Oct 31 15:24:55.403947: | newref logger@0x55cebdbd7bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:55.404032: | delref logger@0x55cebdbd7bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:55.404038: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.404041: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.404046: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:55.404236: Initializing NSS Oct 31 15:24:55.404248: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:55.443275: FIPS Mode: NO Oct 31 15:24:55.443294: NSS crypto library initialized Oct 31 15:24:55.443327: FIPS mode disabled for pluto daemon Oct 31 15:24:55.443331: FIPS HMAC integrity support [disabled] Oct 31 15:24:55.443405: libcap-ng support [enabled] Oct 31 15:24:55.443413: Linux audit support [enabled] Oct 31 15:24:55.443432: Linux audit activated Oct 31 15:24:55.443440: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2153797 Oct 31 15:24:55.443443: core dump dir: /tmp Oct 31 15:24:55.443445: secrets file: /etc/ipsec.secrets Oct 31 15:24:55.443446: leak-detective enabled Oct 31 15:24:55.443448: NSS crypto [enabled] Oct 31 15:24:55.443450: XAUTH PAM support [enabled] Oct 31 15:24:55.443516: | libevent is using pluto's memory allocator Oct 31 15:24:55.443524: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:55.443536: | libevent_malloc: newref ptr-libevent@0x55cebdc5d3d8 size 40 Oct 31 15:24:55.443538: | libevent_malloc: newref ptr-libevent@0x55cebdbed8f8 size 40 Oct 31 15:24:55.443541: | libevent_malloc: newref ptr-libevent@0x55cebdc5d8b8 size 40 Oct 31 15:24:55.443543: | creating event base Oct 31 15:24:55.443545: | libevent_malloc: newref ptr-libevent@0x55cebdc5dbb8 size 56 Oct 31 15:24:55.443548: | libevent_malloc: newref ptr-libevent@0x55cebdc54078 size 664 Oct 31 15:24:55.443558: | libevent_malloc: newref ptr-libevent@0x55cebdc8aa08 size 24 Oct 31 15:24:55.443560: | libevent_malloc: newref ptr-libevent@0x55cebdc8aa58 size 384 Oct 31 15:24:55.443571: | libevent_malloc: newref ptr-libevent@0x55cebdc8ac08 size 16 Oct 31 15:24:55.443573: | libevent_malloc: newref ptr-libevent@0x55cebdc5d838 size 40 Oct 31 15:24:55.443575: | libevent_malloc: newref ptr-libevent@0x55cebdc5d098 size 48 Oct 31 15:24:55.443580: | libevent_realloc: newref ptr-libevent@0x55cebdc811d8 size 256 Oct 31 15:24:55.443582: | libevent_malloc: newref ptr-libevent@0x55cebdc8ac48 size 16 Oct 31 15:24:55.443587: | libevent_free: delref ptr-libevent@0x55cebdc5dbb8 Oct 31 15:24:55.443590: | libevent initialized Oct 31 15:24:55.443594: | libevent_realloc: newref ptr-libevent@0x55cebdc5dbb8 size 64 Oct 31 15:24:55.443601: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:55.443604: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:55.443606: NAT-Traversal support [enabled] Oct 31 15:24:55.443608: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:55.443612: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:55.443615: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:55.443629: | checking IKEv1 state table Oct 31 15:24:55.443634: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.443636: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:55.443640: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.443642: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:55.443644: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:55.443646: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:55.443647: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.443649: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.443651: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:55.443659: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:55.443661: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.443663: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.443665: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:55.443667: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:55.443668: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:55.443670: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:55.443672: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:55.443674: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:55.443676: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:55.443678: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:55.443680: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:55.443682: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:55.443684: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:55.443686: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:55.443688: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.443689: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:55.443691: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.443693: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:55.443695: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:55.443697: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:55.443699: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:55.443701: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:55.443703: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:55.443704: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:55.443707: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:55.443708: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:55.443710: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:55.443712: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:55.443714: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:55.443716: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:55.443718: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:55.443720: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:55.443722: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:55.443724: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:55.443726: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:55.443728: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:55.443730: | INFO: category: informational; flags: 0: Oct 31 15:24:55.443732: | -> INFO EVENT_NULL (informational) Oct 31 15:24:55.443734: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:55.443735: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:55.443738: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443739: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:55.443741: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:55.443743: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:55.443745: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:55.443747: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:55.443749: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:55.443751: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:55.443753: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:55.443755: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:55.443757: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.443759: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:55.443761: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443763: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:55.443766: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.443768: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:55.443774: | checking IKEv2 state table Oct 31 15:24:55.443780: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443782: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:55.443786: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443788: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:55.443790: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443792: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:55.443794: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:55.443796: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:55.443798: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.443800: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:55.443806: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:55.443808: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:55.443810: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:55.443813: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:55.443815: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:55.443817: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:55.443819: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:55.443821: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:55.443822: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:55.443824: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:55.443827: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.443828: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:55.443831: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.443833: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:55.443834: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:55.443836: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:55.443838: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:55.443840: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443842: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:55.443844: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.443846: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:55.443848: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.443850: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:55.443852: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443854: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:55.443856: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.443860: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:55.443862: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:55.443864: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:55.443866: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:55.443868: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:55.443869: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:55.443872: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:55.443873: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:55.443876: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:55.443877: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:55.443880: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:55.443883: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:55.443885: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:55.443998: Encryption algorithms: Oct 31 15:24:55.444005: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:55.444009: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:55.444012: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:55.444016: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:55.444020: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:55.444023: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:55.444027: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:55.444031: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:55.444034: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:55.444038: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:55.444041: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:55.444045: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:55.444048: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:55.444052: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:55.444054: Hash algorithms: Oct 31 15:24:55.444056: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:55.444059: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:55.444062: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:55.444065: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:55.444068: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:55.444069: PRF algorithms: Oct 31 15:24:55.444072: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:55.444075: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:55.444079: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:55.444084: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:55.444087: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:55.444089: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:55.444091: Integrity algorithms: Oct 31 15:24:55.444094: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:55.444098: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:55.444102: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:55.444105: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:55.444109: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:55.444112: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:55.444115: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:55.444118: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:55.444121: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:55.444123: DH algorithms: Oct 31 15:24:55.444126: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:55.444129: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:55.444132: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:55.444134: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:55.444137: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:55.444140: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:55.444142: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:55.444145: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:55.444148: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:55.444151: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:55.444154: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:55.444156: testing CAMELLIA_CBC: Oct 31 15:24:55.444159: Camellia: 16 bytes with 128-bit key Oct 31 15:24:55.444241: Camellia: 16 bytes with 128-bit key Oct 31 15:24:55.444272: Camellia: 16 bytes with 256-bit key Oct 31 15:24:55.444297: Camellia: 16 bytes with 256-bit key Oct 31 15:24:55.444321: testing AES_GCM_16: Oct 31 15:24:55.444324: empty string Oct 31 15:24:55.444350: one block Oct 31 15:24:55.444373: two blocks Oct 31 15:24:55.444396: two blocks with associated data Oct 31 15:24:55.444419: testing AES_CTR: Oct 31 15:24:55.444422: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:55.444446: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:55.444471: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:55.444497: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:55.444524: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:55.444548: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:55.444574: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:55.444597: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:55.444622: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:55.444648: testing AES_CBC: Oct 31 15:24:55.444651: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:55.444674: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:55.444699: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:55.444725: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:55.444756: testing AES_XCBC: Oct 31 15:24:55.444758: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:55.444851: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:55.444954: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:55.445049: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:55.445145: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:55.445251: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:55.445352: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:55.445561: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:55.445668: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:55.445775: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:55.445958: testing HMAC_MD5: Oct 31 15:24:55.445962: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:55.446093: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:55.446222: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:55.446365: 8 CPU cores online Oct 31 15:24:55.446369: starting up 7 helper threads Oct 31 15:24:55.446403: started thread for helper 0 Oct 31 15:24:55.446415: | starting helper thread 1 Oct 31 15:24:55.446424: seccomp security disabled for crypto helper 1 Oct 31 15:24:55.446428: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:55.446432: | helper thread 1 has nothing to do Oct 31 15:24:55.446434: started thread for helper 1 Oct 31 15:24:55.446444: | starting helper thread 2 Oct 31 15:24:55.446451: seccomp security disabled for crypto helper 2 Oct 31 15:24:55.446456: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:55.446459: | helper thread 2 has nothing to do Oct 31 15:24:55.446465: started thread for helper 2 Oct 31 15:24:55.446487: started thread for helper 3 Oct 31 15:24:55.446495: | starting helper thread 4 Oct 31 15:24:55.446505: seccomp security disabled for crypto helper 4 Oct 31 15:24:55.446496: | starting helper thread 3 Oct 31 15:24:55.446515: started thread for helper 4 Oct 31 15:24:55.446511: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:55.446528: | starting helper thread 5 Oct 31 15:24:55.446521: seccomp security disabled for crypto helper 3 Oct 31 15:24:55.446545: started thread for helper 5 Oct 31 15:24:55.446538: seccomp security disabled for crypto helper 5 Oct 31 15:24:55.446564: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:55.446530: | helper thread 4 has nothing to do Oct 31 15:24:55.446574: started thread for helper 6 Oct 31 15:24:55.446579: | starting helper thread 7 Oct 31 15:24:55.446584: seccomp security disabled for crypto helper 7 Oct 31 15:24:55.446588: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:55.446594: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:55.446588: | helper thread 5 has nothing to do Oct 31 15:24:55.446556: | starting helper thread 6 Oct 31 15:24:55.446611: | helper thread 7 has nothing to do Oct 31 15:24:55.446619: seccomp security disabled for crypto helper 6 Oct 31 15:24:55.446637: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:55.446547: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:55.446641: | helper thread 6 has nothing to do Oct 31 15:24:55.446660: | Hard-wiring algorithms Oct 31 15:24:55.446665: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:55.446663: | helper thread 3 has nothing to do Oct 31 15:24:55.446676: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:55.446678: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:55.446680: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:55.446682: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:55.446684: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:55.446686: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:55.446688: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:55.446690: | adding AES_CTR to kernel algorithm db Oct 31 15:24:55.446692: | adding AES_CBC to kernel algorithm db Oct 31 15:24:55.446694: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:55.446696: | adding NULL to kernel algorithm db Oct 31 15:24:55.446698: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:55.446700: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:55.446702: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:55.446704: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:55.446706: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:55.446708: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:55.446710: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:55.446712: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:55.446714: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:55.446716: | adding NONE to kernel algorithm db Oct 31 15:24:55.446736: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:55.446741: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:55.446743: | setup kernel fd callback Oct 31 15:24:55.446746: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55cebdc95d38 Oct 31 15:24:55.446749: | libevent_malloc: newref ptr-libevent@0x55cebdc5b348 size 128 Oct 31 15:24:55.446751: | libevent_malloc: newref ptr-libevent@0x55cebdc8ea48 size 16 Oct 31 15:24:55.446756: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55cebdc97d58 Oct 31 15:24:55.446758: | libevent_malloc: newref ptr-libevent@0x55cebdc5b3f8 size 128 Oct 31 15:24:55.446760: | libevent_malloc: newref ptr-libevent@0x55cebdc8e408 size 16 Oct 31 15:24:55.446936: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:55.446958: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:55.447123: | unbound context created - setting debug level to 5 Oct 31 15:24:55.447151: | /etc/hosts lookups activated Oct 31 15:24:55.447167: | /etc/resolv.conf usage activated Oct 31 15:24:55.447217: | outgoing-port-avoid set 0-65535 Oct 31 15:24:55.447239: | outgoing-port-permit set 32768-60999 Oct 31 15:24:55.447241: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:55.447244: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:55.447246: | Setting up events, loop start Oct 31 15:24:55.447249: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55cebdc9b338 Oct 31 15:24:55.447251: | libevent_malloc: newref ptr-libevent@0x55cebdc97e78 size 128 Oct 31 15:24:55.447254: | libevent_malloc: newref ptr-libevent@0x55cebdc8ee28 size 16 Oct 31 15:24:55.447259: | libevent_realloc: newref ptr-libevent@0x55cebdc9b3a8 size 256 Oct 31 15:24:55.447261: | libevent_malloc: newref ptr-libevent@0x55cebdc8ea88 size 8 Oct 31 15:24:55.447263: | libevent_realloc: newref ptr-libevent@0x55cebdc8e0c8 size 144 Oct 31 15:24:55.447265: | libevent_malloc: newref ptr-libevent@0x55cebdbee138 size 152 Oct 31 15:24:55.447268: | libevent_malloc: newref ptr-libevent@0x55cebdc8ec38 size 16 Oct 31 15:24:55.447272: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:55.447277: | libevent_malloc: newref ptr-libevent@0x55cebdc9b4d8 size 8 Oct 31 15:24:55.447279: | libevent_malloc: newref ptr-libevent@0x55cebdbed958 size 152 Oct 31 15:24:55.447281: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:55.447283: | libevent_malloc: newref ptr-libevent@0x55cebdc9b518 size 8 Oct 31 15:24:55.447285: | libevent_malloc: newref ptr-libevent@0x55cebdc9b558 size 152 Oct 31 15:24:55.447288: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:55.447290: | libevent_malloc: newref ptr-libevent@0x55cebdc9b628 size 8 Oct 31 15:24:55.447292: | libevent_realloc: delref ptr-libevent@0x55cebdc8e0c8 Oct 31 15:24:55.447294: | libevent_realloc: newref ptr-libevent@0x55cebdc9b668 size 256 Oct 31 15:24:55.447296: | libevent_malloc: newref ptr-libevent@0x55cebdc9b798 size 152 Oct 31 15:24:55.447298: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:55.447582: | created addconn helper (pid:2153838) using fork+execve Oct 31 15:24:55.447603: | forked child 2153838 Oct 31 15:24:55.447617: seccomp security disabled Oct 31 15:24:55.455412: | newref struct fd@0x55cebdc9b8f8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.455427: | fd_accept: new fd-fd@0x55cebdc9b8f8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.455451: | whack: delete 'north-eastnets/0x1' Oct 31 15:24:55.455456: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.455459: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:55.455462: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.455465: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:55.455468: | whack: connection 'north-eastnets/0x1' Oct 31 15:24:55.455474: | addref fd@0x55cebdc9b8f8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:55.455482: | newref string logger@0x55cebdc8f1e8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:55.455489: | Connection DB: adding connection "north-eastnets/0x1" $1 Oct 31 15:24:55.455496: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.455510: | added new connection north-eastnets/0x1 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:55.455546: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Oct 31 15:24:55.455550: | from whack: got --esp=aes128-sha2_512;modp3072 Oct 31 15:24:55.455566: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Oct 31 15:24:55.455609: | computed rsa CKAID Oct 31 15:24:55.455614: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.455616: | 88 aa 7c 5d Oct 31 15:24:55.455623: | keyid: *AQPl33O2P Oct 31 15:24:55.455625: | size: 274 Oct 31 15:24:55.455627: | n Oct 31 15:24:55.455629: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:55.455631: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:55.455632: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:55.455634: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:55.455636: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:55.455638: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:55.455640: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:55.455641: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:55.455643: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:55.455645: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:55.455647: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:55.455649: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:55.455650: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:55.455652: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:55.455654: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:55.455656: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:55.455657: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:55.455663: | a5 99 Oct 31 15:24:55.455665: | e Oct 31 15:24:55.455667: | 03 Oct 31 15:24:55.455669: | CKAID Oct 31 15:24:55.455670: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.455672: | 88 aa 7c 5d Oct 31 15:24:55.455678: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key Oct 31 15:24:55.455786: | spent 0.101 (0.101) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.455793: | no private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d: can't find the private key matching the NSS CKAID Oct 31 15:24:55.455796: | counting wild cards for @north is 0 Oct 31 15:24:55.455813: | computed rsa CKAID Oct 31 15:24:55.455816: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.455818: | 8a 82 25 f1 Oct 31 15:24:55.455831: | keyid: *AQO9bJbr3 Oct 31 15:24:55.455837: | size: 274 Oct 31 15:24:55.455841: | n Oct 31 15:24:55.455844: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:55.455847: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:55.455849: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:55.455851: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:55.455854: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:55.455856: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:55.455859: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:55.455862: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:55.455864: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:55.455866: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:55.455868: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:55.455871: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:55.455873: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:55.455876: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:55.455878: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:55.455880: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:55.455883: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:55.455885: | 48 ef Oct 31 15:24:55.455888: | e Oct 31 15:24:55.455891: | 03 Oct 31 15:24:55.455894: | CKAID Oct 31 15:24:55.455897: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.455899: | 8a 82 25 f1 Oct 31 15:24:55.455904: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:55.455994: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:55.456454: | copying key using reference slot Oct 31 15:24:55.458333: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:55.458346: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:55.458354: | spent 2.42 (2.44) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.458360: connection "north-eastnets/0x1": loaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:55.458363: | counting wild cards for @east is 0 Oct 31 15:24:55.458367: | updating connection from left.host_addr Oct 31 15:24:55.458371: | right host_nexthop 192.1.3.33 Oct 31 15:24:55.458373: | left host_port 500 Oct 31 15:24:55.458375: | updating connection from right.host_addr Oct 31 15:24:55.458378: | left host_nexthop 192.1.2.23 Oct 31 15:24:55.458380: | right host_port 500 Oct 31 15:24:55.458385: | orienting north-eastnets/0x1 Oct 31 15:24:55.458389: added IKEv2 connection "north-eastnets/0x1" Oct 31 15:24:55.458402: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:55.458411: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:55.458419: | delref logger@0x55cebdc8f1e8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:55.458422: | delref fd@0x55cebdc9b8f8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:55.458424: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.458428: | delref fd@0x55cebdc9b8f8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.458436: | freeref fd-fd@0x55cebdc9b8f8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.458441: | spent 3.01 (3.04) milliseconds in whack Oct 31 15:24:55.458510: | newref struct fd@0x55cebdc9d9a8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.458518: | fd_accept: new fd-fd@0x55cebdc9d9a8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.458529: | whack: key Oct 31 15:24:55.458533: add keyid @north Oct 31 15:24:55.458535: | 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Oct 31 15:24:55.458537: | 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Oct 31 15:24:55.458539: | 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Oct 31 15:24:55.458541: | 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Oct 31 15:24:55.458542: | 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Oct 31 15:24:55.458544: | f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Oct 31 15:24:55.458546: | 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Oct 31 15:24:55.458548: | c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Oct 31 15:24:55.458550: | cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Oct 31 15:24:55.458551: | 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Oct 31 15:24:55.458553: | 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Oct 31 15:24:55.458555: | 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Oct 31 15:24:55.458557: | ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Oct 31 15:24:55.458558: | 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Oct 31 15:24:55.458560: | 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Oct 31 15:24:55.458562: | 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Oct 31 15:24:55.458564: | f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Oct 31 15:24:55.458566: | c7 5e a5 99 Oct 31 15:24:55.458579: | computed rsa CKAID Oct 31 15:24:55.458582: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.458583: | 88 aa 7c 5d Oct 31 15:24:55.458588: | keyid: *AQPl33O2P Oct 31 15:24:55.458590: | size: 274 Oct 31 15:24:55.458592: | n Oct 31 15:24:55.458594: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:55.458596: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:55.458597: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:55.458599: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:55.458601: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:55.458603: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:55.458605: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:55.458606: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:55.458608: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:55.458610: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:55.458612: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:55.458614: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:55.458615: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:55.458617: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:55.458619: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:55.458621: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:55.458623: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:55.458624: | a5 99 Oct 31 15:24:55.458626: | e Oct 31 15:24:55.458628: | 03 Oct 31 15:24:55.458630: | CKAID Oct 31 15:24:55.458632: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.458633: | 88 aa 7c 5d Oct 31 15:24:55.458640: | newref struct pubkey@0x55cebdca19f8(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:55.458643: | addref pk@0x55cebdca19f8(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:55.458646: | delref pkp@0x55cebdca19f8(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:55.458650: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.458700: | spent 0.0479 (0.0478) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.458704: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:55.458707: | delref fd@0x55cebdc9d9a8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.458714: | freeref fd-fd@0x55cebdc9d9a8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.458718: | spent 0.219 (0.219) milliseconds in whack Oct 31 15:24:55.458762: | newref struct fd@0x55cebdc8ef08(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.458766: | fd_accept: new fd-fd@0x55cebdc8ef08 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.458774: | whack: key Oct 31 15:24:55.458777: add keyid @east Oct 31 15:24:55.458779: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:55.458781: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:55.458783: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:55.458785: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:55.458786: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:55.458788: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:55.458790: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:55.458792: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:55.458794: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:55.458795: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:55.458797: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:55.458799: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:55.458801: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:55.458802: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:55.458804: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:55.458806: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:55.458808: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:55.458809: | 51 51 48 ef Oct 31 15:24:55.458817: | computed rsa CKAID Oct 31 15:24:55.458819: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.458821: | 8a 82 25 f1 Oct 31 15:24:55.458826: | keyid: *AQO9bJbr3 Oct 31 15:24:55.458827: | size: 274 Oct 31 15:24:55.458829: | n Oct 31 15:24:55.458831: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:55.458833: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:55.458835: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:55.458837: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:55.458838: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:55.458840: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:55.458842: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:55.458844: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:55.458845: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:55.458847: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:55.458849: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:55.458851: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:55.458853: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:55.458854: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:55.458856: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:55.458858: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:55.458860: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:55.458865: | 48 ef Oct 31 15:24:55.458867: | e Oct 31 15:24:55.458868: | 03 Oct 31 15:24:55.458870: | CKAID Oct 31 15:24:55.458872: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.458874: | 8a 82 25 f1 Oct 31 15:24:55.458877: | newref struct pubkey@0x55cebdca1c98(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:55.458881: | addref pk@0x55cebdca1c98(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:55.458885: | delref pkp@0x55cebdca1c98(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:55.458890: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.458893: | matched Oct 31 15:24:55.458896: | secrets entry for ckaid already exists Oct 31 15:24:55.458902: | spent 0.0102 (0.0101) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.458907: | delref fd@0x55cebdc8ef08(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.458915: | freeref fd-fd@0x55cebdc8ef08 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.458921: | spent 0.164 (0.164) milliseconds in whack Oct 31 15:24:55.458958: | newref struct fd@0x55cebdc8f1e8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.458961: | fd_accept: new fd-fd@0x55cebdc8f1e8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.458971: | whack: delete 'north-eastnets/0x2' Oct 31 15:24:55.458973: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.458975: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:55.458978: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.458979: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:55.458982: | whack: connection 'north-eastnets/0x2' Oct 31 15:24:55.458984: | addref fd@0x55cebdc8f1e8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:55.458987: | newref string logger@0x55cebdc9bec8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:55.458990: | Connection DB: adding connection "north-eastnets/0x2" $2 Oct 31 15:24:55.458995: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.459001: | added new connection north-eastnets/0x2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:55.459028: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Oct 31 15:24:55.459035: | from whack: got --esp=aes128-sha2_512;modp3072 Oct 31 15:24:55.459069: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Oct 31 15:24:55.459098: | computed rsa CKAID Oct 31 15:24:55.459105: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.459108: | 88 aa 7c 5d Oct 31 15:24:55.459116: | keyid: *AQPl33O2P Oct 31 15:24:55.459119: | size: 274 Oct 31 15:24:55.459122: | n Oct 31 15:24:55.459125: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:55.459128: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:55.459131: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:55.459134: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:55.459137: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:55.459140: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:55.459144: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:55.459146: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:55.459149: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:55.459152: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:55.459155: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:55.459158: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:55.459161: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:55.459165: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:55.459168: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:55.459171: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:55.459174: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:55.459180: | a5 99 Oct 31 15:24:55.459184: | e Oct 31 15:24:55.459187: | 03 Oct 31 15:24:55.459189: | CKAID Oct 31 15:24:55.459192: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.459195: | 88 aa 7c 5d Oct 31 15:24:55.459254: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key Oct 31 15:24:55.459265: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.459325: | spent 0.0585 (0.0579) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.459335: | no private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d: can't find the private key matching the NSS CKAID Oct 31 15:24:55.459339: | counting wild cards for @north is 0 Oct 31 15:24:55.459361: | computed rsa CKAID Oct 31 15:24:55.459365: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.459368: | 8a 82 25 f1 Oct 31 15:24:55.459374: | keyid: *AQO9bJbr3 Oct 31 15:24:55.459377: | size: 274 Oct 31 15:24:55.459380: | n Oct 31 15:24:55.459382: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:55.459385: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:55.459388: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:55.459391: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:55.459393: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:55.459396: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:55.459399: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:55.459402: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:55.459404: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:55.459407: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:55.459410: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:55.459413: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:55.459415: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:55.459418: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:55.459421: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:55.459424: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:55.459427: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:55.459429: | 48 ef Oct 31 15:24:55.459432: | e Oct 31 15:24:55.459435: | 03 Oct 31 15:24:55.459438: | CKAID Oct 31 15:24:55.459440: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.459443: | 8a 82 25 f1 Oct 31 15:24:55.459451: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:55.459456: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.459460: | matched