:57.306024: | libevent_free: delref ptr-libevent@0x562b96ab9ac8 Oct 31 15:24:57.306027: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ab7d48 Oct 31 15:24:57.306030: | delref mdp@NULL (in initiate_next() at ikev2_msgid.c:705) Oct 31 15:24:57.306035: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:24:57.306040: | resume processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:24:57.306044: | stop processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in callback_handler() at server.c:832) Oct 31 15:24:57.306050: | spent 0.722 (0.734) milliseconds in callback v2_msgid_schedule_next_initiator Oct 31 15:24:57.357223: | timer_event_cb: processing event@0x562b96abe4c8 Oct 31 15:24:57.357242: | handling event EVENT_RETRANSMIT for child state #5 Oct 31 15:24:57.357248: | libevent_free: delref ptr-libevent@0x562b96ab9bf8 Oct 31 15:24:57.357252: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.357260: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.357265: | IKEv2 retransmit event Oct 31 15:24:57.357271: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:57.357276: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Oct 31 15:24:57.357280: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:57.357286: | #5 STATE_V2_NEW_CHILD_I1: retransmits: current time 744571.79008 Oct 31 15:24:57.357289: | #5 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 0 exceeds limit? NO Oct 31 15:24:57.357292: | #5 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.05 exceeds limit? NO Oct 31 15:24:57.357298: | #5 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.05142 exceeds limit? NO Oct 31 15:24:57.357302: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.357305: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #5 Oct 31 15:24:57.357308: | libevent_malloc: newref ptr-libevent@0x562b96ab9ac8 size 128 Oct 31 15:24:57.357315: "north-eastnets/0x1" #5: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.05 seconds for response Oct 31 15:24:57.357323: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:57.357326: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.357329: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:57.357331: | 1f a3 e7 6b f5 b1 a5 39 6b e3 64 59 54 77 3e f7 Oct 31 15:24:57.357333: | 30 a8 e1 61 e7 3f 8b 1d db 22 32 b0 7c 90 e4 8a Oct 31 15:24:57.357335: | 9f ff a8 aa 6c 67 55 b3 68 47 eb 65 be e9 a3 75 Oct 31 15:24:57.357337: | b9 cb d3 4c 4e b8 e5 51 90 57 17 54 86 21 65 c4 Oct 31 15:24:57.357339: | 23 d5 38 05 d9 f1 a3 68 07 ef 4b 8a 83 db 8e 65 Oct 31 15:24:57.357341: | a8 89 5a 5f 59 03 7a b5 8d 27 9d 40 26 74 3d c2 Oct 31 15:24:57.357344: | 12 a2 73 62 04 87 fb ef 4b a0 08 22 b7 ac ac 10 Oct 31 15:24:57.357346: | 61 f4 9b 6e d3 28 b9 84 ac fd ef 0b 8a d0 fa 1a Oct 31 15:24:57.357348: | b5 a0 06 a1 91 78 af 6f 1f e7 63 d5 04 22 17 29 Oct 31 15:24:57.357350: | 60 24 2b 94 6d 86 81 00 64 1a cf 57 92 d1 7a f7 Oct 31 15:24:57.357352: | bc 9d 4a a2 d1 25 7d 7d 22 1a 23 1f d7 5b 6e b0 Oct 31 15:24:57.357354: | 5d 06 b1 45 db d0 47 50 0a 50 5c 47 b2 2c 59 ff Oct 31 15:24:57.357356: | e4 44 49 53 8c 06 ae de 57 73 0d 90 ba 50 42 fe Oct 31 15:24:57.357359: | 61 86 e0 23 40 7d ec 8c 78 ba f2 c4 81 f3 4a 4f Oct 31 15:24:57.357361: | ab 33 b6 02 19 f6 45 97 04 7f b5 01 b8 12 a1 cc Oct 31 15:24:57.357363: | a4 41 87 50 a4 ba ea 4d 39 96 3f c7 6d 5e 78 00 Oct 31 15:24:57.357365: | 7a e8 6d 68 ca 45 1c 7b 95 c4 ae cb eb b0 86 c0 Oct 31 15:24:57.357367: | ba 82 50 41 2c 92 2a 15 96 c4 d6 c6 27 74 6c 33 Oct 31 15:24:57.357369: | 5c 3b 07 7e 88 0e 9b 68 b8 70 e3 6c 9a d2 5c 8b Oct 31 15:24:57.357371: | 8a f5 ba 1d 10 9d 28 cc 22 22 2b dc e1 27 65 67 Oct 31 15:24:57.357374: | 4f 32 27 7e d9 b8 f1 04 0b 09 e7 c4 a6 86 bc fa Oct 31 15:24:57.357376: | ca 3c 05 e0 8b 96 43 c7 da 5a 36 3b 28 dc 64 bd Oct 31 15:24:57.357378: | 5e c6 61 85 f6 9f 21 ee 7b 28 e5 3c 45 2b 09 b6 Oct 31 15:24:57.357380: | ca ea f6 0a 3d e6 82 0f af 3b 19 92 c6 46 79 91 Oct 31 15:24:57.357382: | 34 b6 c0 6b 1b a6 a7 1d 7a 15 23 14 08 2c 64 b6 Oct 31 15:24:57.357384: | 3a ce a8 38 aa 47 b4 6d 7f d9 e4 f6 df 19 ef 45 Oct 31 15:24:57.357386: | 60 a0 41 a3 79 67 f0 d8 c9 93 ac 46 be ad 89 60 Oct 31 15:24:57.357388: | b5 1f df 65 0a 79 3e d6 15 e8 b8 71 0b 6e 7f 9f Oct 31 15:24:57.357390: | 99 ba db ad 52 94 d8 01 e8 11 02 0a f7 18 43 c5 Oct 31 15:24:57.357392: | 90 91 33 dd 75 ab ab e7 47 09 d0 aa 71 03 ad a7 Oct 31 15:24:57.357395: | 65 c1 7c 9d 97 28 6c 0b ee 0e 4c 83 c3 ca 34 91 Oct 31 15:24:57.357397: | 04 4b d2 4b 21 f4 1b 1e e8 47 1a 96 81 d2 87 07 Oct 31 15:24:57.357399: | 56 f4 6e b5 fe 2e 7c c5 d2 42 3f 21 17 2e 1c 1b Oct 31 15:24:57.357401: | 0f 54 cd f7 ce 37 ce ed 30 d1 3c 94 86 c3 f0 a2 Oct 31 15:24:57.357403: | ab d5 df 7b d2 1b 8c d9 b2 c6 64 4a 7f f9 80 84 Oct 31 15:24:57.357405: | 0d 30 0c 39 5b 76 ce 64 9c 54 ed dd 91 fe 98 51 Oct 31 15:24:57.357427: | sent 1 messages Oct 31 15:24:57.357437: | #5 spent 0.206 (0.214) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:57.357443: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.408594: | timer_event_cb: processing event@0x562b96abe4c8 Oct 31 15:24:57.408615: | handling event EVENT_RETRANSMIT for child state #5 Oct 31 15:24:57.408620: | libevent_free: delref ptr-libevent@0x562b96ab9ac8 Oct 31 15:24:57.408627: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.408636: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.408641: | IKEv2 retransmit event Oct 31 15:24:57.408647: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:57.408651: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Oct 31 15:24:57.408655: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:57.408659: | #5 STATE_V2_NEW_CHILD_I1: retransmits: current time 744571.841454 Oct 31 15:24:57.408662: | #5 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 1 exceeds limit? NO Oct 31 15:24:57.408665: | #5 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.1 exceeds limit? NO Oct 31 15:24:57.408668: | #5 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.102794 exceeds limit? NO Oct 31 15:24:57.408672: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.408675: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #5 Oct 31 15:24:57.408678: | libevent_malloc: newref ptr-libevent@0x562b96ab9ac8 size 128 Oct 31 15:24:57.408684: "north-eastnets/0x1" #5: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.1 seconds for response Oct 31 15:24:57.408691: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:57.408694: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.408697: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:57.408699: | 1f a3 e7 6b f5 b1 a5 39 6b e3 64 59 54 77 3e f7 Oct 31 15:24:57.408701: | 30 a8 e1 61 e7 3f 8b 1d db 22 32 b0 7c 90 e4 8a Oct 31 15:24:57.408703: | 9f ff a8 aa 6c 67 55 b3 68 47 eb 65 be e9 a3 75 Oct 31 15:24:57.408705: | b9 cb d3 4c 4e b8 e5 51 90 57 17 54 86 21 65 c4 Oct 31 15:24:57.408707: | 23 d5 38 05 d9 f1 a3 68 07 ef 4b 8a 83 db 8e 65 Oct 31 15:24:57.408709: | a8 89 5a 5f 59 03 7a b5 8d 27 9d 40 26 74 3d c2 Oct 31 15:24:57.408712: | 12 a2 73 62 04 87 fb ef 4b a0 08 22 b7 ac ac 10 Oct 31 15:24:57.408714: | 61 f4 9b 6e d3 28 b9 84 ac fd ef 0b 8a d0 fa 1a Oct 31 15:24:57.408716: | b5 a0 06 a1 91 78 af 6f 1f e7 63 d5 04 22 17 29 Oct 31 15:24:57.408719: | 60 24 2b 94 6d 86 81 00 64 1a cf 57 92 d1 7a f7 Oct 31 15:24:57.408721: | bc 9d 4a a2 d1 25 7d 7d 22 1a 23 1f d7 5b 6e b0 Oct 31 15:24:57.408723: | 5d 06 b1 45 db d0 47 50 0a 50 5c 47 b2 2c 59 ff Oct 31 15:24:57.408725: | e4 44 49 53 8c 06 ae de 57 73 0d 90 ba 50 42 fe Oct 31 15:24:57.408727: | 61 86 e0 23 40 7d ec 8c 78 ba f2 c4 81 f3 4a 4f Oct 31 15:24:57.408729: | ab 33 b6 02 19 f6 45 97 04 7f b5 01 b8 12 a1 cc Oct 31 15:24:57.408731: | a4 41 87 50 a4 ba ea 4d 39 96 3f c7 6d 5e 78 00 Oct 31 15:24:57.408733: | 7a e8 6d 68 ca 45 1c 7b 95 c4 ae cb eb b0 86 c0 Oct 31 15:24:57.408735: | ba 82 50 41 2c 92 2a 15 96 c4 d6 c6 27 74 6c 33 Oct 31 15:24:57.408737: | 5c 3b 07 7e 88 0e 9b 68 b8 70 e3 6c 9a d2 5c 8b Oct 31 15:24:57.408739: | 8a f5 ba 1d 10 9d 28 cc 22 22 2b dc e1 27 65 67 Oct 31 15:24:57.408741: | 4f 32 27 7e d9 b8 f1 04 0b 09 e7 c4 a6 86 bc fa Oct 31 15:24:57.408743: | ca 3c 05 e0 8b 96 43 c7 da 5a 36 3b 28 dc 64 bd Oct 31 15:24:57.408746: | 5e c6 61 85 f6 9f 21 ee 7b 28 e5 3c 45 2b 09 b6 Oct 31 15:24:57.408748: | ca ea f6 0a 3d e6 82 0f af 3b 19 92 c6 46 79 91 Oct 31 15:24:57.408750: | 34 b6 c0 6b 1b a6 a7 1d 7a 15 23 14 08 2c 64 b6 Oct 31 15:24:57.408753: | 3a ce a8 38 aa 47 b4 6d 7f d9 e4 f6 df 19 ef 45 Oct 31 15:24:57.408755: | 60 a0 41 a3 79 67 f0 d8 c9 93 ac 46 be ad 89 60 Oct 31 15:24:57.408757: | b5 1f df 65 0a 79 3e d6 15 e8 b8 71 0b 6e 7f 9f Oct 31 15:24:57.408759: | 99 ba db ad 52 94 d8 01 e8 11 02 0a f7 18 43 c5 Oct 31 15:24:57.408761: | 90 91 33 dd 75 ab ab e7 47 09 d0 aa 71 03 ad a7 Oct 31 15:24:57.408765: | 65 c1 7c 9d 97 28 6c 0b ee 0e 4c 83 c3 ca 34 91 Oct 31 15:24:57.408767: | 04 4b d2 4b 21 f4 1b 1e e8 47 1a 96 81 d2 87 07 Oct 31 15:24:57.408769: | 56 f4 6e b5 fe 2e 7c c5 d2 42 3f 21 17 2e 1c 1b Oct 31 15:24:57.408771: | 0f 54 cd f7 ce 37 ce ed 30 d1 3c 94 86 c3 f0 a2 Oct 31 15:24:57.408773: | ab d5 df 7b d2 1b 8c d9 b2 c6 64 4a 7f f9 80 84 Oct 31 15:24:57.408775: | 0d 30 0c 39 5b 76 ce 64 9c 54 ed dd 91 fe 98 51 Oct 31 15:24:57.408798: | sent 1 messages Oct 31 15:24:57.408807: | #5 spent 0.205 (0.213) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:57.408813: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.510014: | timer_event_cb: processing event@0x562b96abe4c8 Oct 31 15:24:57.510030: | handling event EVENT_RETRANSMIT for child state #5 Oct 31 15:24:57.510036: | libevent_free: delref ptr-libevent@0x562b96ab9ac8 Oct 31 15:24:57.510040: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.510048: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.510053: | IKEv2 retransmit event Oct 31 15:24:57.510059: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:57.510063: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Oct 31 15:24:57.510067: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:57.510072: | #5 STATE_V2_NEW_CHILD_I1: retransmits: current time 744571.942866 Oct 31 15:24:57.510075: | #5 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 2 exceeds limit? NO Oct 31 15:24:57.510078: | #5 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.2 exceeds limit? NO Oct 31 15:24:57.510081: | #5 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.204206 exceeds limit? NO Oct 31 15:24:57.510085: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.510088: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #5 Oct 31 15:24:57.510091: | libevent_malloc: newref ptr-libevent@0x562b96ab9ac8 size 128 Oct 31 15:24:57.510097: "north-eastnets/0x1" #5: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.2 seconds for response Oct 31 15:24:57.510105: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:57.510107: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.510110: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:57.510112: | 1f a3 e7 6b f5 b1 a5 39 6b e3 64 59 54 77 3e f7 Oct 31 15:24:57.510114: | 30 a8 e1 61 e7 3f 8b 1d db 22 32 b0 7c 90 e4 8a Oct 31 15:24:57.510117: | 9f ff a8 aa 6c 67 55 b3 68 47 eb 65 be e9 a3 75 Oct 31 15:24:57.510119: | b9 cb d3 4c 4e b8 e5 51 90 57 17 54 86 21 65 c4 Oct 31 15:24:57.510121: | 23 d5 38 05 d9 f1 a3 68 07 ef 4b 8a 83 db 8e 65 Oct 31 15:24:57.510123: | a8 89 5a 5f 59 03 7a b5 8d 27 9d 40 26 74 3d c2 Oct 31 15:24:57.510125: | 12 a2 73 62 04 87 fb ef 4b a0 08 22 b7 ac ac 10 Oct 31 15:24:57.510127: | 61 f4 9b 6e d3 28 b9 84 ac fd ef 0b 8a d0 fa 1a Oct 31 15:24:57.510129: | b5 a0 06 a1 91 78 af 6f 1f e7 63 d5 04 22 17 29 Oct 31 15:24:57.510131: | 60 24 2b 94 6d 86 81 00 64 1a cf 57 92 d1 7a f7 Oct 31 15:24:57.510133: | bc 9d 4a a2 d1 25 7d 7d 22 1a 23 1f d7 5b 6e b0 Oct 31 15:24:57.510135: | 5d 06 b1 45 db d0 47 50 0a 50 5c 47 b2 2c 59 ff Oct 31 15:24:57.510137: | e4 44 49 53 8c 06 ae de 57 73 0d 90 ba 50 42 fe Oct 31 15:24:57.510139: | 61 86 e0 23 40 7d ec 8c 78 ba f2 c4 81 f3 4a 4f Oct 31 15:24:57.510142: | ab 33 b6 02 19 f6 45 97 04 7f b5 01 b8 12 a1 cc Oct 31 15:24:57.510144: | a4 41 87 50 a4 ba ea 4d 39 96 3f c7 6d 5e 78 00 Oct 31 15:24:57.510146: | 7a e8 6d 68 ca 45 1c 7b 95 c4 ae cb eb b0 86 c0 Oct 31 15:24:57.510152: | ba 82 50 41 2c 92 2a 15 96 c4 d6 c6 27 74 6c 33 Oct 31 15:24:57.510154: | 5c 3b 07 7e 88 0e 9b 68 b8 70 e3 6c 9a d2 5c 8b Oct 31 15:24:57.510157: | 8a f5 ba 1d 10 9d 28 cc 22 22 2b dc e1 27 65 67 Oct 31 15:24:57.510159: | 4f 32 27 7e d9 b8 f1 04 0b 09 e7 c4 a6 86 bc fa Oct 31 15:24:57.510161: | ca 3c 05 e0 8b 96 43 c7 da 5a 36 3b 28 dc 64 bd Oct 31 15:24:57.510163: | 5e c6 61 85 f6 9f 21 ee 7b 28 e5 3c 45 2b 09 b6 Oct 31 15:24:57.510165: | ca ea f6 0a 3d e6 82 0f af 3b 19 92 c6 46 79 91 Oct 31 15:24:57.510167: | 34 b6 c0 6b 1b a6 a7 1d 7a 15 23 14 08 2c 64 b6 Oct 31 15:24:57.510169: | 3a ce a8 38 aa 47 b4 6d 7f d9 e4 f6 df 19 ef 45 Oct 31 15:24:57.510171: | 60 a0 41 a3 79 67 f0 d8 c9 93 ac 46 be ad 89 60 Oct 31 15:24:57.510173: | b5 1f df 65 0a 79 3e d6 15 e8 b8 71 0b 6e 7f 9f Oct 31 15:24:57.510175: | 99 ba db ad 52 94 d8 01 e8 11 02 0a f7 18 43 c5 Oct 31 15:24:57.510177: | 90 91 33 dd 75 ab ab e7 47 09 d0 aa 71 03 ad a7 Oct 31 15:24:57.510179: | 65 c1 7c 9d 97 28 6c 0b ee 0e 4c 83 c3 ca 34 91 Oct 31 15:24:57.510181: | 04 4b d2 4b 21 f4 1b 1e e8 47 1a 96 81 d2 87 07 Oct 31 15:24:57.510184: | 56 f4 6e b5 fe 2e 7c c5 d2 42 3f 21 17 2e 1c 1b Oct 31 15:24:57.510186: | 0f 54 cd f7 ce 37 ce ed 30 d1 3c 94 86 c3 f0 a2 Oct 31 15:24:57.510189: | ab d5 df 7b d2 1b 8c d9 b2 c6 64 4a 7f f9 80 84 Oct 31 15:24:57.510191: | 0d 30 0c 39 5b 76 ce 64 9c 54 ed dd 91 fe 98 51 Oct 31 15:24:57.510216: | sent 1 messages Oct 31 15:24:57.510229: | #5 spent 0.201 (0.214) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:57.510235: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.710483: | timer_event_cb: processing event@0x562b96abe4c8 Oct 31 15:24:57.710505: | handling event EVENT_RETRANSMIT for child state #5 Oct 31 15:24:57.710510: | libevent_free: delref ptr-libevent@0x562b96ab9ac8 Oct 31 15:24:57.710513: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.710522: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.710526: | IKEv2 retransmit event Oct 31 15:24:57.710533: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:57.710537: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Oct 31 15:24:57.710541: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:57.710546: | #5 STATE_V2_NEW_CHILD_I1: retransmits: current time 744572.14334 Oct 31 15:24:57.710549: | #5 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 3 exceeds limit? NO Oct 31 15:24:57.710551: | #5 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.4 exceeds limit? NO Oct 31 15:24:57.710554: | #5 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.40468 exceeds limit? NO Oct 31 15:24:57.710558: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:57.710561: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #5 Oct 31 15:24:57.710565: | libevent_malloc: newref ptr-libevent@0x562b96ab9ac8 size 128 Oct 31 15:24:57.710570: "north-eastnets/0x1" #5: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.4 seconds for response Oct 31 15:24:57.710579: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:57.710582: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:57.710584: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:57.710586: | 1f a3 e7 6b f5 b1 a5 39 6b e3 64 59 54 77 3e f7 Oct 31 15:24:57.710588: | 30 a8 e1 61 e7 3f 8b 1d db 22 32 b0 7c 90 e4 8a Oct 31 15:24:57.710591: | 9f ff a8 aa 6c 67 55 b3 68 47 eb 65 be e9 a3 75 Oct 31 15:24:57.710593: | b9 cb d3 4c 4e b8 e5 51 90 57 17 54 86 21 65 c4 Oct 31 15:24:57.710595: | 23 d5 38 05 d9 f1 a3 68 07 ef 4b 8a 83 db 8e 65 Oct 31 15:24:57.710601: | a8 89 5a 5f 59 03 7a b5 8d 27 9d 40 26 74 3d c2 Oct 31 15:24:57.710603: | 12 a2 73 62 04 87 fb ef 4b a0 08 22 b7 ac ac 10 Oct 31 15:24:57.710605: | 61 f4 9b 6e d3 28 b9 84 ac fd ef 0b 8a d0 fa 1a Oct 31 15:24:57.710608: | b5 a0 06 a1 91 78 af 6f 1f e7 63 d5 04 22 17 29 Oct 31 15:24:57.710610: | 60 24 2b 94 6d 86 81 00 64 1a cf 57 92 d1 7a f7 Oct 31 15:24:57.710612: | bc 9d 4a a2 d1 25 7d 7d 22 1a 23 1f d7 5b 6e b0 Oct 31 15:24:57.710614: | 5d 06 b1 45 db d0 47 50 0a 50 5c 47 b2 2c 59 ff Oct 31 15:24:57.710616: | e4 44 49 53 8c 06 ae de 57 73 0d 90 ba 50 42 fe Oct 31 15:24:57.710618: | 61 86 e0 23 40 7d ec 8c 78 ba f2 c4 81 f3 4a 4f Oct 31 15:24:57.710620: | ab 33 b6 02 19 f6 45 97 04 7f b5 01 b8 12 a1 cc Oct 31 15:24:57.710623: | a4 41 87 50 a4 ba ea 4d 39 96 3f c7 6d 5e 78 00 Oct 31 15:24:57.710625: | 7a e8 6d 68 ca 45 1c 7b 95 c4 ae cb eb b0 86 c0 Oct 31 15:24:57.710627: | ba 82 50 41 2c 92 2a 15 96 c4 d6 c6 27 74 6c 33 Oct 31 15:24:57.710629: | 5c 3b 07 7e 88 0e 9b 68 b8 70 e3 6c 9a d2 5c 8b Oct 31 15:24:57.710631: | 8a f5 ba 1d 10 9d 28 cc 22 22 2b dc e1 27 65 67 Oct 31 15:24:57.710633: | 4f 32 27 7e d9 b8 f1 04 0b 09 e7 c4 a6 86 bc fa Oct 31 15:24:57.710635: | ca 3c 05 e0 8b 96 43 c7 da 5a 36 3b 28 dc 64 bd Oct 31 15:24:57.710637: | 5e c6 61 85 f6 9f 21 ee 7b 28 e5 3c 45 2b 09 b6 Oct 31 15:24:57.710639: | ca ea f6 0a 3d e6 82 0f af 3b 19 92 c6 46 79 91 Oct 31 15:24:57.710641: | 34 b6 c0 6b 1b a6 a7 1d 7a 15 23 14 08 2c 64 b6 Oct 31 15:24:57.710643: | 3a ce a8 38 aa 47 b4 6d 7f d9 e4 f6 df 19 ef 45 Oct 31 15:24:57.710646: | 60 a0 41 a3 79 67 f0 d8 c9 93 ac 46 be ad 89 60 Oct 31 15:24:57.710648: | b5 1f df 65 0a 79 3e d6 15 e8 b8 71 0b 6e 7f 9f Oct 31 15:24:57.710650: | 99 ba db ad 52 94 d8 01 e8 11 02 0a f7 18 43 c5 Oct 31 15:24:57.710652: | 90 91 33 dd 75 ab ab e7 47 09 d0 aa 71 03 ad a7 Oct 31 15:24:57.710654: | 65 c1 7c 9d 97 28 6c 0b ee 0e 4c 83 c3 ca 34 91 Oct 31 15:24:57.710656: | 04 4b d2 4b 21 f4 1b 1e e8 47 1a 96 81 d2 87 07 Oct 31 15:24:57.710659: | 56 f4 6e b5 fe 2e 7c c5 d2 42 3f 21 17 2e 1c 1b Oct 31 15:24:57.710661: | 0f 54 cd f7 ce 37 ce ed 30 d1 3c 94 86 c3 f0 a2 Oct 31 15:24:57.710663: | ab d5 df 7b d2 1b 8c d9 b2 c6 64 4a 7f f9 80 84 Oct 31 15:24:57.710665: | 0d 30 0c 39 5b 76 ce 64 9c 54 ed dd 91 fe 98 51 Oct 31 15:24:57.710688: | sent 1 messages Oct 31 15:24:57.710698: | #5 spent 0.206 (0.214) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:57.710703: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.955250: | spent 0.00205 (0.00205) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:57.955270: | newref struct msg_digest@0x562b96aca1a8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.955274: | newref alloc logger@0x562b96ac1268(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.955280: | *received 608 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:57.955283: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:57.955285: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:57.955286: | 4e 60 d7 06 01 7b ea 5d 2f 3c 19 39 d8 5e 5b 41 Oct 31 15:24:57.955288: | 8f 9b 04 10 51 84 3d 7d 82 9e 48 6b e1 19 ee e6 Oct 31 15:24:57.955290: | 52 75 e5 06 f5 77 c8 00 6b 79 22 7f c2 80 04 ec Oct 31 15:24:57.955292: | dd 5f e8 e2 a4 29 e9 6c 49 e9 0e 3c 77 b0 b8 fe Oct 31 15:24:57.955294: | db 3f 3a 9f 25 d6 d3 9f 9e 0c 92 69 df 8c 5f b6 Oct 31 15:24:57.955296: | 58 9c 1c de f7 e0 53 4b 16 e0 7b b4 9c 21 60 0d Oct 31 15:24:57.955298: | 3e 69 ad 66 cf f8 32 fc 9a cc fe 06 78 7e 20 e6 Oct 31 15:24:57.955300: | 52 ea 0f 54 c7 d2 06 81 8f 1d cc a3 1d c8 d6 79 Oct 31 15:24:57.955302: | 23 