Oct 31 15:24:55.459462: | secrets entry for ckaid already exists Oct 31 15:24:55.459468: | spent 0.0103 (0.0102) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.459472: | counting wild cards for @east is 0 Oct 31 15:24:55.459476: | updating connection from left.host_addr Oct 31 15:24:55.459483: | right host_nexthop 192.1.3.33 Oct 31 15:24:55.459486: | left host_port 500 Oct 31 15:24:55.459489: | updating connection from right.host_addr Oct 31 15:24:55.459493: | left host_nexthop 192.1.2.23 Oct 31 15:24:55.459496: | right host_port 500 Oct 31 15:24:55.459500: | orienting north-eastnets/0x2 Oct 31 15:24:55.459504: added IKEv2 connection "north-eastnets/0x2" Oct 31 15:24:55.459520: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:55.459534: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.22.0/24 Oct 31 15:24:55.459539: | delref logger@0x55cebdc9bec8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:55.459543: | delref fd@0x55cebdc8f1e8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:55.459550: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.459555: | delref fd@0x55cebdc8f1e8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.459565: | freeref fd-fd@0x55cebdc8f1e8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.459572: | spent 0.572 (0.619) milliseconds in whack Oct 31 15:24:55.459626: | newref struct fd@0x55cebdca0fd8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.459632: | fd_accept: new fd-fd@0x55cebdca0fd8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.459645: | whack: key Oct 31 15:24:55.459653: | delref pkp@0x55cebdca19f8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:55.459658: add keyid @north Oct 31 15:24:55.459661: | 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Oct 31 15:24:55.459664: | 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Oct 31 15:24:55.459667: | 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Oct 31 15:24:55.459670: | 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Oct 31 15:24:55.459672: | 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Oct 31 15:24:55.459675: | f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Oct 31 15:24:55.459678: | 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Oct 31 15:24:55.459681: | c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Oct 31 15:24:55.459684: | cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Oct 31 15:24:55.459687: | 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Oct 31 15:24:55.459691: | 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Oct 31 15:24:55.459694: | 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Oct 31 15:24:55.459696: | ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Oct 31 15:24:55.459699: | 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Oct 31 15:24:55.459702: | 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Oct 31 15:24:55.459705: | 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Oct 31 15:24:55.459708: | f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Oct 31 15:24:55.459711: | c7 5e a5 99 Oct 31 15:24:55.459723: | computed rsa CKAID Oct 31 15:24:55.459726: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.459729: | 88 aa 7c 5d Oct 31 15:24:55.459737: | keyid: *AQPl33O2P Oct 31 15:24:55.459740: | size: 274 Oct 31 15:24:55.459743: | n Oct 31 15:24:55.459746: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:55.459749: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:55.459752: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:55.459755: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:55.459758: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:55.459761: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:55.459764: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:55.459766: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:55.459770: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:55.459772: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:55.459776: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:55.459778: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:55.459781: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:55.459784: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:55.459787: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:55.459790: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:55.459792: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:55.459795: | a5 99 Oct 31 15:24:55.459798: | e Oct 31 15:24:55.459800: | 03 Oct 31 15:24:55.459803: | CKAID Oct 31 15:24:55.459806: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:55.459809: | 88 aa 7c 5d Oct 31 15:24:55.459814: | newref struct pubkey@0x55cebdca1018(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:55.459822: | addref pk@0x55cebdca1018(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:55.459826: | delref pkp@0x55cebdca1018(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:55.459831: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.459890: | spent 0.0569 (0.0568) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.459896: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:55.459901: | delref fd@0x55cebdca0fd8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.459909: | freeref fd-fd@0x55cebdca0fd8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.459915: | spent 0.297 (0.297) milliseconds in whack Oct 31 15:24:55.459959: | newref struct fd@0x55cebdc9b938(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.459964: | fd_accept: new fd-fd@0x55cebdc9b938 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.459975: | whack: key Oct 31 15:24:55.459981: | delref pkp@0x55cebdca1c98(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:55.459985: add keyid @east Oct 31 15:24:55.459988: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:55.459991: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:55.459994: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:55.459996: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:55.459999: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:55.460002: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:55.460005: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:55.460007: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:55.460010: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:55.460013: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:55.460016: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:55.460019: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:55.460022: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:55.460025: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:55.460028: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:55.460030: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:55.460033: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:55.460036: | 51 51 48 ef Oct 31 15:24:55.460047: | computed rsa CKAID Oct 31 15:24:55.460051: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.460053: | 8a 82 25 f1 Oct 31 15:24:55.460059: | keyid: *AQO9bJbr3 Oct 31 15:24:55.460063: | size: 274 Oct 31 15:24:55.460065: | n Oct 31 15:24:55.460068: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:55.460071: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:55.460074: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:55.460077: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:55.460079: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:55.460082: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:55.460084: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:55.460087: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:55.460090: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:55.460093: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:55.460096: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:55.460098: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:55.460101: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:55.460104: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:55.460106: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:55.460109: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:55.460116: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:55.460119: | 48 ef Oct 31 15:24:55.460122: | e Oct 31 15:24:55.460124: | 03 Oct 31 15:24:55.460126: | CKAID Oct 31 15:24:55.460127: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.460129: | 8a 82 25 f1 Oct 31 15:24:55.460132: | newref struct pubkey@0x55cebdc9b978(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:55.460135: | addref pk@0x55cebdc9b978(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:55.460137: | delref pkp@0x55cebdc9b978(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:55.460141: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.460143: | matched Oct 31 15:24:55.460144: | secrets entry for ckaid already exists Oct 31 15:24:55.460149: | spent 0.00676 (0.0066) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.460152: | delref fd@0x55cebdc9b938(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.460158: | freeref fd-fd@0x55cebdc9b938 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.460162: | spent 0.211 (0.211) milliseconds in whack Oct 31 15:24:55.460222: | newref struct fd@0x55cebdc9bac8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.460236: | fd_accept: new fd-fd@0x55cebdc9bac8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.460250: | whack: listen Oct 31 15:24:55.460255: listening for IKE messages Oct 31 15:24:55.460296: | Inspecting interface lo Oct 31 15:24:55.460305: | found lo with address 127.0.0.1 Oct 31 15:24:55.460309: | Inspecting interface eth0 Oct 31 15:24:55.460315: | found eth0 with address 192.0.2.254 Oct 31 15:24:55.460319: | Inspecting interface eth0 Oct 31 15:24:55.460324: | found eth0 with address 192.0.22.251 Oct 31 15:24:55.460328: | Inspecting interface eth0 Oct 31 15:24:55.460333: | found eth0 with address 192.0.22.254 Oct 31 15:24:55.460337: | Inspecting interface eth0 Oct 31 15:24:55.460342: | found eth0 with address 192.0.2.251 Oct 31 15:24:55.460346: | Inspecting interface eth1 Oct 31 15:24:55.460352: | found eth1 with address 192.1.2.23 Oct 31 15:24:55.460364: | newref struct iface_dev@0x55cebdc9bc88(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.460386: Kernel supports NIC esp-hw-offload Oct 31 15:24:55.460400: | iface: marking eth1 add Oct 31 15:24:55.460406: | newref struct iface_dev@0x55cebdc9d508(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.460411: | iface: marking eth0 add Oct 31 15:24:55.460416: | newref struct iface_dev@0x55cebdc9d598(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.460422: | iface: marking eth0 add Oct 31 15:24:55.460427: | newref struct iface_dev@0x55cebdc9d628(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.460432: | iface: marking eth0 add Oct 31 15:24:55.460438: | newref struct iface_dev@0x55cebdc9d6b8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.460442: | iface: marking eth0 add Oct 31 15:24:55.460447: | newref struct iface_dev@0x55cebdc9d748(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.460452: | iface: marking lo add Oct 31 15:24:55.460602: | no interfaces to sort Oct 31 15:24:55.460631: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:55.460650: | addref ifd@0x55cebdc9bc88(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.460665: adding UDP interface eth1 192.1.2.23:500 Oct 31 15:24:55.460690: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:55.460700: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.460705: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.460710: | addref ifd@0x55cebdc9bc88(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.460720: adding UDP interface eth1 192.1.2.23:4500 Oct 31 15:24:55.460741: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:55.460754: | addref ifd@0x55cebdc9d508(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.460759: adding UDP interface eth0 192.0.2.251:500 Oct 31 15:24:55.460778: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:55.460794: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.460799: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.460803: | addref ifd@0x55cebdc9d508(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.460808: adding UDP interface eth0 192.0.2.251:4500 Oct 31 15:24:55.460895: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:55.460918: | addref ifd@0x55cebdc9d598(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.460925: adding UDP interface eth0 192.0.22.254:500 Oct 31 15:24:55.460947: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:55.460958: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.460962: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.460967: | addref ifd@0x55cebdc9d598(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.460972: adding UDP interface eth0 192.0.22.254:4500 Oct 31 15:24:55.460993: | MSG_ERRQUEUE enabled on fd 24 Oct 31 15:24:55.461004: | addref ifd@0x55cebdc9d628(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.461010: adding UDP interface eth0 192.0.22.251:500 Oct 31 15:24:55.461029: | MSG_ERRQUEUE enabled on fd 25 Oct 31 15:24:55.461038: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.461042: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.461047: | addref ifd@0x55cebdc9d628(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.461052: adding UDP interface eth0 192.0.22.251:4500 Oct 31 15:24:55.461076: | MSG_ERRQUEUE enabled on fd 26 Oct 31 15:24:55.461088: | addref ifd@0x55cebdc9d6b8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.461093: adding UDP interface eth0 192.0.2.254:500 Oct 31 15:24:55.461116: | MSG_ERRQUEUE enabled on fd 27 Oct 31 15:24:55.461125: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.461129: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.461134: | addref ifd@0x55cebdc9d6b8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.461139: adding UDP interface eth0 192.0.2.254:4500 Oct 31 15:24:55.461158: | MSG_ERRQUEUE enabled on fd 28 Oct 31 15:24:55.461169: | addref ifd@0x55cebdc9d748(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.461175: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:55.461194: | MSG_ERRQUEUE enabled on fd 29 Oct 31 15:24:55.461235: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.461244: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.461249: | addref ifd@0x55cebdc9d748(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.461255: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:55.461263: | updating interfaces - listing interfaces that are going down Oct 31 15:24:55.461266: | updating interfaces - checking orientation Oct 31 15:24:55.461270: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:55.461273: | orienting north-eastnets/0x2 Oct 31 15:24:55.461279: | north-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:55.461284: | north-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:55.461289: | north-eastnets/0x2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:55.461294: | north-eastnets/0x2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:55.461299: | north-eastnets/0x2 doesn't match 192.0.22.251:4500 at all Oct 31 15:24:55.461304: | north-eastnets/0x2 doesn't match 192.0.22.251:500 at all Oct 31 15:24:55.461309: | north-eastnets/0x2 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:55.461314: | north-eastnets/0x2 doesn't match 192.0.22.254:500 at all Oct 31 15:24:55.461319: | north-eastnets/0x2 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:55.461324: | north-eastnets/0x2 doesn't match 192.0.2.251:500 at all Oct 31 15:24:55.461329: | north-eastnets/0x2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:55.461332: | oriented north-eastnets/0x2's that Oct 31 15:24:55.461335: | swapping ends so that that is this Oct 31 15:24:55.461345: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Oct 31 15:24:55.461356: | newref hp@0x55cebdc9d8e8(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:55.461359: | orienting north-eastnets/0x1 Oct 31 15:24:55.461364: | north-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:55.461369: | north-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:55.461374: | north-eastnets/0x1 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:55.461378: | north-eastnets/0x1 doesn't match 192.0.2.254:500 at all Oct 31 15:24:55.461383: | north-eastnets/0x1 doesn't match 192.0.22.251:4500 at all Oct 31 15:24:55.461387: | north-eastnets/0x1 doesn't match 192.0.22.251:500 at all Oct 31 15:24:55.461392: | north-eastnets/0x1 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:55.461396: | north-eastnets/0x1 doesn't match 192.0.22.254:500 at all Oct 31 15:24:55.461400: | north-eastnets/0x1 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:55.461405: | north-eastnets/0x1 doesn't match 192.0.2.251:500 at all Oct 31 15:24:55.461409: | north-eastnets/0x1 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:55.461412: | oriented north-eastnets/0x1's that Oct 31 15:24:55.461415: | swapping ends so that that is this Oct 31 15:24:55.461421: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:55.461427: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55cebdc9d8e8: north-eastnets/0x2 Oct 31 15:24:55.461475: | libevent_malloc: newref ptr-libevent@0x55cebdc9c0d8 size 128 Oct 31 15:24:55.461480: | libevent_malloc: newref ptr-libevent@0x55cebdca28c8 size 16 Oct 31 15:24:55.461492: | setup callback for interface lo 127.0.0.1:4500 fd 29 on UDP Oct 31 15:24:55.461497: | libevent_malloc: newref ptr-libevent@0x55cebdc97dc8 size 128 Oct 31 15:24:55.461501: | libevent_malloc: newref ptr-libevent@0x55cebdca2908 size 16 Oct 31 15:24:55.461508: | setup callback for interface lo 127.0.0.1:500 fd 28 on UDP Oct 31 15:24:55.461512: | libevent_malloc: newref ptr-libevent@0x55cebdc5b4f8 size 128 Oct 31 15:24:55.461516: | libevent_malloc: newref ptr-libevent@0x55cebdca2948 size 16 Oct 31 15:24:55.461523: | setup callback for interface eth0 192.0.2.254:4500 fd 27 on UDP Oct 31 15:24:55.461528: | libevent_malloc: newref ptr-libevent@0x55cebdc507b8 size 128 Oct 31 15:24:55.461531: | libevent_malloc: newref ptr-libevent@0x55cebdca2988 size 16 Oct 31 15:24:55.461538: | setup callback for interface eth0 192.0.2.254:500 fd 26 on UDP Oct 31 15:24:55.461542: | libevent_malloc: newref ptr-libevent@0x55cebdc5b5f8 size 128 Oct 31 15:24:55.461545: | libevent_malloc: newref ptr-libevent@0x55cebdca29c8 size 16 Oct 31 15:24:55.461553: | setup callback for interface eth0 192.0.22.251:4500 fd 25 on UDP Oct 31 15:24:55.461558: | libevent_malloc: newref ptr-libevent@0x55cebdc58018 size 128 Oct 31 15:24:55.461561: | libevent_malloc: newref ptr-libevent@0x55cebdca2a08 size 16 Oct 31 15:24:55.461634: | setup callback for interface eth0 192.0.22.251:500 fd 24 on UDP Oct 31 15:24:55.461643: | libevent_malloc: newref ptr-libevent@0x55cebdc57f68 size 128 Oct 31 15:24:55.461648: | libevent_malloc: newref ptr-libevent@0x55cebdca2a48 size 16 Oct 31 15:24:55.461658: | setup callback for interface eth0 192.0.22.254:4500 fd 23 on UDP Oct 31 15:24:55.461662: | libevent_malloc: newref ptr-libevent@0x55cebdca2a88 size 128 Oct 31 15:24:55.461666: | libevent_malloc: newref ptr-libevent@0x55cebdca2b38 size 16 Oct 31 15:24:55.461673: | setup callback for interface eth0 192.0.22.254:500 fd 22 on UDP Oct 31 15:24:55.461678: | libevent_malloc: newref ptr-libevent@0x55cebdca2b78 size 128 Oct 31 15:24:55.461682: | libevent_malloc: newref ptr-libevent@0x55cebdca2c28 size 16 Oct 31 15:24:55.461689: | setup callback for interface eth0 192.0.2.251:4500 fd 21 on UDP Oct 31 15:24:55.461692: | libevent_malloc: newref ptr-libevent@0x55cebdca2c68 size 128 Oct 31 15:24:55.461695: | libevent_malloc: newref ptr-libevent@0x55cebdca2d18 size 16 Oct 31 15:24:55.461699: | setup callback for interface eth0 192.0.2.251:500 fd 20 on UDP Oct 31 15:24:55.461704: | libevent_malloc: newref ptr-libevent@0x55cebdca2d58 size 128 Oct 31 15:24:55.461706: | libevent_malloc: newref ptr-libevent@0x55cebdca2e08 size 16 Oct 31 15:24:55.461711: | setup callback for interface eth1 192.1.2.23:4500 fd 19 on UDP Oct 31 15:24:55.461714: | libevent_malloc: newref ptr-libevent@0x55cebdca2e48 size 128 Oct 31 15:24:55.461717: | libevent_malloc: newref ptr-libevent@0x55cebdca2ef8 size 16 Oct 31 15:24:55.461724: | setup callback for interface eth1 192.1.2.23:500 fd 18 on UDP Oct 31 15:24:55.463976: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:55.463995: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:55.464000: forgetting secrets Oct 31 15:24:55.464035: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:55.464083: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:55.464113: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:55.464127: | old food groups: Oct 31 15:24:55.464131: | new food groups: Oct 31 15:24:55.464137: | delref fd@0x55cebdc9bac8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.464147: | freeref fd-fd@0x55cebdc9bac8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.464157: | spent 1.52 (3.94) milliseconds in whack Oct 31 15:24:55.464182: | newref struct fd@0x55cebdca1798(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.464188: | fd_accept: new fd-fd@0x55cebdca1798 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.464218: | whack: options (impair|debug) Oct 31 15:24:55.464230: | old debugging base+cpu-usage + none Oct 31 15:24:55.464234: | new debugging = base+cpu-usage Oct 31 15:24:55.464242: | delref fd@0x55cebdca1798(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.464347: | freeref fd-fd@0x55cebdca1798 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.464358: | spent 0.084 (0.183) milliseconds in whack Oct 31 15:24:55.464375: | newref struct fd@0x55cebdc9e078(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.464379: | fd_accept: new fd-fd@0x55cebdc9e078 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.464389: | whack: initiate Oct 31 15:24:55.464393: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.464397: initiating all conns with alias='north-eastnets' Oct 31 15:24:55.464405: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:55.464411: | connection 'north-eastnets/0x2' +POLICY_UP Oct 31 15:24:55.464415: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:55.464433: | newref alloc logger@0x55cebdca0ba8(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.464436: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:55.464439: | creating state object #1 at 0x55cebdca2f38 Oct 31 15:24:55.464444: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:55.464456: | pstats #1 ikev2.ike started Oct 31 15:24:55.464461: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:55.464471: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:55.464483: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744569.897271 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744569.897271 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:55.464488: | orienting north-eastnets/0x2 Oct 31 15:24:55.464495: | north-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:55.464501: | north-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:55.464505: | north-eastnets/0x2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:55.464510: | north-eastnets/0x2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:55.464515: | north-eastnets/0x2 doesn't match 192.0.22.251:4500 at all Oct 31 15:24:55.464519: | north-eastnets/0x2 doesn't match 192.0.22.251:500 at all Oct 31 15:24:55.464524: | north-eastnets/0x2 doesn't match 192.0.22.254:4500 at all Oct 31 15:24:55.464528: | north-eastnets/0x2 doesn't match 192.0.22.254:500 at all Oct 31 15:24:55.464536: | north-eastnets/0x2 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:55.464541: | north-eastnets/0x2 doesn't match 192.0.2.251:500 at all Oct 31 15:24:55.464546: | north-eastnets/0x2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:55.464549: | oriented north-eastnets/0x2's this Oct 31 15:24:55.464558: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:55.464563: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:24:55.464573: | queuing pending IPsec SA negotiating with 192.1.3.33 IKE SA #1 "north-eastnets/0x2" Oct 31 15:24:55.464578: "north-eastnets/0x2" #1: initiating IKEv2 connection Oct 31 15:24:55.464587: | constructing local IKE proposals for north-eastnets/0x2 (IKE SA initiator selecting KE) Oct 31 15:24:55.464595: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Oct 31 15:24:55.464610: | ... ikev2_proposal: 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:55.464614: "north-eastnets/0x2": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:24:55.464620: "north-eastnets/0x2": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:55.464627: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.464630: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:55.464635: | newref clone logger@0x55cebdc8ee68(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.464639: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:55.464642: | state #1 has no .st_event to delete Oct 31 15:24:55.464646: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:55.464650: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdbdb198 Oct 31 15:24:55.464653: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.464658: | libevent_malloc: newref ptr-libevent@0x55cebdc9daa8 size 128 Oct 31 15:24:55.464675: | #1 spent 0.262 (0.262) milliseconds in ikev2_parent_outI1() Oct 31 15:24:55.464683: | RESET processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:55.464689: | connection 'north-eastnets/0x1' +POLICY_UP Oct 31 15:24:55.464697: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:55.464688: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:55.464702: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:24:55.464718: "north-eastnets/0x1": queuing pending IPsec SA negotiating with 192.1.3.33 IKE SA #1 "north-eastnets/0x2" Oct 31 15:24:55.464742: | delref fd@0x55cebdc9e078(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.465446: | freeref fd-fd@0x55cebdc9e078 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.465463: | spent 0.404 (1.09) milliseconds in whack Oct 31 15:24:55.465476: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.465491: | waitpid returned pid 2153838 (exited with status 0) Oct 31 15:24:55.465496: | reaped addconn helper child (status 0) Oct 31 15:24:55.465501: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.465507: | spent 0.0246 (0.0246) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:55.466387: | "north-eastnets/0x2" #1: spent 1.67 (1.7) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:24:55.466401: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:55.466406: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.466411: | libevent_malloc: newref ptr-libevent@0x7f3290006108 size 128 Oct 31 15:24:55.466422: | helper thread 1 has nothing to do Oct 31 15:24:55.466436: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.466456: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.466463: | unsuspending #1 MD (nil) Oct 31 15:24:55.466471: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:55.466475: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55cebc2b1fe7 Oct 31 15:24:55.466479: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:24:55.466484: | DH secret MODP2048@0x7f3290006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:55.466521: | opening output PBS reply packet Oct 31 15:24:55.466526: | **emit ISAKMP Message: Oct 31 15:24:55.466532: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.466538: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.466541: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.466544: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.466547: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.466552: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.466558: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.466562: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.466571: | using existing local IKE proposals for connection north-eastnets/0x2 (IKE SA initiator emitting local proposals): 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:55.466574: | Emitting ikev2_proposals ... Oct 31 15:24:55.466577: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:55.466580: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.466582: | flags: none (0x0) Oct 31 15:24:55.466585: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.466587: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.466590: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.466592: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.466595: | prop #: 1 (01) Oct 31 15:24:55.466597: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.466599: | spi size: 0 (00) Oct 31 15:24:55.466601: | # transforms: 4 (04) Oct 31 15:24:55.466604: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.466607: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.466609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.466611: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.466613: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.466615: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.466617: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.466620: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.466622: | length/value: 256 (01 00) Oct 31 15:24:55.466625: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.466627: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.466629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.466631: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.466632: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.466635: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.466637: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.466639: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.466641: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.466643: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.466645: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.466649: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.466651: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.466653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.466655: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.466657: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.466659: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.466661: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.466663: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.466665: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.466667: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.466669: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.466671: | emitting length of IKEv2 Proposal Substructure Payload: 44 Oct 31 15:24:55.466673: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.466675: | emitting length of IKEv2 Security Association Payload: 48 Oct 31 15:24:55.466677: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.466679: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:55.466681: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.466683: | flags: none (0x0) Oct 31 15:24:55.466685: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.466687: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:55.466689: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.466692: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:55.466694: | ikev2 g^x: Oct 31 15:24:55.466696: | c8 e8 5c 36 4d 2b ee 45 69 db d8 98 0f 26 d9 3e Oct 31 15:24:55.466698: | c4 9d 8b 0f 63 26 0f 78 82 71 97 cd fa c4 bd 2b Oct 31 15:24:55.466700: | a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 75 c6 40 fa Oct 31 15:24:55.466702: | 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f 97 ea dd 2d Oct 31 15:24:55.466704: | eb 74 64 49 33 9b 9b 0c fc 13 2c 8f d0 8b 77 1e Oct 31 15:24:55.466705: | 92 0d c2 65 51 ef fe f5 40 8f 43 3b 8d bf 72 f1 Oct 31 15:24:55.466707: | 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 63 01 a0 1a Oct 31 15:24:55.466709: | 30 03 01 19 94 51 d1 ff be a7 7e ef 9d 36 cb 13 Oct 31 15:24:55.466711: | fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 38 c8 2a b8 Oct 31 15:24:55.466713: | e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 be 91 91 c4 Oct 31 15:24:55.466715: | 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 ec 6f 70 c8 Oct 31 15:24:55.466716: | 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a 8c 48 97 de Oct 31 15:24:55.466718: | 15 40 22 54 40 93 5f c0 a6 8a 9d 22 95 6d c4 90 Oct 31 15:24:55.466720: | ee f4 17 4e db 90 21 cb e3 92 19 bd c4 b4 1a 02 Oct 31 15:24:55.466722: | 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 00 78 eb 4a Oct 31 15:24:55.466724: | 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 1f 74 17 a6 Oct 31 15:24:55.466726: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:55.466728: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:55.466730: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.466732: | flags: none (0x0) Oct 31 15:24:55.466734: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.466737: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.466739: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:55.466741: | IKEv2 nonce: Oct 31 15:24:55.466743: | 91 ff 48 65 b0 30 c4 ab 83 06 27 5a 12 1b b5 53 Oct 31 15:24:55.466745: | 6e b2 9a 72 0e 2e db 21 73 15 ea d6 9d e4 2e 27 Oct 31 15:24:55.466747: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:55.466749: | adding a v2N Payload Oct 31 15:24:55.466751: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.466753: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.466755: | flags: none (0x0) Oct 31 15:24:55.466757: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.466759: | SPI size: 0 (00) Oct 31 15:24:55.466762: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.466764: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.466766: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.466768: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:55.466770: | adding a v2N Payload Oct 31 15:24:55.466772: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.466774: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.466776: | flags: none (0x0) Oct 31 15:24:55.466777: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.466780: | SPI size: 0 (00) Oct 31 15:24:55.466781: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:55.466784: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.466785: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.466788: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:55.466790: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:55.466792: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:55.466794: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:55.466797: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:55.466799: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:55.466801: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:55.466803: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:55.466805: | nat: IKE.SPIr is zero Oct 31 15:24:55.466817: | natd_hash: hasher=0x55cebc3a3f80(20) Oct 31 15:24:55.466820: | natd_hash: icookie= Oct 31 15:24:55.466822: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.466823: | natd_hash: rcookie= Oct 31 15:24:55.466825: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.466827: | natd_hash: ip= Oct 31 15:24:55.466829: | c0 01 02 17 Oct 31 15:24:55.466831: | natd_hash: port= Oct 31 15:24:55.466832: | 01 f4 Oct 31 15:24:55.466834: | natd_hash: hash= Oct 31 15:24:55.466836: | 8c 65 be 23 56 01 d2 50 63 da c4 97 3f f6 a2 a9 Oct 31 15:24:55.466838: | 71 33 d5 2d Oct 31 15:24:55.466839: | adding a v2N Payload Oct 31 15:24:55.466841: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.466843: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.466845: | flags: none (0x0) Oct 31 15:24:55.466847: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.466849: | SPI size: 0 (00) Oct 31 15:24:55.466851: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.466853: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.466855: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.466859: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.466861: | Notify data: Oct 31 15:24:55.466863: | 8c 65 be 23 56 01 d2 50 63 da c4 97 3f f6 a2 a9 Oct 31 15:24:55.466865: | 71 33 d5 2d Oct 31 15:24:55.466866: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.466868: | nat: IKE.SPIr is zero Oct 31 15:24:55.466873: | natd_hash: hasher=0x55cebc3a3f80(20) Oct 31 15:24:55.466876: | natd_hash: icookie= Oct 31 15:24:55.466877: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.466879: | natd_hash: rcookie= Oct 31 15:24:55.466881: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.466883: | natd_hash: ip= Oct 31 15:24:55.466884: | c0 01 03 21 Oct 31 15:24:55.466886: | natd_hash: port= Oct 31 15:24:55.466888: | 01 f4 Oct 31 15:24:55.466889: | natd_hash: hash= Oct 31 15:24:55.466891: | 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b c0 35 Oct 31 15:24:55.466893: | 33 31 47 7f Oct 31 15:24:55.466895: | adding a v2N Payload Oct 31 15:24:55.466897: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.466899: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.466900: | flags: none (0x0) Oct 31 15:24:55.466902: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.466904: | SPI size: 0 (00) Oct 31 15:24:55.466906: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.466908: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.466910: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.466913: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.466914: | Notify data: Oct 31 15:24:55.466916: | 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b c0 35 Oct 31 15:24:55.466918: | 33 31 47 7f Oct 31 15:24:55.466920: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.466922: | emitting length of ISAKMP Message: 454 Oct 31 15:24:55.466928: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.466932: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:55.466934: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:55.466936: | Message ID: updating counters for #1 Oct 31 15:24:55.466943: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:55.466949: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.897271 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:55.466952: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.466955: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Oct 31 15:24:55.466957: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:55.466962: | #1 STATE_PARENT_I0: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744569.899748 Oct 31 15:24:55.466967: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.897271 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:55.466971: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.897271 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:55.466974: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:55.466977: | announcing the state transition Oct 31 15:24:55.466980: "north-eastnets/0x2" #1: sent IKE_SA_INIT request Oct 31 15:24:55.466991: | sending 454 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.466994: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.466996: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.466998: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.466999: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.467001: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:55.467003: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:55.467005: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:55.467006: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:55.467008: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:55.467010: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:55.467012: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:55.467014: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:55.467015: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:55.467017: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:55.467019: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:55.467021: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:55.467023: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:55.467024: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:55.467026: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:55.467028: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:55.467030: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:55.467031: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:55.467033: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:55.467035: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:55.467037: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:55.467039: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:55.467040: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:55.467042: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:55.467044: | c0 35 33 31 47 7f Oct 31 15:24:55.467150: | sent 1 messages Oct 31 15:24:55.467157: | checking that a retransmit timeout_event was already Oct 31 15:24:55.467161: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.467166: | libevent_free: delref ptr-libevent@0x55cebdc9daa8 Oct 31 15:24:55.467170: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdbdb198 Oct 31 15:24:55.467175: | delref logger@0x55cebdc8ee68(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.467179: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.467183: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.467187: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:55.467191: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:55.467204: | #1 spent 0.657 (0.735) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.467218: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.467224: | libevent_free: delref ptr-libevent@0x7f3290006108 Oct 31 15:24:55.467243: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:55.467249: | **parse ISAKMP Message (raw): Oct 31 15:24:55.467252: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.467255: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.467258: | next payload type: 33 (21) Oct 31 15:24:55.467260: | ISAKMP version: 32 (20) Oct 31 15:24:55.467262: | exchange type: 34 (22) Oct 31 15:24:55.467264: | flags: 8 (08) Oct 31 15:24:55.467267: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.467273: | length: 454 (00 00 01 c6) Oct 31 15:24:55.467277: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:55.467279: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:55.467281: | rejected packet: Oct 31 15:24:55.467283: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.467285: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.467287: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.467288: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.467290: | control: Oct 31 15:24:55.467292: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:55.467294: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:55.467296: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.467297: | name: Oct 31 15:24:55.467299: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.467308: "north-eastnets/0x2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:55.467315: | spent 0.0749 (0.0749) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.467318: | spent 0.0852 (0.0845) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.517466: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:55.517480: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:55.517485: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:55.517488: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.517497: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.517501: | IKEv2 retransmit event Oct 31 15:24:55.517507: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.517511: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #1 attempt 2 of 0 Oct 31 15:24:55.517515: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:55.517520: | #1 STATE_PARENT_I1: retransmits: current time 744569.950314 Oct 31 15:24:55.517522: | #1 STATE_PARENT_I1: retransmits: retransmit count 0 exceeds limit? NO Oct 31 15:24:55.517525: | #1 STATE_PARENT_I1: retransmits: deltatime 0.05 exceeds limit? NO Oct 31 15:24:55.517528: | #1 STATE_PARENT_I1: retransmits: monotime 0.050566 exceeds limit? NO Oct 31 15:24:55.517532: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.517535: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Oct 31 15:24:55.517538: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:55.517544: "north-eastnets/0x2" #1: STATE_PARENT_I1: retransmission; will wait 0.05 seconds for response Oct 31 15:24:55.517551: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.517554: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.517556: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.517558: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.517560: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.517563: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:55.517565: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:55.517567: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:55.517569: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:55.517571: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:55.517573: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:55.517576: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:55.517578: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:55.517583: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:55.517586: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:55.517588: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:55.517590: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:55.517592: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:55.517594: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:55.517597: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:55.517599: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:55.517601: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:55.517603: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:55.517605: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:55.517607: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:55.517610: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:55.517612: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:55.517614: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:55.517616: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:55.517618: | c0 35 33 31 47 7f Oct 31 15:24:55.517686: | sent 1 messages Oct 31 15:24:55.517696: | #1 spent 0.186 (0.229) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.517701: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.517712: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:55.517718: | **parse ISAKMP Message (raw): Oct 31 15:24:55.517722: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.517726: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.517730: | next payload type: 33 (21) Oct 31 15:24:55.517732: | ISAKMP version: 32 (20) Oct 31 15:24:55.517735: | exchange type: 34 (22) Oct 31 15:24:55.517738: | flags: 8 (08) Oct 31 15:24:55.517741: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.517745: | length: 454 (00 00 01 c6) Oct 31 15:24:55.517749: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:55.517752: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:55.517754: | rejected packet: Oct 31 15:24:55.517756: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.517759: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.517761: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.517763: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.517765: | control: Oct 31 15:24:55.517767: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:55.517770: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:55.517772: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.517774: | name: Oct 31 15:24:55.517776: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.517785: "north-eastnets/0x2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:55.517791: | spent 0.0811 (0.0812) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.517795: | spent 0.0873 (0.0873) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.520515: | newref struct fd@0x55cebdc9f8a8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.520530: | fd_accept: new fd-fd@0x55cebdc9f8a8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.520545: | whack: status Oct 31 15:24:55.520774: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:55.520780: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:55.520906: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:55.520910: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:55.520929: | delref fd@0x55cebdc9f8a8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.520935: | freeref fd-fd@0x55cebdc9f8a8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.520940: | spent 0.437 (0.436) milliseconds in whack Oct 31 15:24:55.569078: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:55.569096: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:55.569101: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:55.569105: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.569113: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.569118: | IKEv2 retransmit event Oct 31 15:24:55.569122: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.569127: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #1 attempt 2 of 0 Oct 31 15:24:55.569130: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 2 Oct 31 15:24:55.569135: | #1 STATE_PARENT_I1: retransmits: current time 744570.001929 Oct 31 15:24:55.569137: | #1 STATE_PARENT_I1: retransmits: retransmit count 1 exceeds limit? NO Oct 31 15:24:55.569140: | #1 STATE_PARENT_I1: retransmits: deltatime 0.1 exceeds limit? NO Oct 31 15:24:55.569143: | #1 STATE_PARENT_I1: retransmits: monotime 0.102181 exceeds limit? NO Oct 31 15:24:55.569147: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.569150: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #1 Oct 31 15:24:55.569154: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:55.569159: "north-eastnets/0x2" #1: STATE_PARENT_I1: retransmission; will wait 0.1 seconds for response Oct 31 15:24:55.569167: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.569170: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.569173: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.569175: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.569177: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.569179: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:55.569181: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:55.569184: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:55.569186: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:55.569188: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:55.569191: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:55.569193: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:55.569195: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:55.569202: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:55.569206: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:55.569209: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:55.569211: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:55.569213: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:55.569216: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:55.569218: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:55.569220: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:55.569222: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:55.569225: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:55.569227: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:55.569229: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:55.569231: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:55.569234: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:55.569236: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:55.569241: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:55.569244: | c0 35 33 31 47 7f Oct 31 15:24:55.569312: | sent 1 messages Oct 31 15:24:55.569324: | #1 spent 0.194 (0.244) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.569331: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.569346: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:55.569352: | **parse ISAKMP Message (raw): Oct 31 15:24:55.569357: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.569361: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.569364: | next payload type: 33 (21) Oct 31 15:24:55.569367: | ISAKMP version: 32 (20) Oct 31 15:24:55.569369: | exchange type: 34 (22) Oct 31 15:24:55.569372: | flags: 8 (08) Oct 31 15:24:55.569375: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.569377: | length: 454 (00 00 01 c6) Oct 31 15:24:55.569380: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:55.569382: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:55.569384: | rejected packet: Oct 31 15:24:55.569385: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.569387: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.569388: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.569389: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.569391: | control: Oct 31 15:24:55.569392: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:55.569394: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:55.569395: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.569397: | name: Oct 31 15:24:55.569398: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.569408: "north-eastnets/0x2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:55.569417: | spent 0.0742 (0.0743) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.569422: | spent 0.0818 (0.082) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.669759: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:55.669772: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:55.669776: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:55.669779: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.669785: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.669788: | IKEv2 retransmit event Oct 31 15:24:55.669792: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.669795: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #1 attempt 2 of 0 Oct 31 15:24:55.669797: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 3 Oct 31 15:24:55.669801: | #1 STATE_PARENT_I1: retransmits: current time 744570.102596 Oct 31 15:24:55.669803: | #1 STATE_PARENT_I1: retransmits: retransmit count 2 exceeds limit? NO Oct 31 15:24:55.669804: | #1 STATE_PARENT_I1: retransmits: deltatime 0.2 exceeds limit? NO Oct 31 15:24:55.669806: | #1 STATE_PARENT_I1: retransmits: monotime 0.202848 exceeds limit? NO Oct 31 15:24:55.669809: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.669811: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #1 Oct 31 15:24:55.669813: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:55.669817: "north-eastnets/0x2" #1: STATE_PARENT_I1: retransmission; will wait 0.2 seconds for response Oct 31 15:24:55.669823: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.669828: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.669830: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.669832: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.669837: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.669840: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:55.669843: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:55.669845: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:55.669847: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:55.669850: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:55.669852: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:55.669855: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:55.669857: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:55.669859: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:55.669867: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:55.669871: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:55.669873: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:55.669876: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:55.669878: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:55.669881: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:55.669883: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:55.669886: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:55.669888: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:55.669889: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:55.669890: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:55.669892: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:55.669893: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:55.669895: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:55.669896: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:55.669898: | c0 35 33 31 47 7f Oct 31 15:24:55.669957: | sent 1 messages Oct 31 15:24:55.669968: | #1 spent 0.164 (0.209) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.669972: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.669983: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:55.669986: | **parse ISAKMP Message (raw): Oct 31 15:24:55.669990: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.669992: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.669995: | next payload type: 33 (21) Oct 31 15:24:55.669996: | ISAKMP version: 32 (20) Oct 31 15:24:55.669998: | exchange type: 34 (22) Oct 31 15:24:55.670000: | flags: 8 (08) Oct 31 15:24:55.670002: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.670004: | length: 454 (00 00 01 c6) Oct 31 15:24:55.670007: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:55.670009: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:55.670010: | rejected packet: Oct 31 15:24:55.670012: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.670013: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.670015: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.670016: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.670018: | control: Oct 31 15:24:55.670019: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:55.670020: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:55.670022: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.670023: | name: Oct 31 15:24:55.670025: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.670033: "north-eastnets/0x2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:55.670038: | spent 0.0576 (0.0577) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.670041: | spent 0.062 (0.0619) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.870221: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:55.870240: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:55.870245: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:55.870249: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.870257: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:55.870266: | IKEv2 retransmit event Oct 31 15:24:55.870271: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:55.870275: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #1 attempt 2 of 0 Oct 31 15:24:55.870279: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 4 Oct 31 15:24:55.870283: | #1 STATE_PARENT_I1: retransmits: current time 744570.303078 Oct 31 15:24:55.870286: | #1 STATE_PARENT_I1: retransmits: retransmit count 3 exceeds limit? NO Oct 31 15:24:55.870289: | #1 STATE_PARENT_I1: retransmits: deltatime 0.4 exceeds limit? NO Oct 31 15:24:55.870292: | #1 STATE_PARENT_I1: retransmits: monotime 0.40333 exceeds limit? NO Oct 31 15:24:55.870296: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:55.870299: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #1 Oct 31 15:24:55.870302: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:55.870307: "north-eastnets/0x2" #1: STATE_PARENT_I1: retransmission; will wait 0.4 seconds for response Oct 31 15:24:55.870314: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:55.870317: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.870319: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.870321: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.870324: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.870326: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:55.870328: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:55.870330: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:55.870332: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:55.870334: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:55.870337: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:55.870339: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:55.870341: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:55.870343: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:55.870345: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:55.870347: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:55.870349: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:55.870352: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:55.870354: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:55.870356: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:55.870358: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:55.870360: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:55.870362: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:55.870364: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:55.870367: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:55.870373: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:55.870376: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:55.870378: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:55.870380: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:55.870382: | c0 35 33 31 47 7f Oct 31 15:24:55.870437: | sent 1 messages Oct 31 15:24:55.870446: | #1 spent 0.185 (0.225) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:55.870452: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:55.870470: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:55.870475: | **parse ISAKMP Message (raw): Oct 31 15:24:55.870479: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:55.870483: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.870487: | next payload type: 33 (21) Oct 31 15:24:55.870489: | ISAKMP version: 32 (20) Oct 31 15:24:55.870492: | exchange type: 34 (22) Oct 31 15:24:55.870495: | flags: 8 (08) Oct 31 15:24:55.870498: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.870501: | length: 454 (00 00 01 c6) Oct 31 15:24:55.870506: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:55.870508: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:55.870510: | rejected packet: Oct 31 15:24:55.870513: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:55.870515: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:55.870517: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.870519: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.870521: | control: Oct 31 15:24:55.870523: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:55.870526: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:55.870528: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.870530: | name: Oct 31 15:24:55.870532: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:55.870540: "north-eastnets/0x2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:55.870546: | spent 0.0797 (0.0797) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.870551: | spent 0.086 (0.086) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:56.272148: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:56.272159: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:56.272162: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:56.272165: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:56.272170: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:56.272173: | IKEv2 retransmit event Oct 31 15:24:56.272177: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:56.272180: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #1 attempt 2 of 0 Oct 31 15:24:56.272182: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 5 Oct 31 15:24:56.272185: | #1 STATE_PARENT_I1: retransmits: current time 744570.70498 Oct 31 15:24:56.272187: | #1 STATE_PARENT_I1: retransmits: retransmit count 4 exceeds limit? NO Oct 31 15:24:56.272189: | #1 STATE_PARENT_I1: retransmits: deltatime 0.8 exceeds limit? NO Oct 31 15:24:56.272191: | #1 STATE_PARENT_I1: retransmits: monotime 0.805232 exceeds limit? NO Oct 31 15:24:56.272193: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:56.272195: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #1 Oct 31 15:24:56.272197: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:56.272234: "north-eastnets/0x2" #1: STATE_PARENT_I1: retransmission; will wait 0.8 seconds for response Oct 31 15:24:56.272240: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:56.272242: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:56.272244: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:56.272245: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:56.272246: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:56.272248: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:56.272249: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:56.272250: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:56.272252: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:56.272253: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:56.272255: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:56.272256: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:56.272257: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:56.272259: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:56.272260: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:56.272262: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:56.272263: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:56.272264: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:56.272266: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:56.272267: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:56.272269: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:56.272270: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:56.272271: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:56.272273: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:56.272274: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:56.272275: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:56.272277: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:56.272278: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:56.272280: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:56.272281: | c0 35 33 31 47 7f Oct 31 15:24:56.272352: | sent 1 messages Oct 31 15:24:56.272362: | #1 spent 0.136 (0.212) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:56.272367: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:56.272380: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:56.272384: | **parse ISAKMP Message (raw): Oct 31 15:24:56.272388: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:56.272393: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:56.272396: | next payload type: 33 (21) Oct 31 15:24:56.272398: | ISAKMP version: 32 (20) Oct 31 15:24:56.272401: | exchange type: 34 (22) Oct 31 15:24:56.272404: | flags: 8 (08) Oct 31 15:24:56.272407: | Message ID: 0 (00 00 00 00) Oct 31 15:24:56.272410: | length: 454 (00 00 01 c6) Oct 31 15:24:56.272414: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:56.272417: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:56.272419: | rejected packet: Oct 31 15:24:56.272422: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:56.272424: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:56.272426: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:56.272428: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:56.272430: | control: Oct 31 15:24:56.272433: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:56.272435: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:56.272439: | 02 00 00 00 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:56.272441: | name: Oct 31 15:24:56.272443: | 02 00 01 f4 c0 01 03 21 00 00 00 00 00 00 00 00 Oct 31 15:24:56.272451: "north-eastnets/0x2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.3.33: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:56.272457: | spent 0.0796 (0.0797) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:56.272460: | spent 0.0847 (0.0845) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:57.072309: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:57.072328: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:57.072334: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:57.072339: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:57.072348: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.072353: | IKEv2 retransmit event Oct 31 15:24:57.072359: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:57.072365: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #1 attempt 2 of 0 Oct 31 15:24:57.072369: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 6 Oct 31 15:24:57.072374: | #1 STATE_PARENT_I1: retransmits: current time 744571.505169 Oct 31 15:24:57.072378: | #1 STATE_PARENT_I1: retransmits: retransmit count 5 exceeds limit? NO Oct 31 15:24:57.072381: | #1 STATE_PARENT_I1: retransmits: deltatime 1.6 exceeds limit? NO Oct 31 15:24:57.072385: | #1 STATE_PARENT_I1: retransmits: monotime 1.605421 exceeds limit? NO Oct 31 15:24:57.072389: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:57.072441: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #1 Oct 31 15:24:57.072446: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:57.072453: "north-eastnets/0x2" #1: STATE_PARENT_I1: retransmission; will wait 1.6 seconds for response Oct 31 15:24:57.072462: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:57.072466: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:57.072469: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:57.072472: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:57.072474: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:57.072477: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:57.072479: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:57.072482: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:57.072484: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:57.072487: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:57.072489: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:57.072492: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:57.072494: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:57.072543: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:57.072549: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:57.072552: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:57.072554: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:57.072557: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:57.072559: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:57.072561: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:57.072564: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:57.072567: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:57.072569: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:57.072575: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:57.072578: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:57.072581: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:57.072583: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:57.072586: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:57.072588: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:57.072591: | c0 35 33 31 47 7f Oct 31 15:24:57.072678: | sent 1 messages Oct 31 15:24:57.072689: | #1 spent 0.24 (0.379) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:57.072696: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:58.674222: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:58.674244: | handling event EVENT_RETRANSMIT for parent state #1 Oct 31 15:24:58.674250: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:58.674254: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:58.674262: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:58.674268: | IKEv2 retransmit event Oct 31 15:24:58.674273: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:58.674278: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #1 attempt 2 of 0 Oct 31 15:24:58.674282: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 7 Oct 31 15:24:58.674287: | #1 STATE_PARENT_I1: retransmits: current time 744573.107082 Oct 31 15:24:58.674290: | #1 STATE_PARENT_I1: retransmits: retransmit count 6 exceeds limit? NO Oct 31 15:24:58.674293: | #1 STATE_PARENT_I1: retransmits: deltatime 3.2 exceeds limit? NO Oct 31 15:24:58.674296: | #1 STATE_PARENT_I1: retransmits: monotime 3.207334 exceeds limit? NO Oct 31 15:24:58.674300: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:58.674303: | inserting event EVENT_RETRANSMIT, timeout in 3.2 seconds for #1 Oct 31 15:24:58.674306: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:58.674312: "north-eastnets/0x2" #1: STATE_PARENT_I1: retransmission; will wait 3.2 seconds for response Oct 31 15:24:58.674320: | sending 454 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:58.674323: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:58.674326: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:58.674328: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:58.674330: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:58.674332: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:58.674334: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:58.674337: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:58.674339: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:58.674341: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:58.674344: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:58.674346: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:58.674348: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:58.674350: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:58.674352: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:58.674354: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:58.674356: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:58.674358: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:58.674361: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:58.674363: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:58.674370: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:58.674373: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:58.674375: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:58.674377: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:58.674379: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:58.674381: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:58.674383: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:58.674386: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:58.674388: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:58.674390: | c0 35 33 31 47 7f Oct 31 15:24:58.674797: | sent 1 messages Oct 31 15:24:58.674810: | #1 spent 0.567 (0.587) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:58.674816: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:59.076289: | spent 0 (0.00239) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.076314: | newref struct msg_digest@0x55cebdca3bd8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.076320: | newref alloc logger@0x55cebdc8ee68(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.076327: | *received 454 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:59.076330: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.076333: | 21 20 22 20 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:59.076335: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:59.076338: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:59.076340: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:59.076342: | 00 0e 00 00 e7 9f d0 56 f9 37 96 0a 51 79 41 1b Oct 31 15:24:59.076344: | 14 96 a4 77 a3 70 03 14 9c 96 35 32 35 2f 38 ba Oct 31 15:24:59.076347: | 17 0f 0c ab 42 cf f6 65 76 ba 1a 01 58 1c 62 1d Oct 31 15:24:59.076349: | 5e 7c ac 21 36 fe ab b6 96 e6 53 c6 79 5c 8b 13 Oct 31 15:24:59.076351: | f6 d3 60 ab 41 81 f0 56 79 bd 9a d7 b7 df 37 1b Oct 31 15:24:59.076353: | eb 77 44 c8 25 57 37 3d 09 b7 6a 9b 29 62 a5 32 Oct 31 15:24:59.076355: | 00 77 42 23 f6 b9 f7 7f b3 f6 11 53 4d ba 77 3b Oct 31 15:24:59.076358: | 54 78 c3 a7 3a 7b 56 21 92 1b 6d 20 08 31 69 6c Oct 31 15:24:59.076360: | a6 db 3e 1f 40 0a 54 82 52 f0 37 cd 48 41 86 2d Oct 31 15:24:59.076362: | 72 f5 50 4a 56 f6 11 e8 4d 1a f4 95 6a 47 b1 6a Oct 31 15:24:59.076364: | 11 34 ec cd e3 57 2a b8 02 74 28 99 1c a6 9f 82 Oct 31 15:24:59.076366: | da 26 a6 af 7c 5a 7a 8d a9 c6 9d b5 54 54 c5 dd Oct 31 15:24:59.076368: | 26 84 d6 56 2a cd c0 eb 04 64 2d 4d 9f 99 c1 d0 Oct 31 15:24:59.076371: | aa 89 d4 fc 24 20 37 70 a9 75 67 86 84 f4 dd 7a Oct 31 15:24:59.076374: | c9 d2 ad c2 27 47 63 20 9c 14 73 30 82 fd 93 52 Oct 31 15:24:59.076376: | 60 6f 8f b2 c1 c5 ab ce b6 70 fd 1a 46 0e 9d 8c Oct 31 15:24:59.076378: | 2c 0d 52 1d 29 00 00 24 0c 1b e7 d8 b7 18 a4 6d Oct 31 15:24:59.076380: | b0 af 4b 41 39 a1 67 97 9b 08 f0 ab 91 27 eb 5b Oct 31 15:24:59.076382: | 7c 30 c0 88 c0 d0 77 16 29 00 00 08 00 00 40 2e Oct 31 15:24:59.076385: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:59.076387: | 00 1c 00 00 40 04 87 dc e1 ba 91 3b f0 f7 12 06 Oct 31 15:24:59.076389: | 4d 10 7e 46 1b 9e d1 9a d3 d3 00 00 00 1c 00 00 Oct 31 15:24:59.076391: | 40 05 dd d8 c6 46 f4 db a7 c5 d0 a5 0d dc b8 ea Oct 31 15:24:59.076393: | ae 8e 06 2f 17 91 Oct 31 15:24:59.076398: | **parse ISAKMP Message: Oct 31 15:24:59.076403: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.076407: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.076410: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:59.076413: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.076418: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:59.076421: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:59.076424: | Message ID: 0 (00 00 00 00) Oct 31 15:24:59.076428: | length: 454 (00 00 01 c6) Oct 31 15:24:59.076431: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:59.076435: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:24:59.076439: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:59.076443: | #1 is idle Oct 31 15:24:59.076445: | #1 idle Oct 31 15:24:59.076447: | unpacking clear payloads Oct 31 15:24:59.076450: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:59.076454: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:59.076456: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:59.076459: | flags: none (0x0) Oct 31 15:24:59.076462: | length: 48 (00 30) Oct 31 15:24:59.076465: | processing payload: ISAKMP_NEXT_v2SA (len=44) Oct 31 15:24:59.076467: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:59.076470: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:59.076472: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:59.076475: | flags: none (0x0) Oct 31 15:24:59.076478: | length: 264 (01 08) Oct 31 15:24:59.076482: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.076485: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:59.076487: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:59.076490: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:59.076492: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.076495: | flags: none (0x0) Oct 31 15:24:59.076498: | length: 36 (00 24) Oct 31 15:24:59.076500: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:59.076502: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.076505: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.076508: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.076510: | flags: none (0x0) Oct 31 15:24:59.076513: | length: 8 (00 08) Oct 31 15:24:59.076516: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.076518: | SPI size: 0 (00) Oct 31 15:24:59.076521: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:59.076524: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:59.076526: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.076529: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.076531: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.076534: | flags: none (0x0) Oct 31 15:24:59.076537: | length: 14 (00 0e) Oct 31 15:24:59.076539: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.076542: | SPI size: 0 (00) Oct 31 15:24:59.076544: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:59.076546: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:59.076549: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.076552: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.076555: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.076557: | flags: none (0x0) Oct 31 15:24:59.076560: | length: 28 (00 1c) Oct 31 15:24:59.076562: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.076565: | SPI size: 0 (00) Oct 31 15:24:59.076567: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:59.076570: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:59.076572: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.076575: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.076577: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.076580: | flags: none (0x0) Oct 31 15:24:59.076582: | length: 28 (00 1c) Oct 31 15:24:59.076585: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.076588: | SPI size: 0 (00) Oct 31 15:24:59.076590: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:59.076595: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:59.076597: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:24:59.076600: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:24:59.076603: | message has errors Oct 31 15:24:59.076605: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:24:59.076607: | message has errors Oct 31 15:24:59.076610: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:24:59.076612: | message has errors Oct 31 15:24:59.076614: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:59.076616: | matched unencrypted message Oct 31 15:24:59.076624: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:24:59.076628: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:59.076632: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:59.076634: | hash algorithm identifier (network ordered) Oct 31 15:24:59.076636: | 00 02 Oct 31 15:24:59.076639: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:59.076641: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:59.076643: | hash algorithm identifier (network ordered) Oct 31 15:24:59.076645: | 00 03 Oct 31 15:24:59.076647: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:59.076650: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:59.076652: | hash algorithm identifier (network ordered) Oct 31 15:24:59.076654: | 00 04 Oct 31 15:24:59.076656: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:59.076659: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:24:59.076667: | using existing local IKE proposals for connection north-eastnets/0x2 (IKE SA initiator accepting remote proposal): 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:59.076670: | comparing remote proposals against IKE initiator (accepting) 1 local proposals Oct 31 15:24:59.076674: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:59.076677: | local proposal 1 type PRF has 1 transforms Oct 31 15:24:59.076679: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:59.076682: | local proposal 1 type DH has 1 transforms Oct 31 15:24:59.076684: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:59.076688: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:59.076692: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.076694: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.076697: | length: 44 (00 2c) Oct 31 15:24:59.076700: | prop #: 1 (01) Oct 31 15:24:59.076703: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:59.076706: | spi size: 0 (00) Oct 31 15:24:59.076708: | # transforms: 4 (04) Oct 31 15:24:59.076712: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:59.076715: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.076718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.076721: | length: 12 (00 0c) Oct 31 15:24:59.076723: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.076726: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.076729: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.076732: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.076735: | length/value: 256 (01 00) Oct 31 15:24:59.076739: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:59.076744: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.076747: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.076750: | length: 8 (00 08) Oct 31 15:24:59.076752: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.076755: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:59.076758: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:59.076761: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.076764: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.076767: | length: 8 (00 08) Oct 31 15:24:59.076769: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.076772: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:59.076775: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:59.076778: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.076780: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.076783: | length: 8 (00 08) Oct 31 15:24:59.076786: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.076788: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.076792: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:59.076796: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Oct 31 15:24:59.076801: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Oct 31 15:24:59.076804: | remote proposal 1 matches local proposal 1 Oct 31 15:24:59.076807: | remote accepted the proposal 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Oct 31 15:24:59.076810: | converting proposal to internal trans attrs Oct 31 15:24:59.076828: | natd_hash: hasher=0x55cebc3a3f80(20) Oct 31 15:24:59.076833: | natd_hash: icookie= Oct 31 15:24:59.076835: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.076837: | natd_hash: rcookie= Oct 31 15:24:59.076839: | 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.076842: | natd_hash: ip= Oct 31 15:24:59.076844: | c0 01 02 17 Oct 31 15:24:59.076846: | natd_hash: port= Oct 31 15:24:59.076848: | 01 f4 Oct 31 15:24:59.076850: | natd_hash: hash= Oct 31 15:24:59.076852: | dd d8 c6 46 f4 db a7 c5 d0 a5 0d dc b8 ea ae 8e Oct 31 15:24:59.076854: | 06 2f 17 91 Oct 31 15:24:59.076862: | natd_hash: hasher=0x55cebc3a3f80(20) Oct 31 15:24:59.076865: | natd_hash: icookie= Oct 31 15:24:59.076868: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.076870: | natd_hash: rcookie= Oct 31 15:24:59.076872: | 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.076874: | natd_hash: ip= Oct 31 15:24:59.076876: | c0 01 03 21 Oct 31 15:24:59.076878: | natd_hash: port= Oct 31 15:24:59.076880: | 01 f4 Oct 31 15:24:59.076882: | natd_hash: hash= Oct 31 15:24:59.076885: | 87 dc e1 ba 91 3b f0 f7 12 06 4d 10 7e 46 1b 9e Oct 31 15:24:59.076887: | d1 9a d3 d3 Oct 31 15:24:59.076890: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:59.076892: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:59.076894: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:59.076897: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Oct 31 15:24:59.076905: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Oct 31 15:24:59.076909: | DH secret MODP2048@0x7f3290006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:59.076914: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:59.076916: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:59.076919: | newref clone logger@0x55cebdbdb198(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:59.076922: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:59.076925: | state #1 has no .st_event to delete Oct 31 15:24:59.076929: | #1 requesting EVENT_RETRANSMIT-pe@0x55cebdc9f838 be deleted Oct 31 15:24:59.076933: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:59.076937: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.076940: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:59.076943: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc9fbd8 Oct 31 15:24:59.076946: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:59.076949: | libevent_malloc: newref ptr-libevent@0x55cebdc9d3f8 size 128 Oct 31 15:24:59.076961: | #1 spent 0.328 (0.328) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:24:59.076967: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.076972: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:59.076975: | suspending state #1 and saving MD 0x55cebdca3bd8 Oct 31 15:24:59.076978: | addref md@0x55cebdca3bd8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:59.076981: | #1 is busy; has suspended MD 0x55cebdca3bd8 Oct 31 15:24:59.076985: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:24:59.076991: | #1 spent 0.705 (0.708) milliseconds in ikev2_process_packet() Oct 31 15:24:59.076994: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.076997: | delref mdp@0x55cebdca3bd8(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.077001: | spent 0.715 (0.719) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.077020: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 2 starting job Oct 31 15:24:59.077909: | calculating skeyseed using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey-size=32 salt-size=0 Oct 31 15:24:59.078056: | "north-eastnets/0x2" #1: spent 1.03 (1.04) milliseconds in helper 2 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:24:59.078061: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 2 sending result back to state Oct 31 15:24:59.078065: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:59.078068: | libevent_malloc: newref ptr-libevent@0x7f328800ddb8 size 128 Oct 31 15:24:59.078077: | helper thread 2 has nothing to do Oct 31 15:24:59.078087: | processing resume sending helper answer back to state for #1 Oct 31 15:24:59.078093: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:59.078098: | unsuspending #1 MD 0x55cebdca3bd8 Oct 31 15:24:59.078100: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 2 Oct 31 15:24:59.078103: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x55cebc2b1fe7 Oct 31 15:24:59.078106: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:24:59.078110: | DH secret MODP2048@0x7f3290006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:59.078113: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:24:59.078138: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:59.078161: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@north of kind RSA Oct 31 15:24:59.078295: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:59.078581: | copying key using reference slot Oct 31 15:24:59.080706: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:59.080715: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:59.080726: "north-eastnets/0x2" #1: reloaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:59.080729: | connection north-eastnets/0x2's RSA private key found in NSS DB using CKAID Oct 31 15:24:59.080738: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:59.080741: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:59.080745: | newref clone logger@0x55cebdc9f838(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:59.080748: | job 3 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:59.080751: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:59.080755: | libevent_free: delref ptr-libevent@0x55cebdc9d3f8 Oct 31 15:24:59.080758: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc9fbd8 Oct 31 15:24:59.080761: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:59.080765: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc9d3f8 Oct 31 15:24:59.080768: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:59.080771: | libevent_malloc: newref ptr-libevent@0x55cebdc9d148 size 128 Oct 31 15:24:59.080783: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.080789: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:59.080792: | suspending state #1 and saving MD 0x55cebdca3bd8 Oct 31 15:24:59.080793: | job 3 for #1: computing responder signature (signature): helper 4 starting job Oct 31 15:24:59.080806: | hash to sign Oct 31 15:24:59.080810: | 8d e2 d7 c9 6f 2b ec 8e 8a 14 72 2b 1b 34 3d b6 Oct 31 15:24:59.080813: | bd bb e1 f6 58 db be 0d 68 b1 78 63 8f fe 4e b5 Oct 31 15:24:59.080815: | 6f 15 49 6d c4 1d 94 85 c1 31 c7 70 06 69 85 38 Oct 31 15:24:59.080817: | 33 da 5b ed c7 1b b8 1a b6 97 30 2c cd 52 0e 0b Oct 31 15:24:59.080820: | RSA_sign_hash: Started using NSS Oct 31 15:24:59.080795: | addref md@0x55cebdca3bd8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:59.107867: | #1 is busy; has suspended MD 0x55cebdca3bd8 Oct 31 15:24:59.107878: | delref logger@0x55cebdbdb198(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:59.107882: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.107885: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.107890: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:59.107894: | delref mdp@0x55cebdca3bd8(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:59.107905: | #1 spent 2.77 (29.8) milliseconds in resume sending helper answer back to state Oct 31 15:24:59.107913: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:59.107919: | libevent_free: delref ptr-libevent@0x7f328800ddb8 Oct 31 15:24:59.137439: | RSA_sign_hash: Ended using NSS Oct 31 15:24:59.137560: | "north-eastnets/0x2" #1: spent 9.02 (56.7) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:59.137568: | "north-eastnets/0x2" #1: spent 9.05 (56.8) milliseconds in v2_auth_signature() Oct 31 15:24:59.137575: | "north-eastnets/0x2" #1: spent 9.07 (56.8) milliseconds in helper 4 processing job 3 for state #1: computing responder signature (signature) Oct 31 15:24:59.137578: | job 3 for #1: computing responder signature (signature): helper thread 4 sending result back to state Oct 31 15:24:59.137583: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:59.137588: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:24:59.137614: | processing resume sending helper answer back to state for #1 Oct 31 15:24:59.137625: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:59.137630: | unsuspending #1 MD 0x55cebdca3bd8 Oct 31 15:24:59.137633: | job 3 for #1: computing responder signature (signature): processing response from helper 4 Oct 31 15:24:59.137636: | job 3 for #1: computing responder signature (signature): calling continuation function 0x55cebc1e077f Oct 31 15:24:59.137787: | newref alloc logger@0x55cebdbdb198(0->1) (in new_state() at state.c:576) Oct 31 15:24:59.137791: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:59.137795: | creating state object #2 at 0x55cebdca8e18 Oct 31 15:24:59.137848: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:59.137857: | pstats #2 ikev2.child started Oct 31 15:24:59.137861: | duplicating state object #1 "north-eastnets/0x2" as #2 for IPSEC SA Oct 31 15:24:59.137868: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:59.137878: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.897271 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:59.137929: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:24:59.137984: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:59.137992: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.897271 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:24:59.137999: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.897271 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:24:59.138004: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:24:59.138008: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:59.138012: | libevent_free: delref ptr-libevent@0x55cebdc9d148 Oct 31 15:24:59.138016: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc9d3f8 Oct 31 15:24:59.138019: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:59.138023: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55cebdc9d148 Oct 31 15:24:59.138026: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1 Oct 31 15:24:59.138029: | libevent_malloc: newref ptr-libevent@0x7f328800ddb8 size 128 Oct 31 15:24:59.138033: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:24:59.138039: | opening output PBS reply packet Oct 31 15:24:59.138043: | **emit ISAKMP Message: Oct 31 15:24:59.138049: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.138053: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.138056: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:59.138059: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.138062: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.138065: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.138069: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.138072: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:59.138077: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:59.138080: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.138082: | flags: none (0x0) Oct 31 15:24:59.138086: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:59.138089: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.138093: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:59.138106: | IKEv2 CERT: send a certificate? Oct 31 15:24:59.138109: | IKEv2 CERT: no certificate to send Oct 31 15:24:59.138112: | IDr payload will be sent Oct 31 15:24:59.138114: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:24:59.138120: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.138123: | flags: none (0x0) Oct 31 15:24:59.138126: | ID type: ID_FQDN (0x2) Oct 31 15:24:59.138129: | reserved: 00 00 00 Oct 31 15:24:59.138132: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:24:59.138135: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.138138: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:24:59.138141: | my identity: 65 61 73 74 Oct 31 15:24:59.138144: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Oct 31 15:24:59.138148: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:59.138150: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.138153: | flags: none (0x0) Oct 31 15:24:59.138155: | ID type: ID_FQDN (0x2) Oct 31 15:24:59.138159: | reserved: 00 00 00 Oct 31 15:24:59.138162: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:59.138164: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.138168: | emitting 5 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:24:59.138171: | their IDr: 6e 6f 72 74 68 Oct 31 15:24:59.138174: | emitting length of IKEv2 Identification - Responder - Payload: 13 Oct 31 15:24:59.138176: | not sending INITIAL_CONTACT Oct 31 15:24:59.138179: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:59.138181: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.138184: | flags: none (0x0) Oct 31 15:24:59.138187: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:59.138190: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:59.138193: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.138196: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:59.138202: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:59.138209: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:59.138212: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:59.138214: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:59.138217: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:59.138219: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:59.138221: | 03 02 01 40 Oct 31 15:24:59.138224: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:59.138227: | signature: Oct 31 15:24:59.138229: | 7f 3b f9 4f cb ec 25 fd ca 18 59 5f 35 69 93 01 Oct 31 15:24:59.138232: | f5 f5 c6 f8 ea 76 21 ac 9f 1e 1f 3f 39 ba f5 3a Oct 31 15:24:59.138234: | e0 df 5e e6 8c 99 1b a7 99 20 dc 94 25 c1 60 8d Oct 31 15:24:59.138237: | 20 e5 94 07 01 66 bc 8f f6 b9 b4 c8 ae ce 39 c2 Oct 31 15:24:59.138239: | 96 57 07 26 fd 4e 79 70 b5 66 72 7d ae 10 0c ca Oct 31 15:24:59.138241: | 57 e5 f3 07 1e b2 a6 07 b8 79 b2 d3 ff d0 4b 55 Oct 31 15:24:59.138243: | 1e f7 e0 0a 64 f0 07 65 74 29 8c a8 fe 09 e7 33 Oct 31 15:24:59.138246: | 2a 1d d4 ab 21 c7 6c 36 fa 42 df 44 29 67 c6 a8 Oct 31 15:24:59.138248: | a8 06 66 97 1e 59 48 9a b8 7b 24 02 65 e0 6c 2c Oct 31 15:24:59.138250: | 2a 73 43 1e c5 b6 b9 e6 27 4b f0 8e 36 06 88 7d Oct 31 15:24:59.138252: | 79 82 20 e9 2c 14 28 b0 d3 9c 7c 35 35 8b 03 37 Oct 31 15:24:59.138255: | 16 1f 37 67 8d 73 c0 b3 3d 6e 4d 74 34 ef 0c e7 Oct 31 15:24:59.138257: | 99 5d b0 f3 af 32 35 8b 54 c1 01 b9 b4 96 9e 81 Oct 31 15:24:59.138261: | b6 b3 aa 8b da 79 81 bc ab cb 61 67 14 0c e3 d5 Oct 31 15:24:59.138263: | a5 1b b4 0d 46 c6 a4 16 2a 8f a7 1f 94 d9 d8 74 Oct 31 15:24:59.138266: | 05 d8 4d bc 3d 69 17 3f 91 c2 e8 29 a4 ac ef ec Oct 31 15:24:59.138268: | df ce 5a e5 5e dd d3 7c 68 fb 52 44 55 d4 06 14 Oct 31 15:24:59.138461: | 60 28 Oct 31 15:24:59.138465: | emitting length of IKEv2 Authentication Payload: 350 Oct 31 15:24:59.138469: | getting first pending from state #1 Oct 31 15:24:59.138472: | delref fd@NULL (in first_pending() at pending.c:318) Oct 31 15:24:59.138475: | addref fd@NULL (in first_pending() at pending.c:319) Oct 31 15:24:59.138478: | Switching Child connection for #2 to "north-eastnets/0x1" from "north-eastnets/0x2" Oct 31 15:24:59.138573: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:24:59.138599: | netlink_get_spi: allocated 0xfafbe28b for esp.0@192.1.2.23 Oct 31 15:24:59.138604: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:24:59.138610: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Oct 31 15:24:59.138618: | ... ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:24:59.138622: "north-eastnets/0x1": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:24:59.138627: "north-eastnets/0x1": 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:24:59.138630: | Emitting ikev2_proposals ... Oct 31 15:24:59.138633: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:59.138636: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.138639: | flags: none (0x0) Oct 31 15:24:59.138642: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:59.138644: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.138649: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:59.138652: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.138655: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.138658: | prop #: 1 (01) Oct 31 15:24:59.138801: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:59.138806: | spi size: 4 (04) Oct 31 15:24:59.138809: | # transforms: 3 (03) Oct 31 15:24:59.138812: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:59.138816: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:59.138868: | our spi: fa fb e2 8b Oct 31 15:24:59.138875: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.138878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.138881: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.138884: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.138887: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.138890: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.138892: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.138896: | length/value: 128 (00 80) Oct 31 15:24:59.138899: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:59.138902: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.138904: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.139002: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.139007: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:59.139010: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.139013: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.139019: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.139022: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:59.139025: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.139028: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.139031: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:59.139033: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:59.139036: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.139038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.139041: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.139044: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:24:59.139047: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:59.139049: | emitting length of IKEv2 Security Association Payload: 44 Oct 31 15:24:59.139052: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:59.139057: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:59.139060: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.139063: | flags: none (0x0) Oct 31 15:24:59.139066: | number of TS: 1 (01) Oct 31 15:24:59.139069: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:59.139072: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.139075: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:59.139077: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.139080: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.139084: | start port: 0 (00 00) Oct 31 15:24:59.139087: | end port: 65535 (ff ff) Oct 31 15:24:59.139091: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:59.139094: | IP start: c0 00 02 00 Oct 31 15:24:59.139097: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:59.139100: | IP end: c0 00 02 ff Oct 31 15:24:59.139103: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:59.139106: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:59.139108: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:59.139111: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.139113: | flags: none (0x0) Oct 31 15:24:59.139116: | number of TS: 1 (01) Oct 31 15:24:59.139119: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:59.139122: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.139125: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:59.139128: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.139130: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.139134: | start port: 0 (00 00) Oct 31 15:24:59.139137: | end port: 65535 (ff ff) Oct 31 15:24:59.139140: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:59.139143: | IP start: c0 00 03 00 Oct 31 15:24:59.139146: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:59.139149: | IP end: c0 00 03 ff Oct 31 15:24:59.139152: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:59.139154: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:59.139159: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:59.139161: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:59.139165: | adding 13 bytes of padding (including 1 byte padding-length) Oct 31 15:24:59.139168: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139171: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139174: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139176: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139179: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139182: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139184: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139187: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139189: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139192: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139195: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139197: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139208: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.139211: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:59.139214: | emitting length of IKEv2 Encryption Payload: 516 Oct 31 15:24:59.139216: | emitting length of ISAKMP Message: 544 Oct 31 15:24:59.139222: | **parse ISAKMP Message: Oct 31 15:24:59.139227: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.139231: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.139234: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:59.139236: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.139239: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.139242: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.139246: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.139250: | length: 544 (00 00 02 20) Oct 31 15:24:59.139253: | **parse IKEv2 Encryption Payload: Oct 31 15:24:59.139255: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:59.139258: | flags: none (0x0) Oct 31 15:24:59.139261: | length: 516 (02 04) Oct 31 15:24:59.139264: | opening output PBS reply frag packet Oct 31 15:24:59.139266: | **emit ISAKMP Message: Oct 31 15:24:59.139271: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.139275: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.139277: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:59.139280: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.139283: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.139285: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.139289: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.139292: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:59.139480: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:59.139486: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:59.139489: | flags: none (0x0) Oct 31 15:24:59.139493: | fragment number: 1 (00 01) Oct 31 15:24:59.139496: | total fragments: 1 (00 01) Oct 31 15:24:59.139499: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Oct 31 15:24:59.139502: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:59.139602: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:59.139607: | emitting 16 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:59.139613: | emitting 467 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:59.139616: | cleartext fragment: Oct 31 15:24:59.139619: | 24 00 00 0c 02 00 00 00 65 61 73 74 27 00 00 0d Oct 31 15:24:59.139621: | 02 00 00 00 6e 6f 72 74 68 21 00 01 5e 0e 00 00 Oct 31 15:24:59.139623: | 00 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 Oct 31 15:24:59.139626: | 34 a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 Oct 31 15:24:59.139628: | 05 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 Oct 31 15:24:59.139630: | 08 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 Oct 31 15:24:59.139633: | a2 03 02 01 40 7f 3b f9 4f cb ec 25 fd ca 18 59 Oct 31 15:24:59.139635: | 5f 35 69 93 01 f5 f5 c6 f8 ea 76 21 ac 9f 1e 1f Oct 31 15:24:59.139637: | 3f 39 ba f5 3a e0 df 5e e6 8c 99 1b a7 99 20 dc Oct 31 15:24:59.139640: | 94 25 c1 60 8d 20 e5 94 07 01 66 bc 8f f6 b9 b4 Oct 31 15:24:59.139642: | c8 ae ce 39 c2 96 57 07 26 fd 4e 79 70 b5 66 72 Oct 31 15:24:59.139644: | 7d ae 10 0c ca 57 e5 f3 07 1e b2 a6 07 b8 79 b2 Oct 31 15:24:59.139647: | d3 ff d0 4b 55 1e f7 e0 0a 64 f0 07 65 74 29 8c Oct 31 15:24:59.139649: | a8 fe 09 e7 33 2a 1d d4 ab 21 c7 6c 36 fa 42 df Oct 31 15:24:59.139651: | 44 29 67 c6 a8 a8 06 66 97 1e 59 48 9a b8 7b 24 Oct 31 15:24:59.139653: | 02 65 e0 6c 2c 2a 73 43 1e c5 b6 b9 e6 27 4b f0 Oct 31 15:24:59.139656: | 8e 36 06 88 7d 79 82 20 e9 2c 14 28 b0 d3 9c 7c Oct 31 15:24:59.139658: | 35 35 8b 03 37 16 1f 37 67 8d 73 c0 b3 3d 6e 4d Oct 31 15:24:59.139660: | 74 34 ef 0c e7 99 5d b0 f3 af 32 35 8b 54 c1 01 Oct 31 15:24:59.139663: | b9 b4 96 9e 81 b6 b3 aa 8b da 79 81 bc ab cb 61 Oct 31 15:24:59.139665: | 67 14 0c e3 d5 a5 1b b4 0d 46 c6 a4 16 2a 8f a7 Oct 31 15:24:59.139667: | 1f 94 d9 d8 74 05 d8 4d bc 3d 69 17 3f 91 c2 e8 Oct 31 15:24:59.139669: | 29 a4 ac ef ec df ce 5a e5 5e dd d3 7c 68 fb 52 Oct 31 15:24:59.139672: | 44 55 d4 06 14 60 28 2c 00 00 2c 00 00 00 28 01 Oct 31 15:24:59.139675: | 03 04 03 fa fb e2 8b 03 00 00 0c 01 00 00 0c 80 Oct 31 15:24:59.139677: | 0e 00 80 03 00 00 08 03 00 00 0e 00 00 00 08 05 Oct 31 15:24:59.139679: | 00 00 00 2d 00 00 18 01 00 00 00 07 00 00 10 00 Oct 31 15:24:59.139817: | 00 ff ff c0 00 02 00 c0 00 02 ff 00 00 00 18 01 Oct 31 15:24:59.139824: | 00 00 00 07 00 00 10 00 00 ff ff c0 00 03 00 c0 Oct 31 15:24:59.139827: | 00 03 ff Oct 31 15:24:59.139830: | adding 13 bytes of padding (including 1 byte padding-length) Oct 31 15:24:59.139833: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139836: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139839: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139842: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139895: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139900: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139902: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139905: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139907: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139910: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139912: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139915: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139919: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:59.139922: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:59.139925: | emitting length of IKEv2 Encrypted Fragment: 520 Oct 31 15:24:59.139927: | emitting length of ISAKMP Message: 548 Oct 31 15:24:59.140067: | recording fragment 1 Oct 31 15:24:59.140075: | delref logger@0x55cebdc9f838(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:59.140079: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.140081: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.140085: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:24:59.140091: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.140097: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.140102: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:59.140106: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:24:59.140108: | Message ID: updating counters for #2 Oct 31 15:24:59.140115: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.897271 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:59.140124: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744569.897271->744573.572907 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:24:59.140131: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744573.572907 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:24:59.140135: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.140139: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #2 Oct 31 15:24:59.140142: | libevent_malloc: newref ptr-libevent@0x55cebdca6598 size 128 Oct 31 15:24:59.140147: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744573.572931 Oct 31 15:24:59.140154: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744573.572907 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:24:59.140161: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744573.572907 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.140165: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:24:59.140168: | announcing the state transition Oct 31 15:24:59.140173: "north-eastnets/0x2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Oct 31 15:24:59.140182: | sending 548 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.140185: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.140187: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.140189: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.140202: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.140208: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.140211: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.140213: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.140216: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.140218: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.140220: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.140222: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.140225: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.140227: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.140229: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.140231: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.140234: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.140236: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.140238: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.140241: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.140243: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.140246: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.140248: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.140250: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.140253: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.140255: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.140257: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.140259: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.140262: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.140264: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.140266: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.140269: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.140271: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.140273: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.140276: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.140278: | c1 f2 57 66 Oct 31 15:24:59.141227: | sent 1 messages Oct 31 15:24:59.141234: | checking that a retransmit timeout_event was already Oct 31 15:24:59.141236: | state #2 has no .st_event to delete Oct 31 15:24:59.141240: | delref mdp@0x55cebdca3bd8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.141244: | delref logger@0x55cebdc8ee68(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.141247: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.141249: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.141256: | #1 spent 1.52 (3.62) milliseconds in resume sending helper answer back to state Oct 31 15:24:59.141262: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:59.141265: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:24:59.141275: | helper thread 4 has nothing to do Oct 31 15:24:59.191397: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:59.191418: | handling event EVENT_RETRANSMIT for child state #2 Oct 31 15:24:59.191424: | libevent_free: delref ptr-libevent@0x55cebdca6598 Oct 31 15:24:59.191428: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.191438: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:59.191443: | IKEv2 retransmit event Oct 31 15:24:59.191450: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:59.191455: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #2 attempt 2 of 0 Oct 31 15:24:59.191463: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:59.191468: | #2 STATE_PARENT_I2: retransmits: current time 744573.624263 Oct 31 15:24:59.191471: | #2 STATE_PARENT_I2: retransmits: retransmit count 0 exceeds limit? NO Oct 31 15:24:59.191475: | #2 STATE_PARENT_I2: retransmits: deltatime 0.05 exceeds limit? NO Oct 31 15:24:59.191478: | #2 STATE_PARENT_I2: retransmits: monotime 0.051332 exceeds limit? NO Oct 31 15:24:59.191482: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.191486: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #2 Oct 31 15:24:59.191490: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:24:59.191496: "north-eastnets/0x1" #2: STATE_PARENT_I2: retransmission; will wait 0.05 seconds for response Oct 31 15:24:59.191504: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.191508: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.191510: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.191512: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.191515: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.191517: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.191520: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.191522: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.191525: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.191527: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.191529: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.191532: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.191534: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.191536: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.191539: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.191541: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.191543: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.191546: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.191548: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.191550: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.191552: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.191555: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.191557: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.191559: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.191562: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.191565: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.191567: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.191569: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.191571: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.191573: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.191576: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.191578: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.191580: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.191582: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.191584: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.191586: | c1 f2 57 66 Oct 31 15:24:59.191624: | sent 1 messages Oct 31 15:24:59.191634: | #2 spent 0.215 (0.236) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:59.191871: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:59.243027: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:59.243137: | handling event EVENT_RETRANSMIT for child state #2 Oct 31 15:24:59.243144: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:24:59.243149: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.243158: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:59.243163: | IKEv2 retransmit event Oct 31 15:24:59.243170: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:59.243175: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #2 attempt 2 of 0 Oct 31 15:24:59.243179: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:59.243185: | #2 STATE_PARENT_I2: retransmits: current time 744573.675979 Oct 31 15:24:59.243188: | #2 STATE_PARENT_I2: retransmits: retransmit count 1 exceeds limit? NO Oct 31 15:24:59.243191: | #2 STATE_PARENT_I2: retransmits: deltatime 0.1 exceeds limit? NO Oct 31 15:24:59.243194: | #2 STATE_PARENT_I2: retransmits: monotime 0.103048 exceeds limit? NO Oct 31 15:24:59.243201: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.243207: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #2 Oct 31 15:24:59.243211: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:24:59.243217: "north-eastnets/0x1" #2: STATE_PARENT_I2: retransmission; will wait 0.1 seconds for response Oct 31 15:24:59.243225: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.243228: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.243231: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.243233: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.243236: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.243238: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.243240: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.243243: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.243245: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.243247: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.243249: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.243252: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.243254: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.243257: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.243259: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.243261: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.243263: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.243266: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.243269: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.243271: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.243273: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.243276: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.243278: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.243280: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.243283: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.243285: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.243287: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.243289: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.243292: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.243294: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.243296: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.243303: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.243306: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.243308: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.243310: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.243312: | c1 f2 57 66 Oct 31 15:24:59.243618: | sent 1 messages Oct 31 15:24:59.243630: | #2 spent 0.259 (0.604) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:59.243636: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:59.343758: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:59.343774: | handling event EVENT_RETRANSMIT for child state #2 Oct 31 15:24:59.343779: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:24:59.343782: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.343792: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:59.343797: | IKEv2 retransmit event Oct 31 15:24:59.343803: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:59.343807: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #2 attempt 2 of 0 Oct 31 15:24:59.343811: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:59.343815: | #2 STATE_PARENT_I2: retransmits: current time 744573.77661 Oct 31 15:24:59.343818: | #2 STATE_PARENT_I2: retransmits: retransmit count 2 exceeds limit? NO Oct 31 15:24:59.343821: | #2 STATE_PARENT_I2: retransmits: deltatime 0.2 exceeds limit? NO Oct 31 15:24:59.343824: | #2 STATE_PARENT_I2: retransmits: monotime 0.203679 exceeds limit? NO Oct 31 15:24:59.343827: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.343831: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #2 Oct 31 15:24:59.343834: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:24:59.343840: "north-eastnets/0x1" #2: STATE_PARENT_I2: retransmission; will wait 0.2 seconds for response Oct 31 15:24:59.343849: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.343852: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.343855: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.343857: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.343859: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.343861: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.343863: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.343865: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.343868: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.343870: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.343872: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.343874: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.343876: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.343878: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.343881: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.343883: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.343885: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.343887: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.343889: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.343892: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.343894: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.343896: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.343902: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.343904: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.343907: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.343909: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.343911: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.343913: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.343916: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.343918: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.343920: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.343922: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.343924: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.343926: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.343929: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.343931: | c1 f2 57 66 Oct 31 15:24:59.343968: | sent 1 messages Oct 31 15:24:59.343978: | #2 spent 0.21 (0.219) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:59.343984: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:59.544232: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:59.544248: | handling event EVENT_RETRANSMIT for child state #2 Oct 31 15:24:59.544254: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:24:59.544258: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.544266: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:59.544271: | IKEv2 retransmit event Oct 31 15:24:59.544277: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:59.544282: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #2 attempt 2 of 0 Oct 31 15:24:59.544287: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:59.544292: | #2 STATE_PARENT_I2: retransmits: current time 744573.977086 Oct 31 15:24:59.544294: | #2 STATE_PARENT_I2: retransmits: retransmit count 3 exceeds limit? NO Oct 31 15:24:59.544298: | #2 STATE_PARENT_I2: retransmits: deltatime 0.4 exceeds limit? NO Oct 31 15:24:59.544300: | #2 STATE_PARENT_I2: retransmits: monotime 0.404155 exceeds limit? NO Oct 31 15:24:59.544304: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.544307: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #2 Oct 31 15:24:59.544310: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:24:59.544317: "north-eastnets/0x1" #2: STATE_PARENT_I2: retransmission; will wait 0.4 seconds for response Oct 31 15:24:59.544325: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.544329: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.544331: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.544333: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.544336: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.544338: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.544340: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.544342: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.544344: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.544346: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.544349: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.544351: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.544353: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.544356: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.544362: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.544364: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.544367: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.544369: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.544371: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.544373: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.544375: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.544377: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.544379: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.544382: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.544384: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.544386: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.544388: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.544391: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.544393: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.544395: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.544397: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.544399: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.544402: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.544404: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.544406: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.544408: | c1 f2 57 66 Oct 31 15:24:59.544444: | sent 1 messages Oct 31 15:24:59.544455: | #2 spent 0.214 (0.223) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:59.544461: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:59.946214: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:24:59.946229: | handling event EVENT_RETRANSMIT for child state #2 Oct 31 15:24:59.946235: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:24:59.946239: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.946248: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:59.946253: | IKEv2 retransmit event Oct 31 15:24:59.946259: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:24:59.946264: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #2 attempt 2 of 0 Oct 31 15:24:59.946269: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:24:59.946274: | #2 STATE_PARENT_I2: retransmits: current time 744574.379068 Oct 31 15:24:59.946277: | #2 STATE_PARENT_I2: retransmits: retransmit count 4 exceeds limit? NO Oct 31 15:24:59.946280: | #2 STATE_PARENT_I2: retransmits: deltatime 0.8 exceeds limit? NO Oct 31 15:24:59.946282: | #2 STATE_PARENT_I2: retransmits: monotime 0.806137 exceeds limit? NO Oct 31 15:24:59.946287: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:24:59.946290: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #2 Oct 31 15:24:59.946293: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:24:59.946300: "north-eastnets/0x1" #2: STATE_PARENT_I2: retransmission; will wait 0.8 seconds for response Oct 31 15:24:59.946307: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.946310: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.946313: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.946315: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.946317: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.946322: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.946324: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.946326: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.946328: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.946330: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.946333: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.946335: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.946337: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.946339: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.946342: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.946344: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.946346: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.946348: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.946350: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.946352: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.946355: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.946357: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.946359: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.946361: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.946363: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.946365: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.946368: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.946371: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.946373: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.946375: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.946377: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.946379: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.946381: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.946384: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.946386: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.946388: | c1 f2 57 66 Oct 31 15:24:59.946425: | sent 1 messages Oct 31 15:24:59.946436: | #2 spent 0.211 (0.22) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:24:59.946441: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:00.747220: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:25:00.747238: | handling event EVENT_RETRANSMIT for child state #2 Oct 31 15:25:00.747244: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:25:00.747249: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:25:00.747261: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:00.747267: | IKEv2 retransmit event Oct 31 15:25:00.747273: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:00.747279: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #2 attempt 2 of 0 Oct 31 15:25:00.747283: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:00.747288: | #2 STATE_PARENT_I2: retransmits: current time 744575.180083 Oct 31 15:25:00.747291: | #2 STATE_PARENT_I2: retransmits: retransmit count 5 exceeds limit? NO Oct 31 15:25:00.747297: | #2 STATE_PARENT_I2: retransmits: deltatime 1.6 exceeds limit? NO Oct 31 15:25:00.747301: | #2 STATE_PARENT_I2: retransmits: monotime 1.607152 exceeds limit? NO Oct 31 15:25:00.747305: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:25:00.747309: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #2 Oct 31 15:25:00.747367: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:25:00.747377: "north-eastnets/0x1" #2: STATE_PARENT_I2: retransmission; will wait 1.6 seconds for response Oct 31 15:25:00.747386: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:00.747390: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:00.747392: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:25:00.747395: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:25:00.747397: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:25:00.747400: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:25:00.747402: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:25:00.747405: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:25:00.747407: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:25:00.747410: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:25:00.747412: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:25:00.747415: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:25:00.747418: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:25:00.747423: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:25:00.747425: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:25:00.747428: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:25:00.747430: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:25:00.747432: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:25:00.747435: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:25:00.747437: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:25:00.747439: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:25:00.747442: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:25:00.747444: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:25:00.747447: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:25:00.747449: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:25:00.747452: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:25:00.747454: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:25:00.747457: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:25:00.747459: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:25:00.747462: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:25:00.747464: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:25:00.747468: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:25:00.747472: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:25:00.747475: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:25:00.747477: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:25:00.747479: | c1 f2 57 66 Oct 31 15:25:00.747525: | sent 1 messages Oct 31 15:25:00.747537: | #2 spent 0.263 (0.318) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:00.747544: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:02.348686: | timer_event_cb: processing event@0x55cebdc9f838 Oct 31 15:25:02.348700: | handling event EVENT_RETRANSMIT for child state #2 Oct 31 15:25:02.348705: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:25:02.348710: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:25:02.348719: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:02.348724: | IKEv2 retransmit event Oct 31 15:25:02.348733: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:02.348740: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x1" #2 attempt 2 of 0 Oct 31 15:25:02.348748: | and parent for 192.1.3.33 "north-eastnets/0x1" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:02.348753: | #2 STATE_PARENT_I2: retransmits: current time 744576.781548 Oct 31 15:25:02.348756: | #2 STATE_PARENT_I2: retransmits: retransmit count 6 exceeds limit? NO Oct 31 15:25:02.348759: | #2 STATE_PARENT_I2: retransmits: deltatime 3.2 exceeds limit? NO Oct 31 15:25:02.348762: | #2 STATE_PARENT_I2: retransmits: monotime 3.208617 exceeds limit? NO Oct 31 15:25:02.348766: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:25:02.348770: | inserting event EVENT_RETRANSMIT, timeout in 3.2 seconds for #2 Oct 31 15:25:02.348773: | libevent_malloc: newref ptr-libevent@0x7f328c000d38 size 128 Oct 31 15:25:02.348778: "north-eastnets/0x1" #2: STATE_PARENT_I2: retransmission; will wait 3.2 seconds for response Oct 31 15:25:02.348787: | sending 548 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:02.348790: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:02.348793: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:25:02.348796: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:25:02.348798: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:25:02.348801: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:25:02.348803: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:25:02.348806: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:25:02.348809: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:25:02.348811: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:25:02.348814: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:25:02.348816: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:25:02.348819: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:25:02.348821: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:25:02.348824: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:25:02.348826: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:25:02.348829: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:25:02.348831: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:25:02.348833: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:25:02.348836: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:25:02.348838: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:25:02.348840: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:25:02.348843: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:25:02.348845: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:25:02.348847: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:25:02.348850: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:25:02.348852: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:25:02.348854: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:25:02.348857: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:25:02.348859: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:25:02.348861: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:25:02.348864: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:25:02.348876: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:25:02.348879: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:25:02.348882: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:25:02.348884: | c1 f2 57 66 Oct 31 15:25:02.348923: | sent 1 messages Oct 31 15:25:02.348933: | #2 spent 0.218 (0.246) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:02.348939: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:03.202433: | spent 0.00254 (0.00248) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.202459: | newref struct msg_digest@0x55cebdca3bd8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.202465: | newref alloc logger@0x55cebdc9d3f8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.202474: | *received 528 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:25:03.202476: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.202478: | 2e 20 23 20 00 00 00 01 00 00 02 10 24 00 01 f4 Oct 31 15:25:03.202480: | 66 1b c4 8e d9 47 74 dd 3c 69 b3 81 b9 a8 30 02 Oct 31 15:25:03.202481: | 35 61 a5 9d e6 f3 50 ee a0 05 d5 d7 3f 2a 38 83 Oct 31 15:25:03.202483: | 43 7e 58 a8 61 38 6a c5 3e 41 d7 b3 dc 00 5f b1 Oct 31 15:25:03.202485: | 28 ec 87 57 3f 66 68 b9 67 8c f4 b5 7a 1f 5e cc Oct 31 15:25:03.202486: | d2 6a 38 fd 40 f2 ce 39 23 9d b5 e7 82 dd 47 31 Oct 31 15:25:03.202488: | 87 c6 38 c1 0f 70 91 20 15 d6 d3 07 ed 07 4b 4e Oct 31 15:25:03.202490: | 6e 98 27 38 6d 3c 4a 17 2c 66 b3 da 7d 1d fb 2a Oct 31 15:25:03.202491: | 0f 4a d3 84 98 fc 09 83 29 e5 15 44 f8 fb de db Oct 31 15:25:03.202493: | 22 4d 29 d1 e4 8e b6 e3 22 a2 c4 62 92 88 b9 81 Oct 31 15:25:03.202494: | 67 3d 0b 0b 45 c0 29 b1 5f a4 4e a1 3e eb b2 70 Oct 31 15:25:03.202496: | 7e ac e4 91 e6 58 eb fd 24 d8 db 12 e8 10 38 57 Oct 31 15:25:03.202498: | cc f3 6c ec 42 f1 66 3c 69 94 ec a5 b2 fb 4b 4a Oct 31 15:25:03.202499: | 9d 4f 61 ab 4e 75 5d 5f 56 51 dd c3 46 22 e5 0b Oct 31 15:25:03.202501: | e9 80 6c 06 bc c5 0e 67 3d f7 68 81 73 48 7a fb Oct 31 15:25:03.202503: | 49 66 03 f7 86 b8 96 6b ec 83 82 1d 7f db f6 b9 Oct 31 15:25:03.202504: | a8 da 70 04 16 52 ad f6 e6 44 61 7b a8 80 db a5 Oct 31 15:25:03.202506: | 7a 5b 98 3a 1d bb 74 85 bf 12 ef b2 af ce 40 80 Oct 31 15:25:03.202507: | cf 63 98 6f 5d 9d 80 6e 5f 41 71 5b 13 6a 0e 19 Oct 31 15:25:03.202509: | 6c a0 31 3c 5c 15 7c 2f e4 1e c7 11 4f f9 dc 8e Oct 31 15:25:03.202511: | 44 ec 69 2e 7f 41 ff e5 32 aa 3c 5a 9a 17 f9 da Oct 31 15:25:03.202512: | 76 40 41 d3 4b e8 a6 12 1a 8a bd 88 c4 13 ee bc Oct 31 15:25:03.202514: | 61 7b ef e9 d9 5e bc d5 02 93 95 f9 0a c9 9e 3d Oct 31 15:25:03.202516: | 3b 97 f3 e8 05 87 a3 f5 ea f7 7e 9d f8 71 26 3a Oct 31 15:25:03.202517: | 8c 38 8c be 9b 32 41 d9 37 57 4d 9f 48 64 af ac Oct 31 15:25:03.202519: | 4a 0f f4 2d 30 8d ec 78 99 56 f9 64 9d c4 11 7b Oct 31 15:25:03.202520: | e6 e7 0e b0 15 98 a6 59 a4 b5 53 46 6d 9a 0d be Oct 31 15:25:03.202522: | cd 65 6e 8a 5b 19 de 52 eb c6 eb 42 7e 1c 60 2e Oct 31 15:25:03.202524: | 45 72 ff 4f de 4c b4 c4 7b 6d 47 22 5d bb 73 c5 Oct 31 15:25:03.202525: | 1c dc 05 b2 d6 27 2a 2c e9 80 d1 8b 3b b2 02 eb Oct 31 15:25:03.202527: | b5 1f 0a 57 7e a6 78 bc c4 f4 42 be 23 50 8a 5c Oct 31 15:25:03.202529: | a5 84 94 8b 00 5a 82 69 de 2a 5f 7a ce 75 13 68 Oct 31 15:25:03.202533: | **parse ISAKMP Message: Oct 31 15:25:03.202537: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.202540: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.202542: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:03.202544: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.202546: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:03.202548: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:03.202551: | Message ID: 1 (00 00 00 01) Oct 31 15:25:03.202554: | length: 528 (00 00 02 10) Oct 31 15:25:03.202556: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:25:03.202559: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:25:03.202563: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:25:03.202573: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:03.202575: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:25:03.202579: | #2 is idle Oct 31 15:25:03.202581: | #2 idle Oct 31 15:25:03.202585: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:03.202588: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:03.202590: | unpacking clear payload Oct 31 15:25:03.202595: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:03.202601: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:03.202605: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:25:03.202608: | flags: none (0x0) Oct 31 15:25:03.202612: | length: 500 (01 f4) Oct 31 15:25:03.202615: | processing payload: ISAKMP_NEXT_v2SK (len=496) Oct 31 15:25:03.202618: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:25:03.202659: | authenticator matched Oct 31 15:25:03.202681: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:25:03.202684: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:25:03.202688: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:25:03.202691: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:25:03.202694: | flags: none (0x0) Oct 31 15:25:03.202697: | length: 13 (00 0d) Oct 31 15:25:03.202700: | ID type: ID_FQDN (0x2) Oct 31 15:25:03.202703: | reserved: 00 00 00 Oct 31 15:25:03.202705: | processing payload: ISAKMP_NEXT_v2IDr (len=5) Oct 31 15:25:03.202708: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:25:03.202711: | **parse IKEv2 Authentication Payload: Oct 31 15:25:03.202713: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:03.202716: | flags: none (0x0) Oct 31 15:25:03.202719: | length: 350 (01 5e) Oct 31 15:25:03.202721: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:25:03.202724: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:25:03.202727: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:03.202730: | **parse IKEv2 Security Association Payload: Oct 31 15:25:03.202732: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:25:03.202734: | flags: none (0x0) Oct 31 15:25:03.202736: | length: 44 (00 2c) Oct 31 15:25:03.202738: | processing payload: ISAKMP_NEXT_v2SA (len=40) Oct 31 15:25:03.202739: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:25:03.202741: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:03.202743: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:25:03.202745: | flags: none (0x0) Oct 31 15:25:03.202747: | length: 24 (00 18) Oct 31 15:25:03.202749: | number of TS: 1 (01) Oct 31 15:25:03.202750: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:25:03.202752: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:25:03.202754: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:03.202756: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.202757: | flags: none (0x0) Oct 31 15:25:03.202759: | length: 24 (00 18) Oct 31 15:25:03.202761: | number of TS: 1 (01) Oct 31 15:25:03.202763: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:25:03.202766: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:25:03.202768: | calling processor Initiator: process IKE_AUTH response Oct 31 15:25:03.202771: | no certs to decode Oct 31 15:25:03.202776: | offered CA: '%none' Oct 31 15:25:03.202779: "north-eastnets/0x1" #2: IKEv2 mode peer ID is ID_FQDN: '@north' Oct 31 15:25:03.202808: | verifying AUTH payload Oct 31 15:25:03.202815: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:25:03.202819: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:25:03.202822: | ASN.1 blob for hash algo Oct 31 15:25:03.202825: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:25:03.202828: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:25:03.202831: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:25:03.202837: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:25:03.202840: | 03 02 01 40 Oct 31 15:25:03.202857: | required RSA CA is '%any' Oct 31 15:25:03.202860: | trying all remote certificates public keys for RSA key that matches ID: @north Oct 31 15:25:03.202862: | trying all preloaded keys public keys for RSA key that matches ID: @north Oct 31 15:25:03.202865: | skipping '@east' with wrong ID Oct 31 15:25:03.202867: | trying '@north' issued by CA '%any' Oct 31 15:25:03.202870: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:25:03.202872: | 65 e2 70 15 a3 e5 dd 51 89 c8 b6 2d bc 6f 05 ff Oct 31 15:25:03.202874: | dc 29 29 dd 2b 31 69 54 47 1e 46 88 16 41 fc c2 Oct 31 15:25:03.202876: | 2f 26 5f e8 35 10 d5 7a 7c 30 80 a5 35 3c a8 eb Oct 31 15:25:03.202877: | 03 d0 ad e0 5c c4 ef 35 f6 6e 70 bb 69 78 ca 14 Oct 31 15:25:03.202938: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:25:03.202942: | addref pk@0x55cebdca1018(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:25:03.202944: | an RSA Sig check passed with *AQPl33O2P [preloaded keys] Oct 31 15:25:03.202949: | #1 spent 0.0773 (0.0772) milliseconds in try_all_keys() trying a pubkey Oct 31 15:25:03.202952: "north-eastnets/0x2" #1: authenticated using RSA with SHA2_512 Oct 31 15:25:03.202956: | #1 spent 0.111 (0.111) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:25:03.202959: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:25:03.202962: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:25:03.202965: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:25:03.202968: | libevent_free: delref ptr-libevent@0x7f328800ddb8 Oct 31 15:25:03.202970: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55cebdc9d148 Oct 31 15:25:03.202973: | event_schedule: newref EVENT_SA_REKEY-pe@0x55cebdca69a8 Oct 31 15:25:03.202975: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:25:03.202977: | libevent_malloc: newref ptr-libevent@0x55cebdc9f628 size 128 Oct 31 15:25:03.203057: | pstats #1 ikev2.ike established Oct 31 15:25:03.203066: | TSi: parsing 1 traffic selectors Oct 31 15:25:03.203070: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.203074: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.203077: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.203081: | length: 16 (00 10) Oct 31 15:25:03.203084: | start port: 0 (00 00) Oct 31 15:25:03.203088: | end port: 65535 (ff ff) Oct 31 15:25:03.203091: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.203094: | TS low Oct 31 15:25:03.203096: | c0 00 02 00 Oct 31 15:25:03.203100: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.203102: | TS high Oct 31 15:25:03.203105: | c0 00 02 ff Oct 31 15:25:03.203108: | TSi: parsed 1 traffic selectors Oct 31 15:25:03.203110: | TSr: parsing 1 traffic selectors Oct 31 15:25:03.203114: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.203116: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.203119: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.203123: | length: 16 (00 10) Oct 31 15:25:03.203126: | start port: 0 (00 00) Oct 31 15:25:03.203130: | end port: 65535 (ff ff) Oct 31 15:25:03.203133: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.203136: | TS low Oct 31 15:25:03.203138: | c0 00 03 00 Oct 31 15:25:03.203141: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.203144: | TS high Oct 31 15:25:03.203147: | c0 00 03 ff Oct 31 15:25:03.203149: | TSr: parsed 1 traffic selectors Oct 31 15:25:03.203158: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:03.203164: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.203174: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:25:03.203180: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:03.203183: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:03.203187: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:03.203190: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.203195: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.203212: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:25:03.203219: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:03.203222: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:03.203225: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:03.203228: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.203231: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:03.203234: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:25:03.203236: | printing contents struct traffic_selector Oct 31 15:25:03.203243: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.203246: | ipprotoid: 0 Oct 31 15:25:03.203248: | port range: 0-65535 Oct 31 15:25:03.203253: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:25:03.203255: | printing contents struct traffic_selector Oct 31 15:25:03.203257: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.203260: | ipprotoid: 0 Oct 31 15:25:03.203262: | port range: 0-65535 Oct 31 15:25:03.203266: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:25:03.203275: | using existing local ESP/AH proposals for north-eastnets/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:25:03.203278: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 1 local proposals Oct 31 15:25:03.203283: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:03.203286: | local proposal 1 type PRF has 0 transforms Oct 31 15:25:03.203288: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:03.203291: | local proposal 1 type DH has 1 transforms Oct 31 15:25:03.203293: | local proposal 1 type ESN has 1 transforms Oct 31 15:25:03.203297: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:25:03.203301: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.203304: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.203308: | length: 40 (00 28) Oct 31 15:25:03.203311: | prop #: 1 (01) Oct 31 15:25:03.203313: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.203317: | spi size: 4 (04) Oct 31 15:25:03.203320: | # transforms: 3 (03) Oct 31 15:25:03.203324: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:25:03.203326: | remote SPI Oct 31 15:25:03.203329: | ed da 59 98 Oct 31 15:25:03.203332: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:25:03.203335: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.203338: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.203341: | length: 12 (00 0c) Oct 31 15:25:03.203349: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.203353: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.203356: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.203359: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.203363: | length/value: 128 (00 80) Oct 31 15:25:03.203368: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:03.203371: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.203374: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.203377: | length: 8 (00 08) Oct 31 15:25:03.203380: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.203382: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.203386: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:25:03.203407: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.203411: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.203414: | length: 8 (00 08) Oct 31 15:25:03.203417: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.203420: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.203423: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:25:03.203427: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Oct 31 15:25:03.203433: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Oct 31 15:25:03.203436: | remote proposal 1 matches local proposal 1 Oct 31 15:25:03.203439: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Oct 31 15:25:03.203445: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-DISABLED SPI=edda5998 Oct 31 15:25:03.203449: | converting proposal to internal trans attrs Oct 31 15:25:03.203455: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:25:03.203538: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:25:03.203548: | could_route called for north-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:25:03.203553: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:03.203557: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.203560: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:03.203563: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.203567: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:03.203570: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:25:03.203575: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:03.203579: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:03.203582: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:03.203588: | setting IPsec SA replay-window to 32 Oct 31 15:25:03.203593: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:25:03.203596: | netlink: enabling tunnel mode Oct 31 15:25:03.203600: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:03.203603: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:03.203606: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:03.203692: | netlink response for Add SA esp.edda5998@192.1.3.33 included non-error error Oct 31 15:25:03.203703: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:25:03.203707: | set up outgoing SA, ref=0/0 Oct 31 15:25:03.203711: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:03.203714: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:03.203717: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:03.203722: | setting IPsec SA replay-window to 32 Oct 31 15:25:03.203726: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:25:03.203729: | netlink: enabling tunnel mode Oct 31 15:25:03.203732: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:03.203735: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:03.203739: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:03.203779: | netlink response for Add SA esp.fafbe28b@192.1.2.23 included non-error error Oct 31 15:25:03.203784: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:25:03.203786: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:25:03.203791: | setup_half_ipsec_sa() before proto 50 Oct 31 15:25:03.203797: | setup_half_ipsec_sa() after proto 50 Oct 31 15:25:03.203800: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:25:03.203803: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:03.203812: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:03.203817: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:03.203851: | raw_eroute result=success Oct 31 15:25:03.203856: | set up incoming SA, ref=0/0 Oct 31 15:25:03.203860: | sr for #2: unrouted Oct 31 15:25:03.203863: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:25:03.203868: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:03.203874: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.203877: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:03.203881: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.203884: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:03.203887: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:25:03.203891: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:25:03.203895: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:03.203905: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:03.203910: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:03.203930: | raw_eroute result=success Oct 31 15:25:03.203935: | running updown command "ipsec _updown" for verb up Oct 31 15:25:03.203938: | command executing up-client Oct 31 15:25:03.203944: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:03.203955: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:03.203981: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=... Oct 31 15:25:03.203984: | popen cmd is 1140 chars long Oct 31 15:25:03.203986: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Oct 31 15:25:03.203988: | cmd( 80): PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_N: Oct 31 15:25:03.203990: | cmd( 160):EXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT=': Oct 31 15:25:03.203991: | cmd( 240):192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Oct 31 15:25:03.203993: | cmd( 320):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Oct 31 15:25:03.203995: | cmd( 400):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.: Oct 31 15:25:03.203996: | cmd( 480):0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' P: Oct 31 15:25:03.203998: | cmd( 560):LUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' P: Oct 31 15:25:03.204002: | cmd( 640):LUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+: Oct 31 15:25:03.204003: | cmd( 720):IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PL: Oct 31 15:25:03.204005: | cmd( 800):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Oct 31 15:25:03.204007: | cmd( 880):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Oct 31 15:25:03.204008: | cmd( 960):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' V: Oct 31 15:25:03.204010: | cmd(1040):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedda5998 SPI_OUT=0xfafbe28: Oct 31 15:25:03.204012: | cmd(1120):b ipsec _updown 2>&1: Oct 31 15:25:03.221131: | route_and_eroute: firewall_notified: true Oct 31 15:25:03.221146: | running updown command "ipsec _updown" for verb prepare Oct 31 15:25:03.221150: | command executing prepare-client Oct 31 15:25:03.221156: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:03.221175: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:03.221231: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_C... Oct 31 15:25:03.221241: | popen cmd is 1145 chars long Oct 31 15:25:03.221245: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:25:03.221248: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:03.221250: | cmd( 160):UTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLI: Oct 31 15:25:03.221256: | cmd( 240):ENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:25:03.221260: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:25:03.221263: | cmd( 400):TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192: Oct 31 15:25:03.221266: | cmd( 480):.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255: Oct 31 15:25:03.221269: | cmd( 560):.