5c 8e 63 b9 0b ce 5b 41 d6 1d dd 1a a7 89 84 Oct 31 15:24:57.955304: | f0 8b 5b 6d c1 b2 8e 55 96 51 c3 79 3b 52 17 93 Oct 31 15:24:57.955307: | db ba 0a b5 a1 b5 84 68 89 22 7c 82 f4 02 0f ba Oct 31 15:24:57.955309: | 8d ae b0 17 b3 48 48 94 d6 cc 07 7d 47 32 09 2d Oct 31 15:24:57.955311: | ef 43 b3 43 d5 98 25 7d a6 8a b8 38 f4 93 1e aa Oct 31 15:24:57.955313: | e9 ce ff 9d 2c 15 bb 9a c8 f7 b3 b5 49 7c b7 a7 Oct 31 15:24:57.955314: | 28 8d 21 6c 41 45 27 9c 1f 9b e9 81 6d 53 04 05 Oct 31 15:24:57.955316: | 74 db bb 62 43 c9 7d f3 f1 77 67 46 e5 da af d8 Oct 31 15:24:57.955318: | ad 2a 3b b1 b7 bf 9a 43 63 bd f7 0b e3 fd c1 af Oct 31 15:24:57.955319: | 41 7b d8 9f 0a a8 64 11 d8 88 1e 85 20 6e 74 ff Oct 31 15:24:57.955321: | eb c3 47 b0 53 51 a7 91 87 a1 48 d1 4b 07 a4 e7 Oct 31 15:24:57.955323: | 4e 87 d0 d1 46 ee d1 aa 03 c7 bf 94 7d 38 eb cd Oct 31 15:24:57.955325: | 93 ad 5a 23 c8 b1 f1 05 de a2 39 92 bc e6 7b 22 Oct 31 15:24:57.955327: | 8b 1f 64 80 18 05 85 be 7d 80 0d e7 b3 6f 6b a3 Oct 31 15:24:57.955329: | 97 d4 f2 b4 b0 55 9a 06 6b 0c d6 e7 6a 8f 64 36 Oct 31 15:24:57.955330: | 60 fc 75 af 7b f5 81 94 f3 0b a2 af 6c 12 68 38 Oct 31 15:24:57.955332: | 10 47 2a 08 55 ce d5 7d e6 59 87 0c 07 e1 df f6 Oct 31 15:24:57.955334: | 2f 1b 76 0d 8d 15 a5 ee 6f 23 dd 11 1c 0b 34 79 Oct 31 15:24:57.955336: | 0b 5a 7c 86 65 e5 3e dc a4 0f ad f4 d8 a1 e5 35 Oct 31 15:24:57.955338: | 97 b6 f2 b8 29 94 86 9b e7 af 09 d3 f8 bc 4a 6c Oct 31 15:24:57.955340: | 1e 66 33 70 e0 a8 d6 3d a9 25 72 f9 a2 b7 5d 35 Oct 31 15:24:57.955341: | c5 a1 9a 4c d3 2e 3e c5 b8 46 ce da 30 e6 c8 6c Oct 31 15:24:57.955343: | 97 d2 8b 53 c3 04 f6 b5 75 8e 69 f5 5b 5f 59 be Oct 31 15:24:57.955345: | d9 53 25 a0 5b ca d0 94 40 65 ed a9 00 e2 a4 25 Oct 31 15:24:57.955347: | 9a f8 26 cb a6 e9 36 46 e7 05 35 a2 3e b2 f1 45 Oct 31 15:24:57.955349: | 1c a0 48 87 df 71 62 79 f8 36 9b 55 95 96 53 90 Oct 31 15:24:57.955351: | 5d 40 4f ed f0 23 35 7a 33 96 1e e3 87 49 31 7b Oct 31 15:24:57.955353: | 6e 57 f7 30 3e 43 ee cb f5 ef 76 45 8e bd 4a b1 Oct 31 15:24:57.955357: | **parse ISAKMP Message: Oct 31 15:24:57.955361: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:24:57.955365: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:57.955367: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:57.955370: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.955372: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:57.955374: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:57.955378: | Message ID: 2 (00 00 00 02) Oct 31 15:24:57.955381: | length: 608 (00 00 02 60) Oct 31 15:24:57.955384: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:24:57.955387: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:24:57.955391: | State DB: found IKEv2 state #2 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:57.955398: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:57.955402: | #2 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:24:57.955404: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:57.955407: | #2 is idle Oct 31 15:24:57.955413: | Message ID: IKE #2 not a duplicate - message request 2 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744571.268447 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.955419: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:57.955421: | unpacking clear payload Oct 31 15:24:57.955424: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:57.955427: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:57.955430: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:57.955433: | flags: none (0x0) Oct 31 15:24:57.955439: | length: 580 (02 44) Oct 31 15:24:57.955442: | processing payload: ISAKMP_NEXT_v2SK (len=576) Oct 31 15:24:57.955445: | #2 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:57.955478: | authenticator matched Oct 31 15:24:57.955490: | #2 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:24:57.955494: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:57.955497: | **parse IKEv2 Security Association Payload: Oct 31 15:24:57.955500: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:57.955502: | flags: none (0x0) Oct 31 15:24:57.955505: | length: 52 (00 34) Oct 31 15:24:57.955508: | processing payload: ISAKMP_NEXT_v2SA (len=48) Oct 31 15:24:57.955510: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:57.955513: | **parse IKEv2 Nonce Payload: Oct 31 15:24:57.955515: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:57.955517: | flags: none (0x0) Oct 31 15:24:57.955520: | length: 36 (00 24) Oct 31 15:24:57.955522: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:57.955525: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:57.955528: | **parse IKEv2 Key Exchange Payload: Oct 31 15:24:57.955530: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:57.955532: | flags: none (0x0) Oct 31 15:24:57.955536: | length: 392 (01 88) Oct 31 15:24:57.955538: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.955540: | processing payload: ISAKMP_NEXT_v2KE (len=384) Oct 31 15:24:57.955543: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:57.955545: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:57.955548: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:57.955550: | flags: none (0x0) Oct 31 15:24:57.955553: | length: 24 (00 18) Oct 31 15:24:57.955555: | number of TS: 1 (01) Oct 31 15:24:57.955558: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:57.955560: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:57.955562: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:57.955564: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.955567: | flags: none (0x0) Oct 31 15:24:57.955569: | length: 24 (00 18) Oct 31 15:24:57.955572: | number of TS: 1 (01) Oct 31 15:24:57.955574: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:57.955577: | state #2 forced to match CREATE_CHILD_SA from STATE_V2_NEW_CHILD_R0->STATE_V2_ESTABLISHED_CHILD_SA by ignoring from state Oct 31 15:24:57.955580: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:24:57.955585: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:57.955590: | newref alloc logger@0x562b96aa9108(0->1) (in new_state() at state.c:576) Oct 31 15:24:57.955593: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:57.955595: | creating state object #6 at 0x562b96abe7c8 Oct 31 15:24:57.955597: | State DB: adding IKEv2 state #6 in UNDEFINED Oct 31 15:24:57.955602: | pstats #6 ikev2.child started Oct 31 15:24:57.955605: | duplicating state object #2 "north-eastnets/0x1" as #6 for IPSEC SA Oct 31 15:24:57.955610: | #6 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:57.955618: | Message ID: CHILD #2.#6 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744571.268447 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:57.955621: | child state #6: UNDEFINED(ignore) => V2_NEW_CHILD_R0(established IKE SA) Oct 31 15:24:57.955625: | #6.st_v2_transition NULL -> V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA (in new_v2_child_state() at state.c:1666) Oct 31 15:24:57.955628: | "north-eastnets/0x1" #2 received Respond to CREATE_CHILD_SA IPsec SA Request CREATE_CHILD_SA Child "north-eastnets/0x1" #6 in STATE_V2_NEW_CHILD_R0 will process it further Oct 31 15:24:57.955633: | forcing ST #2 to CHILD #2.#6 in FSM processor Oct 31 15:24:57.955639: | Message ID: CHILD #2.#6 responder starting message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744571.268447 child.wip.initiator=-1 child.wip.responder=-1->2 Oct 31 15:24:57.955641: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:24:57.955650: | using existing local ESP/AH proposals for north-eastnets/0x1 (CREATE_CHILD_SA responder matching remote ESP/AH proposals): 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:24:57.955654: | comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 1 local proposals Oct 31 15:24:57.955657: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:57.955660: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:57.955662: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:57.955664: | local proposal 1 type DH has 1 transforms Oct 31 15:24:57.955666: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:57.955670: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:57.955673: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.955675: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:57.955678: | length: 48 (00 30) Oct 31 15:24:57.955681: | prop #: 1 (01) Oct 31 15:24:57.955684: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:57.955686: | spi size: 4 (04) Oct 31 15:24:57.955689: | # transforms: 4 (04) Oct 31 15:24:57.955693: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:57.955695: | remote SPI Oct 31 15:24:57.955697: | 8a 51 67 4e Oct 31 15:24:57.955700: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:57.955703: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.955706: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.955709: | length: 12 (00 0c) Oct 31 15:24:57.955711: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.955713: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:57.955716: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.955719: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.955722: | length/value: 128 (00 80) Oct 31 15:24:57.955726: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:57.955730: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.955732: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.955735: | length: 8 (00 08) Oct 31 15:24:57.955737: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.955739: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:57.955743: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:57.955746: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.955748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.955751: | length: 8 (00 08) Oct 31 15:24:57.955753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.955755: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.955759: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:57.955762: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.955764: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.955767: | length: 8 (00 08) Oct 31 15:24:57.955769: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:57.955772: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:57.955775: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:57.955779: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Oct 31 15:24:57.955786: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Oct 31 15:24:57.955789: | remote proposal 1 matches local proposal 1 Oct 31 15:24:57.955795: "north-eastnets/0x1" #6: proposal 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED SPI=8a51674e chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Oct 31 15:24:57.955801: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED SPI=8a51674e Oct 31 15:24:57.955804: | converting proposal to internal trans attrs Oct 31 15:24:57.955809: | updating #6's .st_oakley with preserved PRF, but why update? Oct 31 15:24:57.955812: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:57.955815: | TSi: parsing 1 traffic selectors Oct 31 15:24:57.955818: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:57.955821: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.955823: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.955826: | length: 16 (00 10) Oct 31 15:24:57.955829: | start port: 0 (00 00) Oct 31 15:24:57.955832: | end port: 65535 (ff ff) Oct 31 15:24:57.955835: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:57.955838: | TS low Oct 31 15:24:57.955840: | c0 00 03 00 Oct 31 15:24:57.955842: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:57.955844: | TS high Oct 31 15:24:57.955846: | c0 00 03 ff Oct 31 15:24:57.955849: | TSi: parsed 1 traffic selectors Oct 31 15:24:57.955851: | TSr: parsing 1 traffic selectors Oct 31 15:24:57.955854: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:57.955856: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.955858: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.955861: | length: 16 (00 10) Oct 31 15:24:57.955864: | start port: 0 (00 00) Oct 31 15:24:57.955867: | end port: 65535 (ff ff) Oct 31 15:24:57.955869: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:57.955872: | TS low Oct 31 15:24:57.955874: | c0 00 16 00 Oct 31 15:24:57.955876: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:57.955879: | TS high Oct 31 15:24:57.955881: | c0 00 16 ff Oct 31 15:24:57.955883: | TSr: parsed 1 traffic selectors Oct 31 15:24:57.955885: | looking for best SPD in current connection Oct 31 15:24:57.955892: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:57.955897: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.955905: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:57.955909: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:57.955912: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:57.955915: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:57.955918: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:57.955922: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.955929: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Oct 31 15:24:57.955931: | looking for better host pair Oct 31 15:24:57.955937: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:57.955943: | checking hostpair 192.0.2.0/24:0 -> 192.0.3.0/24:0 is found Oct 31 15:24:57.955946: | investigating connection "north-eastnets/0x1" as a better match Oct 31 15:24:57.955949: | match_id a=@north Oct 31 15:24:57.955952: | b=@north Oct 31 15:24:57.955954: | results matched Oct 31 15:24:57.955959: | evaluating our conn="north-eastnets/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:57.955966: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.955972: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:57.955976: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:57.955978: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:57.955981: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:57.955984: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:57.955988: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.955994: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: NO Oct 31 15:24:57.955997: | investigating connection "north-eastnets/0x2" as a better match Oct 31 15:24:57.955999: | match_id a=@north Oct 31 15:24:57.956002: | b=@north Oct 31 15:24:57.956004: | results matched Oct 31 15:24:57.956010: | evaluating our conn="north-eastnets/0x2" I=192.0.3.0/24:0:0/0 R=192.0.22.0/24:0:0/0 to their: Oct 31 15:24:57.956015: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.956021: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:57.956024: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:57.956026: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:57.956029: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:57.956031: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:57.956036: | TSr[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:57.956042: | match address end->client=192.0.22.0/24 == TSr[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:24:57.956045: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:57.956048: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:57.956050: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:57.956053: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:57.956055: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:57.956058: | protocol fitness found better match d north-eastnets/0x2, TSi[0],TSr[0] Oct 31 15:24:57.956061: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:24:57.956064: | printing contents struct traffic_selector Oct 31 15:24:57.956066: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:57.956068: | ipprotoid: 0 Oct 31 15:24:57.956070: | port range: 0-65535 Oct 31 15:24:57.956075: | ip range: 192.0.22.0-192.0.22.255 Oct 31 15:24:57.956077: | printing contents struct traffic_selector Oct 31 15:24:57.956079: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:57.956081: | ipprotoid: 0 Oct 31 15:24:57.956084: | port range: 0-65535 Oct 31 15:24:57.956088: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:57.956096: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:57.956099: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:57.956102: | newref clone logger@0x562b96ab76c8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:57.956105: | job 8 for #6: Child Responder KE and nonce nr (build KE and nonce): adding job to queue Oct 31 15:24:57.956108: | state #6 has no .st_event to delete Oct 31 15:24:57.956110: | #6 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:24:57.956113: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ac1148 Oct 31 15:24:57.956116: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Oct 31 15:24:57.956120: | libevent_malloc: newref ptr-libevent@0x562b96ab7d48 size 128 Oct 31 15:24:57.956131: | #6 spent 0.484 (0.484) milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in v2_dispatch() Oct 31 15:24:57.956137: | suspend processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.956136: | job 8 for #6: Child Responder KE and nonce nr (build KE and nonce): helper 1 starting job Oct 31 15:24:57.960516: | "north-eastnets/0x2" #6: spent 4.33 (4.38) milliseconds in helper 1 processing job 8 for state #6: Child Responder KE and nonce nr (pcr) Oct 31 15:24:57.960529: | job 8 for #6: Child Responder KE and nonce nr (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:57.960533: | scheduling resume sending helper answer back to state for #6 Oct 31 15:24:57.960536: | libevent_malloc: newref ptr-libevent@0x7f10c40092d8 size 128 Oct 31 15:24:57.960542: | helper thread 1 has nothing to do Oct 31 15:24:57.956149: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.960554: | #6 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:24:57.960557: | suspending state #6 and saving MD 0x562b96aca1a8 Oct 31 15:24:57.960560: | addref md@0x562b96aca1a8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:57.960563: | #6 is busy; has suspended MD 0x562b96aca1a8 Oct 31 15:24:57.960570: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:57.960576: | #2 spent 0.938 (5.33) milliseconds in ikev2_process_packet() Oct 31 15:24:57.960579: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:57.960582: | delref mdp@0x562b96aca1a8(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.960587: | spent 0.949 (5.34) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:57.960597: | processing resume sending helper answer back to state for #6 Oct 31 15:24:57.960602: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:57.960606: | unsuspending #6 MD 0x562b96aca1a8 Oct 31 15:24:57.960609: | job 8 for #6: Child Responder KE and nonce nr (build KE and nonce): processing response from helper 1 Oct 31 15:24:57.960612: | job 8 for #6: Child Responder KE and nonce nr (build KE and nonce): calling continuation function 0x562b9558bfe7 Oct 31 15:24:57.960615: | ikev2_child_inIoutR_continue() for #6 STATE_V2_NEW_CHILD_R0 Oct 31 15:24:57.960619: | DH secret MODP3072@0x7f10c400bc38: transferring ownership from helper KE to state #6 Oct 31 15:24:57.960623: | DH secret MODP3072@0x7f10c400bc38: transferring ownership from state #6 to helper DH Oct 31 15:24:57.960631: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:57.960634: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:57.960637: | newref clone logger@0x562b96aa93a8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:57.960640: | job 9 for #6: DHv2 for child sa (dh): adding job to queue Oct 31 15:24:57.960643: | state #6 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:57.960646: | libevent_free: delref ptr-libevent@0x562b96ab7d48 Oct 31 15:24:57.960650: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96ac1148 Oct 31 15:24:57.960653: | #6 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:24:57.960655: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96abf618 Oct 31 15:24:57.960658: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Oct 31 15:24:57.960661: | libevent_malloc: newref ptr-libevent@0x562b96ab7d48 size 128 Oct 31 15:24:57.960671: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.960675: | #6 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:24:57.960678: | suspending state #6 and saving MD 0x562b96aca1a8 Oct 31 15:24:57.960681: | addref md@0x562b96aca1a8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:57.960683: | #6 is busy; has suspended MD 0x562b96aca1a8 Oct 31 15:24:57.960687: | delref logger@0x562b96ab76c8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:57.960692: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.960694: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.960697: | resume sending helper answer back to state for #6 suppresed complete_v2_state_transition() Oct 31 15:24:57.960700: | delref mdp@0x562b96aca1a8(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:57.960706: | #6 spent 0.0981 (0.0982) milliseconds in resume sending helper answer back to state Oct 31 15:24:57.960711: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:57.960714: | libevent_free: delref ptr-libevent@0x7f10c40092d8 Oct 31 15:24:57.960724: | job 9 for #6: DHv2 for child sa (dh): helper 3 starting job Oct 31 15:24:57.962884: | "north-eastnets/0x2" #6: spent 2.15 (2.16) milliseconds in helper 3 processing job 9 for state #6: DHv2 for child sa (dh) Oct 31 15:24:57.962892: | job 9 for #6: DHv2 for child sa (dh): helper thread 3 sending result back to state Oct 31 15:24:57.962895: | scheduling resume sending helper answer back to state for #6 Oct 31 15:24:57.962898: | libevent_malloc: newref ptr-libevent@0x7f10bc002b48 size 128 Oct 31 15:24:57.962905: | helper thread 3 has nothing to do Oct 31 15:24:57.962915: | processing resume sending helper answer back to state for #6 Oct 31 15:24:57.962920: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:57.962924: | unsuspending #6 MD 0x562b96aca1a8 Oct 31 15:24:57.962927: | job 9 for #6: DHv2 for child sa (dh): processing response from helper 3 Oct 31 15:24:57.962930: | job 9 for #6: DHv2 for child sa (dh): calling continuation function 0x562b9558d7cb Oct 31 15:24:57.962932: | DH secret MODP3072@0x7f10c400bc38: transferring ownership from helper IKEv2 DH to state #6 Oct 31 15:24:57.962935: | ikev2_child_inIoutR_continue_continue() for #6 STATE_V2_NEW_CHILD_R0 Oct 31 15:24:57.962941: | opening output PBS reply packet Oct 31 15:24:57.962945: | **emit ISAKMP Message: Oct 31 15:24:57.962949: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:24:57.962954: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:57.962956: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:57.962959: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.962961: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:57.962964: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:57.962968: | Message ID: 2 (00 00 00 02) Oct 31 15:24:57.962971: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:57.962975: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:57.962977: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.962979: | flags: none (0x0) Oct 31 15:24:57.962983: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:57.962986: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.962989: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:57.963011: | netlink_get_spi: allocated 0x98b3bf89 for esp.0@192.1.2.23 Oct 31 15:24:57.963015: | emitting ikev2_proposal ... Oct 31 15:24:57.963018: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:57.963021: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.963023: | flags: none (0x0) Oct 31 15:24:57.963026: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:57.963028: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.963033: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.963035: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:57.963038: | prop #: 1 (01) Oct 31 15:24:57.963043: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:57.963046: | spi size: 4 (04) Oct 31 15:24:57.963049: | # transforms: 4 (04) Oct 31 15:24:57.963051: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:57.963055: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:57.963059: | our spi: 98 b3 bf 89 Oct 31 15:24:57.963061: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.963064: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.963066: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.963069: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:57.963071: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.963074: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.963077: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.963080: | length/value: 128 (00 80) Oct 31 15:24:57.963083: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:57.963086: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.963088: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.963090: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.963092: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:57.963095: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.963098: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.963101: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.963103: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.963106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.963108: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.963110: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.963113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.963115: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.963118: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.963120: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.963122: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.963125: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:57.963127: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:57.963130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.963132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.963135: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.963137: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:57.963140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:57.963142: | emitting length of IKEv2 Security Association Payload: 52 Oct 31 15:24:57.963144: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:57.963147: | ****emit IKEv2 Nonce Payload: Oct 31 15:24:57.963149: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.963152: | flags: none (0x0) Oct 31 15:24:57.963156: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:57.963159: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.963162: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:57.963164: | IKEv2 nonce: Oct 31 15:24:57.963166: | 9a 21 6f 5a 35 fd 3a ff 4c 0e ce f8 25 70 f3 f5 Oct 31 15:24:57.963168: | fe 51 ae 97 ac b2 2b 52 77 9e 1f 8a 7f e1 87 83 Oct 31 15:24:57.963171: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:57.963174: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:24:57.963176: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.963178: | flags: none (0x0) Oct 31 15:24:57.963181: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.963183: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:57.963186: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.963189: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:57.963191: | ikev2 g^x: Oct 31 15:24:57.963193: | bb 84 e3 66 dd 88 fe 5a 27 7d 24 a6 87 aa c3 25 Oct 31 15:24:57.963195: | 29 8e e9 7e 3f d8 78 a3 9a b1 e6 a2 90 bd c6 cc Oct 31 15:24:57.963197: | 20 dc 1e 76 d6 b3 6d 23 bc 6a c4 d0 80 c7 e4 72 Oct 31 15:24:57.963205: | 04 09 ab c0 f2 c9 96 09 5f bf cc db 59 5c 7d 7d Oct 31 15:24:57.963207: | d1 6f a2 f0 3f 35 f4 86 bf e0 e4 0d 49 c2 31 1e Oct 31 15:24:57.963209: | 80 bc af 3c bf f9 f5 fc 37 64 0f 81 13 fd 45 39 Oct 31 15:24:57.963211: | 7b b8 02 43 98 5e 7b 52 d3 13 4d dd 0b cd 71 e0 Oct 31 15:24:57.963214: | cb d0 79 b1 b1 a5 1e 50 2d a2 2d 73 e2 37 b3 d1 Oct 31 15:24:57.963216: | f6 40 88 e1 54 2d ab 65 4a 98 d9 35 d3 b6 19 56 Oct 31 15:24:57.963218: | b0 3c 57 bc 9d d1 f7 11 d9 ae 0e 34 a0 75 3c 4a Oct 31 15:24:57.963222: | 64 e2 64 97 36 69 2c 28 72 4a 8e 38 92 42 7d 2d Oct 31 15:24:57.963224: | b6 3b 60 17 93 9d fb a8 5c 4b e3 67 8b ec c5 b9 Oct 31 15:24:57.963226: | 1b e9 cb 9d be d8 e9 d6 27 48 29 c2 96 03 5b 75 Oct 31 15:24:57.963228: | f2 9a c6 7c f4 d0 15 db 3d a7 70 80 8f af 6f 3a Oct 31 15:24:57.963230: | a9 fe a4 f7 d2 85 3b c9 a4 d2 1d e4 af a3 e8 78 Oct 31 15:24:57.963232: | 33 63 12 a8 ce 4f 83 25 89 b0 fd 39 b0 66 4d 94 Oct 31 15:24:57.963234: | 63 b6 06 00 e1 1a 81 82 2a 8d b7 e4 bf 17 39 9b Oct 31 15:24:57.963236: | 91 15 97 5d 31 c1 c1 5a 81 6e a5 06 24 c8 7d 14 Oct 31 15:24:57.963238: | 35 a9 f3 f1 d7 c3 4b 60 d1 4f e8 70 87 7c b7 99 Oct 31 15:24:57.963240: | e9 4d 49 9c 4c f4 20 d3 c3 46 6c 91 d3 af be e4 Oct 31 15:24:57.963243: | 37 c9 6c 16 23 ac 7e 0b ec 92 96 99 b3 db 6a 87 Oct 31 15:24:57.963245: | 1a 23 b3 45 6b 44 d5 8b 56 38 79 86 8a 86 c2 ab Oct 31 15:24:57.963247: | ea 82 28 34 79 20 f5 2a 85 ab 6f db a4 55 81 b2 Oct 31 15:24:57.963249: | 71 9b 4a eb 32 d9 2b 06 08 f6 37 9c be c7 05 13 Oct 31 15:24:57.963251: | emitting length of IKEv2 Key Exchange Payload: 392 Oct 31 15:24:57.963255: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:57.963258: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.963260: | flags: none (0x0) Oct 31 15:24:57.963263: | number of TS: 1 (01) Oct 31 15:24:57.963266: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:57.963268: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.963271: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:57.963273: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.963275: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.963278: | start port: 0 (00 00) Oct 31 15:24:57.963283: | end port: 65535 (ff ff) Oct 31 15:24:57.963287: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:57.963290: | IP start: c0 00 03 00 Oct 31 15:24:57.963293: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:57.963296: | IP end: c0 00 03 ff Oct 31 15:24:57.963298: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:57.963301: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:57.963303: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:57.963305: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.963308: | flags: none (0x0) Oct 31 15:24:57.963310: | number of TS: 1 (01) Oct 31 15:24:57.963313: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:57.963315: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.963318: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:57.963320: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:57.963322: | IP Protocol ID: ALL (0x0) Oct 31 15:24:57.963326: | start port: 0 (00 00) Oct 31 15:24:57.963328: | end port: 65535 (ff ff) Oct 31 15:24:57.963331: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:57.963335: | IP start: c0 00 16 00 Oct 31 15:24:57.963338: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:57.963341: | IP end: c0 00 16 ff Oct 31 15:24:57.963343: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:57.963345: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:57.963348: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:57.963351: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:24:57.963445: | install_ipsec_sa() for #6: inbound and outbound Oct 31 15:24:57.963450: | could_route called for north-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:57.963453: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:57.963456: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.963458: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:57.963461: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.963463: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:57.963467: | route owner of "north-eastnets/0x2" erouted: self; eroute owner: self Oct 31 15:24:57.963471: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:57.963474: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:57.963476: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:57.963481: | setting IPsec SA replay-window to 32 Oct 31 15:24:57.963484: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:24:57.963487: | netlink: enabling tunnel mode Oct 31 15:24:57.963490: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:57.963492: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:57.963495: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:57.963560: | netlink response for Add SA esp.8a51674e@192.1.3.33 included non-error error Oct 31 15:24:57.963566: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#3 mode=1 Oct 31 15:24:57.963568: | set up outgoing SA, ref=0/0 Oct 31 15:24:57.963571: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:57.963574: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:57.963576: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:57.963580: | setting IPsec SA replay-window to 32 Oct 31 15:24:57.963584: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:24:57.963587: | netlink: enabling tunnel mode Oct 31 15:24:57.963590: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:57.963592: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:57.963595: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:57.963633: | netlink response for Add SA esp.98b3bf89@192.1.2.23 included non-error error Oct 31 15:24:57.963638: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#3 mode=1 Oct 31 15:24:57.963641: | set up incoming SA, ref=0/0 Oct 31 15:24:57.963643: | sr for #6: erouted Oct 31 15:24:57.963646: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:57.963648: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:57.963651: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.963653: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:57.963656: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:57.963658: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:57.963661: | route owner of "north-eastnets/0x2" erouted: self; eroute owner: self Oct 31 15:24:57.963665: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:north-eastnets/0x2 esr:{(nil)} ro:north-eastnets/0x2 rosr:{(nil)} and state: #6 Oct 31 15:24:57.963667: | we are replacing an eroute Oct 31 15:24:57.963671: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:24:57.963681: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:57.963685: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:57.963704: | raw_eroute result=success Oct 31 15:24:57.963708: | route_and_eroute: firewall_notified: true Oct 31 15:24:57.963711: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x562b96ab85b8,sr=0x562b96ab85b8} to #6 (was #3) (newest_ipsec_sa=#3) Oct 31 15:24:57.964349: | ISAKMP_v2_CREATE_CHILD_SA: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #6 (was #3) (spd.eroute=#6) cloned from #2 Oct 31 15:24:57.964360: | adding 16 bytes of padding (including 1 byte padding-length) Oct 31 15:24:57.964364: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964367: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964370: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964373: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964376: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964378: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964381: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964384: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964386: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964389: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964392: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964394: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964397: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964400: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964402: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964405: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.964411: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:57.964413: | emitting length of IKEv2 Encryption Payload: 580 Oct 31 15:24:57.964416: | emitting length of ISAKMP Message: 608 Oct 31 15:24:57.964463: "north-eastnets/0x2" #6: negotiated new IPsec SA [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:57.964470: | delref logger@0x562b96aa93a8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:57.964473: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.964476: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.964483: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.964488: | #6 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_OK Oct 31 15:24:57.964490: | transitioning from state STATE_V2_NEW_CHILD_R0 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:57.964492: | Message ID: updating counters for #6 Oct 31 15:24:57.964502: | Message ID: CHILD #2.#6 updating responder received message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=1 ike.responder.recv=1->2 ike.responder.last_contact=744571.268447->744572.397291 child.wip.initiator=-1 child.wip.responder=2->-1 Oct 31 15:24:57.964508: | Message ID: CHILD #2.