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xf: Oct 31 15:25:03.221272: | cmd( 640):rm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PF: Oct 31 15:25:03.221275: | cmd( 720):S+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANEN: Oct 31 15:25:03.221278: | cmd( 800):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Oct 31 15:25:03.221281: | cmd( 880):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Oct 31 15:25:03.221284: | cmd( 960):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES=: Oct 31 15:25:03.221287: | cmd(1040):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedda5998 SPI_OUT=0xfa: Oct 31 15:25:03.221291: | cmd(1120):fbe28b ipsec _updown 2>&1: Oct 31 15:25:03.236242: | running updown command "ipsec _updown" for verb route Oct 31 15:25:03.236254: | command executing route-client Oct 31 15:25:03.236262: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:03.236287: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:03.236330: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI... Oct 31 15:25:03.236334: | popen cmd is 1143 chars long Oct 31 15:25:03.236337: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Oct 31 15:25:03.236340: | cmd( 80):x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:25:03.236343: | cmd( 160):O_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIEN: Oct 31 15:25:03.236346: | cmd( 240):T='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:25:03.236348: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Oct 31 15:25:03.236351: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0: Oct 31 15:25:03.236353: | cmd( 480):.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0: Oct 31 15:25:03.236356: | cmd( 560):' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm: Oct 31 15:25:03.236359: | cmd( 640):' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+: Oct 31 15:25:03.236361: | cmd( 720):UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT': Oct 31 15:25:03.236364: | cmd( 800): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Oct 31 15:25:03.236366: | cmd( 880):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Oct 31 15:25:03.236369: | cmd( 960):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0: Oct 31 15:25:03.236372: | cmd(1040):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedda5998 SPI_OUT=0xfafb: Oct 31 15:25:03.236374: | cmd(1120):e28b ipsec _updown 2>&1: Oct 31 15:25:03.257403: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257464: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257507: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257544: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257580: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257615: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257653: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257687: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257721: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257755: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257789: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.257833: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.258002: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.258300: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.258347: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259445: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259497: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259539: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259580: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259616: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259651: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259688: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259721: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259753: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.259786: "north-eastnets/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.268689: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x55cebdc9c848,sr=0x55cebdc9c848} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:25:03.268758: | inR2: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:25:03.268772: | #2 spent 2.23 (66) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:25:03.268781: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.268788: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:25:03.268793: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:03.268796: | Message ID: updating counters for #2 Oct 31 15:25:03.268804: | Message ID: CHILD #1.#2 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744573.572907 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.268809: | #2 requesting EVENT_RETRANSMIT-pe@0x55cebdc9f838 be deleted Oct 31 15:25:03.268814: | libevent_free: delref ptr-libevent@0x7f328c000d38 Oct 31 15:25:03.268817: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdc9f838 Oct 31 15:25:03.268821: | #2 STATE_PARENT_I2: retransmits: cleared Oct 31 15:25:03.268829: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744573.572907->744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:25:03.268837: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.268846: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:03.268851: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:25:03.268857: | pstats #2 ikev2.child established Oct 31 15:25:03.268860: | announcing the state transition Oct 31 15:25:03.268869: "north-eastnets/0x1" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:25:03.268874: | NAT-T: encaps is 'auto' Oct 31 15:25:03.268880: "north-eastnets/0x1" #2: IPsec SA established tunnel mode {ESP=>0xedda5998 <0xfafbe28b xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Oct 31 15:25:03.268883: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:25:03.268886: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:03.268889: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:03.268892: | unpending #2's IKE SA #1 Oct 31 15:25:03.268894: | unpending state #1 connection "north-eastnets/0x1" Oct 31 15:25:03.268899: | delete from pending Child SA with 192.1.3.33 "north-eastnets/0x1" Oct 31 15:25:03.268902: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:25:03.268904: | removing pending policy for no connection {0x55cebdbdb208} Oct 31 15:25:03.268908: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:25:03.268912: | newref alloc logger@0x55cebdc9d148(0->1) (in new_state() at state.c:576) Oct 31 15:25:03.268914: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:03.268916: | creating state object #3 at 0x55cebdcac538 Oct 31 15:25:03.268918: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:25:03.268922: | pstats #3 ikev2.child started Oct 31 15:25:03.268924: | duplicating state object #1 "north-eastnets/0x2" as #3 for IPSEC SA Oct 31 15:25:03.268927: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:03.268934: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:03.268936: | child state #3: UNDEFINED(ignore) => V2_NEW_CHILD_I0(established IKE SA) Oct 31 15:25:03.268938: | #3.st_v2_transition NULL -> V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:25:03.268942: | suspend processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:03.268945: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:03.268947: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:25:03.268950: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x2 (ESP/AH initiator emitting proposals) Oct 31 15:25:03.268956: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Oct 31 15:25:03.268964: | ... ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:25:03.268968: "north-eastnets/0x2": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:25:03.268972: "north-eastnets/0x2": 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:25:03.268978: | #3 schedule initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 using IKE# 1 pfs=MODP3072 Oct 31 15:25:03.268983: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x55cebdc8ee68 Oct 31 15:25:03.268986: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Oct 31 15:25:03.268989: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:03.268996: | RESET processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:25:03.269054: | delete from pending Child SA with 192.1.3.33 "north-eastnets/0x2" Oct 31 15:25:03.269059: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:25:03.269063: | removing pending policy for no connection {0x55cebdbdb0c8} Oct 31 15:25:03.269065: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:25:03.269067: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:03.269069: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:03.269072: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:25:03.269073: | state #2 has no .st_event to delete Oct 31 15:25:03.269076: | event_schedule: newref EVENT_SA_REKEY-pe@0x55cebdca7428 Oct 31 15:25:03.269078: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Oct 31 15:25:03.269080: | libevent_malloc: newref ptr-libevent@0x55cebdca7248 size 128 Oct 31 15:25:03.269083: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:03.269088: | #1 spent 2.32 (66.1) milliseconds Oct 31 15:25:03.269090: | #1 spent 2.85 (66.7) milliseconds in ikev2_process_packet() Oct 31 15:25:03.269092: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.269094: | delref mdp@0x55cebdca3bd8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.269097: | delref logger@0x55cebdc9d3f8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.269098: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.269100: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.269104: | spent 2.87 (66.7) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.269116: | timer_event_cb: processing event@0x55cebdc8ee68 Oct 31 15:25:03.269118: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Oct 31 15:25:03.269120: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:03.269122: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x55cebdc8ee68 Oct 31 15:25:03.269126: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:03.269131: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:03.269132: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:03.269135: | newref clone logger@0x55cebdca6598(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:03.269137: | job 4 for #3: Child Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:25:03.269139: | state #3 has no .st_event to delete Oct 31 15:25:03.269140: | #3 STATE_V2_NEW_CHILD_I0: retransmits: cleared Oct 31 15:25:03.269142: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc8ee68 Oct 31 15:25:03.269144: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:03.269146: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:03.269158: | #3 spent 0.0378 (0.0378) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:25:03.269166: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:03.269171: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.269167: | job 4 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper 5 starting job Oct 31 15:25:03.269178: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.269189: | spent 0.00844 (0.0114) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.269192: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.269196: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.269204: | spent 0.00499 (0.00753) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.269209: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.269213: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.269216: | spent 0.00344 (0.00338) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.272940: | "north-eastnets/0x2" #3: spent 3.68 (3.77) milliseconds in helper 5 processing job 4 for state #3: Child Initiator KE and nonce ni (pcr) Oct 31 15:25:03.272960: | job 4 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper thread 5 sending result back to state Oct 31 15:25:03.272969: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:03.272973: | libevent_malloc: newref ptr-libevent@0x7f3280006578 size 128 Oct 31 15:25:03.272981: | libevent_realloc: delref ptr-libevent@0x55cebdc5dbb8 Oct 31 15:25:03.272983: | libevent_realloc: newref ptr-libevent@0x55cebdc9daa8 size 128 Oct 31 15:25:03.272993: | helper thread 5 has nothing to do Oct 31 15:25:03.273003: | processing resume sending helper answer back to state for #3 Oct 31 15:25:03.273015: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:25:03.273021: | unsuspending #3 MD (nil) Oct 31 15:25:03.273025: | job 4 for #3: Child Initiator KE and nonce ni (build KE and nonce): processing response from helper 5 Oct 31 15:25:03.273028: | job 4 for #3: Child Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x55cebc2b1fe7 Oct 31 15:25:03.273031: | ikev2_child_outI_continue() for #3 STATE_V2_NEW_CHILD_I0 Oct 31 15:25:03.273035: | DH secret MODP3072@0x7f3280007128: transferring ownership from helper KE to state #3 Oct 31 15:25:03.273038: | adding CHILD SA #3 to IKE SA #1 message initiator queue Oct 31 15:25:03.273047: | Message ID: CHILD #1.#3 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.273051: | scheduling callback v2_msgid_schedule_next_initiator (#1) Oct 31 15:25:03.273054: | libevent_malloc: newref ptr-libevent@0x7f3290006108 size 128 Oct 31 15:25:03.273061: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.273064: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_SUSPEND Oct 31 15:25:03.273066: | no MD to suspend Oct 31 15:25:03.273069: | delref logger@0x55cebdca6598(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:03.273071: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.273072: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.273074: | resume sending helper answer back to state for #3 suppresed complete_v2_state_transition() Oct 31 15:25:03.273076: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:03.273080: | #3 spent 0.0585 (0.0584) milliseconds in resume sending helper answer back to state Oct 31 15:25:03.273083: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:25:03.273086: | libevent_free: delref ptr-libevent@0x7f3280006578 Oct 31 15:25:03.273090: | libevent_free: delref ptr-libevent@0x7f3290006108 Oct 31 15:25:03.273091: | processing callback v2_msgid_schedule_next_initiator for #1 Oct 31 15:25:03.273095: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in callback_handler() at server.c:828) Oct 31 15:25:03.273099: | Message ID: CHILD #1.#3 resuming SA using IKE SA (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.273102: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:25:03.273105: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:25:03.273107: | unsuspending #3 MD (nil) Oct 31 15:25:03.273111: | opening output PBS reply packet Oct 31 15:25:03.273113: | **emit ISAKMP Message: Oct 31 15:25:03.273116: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.273119: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.273122: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:03.273124: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.273126: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:03.273128: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.273130: | Message ID: 2 (00 00 00 02) Oct 31 15:25:03.273133: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:03.273135: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:03.273137: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.273138: | flags: none (0x0) Oct 31 15:25:03.273140: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:03.273142: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.273144: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:03.273166: | netlink_get_spi: allocated 0x7fb4c1c8 for esp.0@192.1.2.23 Oct 31 15:25:03.273169: | Emitting ikev2_proposals ... Oct 31 15:25:03.273170: | ****emit IKEv2 Security Association Payload: Oct 31 15:25:03.273172: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.273174: | flags: none (0x0) Oct 31 15:25:03.273175: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:03.273177: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.273181: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.273182: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.273184: | prop #: 1 (01) Oct 31 15:25:03.273186: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.273187: | spi size: 4 (04) Oct 31 15:25:03.273189: | # transforms: 4 (04) Oct 31 15:25:03.273191: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.273193: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:03.273195: | our spi: 7f b4 c1 c8 Oct 31 15:25:03.273197: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.273206: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.273208: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.273211: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.273213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.273216: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.273219: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.273221: | length/value: 128 (00 80) Oct 31 15:25:03.273223: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.273225: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.273226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.273228: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.273229: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.273231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.273233: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.273235: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.273236: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.273238: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.273239: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.273241: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.273242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.273245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.273247: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.273248: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.273250: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.273251: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.273253: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.273254: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.273256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.273257: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.273259: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:25:03.273261: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.273262: | emitting length of IKEv2 Security Association Payload: 52 Oct 31 15:25:03.273264: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:03.273265: | ****emit IKEv2 Nonce Payload: Oct 31 15:25:03.273267: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.273268: | flags: none (0x0) Oct 31 15:25:03.273270: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:03.273272: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.273273: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:03.273275: | IKEv2 nonce: Oct 31 15:25:03.273277: | 8f a6 14 56 f8 59 e8 c3 cb 30 c7 bc 75 2e a5 93 Oct 31 15:25:03.273278: | 22 6d 82 7a 90 ab 89 9c 07 cb 7d 3c 6f 56 a1 70 Oct 31 15:25:03.273280: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:03.273281: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:25:03.273283: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.273284: | flags: none (0x0) Oct 31 15:25:03.273286: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.273287: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:03.273289: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.273291: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:03.273292: | ikev2 g^x: Oct 31 15:25:03.273294: | 05 08 86 2b f3 ab 30 b8 33 16 66 ed 4c a9 c9 5b Oct 31 15:25:03.273295: | 51 cd 83 3d c0 31 23 55 f6 3e 9b 65 ab 22 b2 e9 Oct 31 15:25:03.273297: | d0 13 3b 3f 1f bb d0 6e 96 ab 02 27 5f 0d 93 be Oct 31 15:25:03.273298: | 5a e8 38 6c 40 d4 3e 6d 49 05 b0 52 9a 51 48 ab Oct 31 15:25:03.273299: | 69 a2 39 63 46 8b 19 3e 6e 2e 4d 12 92 c4 55 c8 Oct 31 15:25:03.273301: | d9 cd a8 cd f0 8e e1 58 30 a3 c2 bb a5 ea 3b f0 Oct 31 15:25:03.273302: | d8 3c f3 c4 31 3a 82 3d 59 ee 41 c9 04 3a f6 d9 Oct 31 15:25:03.273303: | 7e 5b ea c6 22 c7 a9 cf aa 9b 75 14 46 ff 36 41 Oct 31 15:25:03.273305: | fd 32 96 4d 72 14 ed f3 24 0b 37 c3 95 2f e0 11 Oct 31 15:25:03.273306: | 73 ac 96 39 2e 79 7e 3f 3d 7f cb c8 38 ae 6b b2 Oct 31 15:25:03.273308: | e6 34 25 14 c2 96 4d c6 c4 1f cb b8 f5 ef 5f fb Oct 31 15:25:03.273309: | cc 82 0e 52 cd 89 5a ea e8 c6 ae b6 9a 41 92 c3 Oct 31 15:25:03.273312: | b6 b0 2c c1 b4 b1 c4 a4 d5 2f 83 b2 cf 74 5f bf Oct 31 15:25:03.273313: | 4c 3c 42 41 d1 fa 82 bb f4 01 a8 0b f4 ba ca 2e Oct 31 15:25:03.273314: | bd 5b 6d 50 03 56 f1 c2 e7 4a 26 6a 57 68 b6 1b Oct 31 15:25:03.273316: | 60 d5 bb c0 07 3a 58 85 d5 16 3f 33 cb 81 8f ee Oct 31 15:25:03.273317: | b2 9b 2f a2 20 55 df 5e ce 2e f1 70 d2 56 ff 02 Oct 31 15:25:03.273319: | c1 78 7c 6b f0 de 92 0d 1e 28 f1 c6 7b 65 c3 7e Oct 31 15:25:03.273320: | a6 98 39 30 c6 53 84 42 94 ea 3f 6c 42 78 ac 46 Oct 31 15:25:03.273321: | f7 ff 89 af ae a6 1b 95 f2 f9 72 a1 91 30 20 8f Oct 31 15:25:03.273323: | 2d 61 3b 91 31 fd ad cd 20 68 7d 8d 18 9d f1 2d Oct 31 15:25:03.273324: | 11 0e f1 c7 b0 74 7a d1 e2 b2 07 0e c8 da 7d cb Oct 31 15:25:03.273325: | 05 b5 61 01 80 4d 9f f6 e6 fc 68 49 a5 56 04 bb Oct 31 15:25:03.273327: | 38 45 81 16 7b e0 62 d0 c6 78 ea 46 7c ed 44 2f Oct 31 15:25:03.273328: | emitting length of IKEv2 Key Exchange Payload: 392 Oct 31 15:25:03.273331: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:03.273333: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.273334: | flags: none (0x0) Oct 31 15:25:03.273336: | number of TS: 1 (01) Oct 31 15:25:03.273338: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:25:03.273339: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.273341: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:03.273343: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.273344: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.273346: | start port: 0 (00 00) Oct 31 15:25:03.273348: | end port: 65535 (ff ff) Oct 31 15:25:03.273350: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:03.273352: | IP start: c0 00 16 00 Oct 31 15:25:03.273354: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:03.273356: | IP end: c0 00 16 ff Oct 31 15:25:03.273357: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:03.273359: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:25:03.273360: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:03.273362: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.273363: | flags: none (0x0) Oct 31 15:25:03.273365: | number of TS: 1 (01) Oct 31 15:25:03.273366: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:25:03.273368: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.273370: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:03.273371: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.273372: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.273374: | start port: 0 (00 00) Oct 31 15:25:03.273376: | end port: 65535 (ff ff) Oct 31 15:25:03.273378: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:03.273380: | IP start: c0 00 03 00 Oct 31 15:25:03.273381: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:03.273383: | IP end: c0 00 03 ff Oct 31 15:25:03.273385: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:03.273386: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:25:03.273388: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:25:03.273389: | adding 16 bytes of padding (including 1 byte padding-length) Oct 31 15:25:03.273391: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273393: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273394: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273397: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273398: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273400: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273401: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273403: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273404: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273406: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273407: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273409: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273410: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273412: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273413: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273415: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.273417: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:03.273418: | emitting length of IKEv2 Encryption Payload: 580 Oct 31 15:25:03.273420: | emitting length of ISAKMP Message: 608 Oct 31 15:25:03.273451: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.273454: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_OK Oct 31 15:25:03.273456: | transitioning from state STATE_V2_NEW_CHILD_I0 to state STATE_V2_NEW_CHILD_I1 Oct 31 15:25:03.273458: | Message ID: updating counters for #3 Oct 31 15:25:03.273460: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:25:03.273464: | Message ID: CHILD #1.#3 scheduling EVENT_RETRANSMIT: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=2 child.wip.responder=-1 Oct 31 15:25:03.273466: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.273468: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #3 Oct 31 15:25:03.273470: | libevent_malloc: newref ptr-libevent@0x55cebdca7528 size 128 Oct 31 15:25:03.273473: | #3 STATE_V2_NEW_CHILD_I0: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744577.706262 Oct 31 15:25:03.273482: | Message ID: CHILD #1.#3 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1->2 child.wip.responder=-1 Oct 31 15:25:03.273485: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:03.273488: | child state #3: V2_NEW_CHILD_I0(established IKE SA) => V2_NEW_CHILD_I1(established IKE SA) Oct 31 15:25:03.273490: | announcing the state transition Oct 31 15:25:03.273492: "north-eastnets/0x2" #3: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:25:03.273497: | sending 608 bytes for STATE_V2_NEW_CHILD_I0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:03.273499: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.273502: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.273503: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.273505: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.273506: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.273507: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.273509: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.273514: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.273517: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.273520: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.273522: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.273525: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.273527: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.273529: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.273531: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.273534: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.273536: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.273538: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.273541: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.273544: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.273546: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.273549: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.273551: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.273553: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.273556: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.273558: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.273561: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.273562: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.273563: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.273565: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.273566: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.273568: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.273574: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.273575: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.273576: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.273578: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.273579: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.273581: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.273631: | sent 1 messages Oct 31 15:25:03.273636: | checking that a retransmit timeout_event was already Oct 31 15:25:03.273639: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:03.273643: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:03.273646: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc8ee68 Oct 31 15:25:03.273649: | delref mdp@NULL (in initiate_next() at ikev2_msgid.c:705) Oct 31 15:25:03.273654: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:25:03.273659: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:25:03.273664: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in callback_handler() at server.c:832) Oct 31 15:25:03.273669: | spent 0.534 (0.574) milliseconds in callback v2_msgid_schedule_next_initiator Oct 31 15:25:03.323742: | timer_event_cb: processing event@0x55cebdca4228 Oct 31 15:25:03.323763: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:25:03.323769: | libevent_free: delref ptr-libevent@0x55cebdca7528 Oct 31 15:25:03.323782: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.323792: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:03.323798: | IKEv2 retransmit event Oct 31 15:25:03.323805: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:03.323810: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:25:03.323814: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:03.323819: | #3 STATE_V2_NEW_CHILD_I1: retransmits: current time 744577.756613 Oct 31 15:25:03.323823: | #3 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 0 exceeds limit? NO Oct 31 15:25:03.323826: | #3 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.05 exceeds limit? NO Oct 31 15:25:03.323829: | #3 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.050351 exceeds limit? NO Oct 31 15:25:03.323833: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.323836: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #3 Oct 31 15:25:03.323839: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:03.323846: "north-eastnets/0x2" #3: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.05 seconds for response Oct 31 15:25:03.323855: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:03.323858: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.323860: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.323863: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.323865: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.323867: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.323869: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.323871: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.323874: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.323876: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.323878: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.323880: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.323882: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.323885: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.323887: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.323889: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.323891: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.323893: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.323895: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.323898: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.323900: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.323902: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.323904: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.323906: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.323909: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.323911: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.323913: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.323915: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.323917: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.323920: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.323922: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.323924: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.323926: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.323930: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.323933: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.323935: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.323937: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.323939: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.323941: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.323994: | sent 1 messages Oct 31 15:25:03.324004: | #3 spent 0.227 (0.261) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:03.324010: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:03.375144: | timer_event_cb: processing event@0x55cebdca4228 Oct 31 15:25:03.375160: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:25:03.375164: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:03.375167: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.375173: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:03.375177: | IKEv2 retransmit event Oct 31 15:25:03.375181: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:03.375184: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:25:03.375187: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:03.375193: | #3 STATE_V2_NEW_CHILD_I1: retransmits: current time 744577.807986 Oct 31 15:25:03.375203: | #3 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 1 exceeds limit? NO Oct 31 15:25:03.375209: | #3 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.1 exceeds limit? NO Oct 31 15:25:03.375213: | #3 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.101724 exceeds limit? NO Oct 31 15:25:03.375217: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.375221: | inserting event EVENT_RETRANSMIT, timeout in 0.1 seconds for #3 Oct 31 15:25:03.375226: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:03.375232: "north-eastnets/0x2" #3: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.1 seconds for response Oct 31 15:25:03.375242: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:03.375246: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.375248: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.375252: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.375255: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.375257: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.375260: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.375264: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.375266: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.375269: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.375272: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.375275: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.375279: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.375281: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.375285: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.375288: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.375291: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.375294: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.375297: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.375302: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.375312: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.375315: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.375318: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.375321: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.375324: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.375326: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.375329: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.375332: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.375335: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.375338: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.375341: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.375344: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.375347: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.375350: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.375352: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.375356: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.375358: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.375361: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.375364: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.375426: | sent 1 messages Oct 31 15:25:03.375439: | #3 spent 0.254 (0.293) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:03.375447: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:03.475656: | timer_event_cb: processing event@0x55cebdca4228 Oct 31 15:25:03.475668: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:25:03.475672: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:03.475675: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.475682: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:03.475686: | IKEv2 retransmit event Oct 31 15:25:03.475690: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:03.475693: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:25:03.475696: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:03.475699: | #3 STATE_V2_NEW_CHILD_I1: retransmits: current time 744577.908494 Oct 31 15:25:03.475701: | #3 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 2 exceeds limit? NO Oct 31 15:25:03.475703: | #3 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.2 exceeds limit? NO Oct 31 15:25:03.475705: | #3 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.202232 exceeds limit? NO Oct 31 15:25:03.475708: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.475710: | inserting event EVENT_RETRANSMIT, timeout in 0.2 seconds for #3 Oct 31 15:25:03.475712: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:03.475716: "north-eastnets/0x2" #3: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.2 seconds for response Oct 31 15:25:03.475722: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:03.475723: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.475725: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.475726: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.475728: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.475729: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.475731: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.475732: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.475737: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.475738: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.475740: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.475741: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.475743: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.475744: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.475746: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.475747: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.475749: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.475750: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.475752: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.475753: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.475755: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.475756: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.475757: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.475759: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.475760: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.475762: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.475763: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.475765: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.475766: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.475768: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.475769: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.475771: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.475772: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.475774: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.475775: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.475777: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.475778: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.475780: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.475781: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.475824: | sent 1 messages Oct 31 15:25:03.475831: | #3 spent 0.151 (0.175) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:03.475836: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:03.677126: | timer_event_cb: processing event@0x55cebdca4228 Oct 31 15:25:03.677280: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:25:03.677289: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:03.677293: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.677302: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:03.677308: | IKEv2 retransmit event Oct 31 15:25:03.677314: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:03.677319: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:25:03.677322: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:03.677327: | #3 STATE_V2_NEW_CHILD_I1: retransmits: current time 744578.110122 Oct 31 15:25:03.677330: | #3 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 3 exceeds limit? NO Oct 31 15:25:03.677333: | #3 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.4 