#6 updating responder sent message response 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=1->2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:57.964513: | Message ID: IKE #2 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.964517: | child state #6: V2_NEW_CHILD_R0(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:57.964520: | pstats #6 ikev2.child established Oct 31 15:24:57.964523: | announcing the state transition Oct 31 15:24:57.964530: "north-eastnets/0x2" #6: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:57.964534: | NAT-T: encaps is 'auto' Oct 31 15:24:57.964539: "north-eastnets/0x2" #6: IPsec SA established tunnel mode {ESP=>0x8a51674e <0x98b3bf89 xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Oct 31 15:24:57.964546: | sending 608 bytes for STATE_V2_NEW_CHILD_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #2) Oct 31 15:24:57.964549: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:24:57.964551: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:57.964553: | 89 d8 e0 83 aa 28 dd e8 35 59 00 26 e4 5d 2b d4 Oct 31 15:24:57.964555: | 72 b5 18 77 00 3f 7c 1c e8 33 66 a9 70 b9 b9 4e Oct 31 15:24:57.964557: | e2 96 69 f6 e9 c5 ee 77 da 7b 66 e5 f1 29 a6 0d Oct 31 15:24:57.964559: | d6 12 fd bf 9a 9e a1 74 28 fc 93 fd d7 96 6f 2f Oct 31 15:24:57.964561: | 48 49 4c 46 7d 34 ce c1 64 39 b5 3b df dc 2f 93 Oct 31 15:24:57.964563: | b4 b9 93 85 0b 50 97 af 57 b9 5f 72 db c9 9e 15 Oct 31 15:24:57.964565: | 20 b0 2a 20 ba f9 94 8e a3 98 8b c6 2e 29 64 19 Oct 31 15:24:57.964567: | 12 25 d9 31 c1 94 fd 6b 50 cd b4 5c 4c 46 14 76 Oct 31 15:24:57.964569: | ee e7 df 1e d3 b7 08 a9 f3 87 7c 48 d5 c7 2d 24 Oct 31 15:24:57.964572: | 07 65 3a 50 67 2d f4 4b 23 38 b7 fc 4a 9c 25 a0 Oct 31 15:24:57.964574: | 4e 93 84 4a ae a7 55 d2 0e bf 7a f4 b6 4e 7a 0a Oct 31 15:24:57.964576: | 57 94 ab 72 95 2c 8d 40 b6 81 a6 db b9 18 72 19 Oct 31 15:24:57.964578: | 52 5a bf 5f ff f9 d9 f7 dc 21 84 ce 84 22 9a 44 Oct 31 15:24:57.964580: | cc b8 ca 9a 9a f2 a8 43 94 81 0f 16 c3 ce ce 7d Oct 31 15:24:57.964584: | ac 50 e3 82 23 bd dd 20 5e c2 f1 7c 4e ae 79 63 Oct 31 15:24:57.964586: | 88 ea d0 ca 87 57 7a 7f 46 16 24 93 2f 1f 3b e5 Oct 31 15:24:57.964588: | 68 d4 ff db 6d 4a 2e 14 31 ae 1b 09 42 6c 96 65 Oct 31 15:24:57.964590: | 86 05 05 dc 4d 7f ad 21 da c3 83 55 be 6e e2 19 Oct 31 15:24:57.964592: | 3f 8c 3c e1 83 85 01 24 ba 35 5c ed 3e 2b 02 a9 Oct 31 15:24:57.964594: | 25 9d 3a 5a 87 d6 1c 19 d4 1b 6b 97 cc 2c 1f 58 Oct 31 15:24:57.964596: | 86 ac b7 a2 e3 99 07 9d ed a1 f8 8c a4 c8 a1 85 Oct 31 15:24:57.964598: | 78 80 9c 56 5e 90 4b 6f e2 86 83 d2 f2 44 bd 86 Oct 31 15:24:57.964600: | 78 48 d8 bd 02 82 ba 17 2f 54 14 b3 01 86 b6 dd Oct 31 15:24:57.964603: | 5f de 0a ef 15 a6 0b d8 7b a0 1d 5a 03 b2 2c 89 Oct 31 15:24:57.964605: | 8d b7 d1 e3 ce 5f 24 22 45 f6 0c ef d0 c2 01 90 Oct 31 15:24:57.964607: | 1e a7 17 c8 5a ec 70 70 00 28 be ed ff fd d7 d1 Oct 31 15:24:57.964609: | 09 42 87 b7 64 e3 93 53 98 b7 fb 2e bb 31 7e 51 Oct 31 15:24:57.964611: | 24 61 91 61 44 d0 50 88 a5 89 0a 72 bc 15 0d b3 Oct 31 15:24:57.964613: | ac 94 d5 66 b9 65 66 88 de f0 8b 09 e6 72 35 65 Oct 31 15:24:57.964615: | e9 52 e4 55 ff 3d 56 ff 0a c0 65 22 9a f8 78 54 Oct 31 15:24:57.964617: | e3 76 be 9e 7d 33 8a 66 5f ad 07 c8 90 69 b8 e2 Oct 31 15:24:57.964619: | e0 82 0b 9c c9 d8 43 46 41 1e 88 4d 3c 93 f7 85 Oct 31 15:24:57.964621: | 6e 4a d9 5c 19 2a be e3 fc 32 23 eb bc eb ad e2 Oct 31 15:24:57.964623: | 2b 19 6c b8 49 f5 3e 83 ec e8 ac 99 a9 7a db d4 Oct 31 15:24:57.964625: | 24 06 76 90 9c a8 80 0a 62 0d 58 30 06 b2 90 11 Oct 31 15:24:57.964627: | 9b 6a 82 13 ed 0e 97 50 93 e6 01 40 e1 1c 7e e7 Oct 31 15:24:57.964654: | sent 1 messages Oct 31 15:24:57.964659: | releasing #6's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:57.964661: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:57.964662: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:57.964664: | unpending #6's IKE SA #2 Oct 31 15:24:57.964666: | unpending state #2 connection "north-eastnets/0x2" Oct 31 15:24:57.964668: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:57.964669: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:57.964671: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:57.964673: | #6 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:57.964675: | state #6 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:57.964678: | libevent_free: delref ptr-libevent@0x562b96ab7d48 Oct 31 15:24:57.964680: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96abf618 Oct 31 15:24:57.964682: | event_schedule: newref EVENT_SA_REKEY-pe@0x562b96abf618 Oct 31 15:24:57.964684: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #6 Oct 31 15:24:57.964686: | libevent_malloc: newref ptr-libevent@0x562b96acc058 size 128 Oct 31 15:24:57.964689: | delref mdp@0x562b96aca1a8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:57.964690: | delref logger@0x562b96ac1268(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:57.964692: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.964693: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.964699: | #6 spent 1.54 (1.77) milliseconds in resume sending helper answer back to state Oct 31 15:24:57.964702: | stop processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:57.964704: | libevent_free: delref ptr-libevent@0x7f10bc002b48 Oct 31 15:24:58.113874: | timer_event_cb: processing event@0x562b96abe4c8 Oct 31 15:24:58.113892: | handling event EVENT_RETRANSMIT for child state #5 Oct 31 15:24:58.113897: | libevent_free: delref ptr-libevent@0x562b96ab9ac8 Oct 31 15:24:58.113901: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:58.113914: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:58.113918: | IKEv2 retransmit event Oct 31 15:24:58.113924: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:58.113929: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Oct 31 15:24:58.113933: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:58.113938: | #5 STATE_V2_NEW_CHILD_I1: retransmits: current time 744572.546732 Oct 31 15:24:58.113941: | #5 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 4 exceeds limit? NO Oct 31 15:24:58.113944: | #5 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.8 exceeds limit? NO Oct 31 15:24:58.113947: | #5 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.808072 exceeds limit? NO Oct 31 15:24:58.113951: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:58.113954: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #5 Oct 31 15:24:58.113957: | libevent_malloc: newref ptr-libevent@0x7f10bc002b48 size 128 Oct 31 15:24:58.113962: "north-eastnets/0x1" #5: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.8 seconds for response Oct 31 15:24:58.113971: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:58.113974: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:58.113976: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:58.113978: | 1f a3 e7 6b f5 b1 a5 39 6b e3 64 59 54 77 3e f7 Oct 31 15:24:58.113981: | 30 a8 e1 61 e7 3f 8b 1d db 22 32 b0 7c 90 e4 8a Oct 31 15:24:58.113983: | 9f ff a8 aa 6c 67 55 b3 68 47 eb 65 be e9 a3 75 Oct 31 15:24:58.113985: | b9 cb d3 4c 4e b8 e5 51 90 57 17 54 86 21 65 c4 Oct 31 15:24:58.113987: | 23 d5 38 05 d9 f1 a3 68 07 ef 4b 8a 83 db 8e 65 Oct 31 15:24:58.113990: | a8 89 5a 5f 59 03 7a b5 8d 27 9d 40 26 74 3d c2 Oct 31 15:24:58.113992: | 12 a2 73 62 04 87 fb ef 4b a0 08 22 b7 ac ac 10 Oct 31 15:24:58.113994: | 61 f4 9b 6e d3 28 b9 84 ac fd ef 0b 8a d0 fa 1a Oct 31 15:24:58.113997: | b5 a0 06 a1 91 78 af 6f 1f e7 63 d5 04 22 17 29 Oct 31 15:24:58.113999: | 60 24 2b 94 6d 86 81 00 64 1a cf 57 92 d1 7a f7 Oct 31 15:24:58.114001: | bc 9d 4a a2 d1 25 7d 7d 22 1a 23 1f d7 5b 6e b0 Oct 31 15:24:58.114003: | 5d 06 b1 45 db d0 47 50 0a 50 5c 47 b2 2c 59 ff Oct 31 15:24:58.114006: | e4 44 49 53 8c 06 ae de 57 73 0d 90 ba 50 42 fe Oct 31 15:24:58.114008: | 61 86 e0 23 40 7d ec 8c 78 ba f2 c4 81 f3 4a 4f Oct 31 15:24:58.114010: | ab 33 b6 02 19 f6 45 97 04 7f b5 01 b8 12 a1 cc Oct 31 15:24:58.114013: | a4 41 87 50 a4 ba ea 4d 39 96 3f c7 6d 5e 78 00 Oct 31 15:24:58.114015: | 7a e8 6d 68 ca 45 1c 7b 95 c4 ae cb eb b0 86 c0 Oct 31 15:24:58.114017: | ba 82 50 41 2c 92 2a 15 96 c4 d6 c6 27 74 6c 33 Oct 31 15:24:58.114020: | 5c 3b 07 7e 88 0e 9b 68 b8 70 e3 6c 9a d2 5c 8b Oct 31 15:24:58.114022: | 8a f5 ba 1d 10 9d 28 cc 22 22 2b dc e1 27 65 67 Oct 31 15:24:58.114024: | 4f 32 27 7e d9 b8 f1 04 0b 09 e7 c4 a6 86 bc fa Oct 31 15:24:58.114027: | ca 3c 05 e0 8b 96 43 c7 da 5a 36 3b 28 dc 64 bd Oct 31 15:24:58.114029: | 5e c6 61 85 f6 9f 21 ee 7b 28 e5 3c 45 2b 09 b6 Oct 31 15:24:58.114031: | ca ea f6 0a 3d e6 82 0f af 3b 19 92 c6 46 79 91 Oct 31 15:24:58.114034: | 34 b6 c0 6b 1b a6 a7 1d 7a 15 23 14 08 2c 64 b6 Oct 31 15:24:58.114036: | 3a ce a8 38 aa 47 b4 6d 7f d9 e4 f6 df 19 ef 45 Oct 31 15:24:58.114038: | 60 a0 41 a3 79 67 f0 d8 c9 93 ac 46 be ad 89 60 Oct 31 15:24:58.114041: | b5 1f df 65 0a 79 3e d6 15 e8 b8 71 0b 6e 7f 9f Oct 31 15:24:58.114043: | 99 ba db ad 52 94 d8 01 e8 11 02 0a f7 18 43 c5 Oct 31 15:24:58.114045: | 90 91 33 dd 75 ab ab e7 47 09 d0 aa 71 03 ad a7 Oct 31 15:24:58.114047: | 65 c1 7c 9d 97 28 6c 0b ee 0e 4c 83 c3 ca 34 91 Oct 31 15:24:58.114050: | 04 4b d2 4b 21 f4 1b 1e e8 47 1a 96 81 d2 87 07 Oct 31 15:24:58.114053: | 56 f4 6e b5 fe 2e 7c c5 d2 42 3f 21 17 2e 1c 1b Oct 31 15:24:58.114056: | 0f 54 cd f7 ce 37 ce ed 30 d1 3c 94 86 c3 f0 a2 Oct 31 15:24:58.114058: | ab d5 df 7b d2 1b 8c d9 b2 c6 64 4a 7f f9 80 84 Oct 31 15:24:58.114060: | 0d 30 0c 39 5b 76 ce 64 9c 54 ed dd 91 fe 98 51 Oct 31 15:24:58.114092: | sent 1 messages Oct 31 15:24:58.114102: | #5 spent 0.21 (0.227) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:58.114108: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:58.914247: | timer_event_cb: processing event@0x562b96abe4c8 Oct 31 15:24:58.914271: | handling event EVENT_RETRANSMIT for child state #5 Oct 31 15:24:58.914276: | libevent_free: delref ptr-libevent@0x7f10bc002b48 Oct 31 15:24:58.914279: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:58.914289: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:58.914293: | IKEv2 retransmit event Oct 31 15:24:58.914300: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:58.914305: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #5 attempt 2 of 0 Oct 31 15:24:58.914309: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:58.914313: | #5 STATE_V2_NEW_CHILD_I1: retransmits: current time 744573.347108 Oct 31 15:24:58.914316: | #5 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 5 exceeds limit? NO Oct 31 15:24:58.914319: | #5 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 1.6 exceeds limit? NO Oct 31 15:24:58.914322: | #5 STATE_V2_NEW_CHILD_I1: retransmits: monotime 1.608448 exceeds limit? NO Oct 31 15:24:58.914326: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:58.914329: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #5 Oct 31 15:24:58.914333: | libevent_malloc: newref ptr-libevent@0x7f10bc002b48 size 128 Oct 31 15:24:58.914339: "north-eastnets/0x1" #5: STATE_V2_NEW_CHILD_I1: retransmission; will wait 1.6 seconds for response Oct 31 15:24:58.914347: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:58.914350: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:58.914352: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:58.914355: | 1f a3 e7 6b f5 b1 a5 39 6b e3 64 59 54 77 3e f7 Oct 31 15:24:58.914357: | 30 a8 e1 61 e7 3f 8b 1d db 22 32 b0 7c 90 e4 8a Oct 31 15:24:58.914359: | 9f ff a8 aa 6c 67 55 b3 68 47 eb 65 be e9 a3 75 Oct 31 15:24:58.914361: | b9 cb d3 4c 4e b8 e5 51 90 57 17 54 86 21 65 c4 Oct 31 15:24:58.914363: | 23 d5 38 05 d9 f1 a3 68 07 ef 4b 8a 83 db 8e 65 Oct 31 15:24:58.914365: | a8 89 5a 5f 59 03 7a b5 8d 27 9d 40 26 74 3d c2 Oct 31 15:24:58.914367: | 12 a2 73 62 04 87 fb ef 4b a0 08 22 b7 ac ac 10 Oct 31 15:24:58.914369: | 61 f4 9b 6e d3 28 b9 84 ac fd ef 0b 8a d0 fa 1a Oct 31 15:24:58.914372: | b5 a0 06 a1 91 78 af 6f 1f e7 63 d5 04 22 17 29 Oct 31 15:24:58.914374: | 60 24 2b 94 6d 86 81 00 64 1a cf 57 92 d1 7a f7 Oct 31 15:24:58.914376: | bc 9d 4a a2 d1 25 7d 7d 22 1a 23 1f d7 5b 6e b0 Oct 31 15:24:58.914378: | 5d 06 b1 45 db d0 47 50 0a 50 5c 47 b2 2c 59 ff Oct 31 15:24:58.914380: | e4 44 49 53 8c 06 ae de 57 73 0d 90 ba 50 42 fe Oct 31 15:24:58.914383: | 61 86 e0 23 40 7d ec 8c 78 ba f2 c4 81 f3 4a 4f Oct 31 15:24:58.914385: | ab 33 b6 02 19 f6 45 97 04 7f b5 01 b8 12 a1 cc Oct 31 15:24:58.914387: | a4 41 87 50 a4 ba ea 4d 39 96 3f c7 6d 5e 78 00 Oct 31 15:24:58.914389: | 7a e8 6d 68 ca 45 1c 7b 95 c4 ae cb eb b0 86 c0 Oct 31 15:24:58.914391: | ba 82 50 41 2c 92 2a 15 96 c4 d6 c6 27 74 6c 33 Oct 31 15:24:58.914393: | 5c 3b 07 7e 88 0e 9b 68 b8 70 e3 6c 9a d2 5c 8b Oct 31 15:24:58.914399: | 8a f5 ba 1d 10 9d 28 cc 22 22 2b dc e1 27 65 67 Oct 31 15:24:58.914402: | 4f 32 27 7e d9 b8 f1 04 0b 09 e7 c4 a6 86 bc fa Oct 31 15:24:58.914404: | ca 3c 05 e0 8b 96 43 c7 da 5a 36 3b 28 dc 64 bd Oct 31 15:24:58.914406: | 5e c6 61 85 f6 9f 21 ee 7b 28 e5 3c 45 2b 09 b6 Oct 31 15:24:58.914408: | ca ea f6 0a 3d e6 82 0f af 3b 19 92 c6 46 79 91 Oct 31 15:24:58.914410: | 34 b6 c0 6b 1b a6 a7 1d 7a 15 23 14 08 2c 64 b6 Oct 31 15:24:58.914413: | 3a ce a8 38 aa 47 b4 6d 7f d9 e4 f6 df 19 ef 45 Oct 31 15:24:58.914415: | 60 a0 41 a3 79 67 f0 d8 c9 93 ac 46 be ad 89 60 Oct 31 15:24:58.914417: | b5 1f df 65 0a 79 3e d6 15 e8 b8 71 0b 6e 7f 9f Oct 31 15:24:58.914419: | 99 ba db ad 52 94 d8 01 e8 11 02 0a f7 18 43 c5 Oct 31 15:24:58.914421: | 90 91 33 dd 75 ab ab e7 47 09 d0 aa 71 03 ad a7 Oct 31 15:24:58.914423: | 65 c1 7c 9d 97 28 6c 0b ee 0e 4c 83 c3 ca 34 91 Oct 31 15:24:58.914425: | 04 4b d2 4b 21 f4 1b 1e e8 47 1a 96 81 d2 87 07 Oct 31 15:24:58.914427: | 56 f4 6e b5 fe 2e 7c c5 d2 42 3f 21 17 2e 1c 1b Oct 31 15:24:58.914429: | 0f 54 cd f7 ce 37 ce ed 30 d1 3c 94 86 c3 f0 a2 Oct 31 15:24:58.914431: | ab d5 df 7b d2 1b 8c d9 b2 c6 64 4a 7f f9 80 84 Oct 31 15:24:58.914433: | 0d 30 0c 39 5b 76 ce 64 9c 54 ed dd 91 fe 98 51 Oct 31 15:24:58.914460: | sent 1 messages Oct 31 15:24:58.914471: | #5 spent 0.214 (0.223) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:58.914477: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:59.316093: | spent 0.00234 (0.00235) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.316113: | newref struct msg_digest@0x562b96aca1a8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.316117: | newref alloc logger@0x562b96aa93a8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.316124: | *received 608 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:59.316126: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:59.316129: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:24:59.316131: | 05 03 fc 5e 6e 31 73 6f 90 c7 64 4e 78 1b 00 6a Oct 31 15:24:59.316133: | d0 27 28 4d 21 6f 31 dc f8 de 26 d1 60 d1 a9 0e Oct 31 15:24:59.316135: | 2b b8 9c 36 05 3b c4 e1 63 db 89 80 9c e2 47 e4 Oct 31 15:24:59.316138: | e9 ff 93 66 d6 ef fc a3 a4 b8 1a 6c d6 4d 68 33 Oct 31 15:24:59.316140: | 73 20 9f bf 97 c5 c3 0d 50 17 b2 d4 3d 15 6e 00 Oct 31 15:24:59.316142: | 1a ef 20 53 ba 53 f0 df 63 9f d1 41 ac 3b 2f 3d Oct 31 15:24:59.316144: | 7f c5 5b fb cd 40 1c f3 e5 94 78 d5 0d 16 81 18 Oct 31 15:24:59.316146: | 3a ee df b3 e9 23 36 5c a0 23 9d d8 32 b8 77 b6 Oct 31 15:24:59.316148: | ef 8d d2 2a d3 5e 0e 72 5c 2e d8 06 49 09 7a 56 Oct 31 15:24:59.316150: | a6 5d f5 78 68 36 fb 0d ee 8a 49 02 be 00 29 1c Oct 31 15:24:59.316153: | 5b f7 84 e7 14 b9 19 8f 53 45 cd af ea 40 bc 12 Oct 31 15:24:59.316155: | 12 63 43 74 32 a3 92 11 5b f4 ef cd e3 5c 88 fb Oct 31 15:24:59.316157: | ce ae 0b 95 c5 4b 61 34 79 fa 0d 70 f4 d7 2d 14 Oct 31 15:24:59.316159: | c0 51 85 d2 eb e1 d4 cf 58 f4 c2 44 c4 50 2f 3a Oct 31 15:24:59.316161: | 6a a8 90 d5 4a 7a 76 6d 54 92 fd 1c fe a4 69 52 Oct 31 15:24:59.316163: | dc 27 85 8a bd 64 57 88 e6 14 53 d3 0b 51 45 8c Oct 31 15:24:59.316165: | 23 43 f4 2d 02 8f 3e 26 a8 40 6e ce 9d 59 ab 28 Oct 31 15:24:59.316166: | a7 37 b4 9d 7d d0 fb bb 67 88 50 28 0f 2b e6 16 Oct 31 15:24:59.316168: | 70 84 75 c3 1f 79 ff 57 08 d6 02 b8 64 3e aa fc Oct 31 15:24:59.316170: | 34 8b d6 99 dd f7 5a 92 eb 43 f3 f5 a2 56 39 99 Oct 31 15:24:59.316172: | b2 29 38 60 dc d4 1a cf 99 54 61 e7 c7 7b 4d 39 Oct 31 15:24:59.316173: | e7 ce b1 64 26 45 69 d7 83 5c 9e 9e b0 13 6e a4 Oct 31 15:24:59.316175: | ac ca 7b b3 96 51 b5 a2 9b d9 df dd 97 74 5a 2a Oct 31 15:24:59.316177: | 3d 0b b3 d6 58 4a 29 47 b6 93 de 34 f8 3b cd bb Oct 31 15:24:59.316181: | 4c cb 53 9e 3a c2 fe 41 08 60 88 c4 80 6a af 0d Oct 31 15:24:59.316183: | 90 33 ad 30 a0 79 19 07 af 23 8e 57 f3 f0 d3 65 Oct 31 15:24:59.316185: | 31 c6 4c 78 85 a2 59 3d 41 ad 54 22 a4 62 bc a7 Oct 31 15:24:59.316187: | ef ee 21 e4 64 0f c9 92 46 22 e7 61 2a 2e 30 2d Oct 31 15:24:59.316189: | fb 89 76 a7 31 c8 35 04 1c 4f 03 c5 a6 32 d0 fd Oct 31 15:24:59.316191: | e7 ec cd 7e 84 5d 1b d8 3a 3c 52 c4 77 b1 ec a7 Oct 31 15:24:59.316193: | 52 1f ac 1c 41 b9 23 23 fb 4f a5 47 f0 b4 14 e2 Oct 31 15:24:59.316195: | 86 97 63 23 58 78 37 c0 2d b1 3a 41 de 05 cb f0 Oct 31 15:24:59.316196: | 6f f8 40 73 74 79 de 14 eb e4 8c 56 94 38 60 42 Oct 31 15:24:59.316216: | 22 93 cc da 62 14 4a 25 b1 0d 96 53 15 69 44 94 Oct 31 15:24:59.316222: | 4f b5 22 f3 f1 31 10 21 30 a6 5b 7f c4 28 e2 12 Oct 31 15:24:59.316224: | 74 85 33 4c bd cf 0a f7 e3 f2 32 f3 15 e3 d8 c2 Oct 31 15:24:59.316229: | **parse ISAKMP Message: Oct 31 15:24:59.316233: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:24:59.316237: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:24:59.316240: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:59.316243: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.316245: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:24:59.316248: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:59.316251: | Message ID: 2 (00 00 00 02) Oct 31 15:24:59.316255: | length: 608 (00 00 02 60) Oct 31 15:24:59.316258: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:24:59.316262: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Oct 31 15:24:59.316267: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:59.316275: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.316278: | State DB: found IKEv2 state #5 in V2_NEW_CHILD_I1 (find_v2_sa_by_initiator_wip) Oct 31 15:24:59.316281: | #5 is idle Oct 31 15:24:59.316283: | #5 idle Oct 31 15:24:59.316288: | suspend processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:59.316293: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:59.316295: | unpacking clear payload Oct 31 15:24:59.316298: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:59.316301: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:59.316304: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:59.316307: | flags: none (0x0) Oct 31 15:24:59.316310: | length: 580 (02 44) Oct 31 15:24:59.316313: | processing payload: ISAKMP_NEXT_v2SK (len=576) Oct 31 15:24:59.316316: | #5 in state V2_NEW_CHILD_I1: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:24:59.316349: | authenticator matched Oct 31 15:24:59.316363: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:24:59.316366: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:59.316369: | **parse IKEv2 Security Association Payload: Oct 31 15:24:59.316372: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:59.316374: | flags: none (0x0) Oct 31 15:24:59.316377: | length: 52 (00 34) Oct 31 15:24:59.316379: | processing payload: ISAKMP_NEXT_v2SA (len=48) Oct 31 15:24:59.316381: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:59.316384: | **parse IKEv2 Nonce Payload: Oct 31 15:24:59.316386: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:59.316388: | flags: none (0x0) Oct 31 15:24:59.316390: | length: 36 (00 24) Oct 31 15:24:59.316393: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:59.316395: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:59.316398: | **parse IKEv2 Key Exchange Payload: Oct 31 15:24:59.316400: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:59.316404: | flags: none (0x0) Oct 31 15:24:59.316407: | length: 392 (01 88) Oct 31 15:24:59.316410: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:59.316412: | processing payload: ISAKMP_NEXT_v2KE (len=384) Oct 31 15:24:59.316414: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:59.316417: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:59.316419: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:59.316421: | flags: none (0x0) Oct 31 15:24:59.316424: | length: 24 (00 18) Oct 31 15:24:59.316426: | number of TS: 1 (01) Oct 31 15:24:59.316429: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:59.316431: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:59.316433: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:59.316436: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.316437: | flags: none (0x0) Oct 31 15:24:59.316440: | length: 24 (00 18) Oct 31 15:24:59.316442: | number of TS: 1 (01) Oct 31 15:24:59.316444: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:59.316446: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:24:59.316452: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:59.316455: | forcing ST #5 to CHILD #1.