exceeds limit? NO Oct 31 15:25:03.677336: | #3 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.40386 exceeds limit? NO Oct 31 15:25:03.677341: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:03.677349: | inserting event EVENT_RETRANSMIT, timeout in 0.4 seconds for #3 Oct 31 15:25:03.677353: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:03.677359: "north-eastnets/0x2" #3: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.4 seconds for response Oct 31 15:25:03.677368: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:03.677371: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.677374: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.677376: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.677378: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.677381: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.677383: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.677385: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.677388: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.677390: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.677392: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.677395: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.677397: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.677399: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.677402: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.677404: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.677407: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.677409: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.677411: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.677413: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.677416: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.677418: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.677420: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.677423: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.677425: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.677427: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.677430: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.677432: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.677434: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.677436: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.677438: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.677441: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.677443: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.677445: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.677447: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.677449: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.677451: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.677453: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.677455: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.677514: | sent 1 messages Oct 31 15:25:03.677527: | #3 spent 0.258 (0.4) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:03.677533: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:04.077955: | timer_event_cb: processing event@0x55cebdca4228 Oct 31 15:25:04.077967: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:25:04.077971: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:04.077974: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:04.077981: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:04.077987: | IKEv2 retransmit event Oct 31 15:25:04.077991: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:04.077995: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:25:04.077998: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:04.078001: | #3 STATE_V2_NEW_CHILD_I1: retransmits: current time 744578.510796 Oct 31 15:25:04.078003: | #3 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 4 exceeds limit? NO Oct 31 15:25:04.078005: | #3 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 0.8 exceeds limit? NO Oct 31 15:25:04.078007: | #3 STATE_V2_NEW_CHILD_I1: retransmits: monotime 0.804534 exceeds limit? NO Oct 31 15:25:04.078010: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:04.078012: | inserting event EVENT_RETRANSMIT, timeout in 0.8 seconds for #3 Oct 31 15:25:04.078015: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:04.078019: "north-eastnets/0x2" #3: STATE_V2_NEW_CHILD_I1: retransmission; will wait 0.8 seconds for response Oct 31 15:25:04.078025: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:04.078027: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:04.078029: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:04.078030: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:04.078032: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:04.078033: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:04.078035: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:04.078037: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:04.078038: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:04.078040: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:04.078041: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:04.078043: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:04.078044: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:04.078046: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:04.078047: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:04.078049: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:04.078050: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:04.078052: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:04.078053: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:04.078055: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:04.078057: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:04.078058: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:04.078060: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:04.078061: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:04.078063: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:04.078064: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:04.078066: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:04.078067: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:04.078069: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:04.078070: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:04.078072: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:04.078073: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:04.078075: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:04.078076: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:04.078078: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:04.078080: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:04.078082: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:04.078083: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:04.078085: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:04.078128: | sent 1 messages Oct 31 15:25:04.078136: | #3 spent 0.156 (0.181) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:04.078142: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:04.878278: | timer_event_cb: processing event@0x55cebdca4228 Oct 31 15:25:04.878402: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:25:04.878732: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:04.878742: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:04.878754: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:04.878762: | IKEv2 retransmit event Oct 31 15:25:04.878770: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:04.878776: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:25:04.878781: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:04.878787: | #3 STATE_V2_NEW_CHILD_I1: retransmits: current time 744579.311581 Oct 31 15:25:04.878791: | #3 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 5 exceeds limit? NO Oct 31 15:25:04.878795: | #3 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 1.6 exceeds limit? NO Oct 31 15:25:04.878799: | #3 STATE_V2_NEW_CHILD_I1: retransmits: monotime 1.605319 exceeds limit? NO Oct 31 15:25:04.878804: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:04.878808: | inserting event EVENT_RETRANSMIT, timeout in 1.6 seconds for #3 Oct 31 15:25:04.878813: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:04.878819: "north-eastnets/0x2" #3: STATE_V2_NEW_CHILD_I1: retransmission; will wait 1.6 seconds for response Oct 31 15:25:04.878830: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:04.878834: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:04.878837: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:04.878840: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:04.878842: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:04.878845: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:04.878848: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:04.878851: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:04.878854: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:04.878857: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:04.878859: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:04.878862: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:04.878865: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:04.878868: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:04.878871: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:04.878874: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:04.878877: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:04.878879: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:04.878883: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:04.878885: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:04.878888: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:04.878891: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:04.878894: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:04.878901: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:04.878903: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:04.878906: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:04.878909: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:04.878912: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:04.878915: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:04.878918: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:04.878921: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:04.878924: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:04.878927: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:04.878930: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:04.878933: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:04.878935: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:04.878938: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:04.878941: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:04.878944: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:04.879003: | sent 1 messages Oct 31 15:25:04.879016: | #3 spent 0.291 (0.737) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:04.879023: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:06.480222: | timer_event_cb: processing event@0x55cebdca4228 Oct 31 15:25:06.480245: | handling event EVENT_RETRANSMIT for child state #3 Oct 31 15:25:06.480251: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:06.480260: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:06.480270: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:06.480274: | IKEv2 retransmit event Oct 31 15:25:06.480280: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:06.480284: | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-eastnets/0x2" #3 attempt 2 of 0 Oct 31 15:25:06.480287: | and parent for 192.1.3.33 "north-eastnets/0x2" #1 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:06.480292: | #3 STATE_V2_NEW_CHILD_I1: retransmits: current time 744580.913086 Oct 31 15:25:06.480294: | #3 STATE_V2_NEW_CHILD_I1: retransmits: retransmit count 6 exceeds limit? NO Oct 31 15:25:06.480297: | #3 STATE_V2_NEW_CHILD_I1: retransmits: deltatime 3.2 exceeds limit? NO Oct 31 15:25:06.480299: | #3 STATE_V2_NEW_CHILD_I1: retransmits: monotime 3.206824 exceeds limit? NO Oct 31 15:25:06.480303: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:06.480306: | inserting event EVENT_RETRANSMIT, timeout in 3.2 seconds for #3 Oct 31 15:25:06.480309: | libevent_malloc: newref ptr-libevent@0x55cebdca7378 size 128 Oct 31 15:25:06.480315: "north-eastnets/0x2" #3: STATE_V2_NEW_CHILD_I1: retransmission; will wait 3.2 seconds for response Oct 31 15:25:06.480322: | sending 608 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:06.480325: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:06.480327: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:06.480329: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:06.480332: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:06.480335: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:06.480337: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:06.480340: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:06.480343: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:06.480345: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:06.480351: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:06.480353: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:06.480355: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:06.480357: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:06.480359: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:06.480361: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:06.480362: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:06.480365: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:06.480366: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:06.480368: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:06.480370: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:06.480372: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:06.480374: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:06.480376: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:06.480378: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:06.480380: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:06.480382: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:06.480384: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:06.480385: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:06.480387: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:06.480390: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:06.480391: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:06.480393: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:06.480396: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:06.480398: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:06.480400: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:06.480402: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:06.480404: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:06.480406: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:06.480709: | sent 1 messages Oct 31 15:25:06.480718: | #3 spent 0.465 (0.498) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:06.480722: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:07.317973: | spent 0.00193 (0.00188) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:07.317994: | newref struct msg_digest@0x55cebdcad868(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.317997: | newref alloc logger@0x55cebdca6598(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.318002: | *received 608 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:25:07.318004: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:07.318005: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:07.318007: | 3e 4a ad b8 cc 8a 00 28 03 74 da 8d c8 ae d5 62 Oct 31 15:25:07.318008: | ec fe 1e 39 fb 33 d5 ff 6d 7d d8 85 d2 8b 68 54 Oct 31 15:25:07.318010: | 14 0f f9 0a a6 87 08 f8 7b 00 ae 36 74 f5 62 7f Oct 31 15:25:07.318011: | 00 35 27 70 c5 01 9a 93 fa dc df 53 41 19 7c 24 Oct 31 15:25:07.318012: | 9c 89 e6 b8 72 a3 f3 cc 1f 62 82 f0 10 97 7f bb Oct 31 15:25:07.318014: | 81 ab e7 f1 80 25 59 35 05 c9 72 5f bd cb 97 5c Oct 31 15:25:07.318015: | 00 4b 67 e5 0d d9 c9 26 80 b4 10 05 35 79 94 da Oct 31 15:25:07.318016: | c0 ca 40 e7 53 f5 a1 a6 f1 3c 4c 8d 7b 3a 6f da Oct 31 15:25:07.318018: | a1 92 c2 ab 19 34 4c fe f5 cc d6 31 72 30 1a bf Oct 31 15:25:07.318019: | 83 77 a8 eb 1e 80 60 d7 b6 cd 4c 20 ee 1d a2 ad Oct 31 15:25:07.318020: | 26 05 cf 07 31 e6 9a 48 2e 99 d7 48 06 74 c9 e8 Oct 31 15:25:07.318022: | a8 14 58 10 62 97 46 98 e4 9c 6b 3e d6 f4 3d 0c Oct 31 15:25:07.318024: | 93 26 95 ba 07 ad d3 cf e1 f2 fe 8f 04 d2 32 8d Oct 31 15:25:07.318026: | 04 5f d4 76 53 cd 70 11 b3 03 b6 a3 31 f3 bb 23 Oct 31 15:25:07.318027: | 7f de bc de 33 78 e1 34 a7 62 fe 0e 09 c6 7b fc Oct 31 15:25:07.318028: | 81 50 a5 ac 74 54 4f 58 1e be d2 89 1b 62 aa a4 Oct 31 15:25:07.318030: | d6 c8 5f 92 f5 49 42 09 c5 f0 63 6b a0 ed cf 6f Oct 31 15:25:07.318031: | f1 c2 c9 f8 3e 2d 95 e0 21 9f b9 07 3c 61 86 49 Oct 31 15:25:07.318032: | 70 03 0a 4a dd ce 19 a1 30 5b 0a 5f df e0 d0 52 Oct 31 15:25:07.318034: | 20 8c 33 87 09 54 74 13 c6 0a 13 70 54 f8 92 45 Oct 31 15:25:07.318035: | 0f 46 a9 31 c0 99 f6 79 34 6f 29 a6 3d 2d fb 95 Oct 31 15:25:07.318037: | 56 b2 21 05 7b e0 01 d3 55 6d 26 fc 67 c5 f5 53 Oct 31 15:25:07.318038: | 20 2f 7f da 77 3a f2 9a c2 40 a6 b7 03 30 4d 41 Oct 31 15:25:07.318039: | 94 de ff ae da 28 96 b4 73 fd 30 87 5c 55 6e 6d Oct 31 15:25:07.318040: | 6c bc 9a cc 3f ee 6b 0e 77 71 0e 50 05 3d 88 97 Oct 31 15:25:07.318042: | 93 a8 35 31 20 a1 e6 09 2e 6a b4 bc c8 ea f1 48 Oct 31 15:25:07.318043: | a8 07 53 0d af 14 0e 92 38 63 96 dc b7 b4 5f 3d Oct 31 15:25:07.318044: | 36 39 51 95 ef 71 46 66 f0 0e 90 53 83 ce 9e bb Oct 31 15:25:07.318046: | cc 28 6a dd fd c0 07 e2 7e ce 0f 58 e8 79 12 de Oct 31 15:25:07.318047: | a7 c5 a4 9e 16 fc bd db 19 2c fb e7 79 5d a4 87 Oct 31 15:25:07.318049: | 9d f0 aa e3 a8 d0 e7 1e cf 8d 10 2d 37 2f 51 01 Oct 31 15:25:07.318050: | 24 59 8b cc 6e c3 27 8b af d1 25 bf 89 24 ba f2 Oct 31 15:25:07.318051: | 63 4b 99 c3 07 88 d8 0e 7a 61 c6 1e e1 4b 20 53 Oct 31 15:25:07.318053: | 66 c9 22 f5 6e 5b 99 30 98 b4 66 5f 88 07 6f e7 Oct 31 15:25:07.318054: | bd 59 88 eb 52 80 da b7 e0 6e fe 50 de 92 f0 a3 Oct 31 15:25:07.318055: | 2e ee 8d d7 88 11 e5 f6 ee 81 79 31 61 25 6e bd Oct 31 15:25:07.318074: | **parse ISAKMP Message: Oct 31 15:25:07.318077: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:07.318079: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:07.318081: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:07.318083: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.318085: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:07.318086: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:07.318089: | Message ID: 2 (00 00 00 02) Oct 31 15:25:07.318091: | length: 608 (00 00 02 60) Oct 31 15:25:07.318093: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:07.318095: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Oct 31 15:25:07.318099: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:07.318104: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:07.318106: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_I1 (find_v2_sa_by_initiator_wip) Oct 31 15:25:07.318108: | #3 is idle Oct 31 15:25:07.318110: | #3 idle Oct 31 15:25:07.318113: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:07.318115: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:07.318117: | unpacking clear payload Oct 31 15:25:07.318119: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:07.318121: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:07.318123: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:07.318124: | flags: none (0x0) Oct 31 15:25:07.318126: | length: 580 (02 44) Oct 31 15:25:07.318128: | processing payload: ISAKMP_NEXT_v2SK (len=576) Oct 31 15:25:07.318130: | #3 in state V2_NEW_CHILD_I1: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:25:07.318155: | authenticator matched Oct 31 15:25:07.318163: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:25:07.318166: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:07.318168: | **parse IKEv2 Security Association Payload: Oct 31 15:25:07.318169: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:25:07.318171: | flags: none (0x0) Oct 31 15:25:07.318173: | length: 52 (00 34) Oct 31 15:25:07.318174: | processing payload: ISAKMP_NEXT_v2SA (len=48) Oct 31 15:25:07.318176: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:25:07.318178: | **parse IKEv2 Nonce Payload: Oct 31 15:25:07.318179: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:25:07.318180: | flags: none (0x0) Oct 31 15:25:07.318182: | length: 36 (00 24) Oct 31 15:25:07.318184: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:25:07.318185: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:25:07.318187: | **parse IKEv2 Key Exchange Payload: Oct 31 15:25:07.318188: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:25:07.318190: | flags: none (0x0) Oct 31 15:25:07.318192: | length: 392 (01 88) Oct 31 15:25:07.318193: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.318195: | processing payload: ISAKMP_NEXT_v2KE (len=384) Oct 31 15:25:07.318196: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:25:07.318202: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:07.318206: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:25:07.318208: | flags: none (0x0) Oct 31 15:25:07.318210: | length: 24 (00 18) Oct 31 15:25:07.318211: | number of TS: 1 (01) Oct 31 15:25:07.318213: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:25:07.318214: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:25:07.318216: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:07.318230: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.318232: | flags: none (0x0) Oct 31 15:25:07.318233: | length: 24 (00 18) Oct 31 15:25:07.318235: | number of TS: 1 (01) Oct 31 15:25:07.318236: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:25:07.318238: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:25:07.318242: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:25:07.318244: | forcing ST #3 to CHILD #1.#3 in FSM processor Oct 31 15:25:07.318245: | calling processor Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:25:07.318252: | using existing local ESP/AH proposals for north-eastnets/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:25:07.318254: | comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 1 local proposals Oct 31 15:25:07.318256: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:07.318258: | local proposal 1 type PRF has 0 transforms Oct 31 15:25:07.318259: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:07.318261: | local proposal 1 type DH has 1 transforms Oct 31 15:25:07.318262: | local proposal 1 type ESN has 1 transforms Oct 31 15:25:07.318265: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:25:07.318266: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.318268: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.318270: | length: 48 (00 30) Oct 31 15:25:07.318271: | prop #: 1 (01) Oct 31 15:25:07.318273: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.318275: | spi size: 4 (04) Oct 31 15:25:07.318276: | # transforms: 4 (04) Oct 31 15:25:07.318278: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:25:07.318280: | remote SPI Oct 31 15:25:07.318281: | 58 de 34 ec Oct 31 15:25:07.318283: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:25:07.318285: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.318286: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.318289: | length: 12 (00 0c) Oct 31 15:25:07.318291: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.318292: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.318294: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.318296: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.318297: | length/value: 128 (00 80) Oct 31 15:25:07.318300: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:07.318302: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.318303: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.318305: | length: 8 (00 08) Oct 31 15:25:07.318306: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.318308: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.318310: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:25:07.318311: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.318313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.318314: | length: 8 (00 08) Oct 31 15:25:07.318316: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.318317: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.318319: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:25:07.318321: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.318322: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.318324: | length: 8 (00 08) Oct 31 15:25:07.318325: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.318327: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.318329: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:25:07.318331: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Oct 31 15:25:07.318334: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Oct 31 15:25:07.318336: | remote proposal 1 matches local proposal 1 Oct 31 15:25:07.318338: | remote accepted the proposal 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Oct 31 15:25:07.318341: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED SPI=58de34ec Oct 31 15:25:07.318342: | converting proposal to internal trans attrs Oct 31 15:25:07.318346: | updating #3's .st_oakley with preserved PRF, but why update? Oct 31 15:25:07.318349: | DH secret MODP3072@0x7f3280007128: transferring ownership from state #3 to helper DH Oct 31 15:25:07.318352: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:07.318354: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:07.318356: | newref clone logger@0x55cebdc9fbd8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:07.318358: | job 5 for #3: ikev2 Child SA initiator pfs=yes (dh): adding job to queue Oct 31 15:25:07.318359: | state #3 has no .st_event to delete Oct 31 15:25:07.318361: | #3 requesting EVENT_RETRANSMIT-pe@0x55cebdca4228 be deleted Oct 31 15:25:07.318363: | libevent_free: delref ptr-libevent@0x55cebdca7378 Oct 31 15:25:07.318365: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca4228 Oct 31 15:25:07.318367: | #3 STATE_V2_NEW_CHILD_I1: retransmits: cleared Oct 31 15:25:07.318369: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc8ee68 Oct 31 15:25:07.318370: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:07.318372: | libevent_malloc: newref ptr-libevent@0x55cebdca3e08 size 128 Oct 31 15:25:07.318381: | #3 spent 0.132 (0.132) milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in v2_dispatch() Oct 31 15:25:07.318400: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.318404: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:25:07.318405: | suspending state #3 and saving MD 0x55cebdcad868 Oct 31 15:25:07.318407: | addref md@0x55cebdcad868(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:25:07.318409: | #3 is busy; has suspended MD 0x55cebdcad868 Oct 31 15:25:07.318412: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:07.318413: | job 5 for #3: ikev2 Child SA initiator pfs=yes (dh): helper 7 starting job Oct 31 15:25:07.318415: | #1 spent 0.447 (0.449) milliseconds in ikev2_process_packet() Oct 31 15:25:07.318431: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:07.318433: | delref mdp@0x55cebdcad868(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:07.318436: | spent 0.464 (0.47) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:07.319796: | "north-eastnets/0x2" #3: spent 1.36 (1.38) milliseconds in helper 7 processing job 5 for state #3: ikev2 Child SA initiator pfs=yes (dh) Oct 31 15:25:07.319803: | job 5 for #3: ikev2 Child SA initiator pfs=yes (dh): helper thread 7 sending result back to state Oct 31 15:25:07.319806: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:07.319808: | libevent_malloc: newref ptr-libevent@0x7f32840011c8 size 128 Oct 31 15:25:07.319814: | helper thread 7 has nothing to do Oct 31 15:25:07.319842: | processing resume sending helper answer back to state for #3 Oct 31 15:25:07.319863: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:25:07.319867: | unsuspending #3 MD 0x55cebdcad868 Oct 31 15:25:07.319869: | job 5 for #3: ikev2 Child SA initiator pfs=yes (dh): processing response from helper 7 Oct 31 15:25:07.319871: | job 5 for #3: ikev2 Child SA initiator pfs=yes (dh): calling continuation function 0x55cebc2b37cb Oct 31 15:25:07.319873: | DH secret MODP3072@0x7f3280007128: transferring ownership from helper IKEv2 DH to state #3 Oct 31 15:25:07.319875: | ikev2_child_inR_continue() for #3 STATE_V2_NEW_CHILD_I1 Oct 31 15:25:07.319878: | TSi: parsing 1 traffic selectors Oct 31 15:25:07.319880: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:07.319882: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.319884: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.319886: | length: 16 (00 10) Oct 31 15:25:07.319888: | start port: 0 (00 00) Oct 31 15:25:07.319890: | end port: 65535 (ff ff) Oct 31 15:25:07.319892: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:07.319893: | TS low Oct 31 15:25:07.319895: | c0 00 16 00 Oct 31 15:25:07.319896: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:07.319898: | TS high Oct 31 15:25:07.319899: | c0 00 16 ff Oct 31 15:25:07.319900: | TSi: parsed 1 traffic selectors Oct 31 15:25:07.319902: | TSr: parsing 1 traffic selectors Oct 31 15:25:07.319903: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:07.319905: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.319906: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.319908: | length: 16 (00 10) Oct 31 15:25:07.319910: | start port: 0 (00 00) Oct 31 15:25:07.319912: | end port: 65535 (ff ff) Oct 31 15:25:07.319913: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:07.319915: | TS low Oct 31 15:25:07.319916: | c0 00 03 00 Oct 31 15:25:07.319917: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:07.319919: | TS high Oct 31 15:25:07.319920: | c0 00 03 ff Oct 31 15:25:07.319921: | TSr: parsed 1 traffic selectors Oct 31 15:25:07.319926: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:07.319929: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:07.319936: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:25:07.319938: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:07.319939: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:07.319941: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:07.319943: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:07.319946: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:07.319950: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:25:07.319951: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:07.319953: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:07.319954: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:07.319956: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:07.319957: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:07.319959: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:25:07.319960: | printing contents struct traffic_selector Oct 31 15:25:07.319962: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:07.319963: | ipprotoid: 0 Oct 31 15:25:07.319965: | port range: 0-65535 Oct 31 15:25:07.319967: | ip range: 192.0.22.0-192.0.22.255 Oct 31 15:25:07.319968: | printing contents struct traffic_selector Oct 31 15:25:07.319970: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:07.319971: | ipprotoid: 0 Oct 31 15:25:07.319972: | port range: 0-65535 Oct 31 15:25:07.319975: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:25:07.319978: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:25:07.320035: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:25:07.320038: | could_route called for north-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:25:07.320040: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.320042: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.320044: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.320045: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.320047: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.320050: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" erouted; eroute owner: NULL Oct 31 15:25:07.320052: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:07.320054: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:07.320056: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:07.320059: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.320061: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:25:07.320063: | netlink: enabling tunnel mode Oct 31 15:25:07.320064: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:25:07.320066: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.320068: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.320135: | netlink response for Add SA esp.58de34ec@192.1.3.33 included non-error error Oct 31 15:25:07.320139: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:25:07.320141: | set up outgoing SA, ref=0/0 Oct 31 15:25:07.320142: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:07.320144: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:07.320146: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:07.320148: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.320150: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:25:07.320151: | netlink: enabling tunnel mode Oct 31 15:25:07.320154: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:25:07.320156: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.320157: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.320185: | netlink response for Add SA esp.7fb4c1c8@192.1.2.23 included non-error error Oct 31 15:25:07.320188: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:25:07.320189: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:25:07.320191: | setup_half_ipsec_sa() before proto 50 Oct 31 15:25:07.320192: | setup_half_ipsec_sa() after proto 50 Oct 31 15:25:07.320194: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:25:07.320195: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:07.320207: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:25:07.320214: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.320245: | raw_eroute result=success Oct 31 15:25:07.320248: | set up incoming SA, ref=0/0 Oct 31 15:25:07.320249: | sr for #3: unrouted Oct 31 15:25:07.320266: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:25:07.320268: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.320269: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.320271: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.320272: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.320274: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.320276: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" erouted; eroute owner: NULL Oct 31 15:25:07.320278: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:north-eastnets/0x1 rosr:{0x55cebdc9c848} and state: #3 Oct 31 15:25:07.320280: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:07.320285: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:25:07.320287: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.320296: | raw_eroute result=success Oct 31 15:25:07.320312: | running updown command "ipsec _updown" for verb up Oct 31 15:25:07.320313: | command executing up-client Oct 31 15:25:07.320316: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:07.320337: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:07.320383: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE... Oct 31 15:25:07.320389: | popen cmd is 1142 chars long Oct 31 15:25:07.320392: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2': Oct 31 15:25:07.320395: | cmd( 80): PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_N: Oct 31 15:25:07.320398: | cmd( 160):EXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT=': Oct 31 15:25:07.320400: | cmd( 240):192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.25: Oct 31 15:25:07.320404: | cmd( 320):5.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYP: Oct 31 15:25:07.320407: | cmd( 400):E='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:25:07.320408: | cmd( 480):3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:25:07.320409: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:25:07.320411: | cmd( 640): PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+U: Oct 31 15:25:07.320412: | cmd( 720):P+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' : Oct 31 15:25:07.320414: | cmd( 800):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Oct 31 15:25:07.320415: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Oct 31 15:25:07.320416: | cmd( 960):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0': Oct 31 15:25:07.320418: | cmd(1040): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x58de34ec SPI_OUT=0x7fb4c: Oct 31 15:25:07.320419: | cmd(1120):1c8 ipsec _updown 2>&1: Oct 31 15:25:07.328575: | route_and_eroute: firewall_notified: true Oct 31 15:25:07.328593: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x55cebdc9e318,sr=0x55cebdc9e318} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:25:07.329040: | inR2: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Oct 31 15:25:07.329048: | delref logger@0x55cebdc9fbd8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:07.329050: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.329052: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:07.329059: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.329063: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:25:07.329065: | transitioning from state STATE_V2_NEW_CHILD_I1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:07.329066: | Message ID: updating counters for #3 Oct 31 15:25:07.329073: | Message ID: CHILD #1.#3 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744577.701595 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.329077: | Message ID: CHILD #1.#3 updating initiator received message response 2: ike.initiator.sent=2 ike.initiator.recv=1->2 ike.initiator.last_contact=744577.701595->744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=2->-1 child.wip.responder=-1 Oct 31 15:25:07.329081: | Message ID: CHILD #1.