#5 in FSM processor Oct 31 15:24:59.316457: | calling processor Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:24:59.316466: | using existing local ESP/AH proposals for north-eastnets/0x1 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:24:59.316469: | comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 1 local proposals Oct 31 15:24:59.316473: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:59.316475: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:59.316478: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:59.316480: | local proposal 1 type DH has 1 transforms Oct 31 15:24:59.316482: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:59.316485: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:24:59.316488: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.316490: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.316493: | length: 48 (00 30) Oct 31 15:24:59.316495: | prop #: 1 (01) Oct 31 15:24:59.316497: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:59.316499: | spi size: 4 (04) Oct 31 15:24:59.316502: | # transforms: 4 (04) Oct 31 15:24:59.316505: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:59.316508: | remote SPI Oct 31 15:24:59.316510: | e2 91 0a c0 Oct 31 15:24:59.316513: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:59.316516: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.316518: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.316521: | length: 12 (00 0c) Oct 31 15:24:59.316524: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.316526: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.316529: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.316531: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.316534: | length/value: 128 (00 80) Oct 31 15:24:59.316539: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:59.316542: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.316544: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.316547: | length: 8 (00 08) Oct 31 15:24:59.316549: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.316551: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:59.316555: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:59.316560: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.316562: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.316565: | length: 8 (00 08) Oct 31 15:24:59.316567: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.316570: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:59.316573: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:59.316576: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.316578: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.316581: | length: 8 (00 08) Oct 31 15:24:59.316583: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:59.316586: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:59.316589: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:59.316593: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Oct 31 15:24:59.316598: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Oct 31 15:24:59.316601: | remote proposal 1 matches local proposal 1 Oct 31 15:24:59.316604: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Oct 31 15:24:59.316609: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED SPI=e2910ac0 Oct 31 15:24:59.316611: | converting proposal to internal trans attrs Oct 31 15:24:59.316616: | updating #5's .st_oakley with preserved PRF, but why update? Oct 31 15:24:59.316621: | DH secret MODP3072@0x7f10b0007128: transferring ownership from state #5 to helper DH Oct 31 15:24:59.316628: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:59.316631: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:59.316634: | newref clone logger@0x562b96ab9bf8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:59.316637: | job 10 for #5: ikev2 Child SA initiator pfs=yes (dh): adding job to queue Oct 31 15:24:59.316639: | state #5 has no .st_event to delete Oct 31 15:24:59.316643: | #5 requesting EVENT_RETRANSMIT-pe@0x562b96abe4c8 be deleted Oct 31 15:24:59.316646: | libevent_free: delref ptr-libevent@0x7f10bc002b48 Oct 31 15:24:59.316649: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96abe4c8 Oct 31 15:24:59.316652: | #5 STATE_V2_NEW_CHILD_I1: retransmits: cleared Oct 31 15:24:59.316655: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x562b96acbfd8 Oct 31 15:24:59.316658: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Oct 31 15:24:59.316660: | libevent_malloc: newref ptr-libevent@0x562b96ab7d48 size 128 Oct 31 15:24:59.316672: | #5 spent 0.209 (0.209) milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in v2_dispatch() Oct 31 15:24:59.316678: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.316682: | #5 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:24:59.316685: | suspending state #5 and saving MD 0x562b96aca1a8 Oct 31 15:24:59.316688: | addref md@0x562b96aca1a8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:59.316690: | #5 is busy; has suspended MD 0x562b96aca1a8 Oct 31 15:24:59.316695: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.316700: | #1 spent 0.605 (0.614) milliseconds in ikev2_process_packet() Oct 31 15:24:59.316702: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.316705: | delref mdp@0x562b96aca1a8(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.316711: | spent 0.616 (0.626) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.316724: | job 10 for #5: ikev2 Child SA initiator pfs=yes (dh): helper 4 starting job Oct 31 15:24:59.319170: | "north-eastnets/0x1" #5: spent 1.99 (2.44) milliseconds in helper 4 processing job 10 for state #5: ikev2 Child SA initiator pfs=yes (dh) Oct 31 15:24:59.319182: | job 10 for #5: ikev2 Child SA initiator pfs=yes (dh): helper thread 4 sending result back to state Oct 31 15:24:59.319185: | scheduling resume sending helper answer back to state for #5 Oct 31 15:24:59.319189: | libevent_malloc: newref ptr-libevent@0x7f10c0010818 size 128 Oct 31 15:24:59.319202: | helper thread 4 has nothing to do Oct 31 15:24:59.319216: | processing resume sending helper answer back to state for #5 Oct 31 15:24:59.319224: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:59.319228: | unsuspending #5 MD 0x562b96aca1a8 Oct 31 15:24:59.319231: | job 10 for #5: ikev2 Child SA initiator pfs=yes (dh): processing response from helper 4 Oct 31 15:24:59.319234: | job 10 for #5: ikev2 Child SA initiator pfs=yes (dh): calling continuation function 0x562b9558d7cb Oct 31 15:24:59.319237: | DH secret MODP3072@0x7f10b0007128: transferring ownership from helper IKEv2 DH to state #5 Oct 31 15:24:59.319240: | ikev2_child_inR_continue() for #5 STATE_V2_NEW_CHILD_I1 Oct 31 15:24:59.319245: | TSi: parsing 1 traffic selectors Oct 31 15:24:59.319249: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:59.319252: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.319255: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.319259: | length: 16 (00 10) Oct 31 15:24:59.319262: | start port: 0 (00 00) Oct 31 15:24:59.319265: | end port: 65535 (ff ff) Oct 31 15:24:59.319268: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:59.319271: | TS low Oct 31 15:24:59.319273: | c0 00 02 00 Oct 31 15:24:59.319275: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:59.319277: | TS high Oct 31 15:24:59.319279: | c0 00 02 ff Oct 31 15:24:59.319282: | TSi: parsed 1 traffic selectors Oct 31 15:24:59.319284: | TSr: parsing 1 traffic selectors Oct 31 15:24:59.319287: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:59.319289: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.319291: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.319294: | length: 16 (00 10) Oct 31 15:24:59.319297: | start port: 0 (00 00) Oct 31 15:24:59.319300: | end port: 65535 (ff ff) Oct 31 15:24:59.319302: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:59.319304: | TS low Oct 31 15:24:59.319306: | c0 00 03 00 Oct 31 15:24:59.319308: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:59.319311: | TS high Oct 31 15:24:59.319313: | c0 00 03 ff Oct 31 15:24:59.319315: | TSr: parsed 1 traffic selectors Oct 31 15:24:59.319322: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:24:59.319327: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:59.319336: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:59.319339: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:59.319341: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:59.319344: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:59.319347: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:59.319351: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:59.319358: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:24:59.319360: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:59.319362: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:59.319365: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:59.319371: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:59.319374: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:59.319376: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:24:59.319378: | printing contents struct traffic_selector Oct 31 15:24:59.319380: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:59.319382: | ipprotoid: 0 Oct 31 15:24:59.319385: | port range: 0-65535 Oct 31 15:24:59.319388: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:59.319390: | printing contents struct traffic_selector Oct 31 15:24:59.319392: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:59.319394: | ipprotoid: 0 Oct 31 15:24:59.319396: | port range: 0-65535 Oct 31 15:24:59.319400: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:24:59.319405: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:24:59.319506: | install_ipsec_sa() for #5: inbound and outbound Oct 31 15:24:59.319511: | could_route called for north-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:59.319513: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:59.319516: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:59.319518: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:59.319522: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:59.319524: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:59.319527: | route owner of "north-eastnets/0x1" erouted: self; eroute owner: self Oct 31 15:24:59.319530: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:59.319533: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:59.319535: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:59.319539: | setting IPsec SA replay-window to 32 Oct 31 15:24:59.319542: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:24:59.319544: | netlink: enabling tunnel mode Oct 31 15:24:59.319547: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:59.319549: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:59.319552: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:59.319857: | netlink response for Add SA esp.e2910ac0@192.1.3.33 included non-error error Oct 31 15:24:59.319863: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#4 mode=1 Oct 31 15:24:59.319866: | set up outgoing SA, ref=0/0 Oct 31 15:24:59.319869: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:24:59.319872: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:24:59.319874: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:24:59.319878: | setting IPsec SA replay-window to 32 Oct 31 15:24:59.319881: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:24:59.319884: | netlink: enabling tunnel mode Oct 31 15:24:59.319886: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:59.319889: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:59.319891: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:59.320070: | netlink response for Add SA esp.bd68e0ed@192.1.2.23 included non-error error Oct 31 15:24:59.320077: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#4 mode=1 Oct 31 15:24:59.320080: | set up incoming SA, ref=0/0 Oct 31 15:24:59.320083: | sr for #5: erouted Oct 31 15:24:59.320086: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:59.320088: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:59.320091: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:59.320094: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:24:59.320098: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:24:59.320105: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:24:59.320108: | route owner of "north-eastnets/0x1" erouted: self; eroute owner: self Oct 31 15:24:59.320111: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:north-eastnets/0x1 esr:{(nil)} ro:north-eastnets/0x1 rosr:{(nil)} and state: #5 Oct 31 15:24:59.320114: | we are replacing an eroute Oct 31 15:24:59.320117: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:24:59.320129: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:59.320134: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:59.320281: | raw_eroute result=success Oct 31 15:24:59.320290: | route_and_eroute: firewall_notified: true Oct 31 15:24:59.320294: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x562b96ab6ae8,sr=0x562b96ab6ae8} to #5 (was #4) (newest_ipsec_sa=#4) Oct 31 15:24:59.320521: | inR2: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #5 (was #4) (spd.eroute=#5) cloned from #1 Oct 31 15:24:59.320529: | delref logger@0x562b96ab9bf8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:59.320533: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.320536: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.320544: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.320549: | #5 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:24:59.320553: | transitioning from state STATE_V2_NEW_CHILD_I1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:59.320556: | Message ID: updating counters for #5 Oct 31 15:24:59.320564: | Message ID: CHILD #1.#5 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744571.725194 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:59.320573: | Message ID: CHILD #1.#5 updating initiator received message response 2: ike.initiator.sent=2 ike.initiator.recv=1->2 ike.initiator.last_contact=744571.725194->744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=2->-1 child.wip.responder=-1 Oct 31 15:24:59.320579: | Message ID: CHILD #1.#5 skipping update_send as nothing to send: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:59.320585: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.320590: | child state #5: V2_NEW_CHILD_I1(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:59.320593: | pstats #5 ikev2.child established Oct 31 15:24:59.320596: | announcing the state transition Oct 31 15:24:59.320604: "north-eastnets/0x1" #5: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:24:59.320610: | NAT-T: encaps is 'auto' Oct 31 15:24:59.320615: "north-eastnets/0x1" #5: IPsec SA established tunnel mode {ESP=>0xe2910ac0 <0xbd68e0ed xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Oct 31 15:24:59.320619: | releasing #5's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:59.320621: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:59.320624: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:59.320629: | unpending #5's IKE SA #1 Oct 31 15:24:59.320632: | unpending state #1 connection "north-eastnets/0x1" Oct 31 15:24:59.320636: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:59.320638: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:59.320640: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:59.320644: | #5 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Oct 31 15:24:59.320648: | state #5 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:59.320653: | libevent_free: delref ptr-libevent@0x562b96ab7d48 Oct 31 15:24:59.320657: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x562b96acbfd8 Oct 31 15:24:59.320660: | event_schedule: newref EVENT_SA_REKEY-pe@0x562b96ab9bf8 Oct 31 15:24:59.320664: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #5 Oct 31 15:24:59.320667: | libevent_malloc: newref ptr-libevent@0x562b96acccf8 size 128 Oct 31 15:24:59.320672: | delref mdp@0x562b96aca1a8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.320674: | delref logger@0x562b96aa93a8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.320677: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.320679: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.320687: | #5 spent 0.787 (1.46) milliseconds in resume sending helper answer back to state Oct 31 15:24:59.320693: | stop processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:59.320696: | libevent_free: delref ptr-libevent@0x7f10c0010818 Oct 31 15:25:12.350619: | processing global timer EVENT_SHUNT_SCAN Oct 31 15:25:12.350639: | checking for aged bare shunts from shunt table to expire Oct 31 15:25:12.350647: | spent 0.00573 (0.00539) milliseconds in global timer EVENT_SHUNT_SCAN Oct 31 15:25:16.452244: | newref struct fd@0x562b96acc368(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.452259: | fd_accept: new fd-fd@0x562b96acc368 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.452273: | whack: traffic_status Oct 31 15:25:16.452276: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:25:16.452280: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:16.452290: | get_sa_info esp.323e8a54@192.1.2.23 Oct 31 15:25:16.452308: | get_sa_info esp.1e003267@192.1.3.33 Oct 31 15:25:16.452326: | get_sa_info esp.bd68e0ed@192.1.2.23 Oct 31 15:25:16.452338: | get_sa_info esp.e2910ac0@192.1.3.33 Oct 31 15:25:16.452353: | get_sa_info esp.de706675@192.1.2.23 Oct 31 15:25:16.452363: | get_sa_info esp.f040d50e@192.1.3.33 Oct 31 15:25:16.452375: | get_sa_info esp.98b3bf89@192.1.2.23 Oct 31 15:25:16.452384: | get_sa_info esp.8a51674e@192.1.3.33 Oct 31 15:25:16.452396: | delref fd@0x562b96acc368(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:16.452403: | freeref fd-fd@0x562b96acc368 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:16.452412: | spent 0.178 (0.182) milliseconds in whack Oct 31 15:25:16.721774: | newref struct fd@0x562b96acc368(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.721789: | fd_accept: new fd-fd@0x562b96acc368 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.721805: | whack: status Oct 31 15:25:16.722179: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:16.722187: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:16.722333: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:16.722341: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:16.722365: | get_sa_info esp.323e8a54@192.1.2.23 Oct 31 15:25:16.722633: | get_sa_info esp.1e003267@192.1.3.33 Oct 31 15:25:16.722662: | get_sa_info esp.bd68e0ed@192.1.2.23 Oct 31 15:25:16.722676: | get_sa_info esp.e2910ac0@192.1.3.33 Oct 31 15:25:16.722701: | get_sa_info esp.de706675@192.1.2.23 Oct 31 15:25:16.722713: | get_sa_info esp.f040d50e@192.1.3.33 Oct 31 15:25:16.722737: | get_sa_info esp.98b3bf89@192.1.2.23 Oct 31 15:25:16.722749: | get_sa_info esp.8a51674e@192.1.3.33 Oct 31 15:25:16.722781: | delref fd@0x562b96acc368(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:16.722790: | freeref fd-fd@0x562b96acc368 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:16.722799: | spent 0.898 (1.03) milliseconds in whack Oct 31 15:25:18.001275: | newref struct fd@0x562b96acc368(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:18.001296: | fd_accept: new fd-fd@0x562b96acc368 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:18.001313: shutting down Oct 31 15:25:18.001325: | leaking fd-fd@0x562b96acc368's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:18.001330: | delref fd@0x562b96acc368(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:18.001334: | freeref fd-fd@0x562b96acc368 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:18.002016: | shutting down helper thread 5 Oct 31 15:25:18.002137: | helper thread 5 exited Oct 31 15:25:18.002152: | shutting down helper thread 2 Oct 31 15:25:18.002165: | helper thread 2 exited Oct 31 15:25:18.002178: | shutting down helper thread 6 Oct 31 15:25:18.002192: | helper thread 6 exited Oct 31 15:25:18.002226: | shutting down helper thread 7 Oct 31 15:25:18.002278: | helper thread 7 exited Oct 31 15:25:18.002292: | shutting down helper thread 1 Oct 31 15:25:18.002319: | helper thread 1 exited Oct 31 15:25:18.002331: | shutting down helper thread 3 Oct 31 15:25:18.002353: | helper thread 3 exited Oct 31 15:25:18.002365: | shutting down helper thread 4 Oct 31 15:25:18.002394: | helper thread 4 exited Oct 31 15:25:18.002399: 7 helper threads shutdown Oct 31 15:25:18.002403: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:18.002406: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:18.002408: forgetting secrets Oct 31 15:25:18.002424: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:18.002429: | delref pkp@0x562b96ab5c58(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:18.002434: | delref pkp@0x562b96abb2b8(3->2) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:18.002438: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:18.002441: | pass 0 Oct 31 15:25:18.002443: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:18.002446: | state #6 Oct 31 15:25:18.002454: | start processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:18.002458: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:18.002460: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:18.002464: | pstats #6 ikev2.child deleted completed Oct 31 15:25:18.002470: | #6 main thread spent 2.13 (2.36) milliseconds helper thread spent 6.48 (6.54) milliseconds in total Oct 31 15:25:18.002476: | [RE]START processing: state #6 connection "north-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:18.002480: | should_send_delete: yes Oct 31 15:25:18.002485: "north-eastnets/0x2" #6: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 20.046893s and sending notification Oct 31 15:25:18.002489: | child state #6: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:18.002495: | get_sa_info esp.8a51674e@192.1.3.33 Oct 31 15:25:18.002512: | get_sa_info esp.98b3bf89@192.1.2.23 Oct 31 15:25:18.002524: "north-eastnets/0x2" #6: ESP traffic information: in=27MB out=27MB Oct 31 15:25:18.002528: | unsuspending #6 MD (nil) Oct 31 15:25:18.002531: | should_send_delete: yes Oct 31 15:25:18.002534: | #6 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:18.002537: | opening output PBS informational exchange delete request Oct 31 15:25:18.002540: | **emit ISAKMP Message: Oct 31 15:25:18.002545: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:25:18.002550: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:25:18.002557: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:18.002560: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:18.002563: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:18.002566: | flags: none (0x0) Oct 31 15:25:18.002570: | Message ID: 0 (00 00 00 00) Oct 31 15:25:18.002574: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:18.002577: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:18.002581: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.002583: | flags: none (0x0) Oct 31 15:25:18.002586: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:18.002589: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.002592: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:18.002600: | ****emit IKEv2 Delete Payload: Oct 31 15:25:18.002604: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.002606: | flags: none (0x0) Oct 31 15:25:18.002609: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:18.002612: | SPI size: 4 (04) Oct 31 15:25:18.002615: | number of SPIs: 1 (00 01) Oct 31 15:25:18.002618: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:18.002621: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.002624: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:18.002628: | local spis: 98 b3 bf 89 Oct 31 15:25:18.002630: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:18.002633: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:18.002636: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.002638: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.002641: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.002644: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.002647: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:18.002649: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:18.002652: | emitting length of ISAKMP Message: 80 Oct 31 15:25:18.002700: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #2) Oct 31 15:25:18.002705: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:25:18.002708: | 2e 20 25 00 00 00 00 00 00 00 00 50 2a 00 00 34 Oct 31 15:25:18.002710: | 0a 79 c1 a1 1d 55 e8 40 fe 20 d5 d4 c5 a4 02 7c Oct 31 15:25:18.002712: | a3 c4 a3 47 eb dd e9 d1 cc 96 a6 42 c9 5f a6 7e Oct 31 15:25:18.002714: | 85 de 7a a5 a0 8b 7f 03 00 cd 1d a4 20 e8 88 bb Oct 31 15:25:18.003159: | sent 1 messages Oct 31 15:25:18.003164: | Message ID: IKE #2 sender #6 in send_delete hacking around record 'n' send Oct 31 15:25:18.003172: | Message ID: IKE #2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:18.003177: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96ac13a8 Oct 31 15:25:18.003181: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #2 Oct 31 15:25:18.003186: | libevent_malloc: newref ptr-libevent@0x7f10c0010818 size 128 Oct 31 15:25:18.003193: | #2 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744592.435972 Oct 31 15:25:18.003204: | Message ID: IKE #2 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:18.003215: | state #6 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:18.003221: | libevent_free: delref ptr-libevent@0x562b96acc058 Oct 31 15:25:18.003224: | free_event_entry: delref EVENT_SA_REKEY-pe@0x562b96abf618 Oct 31 15:25:18.003228: | #6 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:18.006059: | running updown command "ipsec _updown" for verb down Oct 31 15:25:18.006072: | command executing down-client Oct 31 15:25:18.006079: | get_sa_info esp.8a51674e@192.1.3.33 Oct 31 15:25:18.006093: | get_sa_info esp.98b3bf89@192.1.2.23 Oct 31 15:25:18.006128: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157897' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR... Oct 31 15:25:18.006133: | popen cmd is 1155 chars long Oct 31 15:25:18.006136: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Oct 31 15:25:18.006138: | cmd( 80):2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:18.006141: | cmd( 160):_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT: Oct 31 15:25:18.006144: | cmd( 240):='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.: Oct 31 15:25:18.006146: | cmd( 320):255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_T: Oct 31 15:25:18.006149: | cmd( 400):YPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.: Oct 31 15:25:18.006151: | cmd( 480):0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:25:18.006153: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:18.006156: | cmd( 640):m' PLUTO_ADDTIME='1604157897' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:25:18.006158: | cmd( 720):+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' P: Oct 31 15:25:18.006161: | cmd( 800):LUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Oct 31 15:25:18.006163: | cmd( 880):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Oct 31 15:25:18.006165: | cmd( 960):UTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='28581252' PLUTO_OUTBYT: Oct 31 15:25:18.006168: | cmd(1040):ES='28611912' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8a51674e SP: Oct 31 15:25:18.006170: | cmd(1120):I_OUT=0x98b3bf89 ipsec _updown 2>&1: Oct 31 15:25:18.019702: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:18.019718: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:18.019723: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:18.019728: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:18.019775: | delete esp.8a51674e@192.1.3.33 Oct 31 15:25:18.019781: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.019811: | netlink response for Del SA esp.8a51674e@192.1.3.33 included non-error error Oct 31 15:25:18.019817: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:18.019825: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:18.019854: | raw_eroute result=success Oct 31 15:25:18.019861: | delete esp.98b3bf89@192.1.2.23 Oct 31 15:25:18.019864: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.019885: | netlink response for Del SA esp.98b3bf89@192.1.2.23 included non-error error Oct 31 15:25:18.019894: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:25:18.019899: | State DB: deleting IKEv2 state #6 in ESTABLISHED_CHILD_SA Oct 31 15:25:18.019907: | child state #6: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:18.019911: | releasing #6's fd-fd@(nil) because deleting state Oct 31 15:25:18.019914: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.019917: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.019919: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:18.019946: | stop processing: state #6 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:18.019959: | delref logger@0x562b96aa9108(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:18.019964: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.019967: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.019970: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:18.019973: | state #5 Oct 31 15:25:18.019975: | state #4 Oct 31 15:25:18.019978: | state #3 Oct 31 15:25:18.019984: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:18.019986: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:18.019989: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:18.019992: | pstats #3 ikev2.child deleted completed Oct 31 15:25:18.019999: | #3 main thread spent 2.56 (119) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:18.020004: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:18.020007: | should_send_delete: yes Oct 31 15:25:18.020012: "north-eastnets/0x2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 22.9739s and sending notification Oct 31 15:25:18.020016: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:18.020020: | get_sa_info esp.f040d50e@192.1.3.33 Oct 31 15:25:18.020032: | get_sa_info esp.de706675@192.1.2.23 Oct 31 15:25:18.020041: "north-eastnets/0x2" #3: ESP traffic information: in=4MB out=4MB Oct 31 15:25:18.020045: | unsuspending #3 MD (nil) Oct 31 15:25:18.020047: | should_send_delete: yes Oct 31 15:25:18.020050: | #3 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:18.020053: | opening output PBS informational exchange delete request Oct 31 15:25:18.020056: | **emit ISAKMP Message: Oct 31 15:25:18.020061: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:25:18.020066: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:25:18.020069: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:18.020071: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:18.020074: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:18.020077: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:18.020081: | Message ID: 3 (00 00 00 03) Oct 31 15:25:18.020084: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:18.020088: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:18.020093: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.020096: | flags: none (0x0) Oct 31 15:25:18.020099: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:18.020101: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.020105: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:18.020116: | ****emit IKEv2 Delete Payload: Oct 31 15:25:18.020119: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.020122: | flags: none (0x0) Oct 31 15:25:18.020124: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:18.020127: | SPI size: 4 (04) Oct 31 15:25:18.020131: | number of SPIs: 1 (00 01) Oct 31 15:25:18.020133: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:18.020136: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.020139: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:18.020143: | local spis: de 70 66 75 Oct 31 15:25:18.020145: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:18.020148: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:18.020151: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020153: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020156: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020159: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020162: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:18.020164: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:18.020166: | emitting length of ISAKMP Message: 80 Oct 31 15:25:18.020241: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:18.020248: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:25:18.020250: | 2e 20 25 08 00 00 00 03 00 00 00 50 2a 00 00 34 Oct 31 15:25:18.020252: | 1e d2 c3 c4 6a ac 19 b5 3d e8 68 3d 97 e5 df 62 Oct 31 15:25:18.020255: | f6 46 a9 90 48 61 69 dc 9e 34 11 ab 2d 5b 36 a5 Oct 31 15:25:18.020257: | 34 21 0e ba 41 18 7a 4f c7 40 1c ac 14 dd 8b 75 Oct 31 15:25:18.020302: | sent 1 messages Oct 31 15:25:18.020305: | Message ID: IKE #1 sender #3 in send_delete hacking around record 'n' send Oct 31 15:25:18.020313: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=3 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=3 ike.wip.responder=-1 Oct 31 15:25:18.020317: | event_schedule: newref EVENT_RETRANSMIT-pe@0x562b96aa9108 Oct 31 15:25:18.020320: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Oct 31 15:25:18.020324: | libevent_malloc: newref ptr-libevent@0x562b96acc058 size 128 Oct 31 15:25:18.020330: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744592.453112 Oct 31 15:25:18.020336: | Message ID: IKE #1 updating initiator sent message request 3: ike.initiator.sent=2->3 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=-1->3 ike.wip.responder=-1 Oct 31 15:25:18.020340: | state #3 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:18.020344: | libevent_free: delref ptr-libevent@0x562b96ac67c8 Oct 31 15:25:18.020347: | free_event_entry: delref EVENT_SA_REKEY-pe@0x562b96ac6748 Oct 31 15:25:18.020352: | #3 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:18.020409: | delete esp.f040d50e@192.1.3.33 Oct 31 15:25:18.020413: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.020431: | netlink response for Del SA esp.f040d50e@192.1.3.33 included non-error error Oct 31 15:25:18.020435: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:18.020442: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:18.020453: | raw_eroute result=success Oct 31 15:25:18.020457: | delete esp.de706675@192.1.2.23 Oct 31 15:25:18.020460: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.020470: | netlink response for Del SA esp.de706675@192.1.2.23 included non-error error Oct 31 15:25:18.020474: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:25:18.020476: | State DB: deleting IKEv2 state #3 in ESTABLISHED_CHILD_SA Oct 31 15:25:18.020480: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:18.020484: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:18.020486: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.020489: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.020491: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:18.020496: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:18.020502: | delref logger@0x562b96aa9418(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:18.020504: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.020507: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.020510: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:18.020512: | state #2 Oct 31 15:25:18.020515: | state #1 Oct 31 15:25:18.020517: | pass 1 Oct 31 15:25:18.020519: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:18.020521: | state #5 Oct 31 15:25:18.020523: | state #4 Oct 31 15:25:18.020525: | state #2 Oct 31 15:25:18.020528: | state #1 Oct 31 15:25:18.020534: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:18.020539: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:18.020542: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:18.020559: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:18.020570: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:18.020573: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:18.020576: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:18.020578: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:18.020581: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:18.020585: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" erouted Oct 31 15:25:18.020588: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:18.020591: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:18.020594: | newref clone logger@0x562b96ab7e68(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:18.020597: | flush revival: connection 'north-eastnets/0x2' wasn't on the list Oct 31 15:25:18.020600: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:18.020602: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:18.020608: | Connection DB: deleting connection $2 Oct 31 15:25:18.020612: | delref logger@0x562b96ab7e68(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:18.020651: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.020655: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.020658: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:18.020662: | pass 0 Oct 31 15:25:18.020664: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:18.020666: | state #5 Oct 31 15:25:18.020672: | start processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:18.020674: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:18.020677: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:18.020679: | pstats #5 ikev2.child deleted completed Oct 31 15:25:18.020684: | #5 main thread spent 2.36 (3.09) milliseconds helper thread spent 7.25 (14.8) milliseconds in total Oct 31 15:25:18.020689: | [RE]START processing: state #5 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:18.020692: | should_send_delete: yes Oct 31 15:25:18.020696: "north-eastnets/0x1" #5: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 20.72819s and sending notification Oct 31 15:25:18.020699: | child state #5: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:18.020703: | get_sa_info esp.e2910ac0@192.1.3.33 Oct 31 15:25:18.020713: | get_sa_info esp.bd68e0ed@192.1.2.23 Oct 31 15:25:18.020721: "north-eastnets/0x1" #5: ESP traffic information: in=7MB out=7MB Oct 31 15:25:18.020724: | unsuspending #5 MD (nil) Oct 31 15:25:18.020727: | should_send_delete: yes Oct 31 15:25:18.020729: | #5 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:18.020732: | opening output PBS informational exchange delete request Oct 31 15:25:18.020735: | **emit ISAKMP Message: Oct 31 15:25:18.020739: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:25:18.020743: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:25:18.020746: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:18.020748: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:18.020751: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:18.020754: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:18.020758: | Message ID: 4 (00 00 00 04) Oct 31 15:25:18.020761: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:18.020764: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:18.020766: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.020769: | flags: none (0x0) Oct 31 15:25:18.020772: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:18.020774: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.020777: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:18.020783: | ****emit IKEv2 Delete Payload: Oct 31 15:25:18.020785: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.020787: | flags: none (0x0) Oct 31 15:25:18.020790: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:18.020793: | SPI size: 4 (04) Oct 31 15:25:18.020796: | number of SPIs: 1 (00 01) Oct 31 15:25:18.020799: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:18.020801: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.020804: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:18.020807: | local spis: bd 68 e0 ed Oct 31 15:25:18.020810: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:18.020812: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:18.020815: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020818: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020820: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020825: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.020827: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:18.020830: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:18.020832: | emitting length of ISAKMP Message: 80 Oct 31 15:25:18.020867: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:18.020870: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:25:18.020873: | 2e 20 25 08 00 00 00 04 00 00 00 50 2a 00 00 34 Oct 31 15:25:18.020875: | b6 24 57 50 97 03 72 63 73 fc 1b e6 be ea a4 b7 Oct 31 15:25:18.020877: | 20 26 e8 0c 80 0f 60 83 9f 44 83 10 a4 81 65 c4 Oct 31 15:25:18.020879: | 85 f5 8d 4f 50 fa 45 f9 60 74 e1 db 81 e2 41 75 Oct 31 15:25:18.020908: | sent 1 messages Oct 31 15:25:18.020911: | Message ID: IKE #1 sender #5 in send_delete hacking around record 'n' send Oct 31 15:25:18.020918: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 3 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=4 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=4 ike.wip.responder=-1 Oct 31 15:25:18.020924: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=4 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=4 ike.wip.responder=-1 Oct 31 15:25:18.020930: | Message ID: IKE #1 updating initiator sent message request 4: ike.initiator.sent=3->4 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=3->4 ike.wip.responder=-1 Oct 31 15:25:18.020933: | state #5 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:18.020937: | libevent_free: delref ptr-libevent@0x562b96acccf8 Oct 31 15:25:18.020940: | free_event_entry: delref EVENT_SA_REKEY-pe@0x562b96ab9bf8 Oct 31 15:25:18.020943: | #5 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:18.020999: | running updown command "ipsec _updown" for verb down Oct 31 15:25:18.021004: | command executing down-client Oct 31 15:25:18.021009: | get_sa_info esp.e2910ac0@192.1.3.33 Oct 31 15:25:18.021019: | get_sa_info esp.bd68e0ed@192.1.2.23 Oct 31 15:25:18.021052: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157899' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED... Oct 31 15:25:18.021056: | popen cmd is 1151 chars long Oct 31 15:25:18.021058: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Oct 31 15:25:18.021061: | cmd( 80):1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:18.021063: | cmd( 160):_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT: Oct 31 15:25:18.021067: | cmd( 240):='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.25: Oct 31 15:25:18.021070: | cmd( 320):5.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYP: Oct 31 15:25:18.021072: | cmd( 400):E='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:25:18.021074: | cmd( 480):3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:25:18.021076: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:25:18.021079: | cmd( 640): PLUTO_ADDTIME='1604157899' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+I: Oct 31 15:25:18.021081: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLU: Oct 31 15:25:18.021083: | cmd( 800):TO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_: Oct 31 15:25:18.021085: | cmd( 880):INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUT: Oct 31 15:25:18.021087: | cmd( 960):O_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='8213016' PLUTO_OUTBYTES=: Oct 31 15:25:18.021090: | cmd(1040):'8213016' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe2910ac0 SPI_OU: Oct 31 15:25:18.021092: | cmd(1120):T=0xbd68e0ed ipsec _updown 2>&1: Oct 31 15:25:18.043507: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:18.043525: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:18.043530: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:18.043534: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:18.043573: | delete esp.e2910ac0@192.1.3.33 Oct 31 15:25:18.043579: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.043597: | netlink response for Del SA esp.e2910ac0@192.1.3.33 included non-error error Oct 31 15:25:18.043601: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:18.043608: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:18.043633: | raw_eroute result=success Oct 31 15:25:18.043639: | delete esp.bd68e0ed@192.1.2.23 Oct 31 15:25:18.043642: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.043653: | netlink response for Del SA esp.bd68e0ed@192.1.2.23 included non-error error Oct 31 15:25:18.043659: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:25:18.043662: | State DB: deleting IKEv2 state #5 in ESTABLISHED_CHILD_SA Oct 31 15:25:18.043667: | child state #5: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:18.043671: | releasing #5's fd-fd@(nil) because deleting state Oct 31 15:25:18.043674: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.043677: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.043680: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:18.043701: | stop processing: state #5 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:18.043711: | delref logger@0x562b96ac1098(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:18.043714: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.043717: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.043720: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:18.043724: | state #4 Oct 31 15:25:18.043730: | start processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:18.043733: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:18.043736: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:18.043739: | pstats #4 ikev2.child deleted completed Oct 31 15:25:18.043747: | #4 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:18.043753: | [RE]START processing: state #4 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:18.043756: | should_send_delete: yes Oct 31 15:25:18.043762: "north-eastnets/0x1" #4: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 21.223523s and sending notification Oct 31 15:25:18.043765: | child state #4: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:18.043770: | get_sa_info esp.1e003267@192.1.3.33 Oct 31 15:25:18.043781: | get_sa_info esp.323e8a54@192.1.2.23 Oct 31 15:25:18.043791: "north-eastnets/0x1" #4: ESP traffic information: in=19MB out=19MB Oct 31 15:25:18.043795: | unsuspending #4 MD (nil) Oct 31 15:25:18.043797: | should_send_delete: yes Oct 31 15:25:18.043801: | #4 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:18.043804: | opening output PBS informational exchange delete request Oct 31 15:25:18.043807: | **emit ISAKMP Message: Oct 31 15:25:18.043812: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:25:18.043817: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:25:18.043820: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:18.043823: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:18.043826: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:18.043829: | flags: none (0x0) Oct 31 15:25:18.043833: | Message ID: 1 (00 00 00 01) Oct 31 15:25:18.043837: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:18.043840: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:18.043844: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.043846: | flags: none (0x0) Oct 31 15:25:18.043849: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:18.043852: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.043856: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:18.043867: | ****emit IKEv2 Delete Payload: Oct 31 15:25:18.043871: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.043874: | flags: none (0x0) Oct 31 15:25:18.043876: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:18.043880: | SPI size: 4 (04) Oct 31 15:25:18.043883: | number of SPIs: 1 (00 01) Oct 31 15:25:18.043886: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:18.043892: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.043895: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:18.043899: | local spis: 32 3e 8a 54 Oct 31 15:25:18.043901: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:18.043904: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:18.043906: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.043909: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.043912: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.043915: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.043918: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:18.043921: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:18.043923: | emitting length of ISAKMP Message: 80 Oct 31 15:25:18.043962: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #2) Oct 31 15:25:18.043965: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:25:18.043969: | 2e 20 25 00 00 00 00 01 00 00 00 50 2a 00 00 34 Oct 31 15:25:18.043970: | 5a 4c 0a 86 ec 2d 3d 52 58 6a 8c a7 ae 38 af 41 Oct 31 15:25:18.043972: | 5b ae 98 5d 44 ae a7 79 54 f9 91 c8 c4 ca 12 08 Oct 31 15:25:18.043973: | aa a3 30 d2 03 b1 89 e3 23 a6 75 4e 0b 1b 91 5a Oct 31 15:25:18.044010: | sent 1 messages Oct 31 15:25:18.044013: | Message ID: IKE #2 sender #4 in send_delete hacking around record 'n' send Oct 31 15:25:18.044018: | Message ID: IKE #2 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:25:18.044021: | Message ID: IKE #2 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:25:18.044026: | Message ID: IKE #2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=0->1 ike.wip.responder=-1 Oct 31 15:25:18.044028: | state #4 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:18.044032: | libevent_free: delref ptr-libevent@0x562b96ac9178 Oct 31 15:25:18.044034: | free_event_entry: delref EVENT_SA_REKEY-pe@0x562b96aba028 Oct 31 15:25:18.044036: | #4 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:18.044086: | delete esp.1e003267@192.1.3.33 Oct 31 15:25:18.044094: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.044118: | netlink response for Del SA esp.1e003267@192.1.3.33 included non-error error Oct 31 15:25:18.044123: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:18.044132: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:18.044314: | raw_eroute result=success Oct 31 15:25:18.044326: | delete esp.323e8a54@192.1.2.23 Oct 31 15:25:18.044331: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:18.044348: | netlink response for Del SA esp.323e8a54@192.1.2.23 included non-error error Oct 31 15:25:18.044354: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:25:18.044357: | State DB: deleting IKEv2 state #4 in ESTABLISHED_CHILD_SA Oct 31 15:25:18.044361: | child state #4: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:18.044365: | releasing #4's fd-fd@(nil) because deleting state Oct 31 15:25:18.044367: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.044370: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.044372: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:18.044379: | stop processing: state #4 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:18.044384: | delref logger@0x562b96ab75d8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:18.044387: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.044390: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.044394: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:18.044396: | state #2 Oct 31 15:25:18.044399: | state #1 Oct 31 15:25:18.044401: | pass 1 Oct 31 15:25:18.044403: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:18.044405: | state #2 Oct 31 15:25:18.044411: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:18.044414: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:18.044417: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:18.044422: | pstats #2 ikev2.ike deleted completed Oct 31 15:25:18.044428: | #2 main thread spent 5.52 (23.7) milliseconds helper thread spent 7.12 (7.28) milliseconds in total Oct 31 15:25:18.044433: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:18.044436: | should_send_delete: yes Oct 31 15:25:18.044441: "north-eastnets/0x1" #2: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 23.24709s and sending notification Oct 31 15:25:18.044444: | parent state #2: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:18.044484: | unsuspending #2 MD (nil) Oct 31 15:25:18.044489: | should_send_delete: yes Oct 31 15:25:18.044492: | #2 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA Oct 31 15:25:18.044495: | opening output PBS informational exchange delete request Oct 31 15:25:18.044498: | **emit ISAKMP Message: Oct 31 15:25:18.044503: | initiator SPI: 2f db aa cf a4 4d 20 39 Oct 31 15:25:18.044507: | responder SPI: 91 12 8b 2d 12 ca 59 2a Oct 31 15:25:18.044510: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:18.044512: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:18.044515: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:18.044518: | flags: none (0x0) Oct 31 15:25:18.044522: | Message ID: 2 (00 00 00 02) Oct 31 15:25:18.044525: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:18.044528: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:18.044531: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.044533: | flags: none (0x0) Oct 31 15:25:18.044536: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:18.044539: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.044542: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:18.044549: | ****emit IKEv2 Delete Payload: Oct 31 15:25:18.044552: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.044554: | flags: none (0x0) Oct 31 15:25:18.044557: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:18.044560: | SPI size: 0 (00) Oct 31 15:25:18.044563: | number of SPIs: 0 (00 00) Oct 31 15:25:18.044566: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:18.044569: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.044572: | emitting length of IKEv2 Delete Payload: 8 Oct 31 15:25:18.044575: | adding 8 bytes of padding (including 1 byte padding-length) Oct 31 15:25:18.044578: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044580: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044583: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044586: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044588: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044591: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044594: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044596: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.044599: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:18.044602: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:18.044604: | emitting length of ISAKMP Message: 80 Oct 31 15:25:18.044694: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #2) Oct 31 15:25:18.044702: | 2f db aa cf a4 4d 20 39 91 12 8b 2d 12 ca 59 2a Oct 31 15:25:18.044705: | 2e 20 25 00 00 00 00 02 00 00 00 50 2a 00 00 34 Oct 31 15:25:18.044708: | e5 be 3a 5e 84 36 9b 03 1e 8b f4 2b 2e 33 fc ff Oct 31 15:25:18.044710: | de b4 52 58 b7 7a b7 cb 4c 1e db f9 32 8b 81 5d Oct 31 15:25:18.044712: | 79 c0 10 bf 3c 6d a8 b1 ba 64 dd be b8 b7 fa d7 Oct 31 15:25:18.044796: | sent 1 messages Oct 31 15:25:18.044802: | Message ID: IKE #2 sender #2 in send_delete hacking around record 'n' send Oct 31 15:25:18.044809: | Message ID: IKE #2 XXX: expecting sender.wip.initiator 1 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=2 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=2 ike.wip.responder=-1 Oct 31 15:25:18.044816: | Message ID: IKE #2 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=2 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=2 ike.wip.responder=-1 Oct 31 15:25:18.044823: | Message ID: IKE #2 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=-1 ike.initiator.last_contact=744569.230166 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744572.397291 ike.wip.initiator=1->2 ike.wip.responder=-1 Oct 31 15:25:18.044826: | state #2 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:18.044830: | libevent_free: delref ptr-libevent@0x7f10b8012a78 Oct 31 15:25:18.044834: | free_event_entry: delref EVENT_SA_REKEY-pe@0x562b96ac3878 Oct 31 15:25:18.044837: | #2 requesting EVENT_RETRANSMIT-pe@0x562b96ac13a8 be deleted Oct 31 15:25:18.044841: | libevent_free: delref ptr-libevent@0x7f10c0010818 Oct 31 15:25:18.044844: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96ac13a8 Oct 31 15:25:18.044905: | #2 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:18.044909: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:18.044913: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:25:18.044915: | State DB: deleting IKEv2 state #2 in ESTABLISHED_IKE_SA Oct 31 15:25:18.044919: | parent state #2: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:18.044922: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:18.044925: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.044927: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.044930: | delref pkp@0x562b96abb2b8(2->1) (in delete_state() at state.c:1202) Oct 31 15:25:18.045002: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:18.045023: | delref logger@0x562b96abac28(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:18.045027: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.045030: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.045033: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:18.045035: | state #1 Oct 31 15:25:18.045041: | start processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:18.045044: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:18.045046: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:18.045105: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:18.045113: | #1 main thread spent 8.69 (125) milliseconds helper thread spent 8.01 (9.08) milliseconds in total Oct 31 15:25:18.045119: | [RE]START processing: state #1 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:18.045122: | should_send_delete: yes Oct 31 15:25:18.045129: "north-eastnets/0x1" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 25.623597s and sending notification Oct 31 15:25:18.045132: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:18.045178: | unsuspending #1 MD (nil) Oct 31 15:25:18.045183: | should_send_delete: yes Oct 31 15:25:18.045186: | #1 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA Oct 31 15:25:18.045188: | opening output PBS informational exchange delete request Oct 31 15:25:18.045191: | **emit ISAKMP Message: Oct 31 15:25:18.045196: | initiator SPI: 39 a0 1b dc 13 1c ca 88 Oct 31 15:25:18.045203: | responder SPI: 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:25:18.045210: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:18.045212: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:18.045215: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:18.045217: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:18.045221: | Message ID: 5 (00 00 00 05) Oct 31 15:25:18.045224: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:18.045227: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:18.045229: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.045232: | flags: none (0x0) Oct 31 15:25:18.045234: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:18.045237: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.045240: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:18.045248: | ****emit IKEv2 Delete Payload: Oct 31 15:25:18.045251: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:18.045310: | flags: none (0x0) Oct 31 15:25:18.045314: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:18.045318: | SPI size: 0 (00) Oct 31 15:25:18.045321: | number of SPIs: 0 (00 00) Oct 31 15:25:18.045324: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:18.045326: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:18.045329: | emitting length of IKEv2 Delete Payload: 8 Oct 31 15:25:18.045332: | adding 8 bytes of padding (including 1 byte padding-length) Oct 31 15:25:18.045335: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045338: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045340: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045343: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045346: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045349: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045351: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045353: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:18.045356: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:18.045358: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:18.045361: | emitting length of ISAKMP Message: 80 Oct 31 15:25:18.045394: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:18.045398: | 39 a0 1b dc 13 1c ca 88 9b b1 cd 4e 99 d1 dc 27 Oct 31 15:25:18.045401: | 2e 20 25 08 00 00 00 05 00 00 00 50 2a 00 00 34 Oct 31 15:25:18.045403: | 78 b8 fd 02 f9 be 8f af f5 bb 32 49 43 b0 0a 5e Oct 31 15:25:18.045405: | c7 a0 b5 54 da 6f ad b6 20 26 c3 a9 47 37 26 4c Oct 31 15:25:18.045412: | 6f 08 3e 48 12 be a8 49 71 fa 36 ae 49 cc 40 e2 Oct 31 15:25:18.045433: | sent 1 messages Oct 31 15:25:18.045438: | Message ID: IKE #1 sender #1 in send_delete hacking around record 'n' send Oct 31 15:25:18.045445: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 4 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=5 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=5 ike.wip.responder=-1 Oct 31 15:25:18.045452: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=5 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=5 ike.wip.responder=-1 Oct 31 15:25:18.045458: | Message ID: IKE #1 updating initiator sent message request 5: ike.initiator.sent=4->5 ike.initiator.recv=2 ike.initiator.last_contact=744573.753355 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744566.854355 ike.wip.initiator=4->5 ike.wip.responder=-1 Oct 31 15:25:18.045462: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:18.045465: | libevent_free: delref ptr-libevent@0x7f10ac000d38 Oct 31 15:25:18.045468: | free_event_entry: delref EVENT_SA_REKEY-pe@0x562b96ac57c8 Oct 31 15:25:18.045472: | #1 requesting EVENT_RETRANSMIT-pe@0x562b96aa9108 be deleted Oct 31 15:25:18.045474: | libevent_free: delref ptr-libevent@0x562b96acc058 Oct 31 15:25:18.045477: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x562b96aa9108 Oct 31 15:25:18.045480: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:18.045483: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:18.045486: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:25:18.045489: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:18.045492: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:18.045495: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:18.045498: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.045500: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:18.045504: | delref pkp@0x562b96abb2b8(1->0) (in delete_state() at state.c:1202) Oct 31 15:25:18.045518: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:18.045536: | delref logger@0x562b96abae48(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:18.045540: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.045542: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.045545: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:18.045552: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:18.045558: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:18.045562: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:18.045587: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:18.045600: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:18.045604: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:18.045607: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:18.045610: | route owner of "north-eastnets/0x1" unrouted: NULL Oct 31 15:25:18.045613: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:18.045615: | command executing unroute-client Oct 31 15:25:18.045642: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:25:18.045705: | popen cmd is 1083 chars long Oct 31 15:25:18.045711: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:25:18.045714: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:18.045716: | cmd( 160):UTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLI: Oct 31 15:25:18.045718: | cmd( 240):ENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:25:18.045721: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:25:18.045723: | cmd( 400):TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='19: Oct 31 15:25:18.045725: | cmd( 480):2.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.25: Oct 31 15:25:18.045727: | cmd( 560):5.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='x: Oct 31 15:25:18.045729: | cmd( 640):frm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_: Oct 31 15:25:18.045731: | cmd( 720):ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Oct 31 15:25:18.045734: | cmd( 800):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Oct 31 15:25:18.045736: | cmd( 880):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Oct 31 15:25:18.045738: | cmd( 960):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Oct 31 15:25:18.045740: | cmd(1040):' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:18.062295: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062375: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062382: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062452: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062457: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062461: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062465: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062468: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062471: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062473: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062476: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062479: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062482: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062486: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062489: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062500: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062519: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062534: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062549: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062564: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062580: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062599: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062674: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062743: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062748: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062750: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062753: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.062996: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063010: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063024: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063039: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063056: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063078: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063143: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063147: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063150: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.063153: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:18.108587: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:18.108671: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:18.108679: | newref clone logger@0x562b96ab7e68(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:18.108685: | delref hp@0x562b96ab7b88(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:18.108689: | flush revival: connection 'north-eastnets/0x1' wasn't on the list Oct 31 15:25:18.108693: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:18.108695: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:18.108704: | Connection DB: deleting connection $1 Oct 31 15:25:18.108708: | delref logger@0x562b96ab7e68(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:18.108711: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:18.108714: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:18.108717: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:18.108719: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:18.108724: | iface: marking eth1 dead Oct 31 15:25:18.108727: | iface: marking eth0 dead Oct 31 15:25:18.108729: | iface: marking eth0 dead Oct 31 15:25:18.108732: | iface: marking eth0 dead Oct 31 15:25:18.108734: | iface: marking eth0 dead Oct 31 15:25:18.108736: | iface: marking lo dead Oct 31 15:25:18.108738: | updating interfaces - listing interfaces that are going down Oct 31 15:25:18.108744: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:18.108748: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:18.108751: shutting down interface eth0 192.0.2.254:4500 Oct 31 15:25:18.108755: shutting down interface eth0 192.0.2.254:500 Oct 31 15:25:18.108759: shutting down interface eth0 192.0.22.251:4500 Oct 31 15:25:18.108762: shutting down interface eth0 192.0.22.251:500 Oct 31 15:25:18.108766: shutting down interface eth0 192.0.22.254:4500 Oct 31 15:25:18.108769: shutting down interface eth0 192.0.22.254:500 Oct 31 15:25:18.108773: shutting down interface eth0 192.0.2.251:4500 Oct 31 15:25:18.108777: shutting down interface eth0 192.0.2.251:500 Oct 31 15:25:18.108780: shutting down interface eth1 192.1.2.23:4500 Oct 31 15:25:18.108783: shutting down interface eth1 192.1.2.23:500 Oct 31 15:25:18.108785: | updating interfaces - deleting the dead Oct 31 15:25:18.108790: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:18.108799: | libevent_free: delref ptr-libevent@0x562b96ab6378 Oct 31 15:25:18.108867: | delref id@0x562b96ab79e8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108881: | libevent_free: delref ptr-libevent@0x562b96ab2068 Oct 31 15:25:18.108885: | delref id@0x562b96ab79e8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108891: | libevent_free: delref ptr-libevent@0x562b96a75798 Oct 31 15:25:18.108894: | delref id@0x562b96ab7958(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108900: | libevent_free: delref ptr-libevent@0x562b96a6aa58 Oct 31 15:25:18.108903: | delref id@0x562b96ab7958(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108908: | libevent_free: delref ptr-libevent@0x562b96a75898 Oct 31 15:25:18.108911: | delref id@0x562b96ab78c8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108918: | libevent_free: delref ptr-libevent@0x562b96a722b8 Oct 31 15:25:18.108921: | delref id@0x562b96ab78c8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108926: | libevent_free: delref ptr-libevent@0x562b96a72208 Oct 31 15:25:18.108929: | delref id@0x562b96ab7838(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108934: | libevent_free: delref ptr-libevent@0x562b96abcd28 Oct 31 15:25:18.108936: | delref id@0x562b96ab7838(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108942: | libevent_free: delref ptr-libevent@0x562b96abce18 Oct 31 15:25:18.108945: | delref id@0x562b96ab77a8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108950: | libevent_free: delref ptr-libevent@0x562b96abcf08 Oct 31 15:25:18.108953: | delref id@0x562b96ab77a8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108960: | libevent_free: delref ptr-libevent@0x562b96abcff8 Oct 31 15:25:18.108962: | delref id@0x562b96ab5f68(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108968: | libevent_free: delref ptr-libevent@0x562b96abd0e8 Oct 31 15:25:18.108970: | delref id@0x562b96ab5f68(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108975: | delref id@0x562b96ab5f68(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108978: | delref id@0x562b96ab77a8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108981: | delref id@0x562b96ab7838(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108983: | delref id@0x562b96ab78c8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108986: | delref id@0x562b96ab7958(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108989: | delref id@0x562b96ab79e8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:18.108991: | updating interfaces - checking orientation Oct 31 15:25:18.108993: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:18.111458: | libevent_free: delref ptr-libevent@0x562b96ab2118 Oct 31 15:25:18.111472: | free_event_entry: delref EVENT_NULL-pe@0x562b96ab55d8 Oct 31 15:25:18.111479: | libevent_free: delref ptr-libevent@0x562b96a75698 Oct 31 15:25:18.111482: | free_event_entry: delref EVENT_NULL-pe@0x562b96ab1ff8 Oct 31 15:25:18.111486: | libevent_free: delref ptr-libevent@0x562b96a755e8 Oct 31 15:25:18.111488: | free_event_entry: delref EVENT_NULL-pe@0x562b96aaffd8 Oct 31 15:25:18.111492: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:18.111494: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:18.111496: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:18.111499: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:18.111501: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:18.111503: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:18.111505: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:18.111508: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:18.111510: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:18.111514: | libevent_free: delref ptr-libevent@0x562b96a08548 Oct 31 15:25:18.111517: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:18.111520: | libevent_free: delref ptr-libevent@0x562b96a07598 Oct 31 15:25:18.111525: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:18.111528: | libevent_free: delref ptr-libevent@0x562b96ab57f8 Oct 31 15:25:18.111531: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:18.111534: | libevent_free: delref ptr-libevent@0x562b96ab5a38 Oct 31 15:25:18.111536: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:18.111538: | releasing event base Oct 31 15:25:18.111554: | libevent_free: delref ptr-libevent@0x562b96ab5908 Oct 31 15:25:18.111557: | libevent_free: delref ptr-libevent@0x562b96aa4cf8 Oct 31 15:25:18.111561: | libevent_free: delref ptr-libevent@0x562b96aa4ca8 Oct 31 15:25:18.111564: | libevent_free: delref ptr-libevent@0x562b96ac11b8 Oct 31 15:25:18.111566: | libevent_free: delref ptr-libevent@0x562b96aa4ea8 Oct 31 15:25:18.111569: | libevent_free: delref ptr-libevent@0x562b96aa90c8 Oct 31 15:25:18.111572: | libevent_free: delref ptr-libevent@0x562b96aa8ed8 Oct 31 15:25:18.111574: | libevent_free: delref ptr-libevent@0x562b96aa4ee8 Oct 31 15:25:18.111576: | libevent_free: delref ptr-libevent@0x562b96aa8ce8 Oct 31 15:25:18.111578: | libevent_free: delref ptr-libevent@0x562b96aa86a8 Oct 31 15:25:18.111580: | libevent_free: delref ptr-libevent@0x562b96abd198 Oct 31 15:25:18.111585: | libevent_free: delref ptr-libevent@0x562b96abd0a8 Oct 31 15:25:18.111588: | libevent_free: delref ptr-libevent@0x562b96abcfb8 Oct 31 15:25:18.111591: | libevent_free: delref ptr-libevent@0x562b96abcec8 Oct 31 15:25:18.111593: | libevent_free: delref ptr-libevent@0x562b96abcdd8 Oct 31 15:25:18.111595: | libevent_free: delref ptr-libevent@0x562b96abcce8 Oct 31 15:25:18.111598: | libevent_free: delref ptr-libevent@0x562b96abcca8 Oct 31 15:25:18.111600: | libevent_free: delref ptr-libevent@0x562b96abcc68 Oct 31 15:25:18.111602: | libevent_free: delref ptr-libevent@0x562b96abcc28 Oct 31 15:25:18.111605: | libevent_free: delref ptr-libevent@0x562b96abcbe8 Oct 31 15:25:18.111608: | libevent_free: delref ptr-libevent@0x562b96abcba8 Oct 31 15:25:18.111610: | libevent_free: delref ptr-libevent@0x562b96abcb68 Oct 31 15:25:18.111612: | libevent_free: delref ptr-libevent@0x562b96a9b478 Oct 31 15:25:18.111615: | libevent_free: delref ptr-libevent@0x562b96ab57b8 Oct 31 15:25:18.111618: | libevent_free: delref ptr-libevent@0x562b96ab5778 Oct 31 15:25:18.111620: | libevent_free: delref ptr-libevent@0x562b96aa8d28 Oct 31 15:25:18.111623: | libevent_free: delref ptr-libevent@0x562b96ab58c8 Oct 31 15:25:18.111625: | libevent_free: delref ptr-libevent@0x562b96ab5648 Oct 31 15:25:18.111628: | libevent_free: delref ptr-libevent@0x562b96a77ad8 Oct 31 15:25:18.111631: | libevent_free: delref ptr-libevent@0x562b96a77338 Oct 31 15:25:18.111634: | libevent_free: delref ptr-libevent@0x562b96a6e318 Oct 31 15:25:18.111636: | releasing global libevent data Oct 31 15:25:18.111642: | libevent_free: delref ptr-libevent@0x562b96a77678 Oct 31 15:25:18.111646: | libevent_free: delref ptr-libevent@0x562b96a07538 Oct 31 15:25:18.111649: | libevent_free: delref ptr-libevent@0x562b96a77b58 Oct 31 15:25:18.111697: leak detective found no leaks