#3 skipping update_send as nothing to send: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.329085: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:07.329087: | child state #3: V2_NEW_CHILD_I1(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:25:07.329090: | pstats #3 ikev2.child established Oct 31 15:25:07.329092: | announcing the state transition Oct 31 15:25:07.329098: "north-eastnets/0x2" #3: negotiated connection [192.0.22.0-192.0.22.255:0-65535 0] -> [192.0.3.0-192.0.3.255:0-65535 0] Oct 31 15:25:07.329104: | NAT-T: encaps is 'auto' Oct 31 15:25:07.329108: "north-eastnets/0x2" #3: IPsec SA established tunnel mode {ESP=>0x58de34ec <0x7fb4c1c8 xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Oct 31 15:25:07.329110: | releasing #3's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:25:07.329111: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.329113: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.329115: | unpending #3's IKE SA #1 Oct 31 15:25:07.329116: | unpending state #1 connection "north-eastnets/0x2" Oct 31 15:25:07.329118: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:25:07.329120: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.329121: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.329124: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Oct 31 15:25:07.329126: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:07.329130: | libevent_free: delref ptr-libevent@0x55cebdca3e08 Oct 31 15:25:07.329132: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55cebdc8ee68 Oct 31 15:25:07.329135: | event_schedule: newref EVENT_SA_REKEY-pe@0x55cebdc8ee68 Oct 31 15:25:07.329137: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Oct 31 15:25:07.329139: | libevent_malloc: newref ptr-libevent@0x55cebdca4eb8 size 128 Oct 31 15:25:07.329142: | delref mdp@0x55cebdcad868(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.329144: | delref logger@0x55cebdca6598(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.329146: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.329147: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:07.329154: | #3 spent 1.24 (9.28) milliseconds in resume sending helper answer back to state Oct 31 15:25:07.329157: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:25:07.329159: | libevent_free: delref ptr-libevent@0x7f32840011c8 Oct 31 15:25:07.329169: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.329173: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.329176: | spent 0.00393 (0.00388) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:15.103633: | newref struct fd@0x55cebdc9d1b8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:15.103648: | fd_accept: new fd-fd@0x55cebdc9d1b8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:15.103659: | whack: traffic_status Oct 31 15:25:15.103661: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:25:15.103664: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:15.103670: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:15.103684: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:15.103698: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:15.103707: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:15.103734: | delref fd@0x55cebdc9d1b8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:15.103742: | freeref fd-fd@0x55cebdc9d1b8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:15.103750: | spent 0.126 (0.125) milliseconds in whack Oct 31 15:25:15.210795: | newref struct fd@0x55cebdc9d1b8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:15.210818: | fd_accept: new fd-fd@0x55cebdc9d1b8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:15.210841: | whack: status Oct 31 15:25:15.211042: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:15.211049: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:15.211173: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:15.211177: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:15.211187: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:15.211206: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:15.211229: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:15.211241: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:15.211258: | delref fd@0x55cebdc9d1b8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:15.211265: | freeref fd-fd@0x55cebdc9d1b8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:15.211271: | spent 0.476 (0.484) milliseconds in whack Oct 31 15:25:15.448529: | processing global timer EVENT_SHUNT_SCAN Oct 31 15:25:15.448547: | checking for aged bare shunts from shunt table to expire Oct 31 15:25:15.448555: | spent 0.00445 (0.0042) milliseconds in global timer EVENT_SHUNT_SCAN Oct 31 15:25:16.236045: | newref struct fd@0x55cebdc9d1b8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.236060: | fd_accept: new fd-fd@0x55cebdc9d1b8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.236071: shutting down Oct 31 15:25:16.236079: | leaking fd-fd@0x55cebdc9d1b8's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:16.236082: | delref fd@0x55cebdc9d1b8(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:16.236084: | freeref fd-fd@0x55cebdc9d1b8 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:16.236101: | shutting down helper thread 6 Oct 31 15:25:16.236112: | helper thread 6 exited Oct 31 15:25:16.236131: | shutting down helper thread 3 Oct 31 15:25:16.236144: | helper thread 3 exited Oct 31 15:25:16.236155: | shutting down helper thread 1 Oct 31 15:25:16.236166: | helper thread 1 exited Oct 31 15:25:16.236175: | shutting down helper thread 2 Oct 31 15:25:16.236182: | helper thread 2 exited Oct 31 15:25:16.236189: | shutting down helper thread 4 Oct 31 15:25:16.236196: | helper thread 4 exited Oct 31 15:25:16.236233: | shutting down helper thread 5 Oct 31 15:25:16.236249: | helper thread 5 exited Oct 31 15:25:16.236263: | shutting down helper thread 7 Oct 31 15:25:16.236273: | helper thread 7 exited Oct 31 15:25:16.236279: 7 helper threads shutdown Oct 31 15:25:16.236283: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:16.236286: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:16.236288: forgetting secrets Oct 31 15:25:16.236303: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:16.236307: | delref pkp@0x55cebdc9b978(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:16.236311: | delref pkp@0x55cebdca1018(2->1) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:16.236315: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:16.236317: | pass 0 Oct 31 15:25:16.236320: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.236322: | state #3 Oct 31 15:25:16.236330: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:16.236332: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:16.236335: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:16.236338: | pstats #3 ikev2.child deleted completed Oct 31 15:25:16.236345: | #3 main thread spent 3.27 (12.1) milliseconds helper thread spent 5.04 (5.15) milliseconds in total Oct 31 15:25:16.236350: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:16.236354: | should_send_delete: yes Oct 31 15:25:16.236358: "north-eastnets/0x2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 12.967445s and sending notification Oct 31 15:25:16.236361: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:16.236367: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:16.236385: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:16.236396: "north-eastnets/0x2" #3: ESP traffic information: in=0B out=0B Oct 31 15:25:16.236400: | unsuspending #3 MD (nil) Oct 31 15:25:16.236408: | should_send_delete: yes Oct 31 15:25:16.236411: | #3 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:16.236418: | opening output PBS informational exchange delete request Oct 31 15:25:16.236422: | **emit ISAKMP Message: Oct 31 15:25:16.236427: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.236430: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.236433: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:16.236436: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.236439: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.236442: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:16.236446: | Message ID: 3 (00 00 00 03) Oct 31 15:25:16.236449: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:16.236452: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:16.236455: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.236457: | flags: none (0x0) Oct 31 15:25:16.236460: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:16.236463: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:16.236512: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:16.236619: | ****emit IKEv2 Delete Payload: Oct 31 15:25:16.236625: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.236628: | flags: none (0x0) Oct 31 15:25:16.236630: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:16.236634: | SPI size: 4 (04) Oct 31 15:25:16.236688: | number of SPIs: 1 (00 01) Oct 31 15:25:16.236694: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:16.236696: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:16.236700: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:16.236703: | local spis: 7f b4 c1 c8 Oct 31 15:25:16.236705: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:16.236708: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:16.236711: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.236713: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.236716: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.236719: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.236722: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:16.236724: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:16.236726: | emitting length of ISAKMP Message: 80 Oct 31 15:25:16.236771: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:16.236774: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.236777: | 2e 20 25 08 00 00 00 03 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.236779: | 4a 77 55 ad 70 28 1a 9a 91 c0 68 bf a0 cc 02 9d Oct 31 15:25:16.236781: | 0f b8 b8 54 70 a4 e4 93 a9 eb b6 41 63 de 3b ca Oct 31 15:25:16.236783: | 9f c3 1b 5c 70 63 6a a5 28 cd 89 c1 d4 ef c1 4a Oct 31 15:25:16.236825: | sent 1 messages Oct 31 15:25:16.236828: | Message ID: IKE #1 sender #3 in send_delete hacking around record 'n' send Oct 31 15:25:16.236836: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=3 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=3 ike.wip.responder=-1 Oct 31 15:25:16.236840: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55cebdca82b8 Oct 31 15:25:16.236843: | inserting event EVENT_RETRANSMIT, timeout in 0.05 seconds for #1 Oct 31 15:25:16.236849: | libevent_malloc: newref ptr-libevent@0x7f32840011c8 size 128 Oct 31 15:25:16.236855: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 0.05 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744590.669635 Oct 31 15:25:16.236918: | Message ID: IKE #1 updating initiator sent message request 3: ike.initiator.sent=2->3 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=-1->3 ike.wip.responder=-1 Oct 31 15:25:16.236922: | state #3 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:16.236926: | libevent_free: delref ptr-libevent@0x55cebdca4eb8 Oct 31 15:25:16.236929: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55cebdc8ee68 Oct 31 15:25:16.236932: | #3 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:16.237223: | running updown command "ipsec _updown" for verb down Oct 31 15:25:16.237232: | command executing down-client Oct 31 15:25:16.237237: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:16.237248: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:16.237280: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI... Oct 31 15:25:16.237284: | popen cmd is 1144 chars long Oct 31 15:25:16.237287: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Oct 31 15:25:16.237289: | cmd( 80):2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:16.237291: | cmd( 160):_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT: Oct 31 15:25:16.237294: | cmd( 240):='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.: Oct 31 15:25:16.237296: | cmd( 320):255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_T: Oct 31 15:25:16.237298: | cmd( 400):YPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.: Oct 31 15:25:16.237301: | cmd( 480):0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:25:16.237303: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:16.237305: | cmd( 640):m' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:25:16.237307: | cmd( 720):+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT: Oct 31 15:25:16.237309: | cmd( 800):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Oct 31 15:25:16.237312: | cmd( 880):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Oct 31 15:25:16.237314: | cmd( 960): PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES=': Oct 31 15:25:16.237316: | cmd(1040):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x58de34ec SPI_OUT=0x7fb: Oct 31 15:25:16.237318: | cmd(1120):4c1c8 ipsec _updown 2>&1: Oct 31 15:25:16.249733: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:16.249766: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:16.249772: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.249777: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:16.249823: | delete esp.58de34ec@192.1.3.33 Oct 31 15:25:16.249828: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.249853: | netlink response for Del SA esp.58de34ec@192.1.3.33 included non-error error Oct 31 15:25:16.249857: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.249865: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:16.249887: | raw_eroute result=success Oct 31 15:25:16.249895: | delete esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:16.249899: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.249921: | netlink response for Del SA esp.7fb4c1c8@192.1.2.23 included non-error error Oct 31 15:25:16.249929: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:25:16.249934: | State DB: deleting IKEv2 state #3 in ESTABLISHED_CHILD_SA Oct 31 15:25:16.249943: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:16.249949: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:16.249952: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.249955: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.249964: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:16.249988: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.250001: | delref logger@0x55cebdc9d148(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:16.250004: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.250007: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.250010: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:16.250013: | state #2 Oct 31 15:25:16.250019: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:16.250023: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:16.250026: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:16.250029: | pstats #2 ikev2.child deleted completed Oct 31 15:25:16.250036: | #2 main thread spent 3.82 (68.1) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:16.250042: | [RE]START processing: state #2 connection "north-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:16.250045: | should_send_delete: yes Oct 31 15:25:16.250051: "north-eastnets/0x1" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 17.112264s and sending notification Oct 31 15:25:16.250054: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:16.250058: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:16.250070: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:16.250079: "north-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Oct 31 15:25:16.250083: | unsuspending #2 MD (nil) Oct 31 15:25:16.250085: | should_send_delete: yes Oct 31 15:25:16.250089: | #2 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:16.250092: | opening output PBS informational exchange delete request Oct 31 15:25:16.250095: | **emit ISAKMP Message: Oct 31 15:25:16.250100: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.250104: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.250107: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:16.250110: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.250113: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.250116: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:16.250122: | Message ID: 4 (00 00 00 04) Oct 31 15:25:16.250125: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:16.250129: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:16.250131: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.250134: | flags: none (0x0) Oct 31 15:25:16.250137: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:16.250140: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:16.250143: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:16.250156: | ****emit IKEv2 Delete Payload: Oct 31 15:25:16.250158: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.250160: | flags: none (0x0) Oct 31 15:25:16.250162: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:16.250165: | SPI size: 4 (04) Oct 31 15:25:16.250168: | number of SPIs: 1 (00 01) Oct 31 15:25:16.250170: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:16.250173: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:16.250175: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:16.250178: | local spis: fa fb e2 8b Oct 31 15:25:16.250181: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:16.250183: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:16.250186: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250188: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250191: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250193: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250196: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:16.250202: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:16.250207: | emitting length of ISAKMP Message: 80 Oct 31 15:25:16.250242: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:16.250246: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.250248: | 2e 20 25 08 00 00 00 04 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.250250: | a4 5c a6 d1 63 51 33 34 4b cf b4 e3 dd 4b 73 ed Oct 31 15:25:16.250252: | ae 7f 66 1a 4a c1 da e5 67 b5 54 da e6 b5 f3 36 Oct 31 15:25:16.250254: | a0 86 28 4b 87 4e 1b 44 08 57 df a8 ff e7 93 21 Oct 31 15:25:16.250282: | sent 1 messages Oct 31 15:25:16.250288: | Message ID: IKE #1 sender #2 in send_delete hacking around record 'n' send Oct 31 15:25:16.250295: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 3 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=4 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=4 ike.wip.responder=-1 Oct 31 15:25:16.250303: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=4 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=4 ike.wip.responder=-1 Oct 31 15:25:16.250310: | Message ID: IKE #1 updating initiator sent message request 4: ike.initiator.sent=3->4 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=3->4 ike.wip.responder=-1 Oct 31 15:25:16.250314: | state #2 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:16.250325: | libevent_free: delref ptr-libevent@0x55cebdca7248 Oct 31 15:25:16.250329: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55cebdca7428 Oct 31 15:25:16.250332: | #2 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:16.250380: | running updown command "ipsec _updown" for verb down Oct 31 15:25:16.250383: | command executing down-client Oct 31 15:25:16.250388: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:16.250398: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:16.250431: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU... Oct 31 15:25:16.250435: | popen cmd is 1146 chars long Oct 31 15:25:16.250438: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Oct 31 15:25:16.250440: | cmd( 80):1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:16.250442: | cmd( 160):_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT: Oct 31 15:25:16.250445: | cmd( 240):='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.25: Oct 31 15:25:16.250447: | cmd( 320):5.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYP: Oct 31 15:25:16.250449: | cmd( 400):E='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:25:16.250452: | cmd( 480):3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:25:16.250454: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:25:16.250456: | cmd( 640): PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+U: Oct 31 15:25:16.250459: | cmd( 720):P+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' : Oct 31 15:25:16.250461: | cmd( 800):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Oct 31 15:25:16.250463: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Oct 31 15:25:16.250466: | cmd( 960):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES=': Oct 31 15:25:16.250468: | cmd(1040):168' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xedda5998 SPI_OUT=0xf: Oct 31 15:25:16.250470: | cmd(1120):afbe28b ipsec _updown 2>&1: Oct 31 15:25:16.260160: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:16.260177: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:16.260182: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.260188: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:16.260239: | delete esp.edda5998@192.1.3.33 Oct 31 15:25:16.260246: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.260325: | netlink response for Del SA esp.edda5998@192.1.3.33 included non-error error Oct 31 15:25:16.260332: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.260344: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:16.260372: | raw_eroute result=success Oct 31 15:25:16.260379: | delete esp.fafbe28b@192.1.2.23 Oct 31 15:25:16.260382: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.260395: | netlink response for Del SA esp.fafbe28b@192.1.2.23 included non-error error Oct 31 15:25:16.260402: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:25:16.260407: | State DB: deleting IKEv2 state #2 in ESTABLISHED_CHILD_SA Oct 31 15:25:16.260412: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:16.260416: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:16.260418: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.260421: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.260424: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:16.260432: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.260439: | delref logger@0x55cebdbdb198(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:16.260442: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.260445: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.260448: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:16.260451: | state #1 Oct 31 15:25:16.260453: | pass 1 Oct 31 15:25:16.260456: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.260458: | state #1 Oct 31 15:25:16.260464: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:16.260466: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:16.260469: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:16.260472: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:16.260479: | #1 main thread spent 10.9 (104) milliseconds helper thread spent 11.8 (59.5) milliseconds in total Oct 31 15:25:16.260485: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:16.260487: | should_send_delete: yes Oct 31 15:25:16.260492: "north-eastnets/0x2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 20.796058s and sending notification Oct 31 15:25:16.260496: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:16.260542: | unsuspending #1 MD (nil) Oct 31 15:25:16.260546: | should_send_delete: yes Oct 31 15:25:16.260549: | #1 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA Oct 31 15:25:16.260552: | opening output PBS informational exchange delete request Oct 31 15:25:16.260555: | **emit ISAKMP Message: Oct 31 15:25:16.260560: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.260564: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.260567: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:16.260569: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.260572: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.260575: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:16.260580: | Message ID: 5 (00 00 00 05) Oct 31 15:25:16.260583: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:16.260587: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:16.260590: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.260592: | flags: none (0x0) Oct 31 15:25:16.260595: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:16.260598: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:16.260604: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:16.260615: | ****emit IKEv2 Delete Payload: Oct 31 15:25:16.260618: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.260621: | flags: none (0x0) Oct 31 15:25:16.260624: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:16.260627: | SPI size: 0 (00) Oct 31 15:25:16.260630: | number of SPIs: 0 (00 00) Oct 31 15:25:16.260633: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:16.260636: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:16.260638: | emitting length of IKEv2 Delete Payload: 8 Oct 31 15:25:16.260641: | adding 8 bytes of padding (including 1 byte padding-length) Oct 31 15:25:16.260644: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260647: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260649: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260652: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260654: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260657: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260659: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260662: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.260665: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:16.260667: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:16.260670: | emitting length of ISAKMP Message: 80 Oct 31 15:25:16.260722: | sending 80 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:16.260727: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.260730: | 2e 20 25 08 00 00 00 05 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.260732: | 69 e5 e9 bc 22 d3 de 45 7e 64 63 2a c8 45 84 4c Oct 31 15:25:16.260734: | 00 5e 84 f3 56 ee f7 de bd d3 4a 51 7e f2 40 f4 Oct 31 15:25:16.260737: | ce 0b d8 57 bb 64 e5 84 d7 47 d5 67 6f 51 12 f7 Oct 31 15:25:16.260775: | sent 1 messages Oct 31 15:25:16.260780: | Message ID: IKE #1 sender #1 in send_delete hacking around record 'n' send Oct 31 15:25:16.260787: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 4 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=5 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=5 ike.wip.responder=-1 Oct 31 15:25:16.260793: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=5 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=5 ike.wip.responder=-1 Oct 31 15:25:16.260800: | Message ID: IKE #1 updating initiator sent message request 5: ike.initiator.sent=4->5 ike.initiator.recv=2 ike.initiator.last_contact=744581.761865 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.897271 ike.wip.initiator=4->5 ike.wip.responder=-1 Oct 31 15:25:16.260804: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:16.260810: | libevent_free: delref ptr-libevent@0x55cebdc9f628 Oct 31 15:25:16.260813: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55cebdca69a8 Oct 31 15:25:16.260816: | #1 requesting EVENT_RETRANSMIT-pe@0x55cebdca82b8 be deleted Oct 31 15:25:16.260819: | libevent_free: delref ptr-libevent@0x7f32840011c8 Oct 31 15:25:16.260822: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55cebdca82b8 Oct 31 15:25:16.260828: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:16.260832: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:16.260834: | picked newest_isakmp_sa #0 for #1 Oct 31 15:25:16.260838: "north-eastnets/0x2" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:16.260842: | add revival: connection 'north-eastnets/0x2' added to the list and scheduled for 0 seconds Oct 31 15:25:16.260845: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Oct 31 15:25:16.260849: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:25:16.260852: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:16.260856: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:16.260859: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:16.260862: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.260864: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.260867: | delref pkp@0x55cebdca1018(1->0) (in delete_state() at state.c:1202) Oct 31 15:25:16.260883: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.260901: | delref logger@0x55cebdca0ba8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:16.260905: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.260907: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.260911: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:16.260917: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:16.260923: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:16.260933: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.260953: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.260966: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:16.260970: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:16.260973: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:16.260975: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:16.260978: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:16.260981: | route owner of "north-eastnets/0x2" unrouted: "north-eastnets/0x1" prospective erouted Oct 31 15:25:16.260985: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:16.260987: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:16.260991: | newref clone logger@0x55cebdc9fbd8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:16.260993: | flush revival: connection 'north-eastnets/0x2' revival flushed Oct 31 15:25:16.260997: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:16.260999: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:16.261005: | Connection DB: deleting connection $2 Oct 31 15:25:16.261009: | delref logger@0x55cebdc9fbd8(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:16.261012: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.261014: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.261017: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:16.261019: | pass 0 Oct 31 15:25:16.261022: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.261024: | pass 1 Oct 31 15:25:16.261026: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.261031: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Oct 31 15:25:16.261037: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Oct 31 15:25:16.261042: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.261059: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.261071: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:16.261074: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:16.261077: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:16.261079: | route owner of "north-eastnets/0x1" unrouted: NULL Oct 31 15:25:16.261082: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:16.261084: | command executing unroute-client Oct 31 15:25:16.261112: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE... Oct 31 15:25:16.261117: | popen cmd is 1086 chars long Oct 31 15:25:16.261120: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:25:16.261123: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:16.261125: | cmd( 160):UTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLI: Oct 31 15:25:16.261127: | cmd( 240):ENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:25:16.261129: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:25:16.261131: | cmd( 400):TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='19: Oct 31 15:25:16.261133: | cmd( 480):2.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.25: Oct 31 15:25:16.261136: | cmd( 560):5.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='x: Oct 31 15:25:16.261138: | cmd( 640):frm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKE: Oct 31 15:25:16.261140: | cmd( 720):V2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: Oct 31 15:25:16.261142: | cmd( 800):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: Oct 31 15:25:16.261145: | cmd( 880):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: Oct 31 15:25:16.261147: | cmd( 960):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=: Oct 31 15:25:16.261149: | cmd(1040):'no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:16.275883: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275900: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275906: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275922: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275935: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275948: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275962: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275975: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.275990: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276006: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276020: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276036: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276068: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276268: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276276: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276280: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276282: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276285: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276288: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276290: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276293: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276296: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276298: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276301: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276303: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276306: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276310: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276313: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276315: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276319: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276330: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276356: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276371: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276735: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276748: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276760: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276777: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276792: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276806: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276821: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276835: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276853: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.276870: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.287587: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:16.287607: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:16.287614: | newref clone logger@0x55cebdc9fbd8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:16.287620: | delref hp@0x55cebdc9d8e8(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:16.287623: | flush revival: connection 'north-eastnets/0x1' wasn't on the list Oct 31 15:25:16.287627: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:16.287630: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:16.287637: | Connection DB: deleting connection $1 Oct 31 15:25:16.287641: | delref logger@0x55cebdc9fbd8(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:16.287644: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.287647: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.287650: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:16.287653: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:16.287662: | iface: marking eth1 dead Oct 31 15:25:16.287665: | iface: marking eth0 dead Oct 31 15:25:16.287667: | iface: marking eth0 dead Oct 31 15:25:16.287670: | iface: marking eth0 dead Oct 31 15:25:16.287672: | iface: marking eth0 dead Oct 31 15:25:16.287674: | iface: marking lo dead Oct 31 15:25:16.287676: | updating interfaces - listing interfaces that are going down Oct 31 15:25:16.287683: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:16.287688: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:16.287749: shutting down interface eth0 192.0.2.254:4500 Oct 31 15:25:16.288104: shutting down interface eth0 192.0.2.254:500 Oct 31 15:25:16.288109: shutting down interface eth0 192.0.22.251:4500 Oct 31 15:25:16.288113: shutting down interface eth0 192.0.22.251:500 Oct 31 15:25:16.288118: shutting down interface eth0 192.0.22.254:4500 Oct 31 15:25:16.288122: shutting down interface eth0 192.0.22.254:500 Oct 31 15:25:16.288126: shutting down interface eth0 192.0.2.251:4500 Oct 31 15:25:16.288130: shutting down interface eth0 192.0.2.251:500 Oct 31 15:25:16.288134: shutting down interface eth1 192.1.2.23:4500 Oct 31 15:25:16.288137: shutting down interface eth1 192.1.2.23:500 Oct 31 15:25:16.288140: | updating interfaces - deleting the dead Oct 31 15:25:16.288146: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:16.288157: | libevent_free: delref ptr-libevent@0x55cebdc9c0d8 Oct 31 15:25:16.288162: | delref id@0x55cebdc9d748(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288177: | libevent_free: delref ptr-libevent@0x55cebdc97dc8 Oct 31 15:25:16.288182: | delref id@0x55cebdc9d748(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288190: | libevent_free: delref ptr-libevent@0x55cebdc5b4f8 Oct 31 15:25:16.288194: | delref id@0x55cebdc9d6b8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288206: | libevent_free: delref ptr-libevent@0x55cebdc507b8 Oct 31 15:25:16.288213: | delref id@0x55cebdc9d6b8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288221: | libevent_free: delref ptr-libevent@0x55cebdc5b5f8 Oct 31 15:25:16.288225: | delref id@0x55cebdc9d628(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288232: | libevent_free: delref ptr-libevent@0x55cebdc58018 Oct 31 15:25:16.288237: | delref id@0x55cebdc9d628(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288244: | libevent_free: delref ptr-libevent@0x55cebdc57f68 Oct 31 15:25:16.288248: | delref id@0x55cebdc9d598(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288255: | libevent_free: delref ptr-libevent@0x55cebdca2a88 Oct 31 15:25:16.288259: | delref id@0x55cebdc9d598(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288266: | libevent_free: delref ptr-libevent@0x55cebdca2b78 Oct 31 15:25:16.288270: | delref id@0x55cebdc9d508(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288277: | libevent_free: delref ptr-libevent@0x55cebdca2c68 Oct 31 15:25:16.288280: | delref id@0x55cebdc9d508(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288288: | libevent_free: delref ptr-libevent@0x55cebdca2d58 Oct 31 15:25:16.288291: | delref id@0x55cebdc9bc88(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288298: | libevent_free: delref ptr-libevent@0x55cebdca2e48 Oct 31 15:25:16.288301: | delref id@0x55cebdc9bc88(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288307: | delref id@0x55cebdc9bc88(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288311: | delref id@0x55cebdc9d508(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288315: | delref id@0x55cebdc9d598(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288319: | delref id@0x55cebdc9d628(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288322: | delref id@0x55cebdc9d6b8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288326: | delref id@0x55cebdc9d748(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.288328: | updating interfaces - checking orientation Oct 31 15:25:16.288334: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:16.293222: | libevent_free: delref ptr-libevent@0x55cebdc97e78 Oct 31 15:25:16.293241: | free_event_entry: delref EVENT_NULL-pe@0x55cebdc9b338 Oct 31 15:25:16.293249: | libevent_free: delref ptr-libevent@0x55cebdc5b3f8 Oct 31 15:25:16.293253: | free_event_entry: delref EVENT_NULL-pe@0x55cebdc97d58 Oct 31 15:25:16.293257: | libevent_free: delref ptr-libevent@0x55cebdc5b348 Oct 31 15:25:16.293260: | free_event_entry: delref EVENT_NULL-pe@0x55cebdc95d38 Oct 31 15:25:16.293264: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:16.293266: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:16.293268: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:16.293271: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:16.293273: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:16.293275: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:16.293277: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:16.293280: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:16.293282: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:16.293286: | libevent_free: delref ptr-libevent@0x55cebdbee138 Oct 31 15:25:16.293289: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:16.293292: | libevent_free: delref ptr-libevent@0x55cebdbed958 Oct 31 15:25:16.293294: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:16.293297: | libevent_free: delref ptr-libevent@0x55cebdc9b558 Oct 31 15:25:16.293300: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:16.293303: | libevent_free: delref ptr-libevent@0x55cebdc9b798 Oct 31 15:25:16.293305: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:16.293307: | releasing event base Oct 31 15:25:16.293321: | libevent_free: delref ptr-libevent@0x55cebdc9b668 Oct 31 15:25:16.293324: | libevent_free: delref ptr-libevent@0x55cebdc8aa58 Oct 31 15:25:16.293328: | libevent_free: delref ptr-libevent@0x55cebdc8aa08 Oct 31 15:25:16.293330: | libevent_free: delref ptr-libevent@0x55cebdc9daa8 Oct 31 15:25:16.293332: | libevent_free: delref ptr-libevent@0x55cebdc8ac08 Oct 31 15:25:16.293335: | libevent_free: delref ptr-libevent@0x55cebdc8ee28 Oct 31 15:25:16.293337: | libevent_free: delref ptr-libevent@0x55cebdc8ec38 Oct 31 15:25:16.293339: | libevent_free: delref ptr-libevent@0x55cebdc8ac48 Oct 31 15:25:16.293341: | libevent_free: delref ptr-libevent@0x55cebdc8ea48 Oct 31 15:25:16.293343: | libevent_free: delref ptr-libevent@0x55cebdc8e408 Oct 31 15:25:16.293345: | libevent_free: delref ptr-libevent@0x55cebdca2ef8 Oct 31 15:25:16.293348: | libevent_free: delref ptr-libevent@0x55cebdca2e08 Oct 31 15:25:16.293350: | libevent_free: delref ptr-libevent@0x55cebdca2d18 Oct 31 15:25:16.293352: | libevent_free: delref ptr-libevent@0x55cebdca2c28 Oct 31 15:25:16.293354: | libevent_free: delref ptr-libevent@0x55cebdca2b38 Oct 31 15:25:16.293356: | libevent_free: delref ptr-libevent@0x55cebdca2a48 Oct 31 15:25:16.293358: | libevent_free: delref ptr-libevent@0x55cebdca2a08 Oct 31 15:25:16.293361: | libevent_free: delref ptr-libevent@0x55cebdca29c8 Oct 31 15:25:16.293363: | libevent_free: delref ptr-libevent@0x55cebdca2988 Oct 31 15:25:16.293365: | libevent_free: delref ptr-libevent@0x55cebdca2948 Oct 31 15:25:16.293367: | libevent_free: delref ptr-libevent@0x55cebdca2908 Oct 31 15:25:16.293369: | libevent_free: delref ptr-libevent@0x55cebdca28c8 Oct 31 15:25:16.293371: | libevent_free: delref ptr-libevent@0x55cebdc811d8 Oct 31 15:25:16.293373: | libevent_free: delref ptr-libevent@0x55cebdc9b518 Oct 31 15:25:16.293375: | libevent_free: delref ptr-libevent@0x55cebdc9b4d8 Oct 31 15:25:16.293377: | libevent_free: delref ptr-libevent@0x55cebdc8ea88 Oct 31 15:25:16.293379: | libevent_free: delref ptr-libevent@0x55cebdc9b628 Oct 31 15:25:16.293381: | libevent_free: delref ptr-libevent@0x55cebdc9b3a8 Oct 31 15:25:16.293384: | libevent_free: delref ptr-libevent@0x55cebdc5d838 Oct 31 15:25:16.293386: | libevent_free: delref ptr-libevent@0x55cebdc5d098 Oct 31 15:25:16.293391: | libevent_free: delref ptr-libevent@0x55cebdc54078 Oct 31 15:25:16.293394: | releasing global libevent data Oct 31 15:25:16.293396: | libevent_free: delref ptr-libevent@0x55cebdc5d3d8 Oct 31 15:25:16.293399: | libevent_free: delref ptr-libevent@0x55cebdbed8f8 Oct 31 15:25:16.293401: | libevent_free: delref ptr-libevent@0x55cebdc5d8b8 Oct 31 15:25:16.293444: leak detective found no leaks