Oct 31 15:24:56.466963: | newref logger@0x555766922b70(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:56.467138: | delref logger@0x555766922b70(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:56.467146: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.467149: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.467152: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:56.467354: Initializing NSS Oct 31 15:24:56.467364: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:56.511308: FIPS Mode: NO Oct 31 15:24:56.511325: NSS crypto library initialized Oct 31 15:24:56.511357: FIPS mode disabled for pluto daemon Oct 31 15:24:56.511361: FIPS HMAC integrity support [disabled] Oct 31 15:24:56.511479: libcap-ng support [enabled] Oct 31 15:24:56.511489: Linux audit support [enabled] Oct 31 15:24:56.511512: Linux audit activated Oct 31 15:24:56.511516: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2154866 Oct 31 15:24:56.511519: core dump dir: /tmp Oct 31 15:24:56.511522: secrets file: /etc/ipsec.secrets Oct 31 15:24:56.511524: leak-detective disabled Oct 31 15:24:56.511526: NSS crypto [enabled] Oct 31 15:24:56.511528: XAUTH PAM support [enabled] Oct 31 15:24:56.511615: | libevent is using pluto's memory allocator Oct 31 15:24:56.511624: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:56.511648: | libevent_malloc: newref ptr-libevent@0x5557669cbd40 size 40 Oct 31 15:24:56.511658: | libevent_malloc: newref ptr-libevent@0x5557669d3e70 size 40 Oct 31 15:24:56.511664: | libevent_malloc: newref ptr-libevent@0x5557669d5540 size 40 Oct 31 15:24:56.511669: | creating event base Oct 31 15:24:56.511674: | libevent_malloc: newref ptr-libevent@0x5557669d5570 size 56 Oct 31 15:24:56.511679: | libevent_malloc: newref ptr-libevent@0x5557669d55b0 size 664 Oct 31 15:24:56.511696: | libevent_malloc: newref ptr-libevent@0x5557669d3c00 size 24 Oct 31 15:24:56.511700: | libevent_malloc: newref ptr-libevent@0x55576699c260 size 384 Oct 31 15:24:56.511712: | libevent_malloc: newref ptr-libevent@0x5557669d3cd0 size 16 Oct 31 15:24:56.511715: | libevent_malloc: newref ptr-libevent@0x5557669d5850 size 40 Oct 31 15:24:56.511717: | libevent_malloc: newref ptr-libevent@0x5557669d5880 size 48 Oct 31 15:24:56.511722: | libevent_realloc: newref ptr-libevent@0x5557669d58c0 size 256 Oct 31 15:24:56.511725: | libevent_malloc: newref ptr-libevent@0x5557669d3da0 size 16 Oct 31 15:24:56.511731: | libevent_free: delref ptr-libevent@0x5557669d5570 Oct 31 15:24:56.511733: | libevent initialized Oct 31 15:24:56.511739: | libevent_realloc: newref ptr-libevent@0x5557669d59d0 size 64 Oct 31 15:24:56.511743: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:56.511750: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:56.511753: NAT-Traversal support [enabled] Oct 31 15:24:56.511755: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:56.511763: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:56.511766: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:56.511780: | checking IKEv1 state table Oct 31 15:24:56.511786: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:56.511788: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:56.511793: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:56.511795: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:56.511798: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:56.511800: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:56.511803: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:56.511805: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:56.511808: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:56.511822: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:56.511825: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:56.511827: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:56.511829: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:56.511832: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:56.511834: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:56.511836: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:56.511839: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:56.511841: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:56.511843: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:56.511845: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:56.511848: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:56.511850: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:56.511853: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:56.511855: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:56.511857: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:56.511860: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:56.511862: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:56.511864: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:56.511867: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:56.511869: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:56.511871: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:56.511874: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:56.511876: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:56.511878: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:56.511881: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:56.511883: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:56.511886: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:56.511888: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:56.511891: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:56.511893: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:56.511895: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:56.511898: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:56.511900: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:56.511902: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:56.511905: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:56.511907: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:56.511910: | INFO: category: informational; flags: 0: Oct 31 15:24:56.511912: | -> INFO EVENT_NULL (informational) Oct 31 15:24:56.511914: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:56.511917: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:56.511919: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:56.511921: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:56.511924: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:56.511926: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:56.511929: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:56.511931: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:56.511933: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:56.511936: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:56.511938: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:56.511940: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:56.511943: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:56.511945: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:56.511948: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:56.511950: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:56.511954: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:56.511957: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:56.511963: | checking IKEv2 state table Oct 31 15:24:56.511972: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:56.511974: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:56.511979: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:56.511981: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:56.511984: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:56.511986: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:56.511989: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:56.511991: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:56.511994: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:56.511997: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:56.512003: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:56.512006: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:56.512008: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:56.512011: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:56.512014: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:56.512016: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:56.512018: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:56.512021: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:56.512023: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:56.512025: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:56.512028: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:56.512031: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:56.512033: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:56.512036: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:56.512038: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:56.512040: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:56.512043: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:56.512045: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:56.512047: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:56.512050: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:56.512052: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:56.512055: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:56.512057: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:56.512060: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:56.512062: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:56.512065: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:56.512069: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:56.512072: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:56.512074: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:56.512076: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:56.512079: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:56.512081: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:56.512084: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:56.512086: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:56.512089: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:56.512091: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:56.512095: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:56.512098: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:56.512101: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:56.512257: Encryption algorithms: Oct 31 15:24:56.512270: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:56.512275: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:56.512279: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:56.512284: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:56.512289: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:56.512293: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:56.512298: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:56.512302: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:56.512307: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:56.512311: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:56.512315: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:56.512320: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:56.512323: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:56.512328: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:56.512330: Hash algorithms: Oct 31 15:24:56.512334: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:56.512337: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:56.512341: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:56.512344: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:56.512348: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:56.512350: PRF algorithms: Oct 31 15:24:56.512353: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:56.512357: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:56.512361: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:56.512368: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:56.512372: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:56.512375: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:56.512377: Integrity algorithms: Oct 31 15:24:56.512382: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:56.512386: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:56.512391: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:56.512395: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:56.512400: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:56.512403: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:56.512407: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:56.512411: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:56.512415: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:56.512417: DH algorithms: Oct 31 15:24:56.512421: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:56.512424: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:56.512428: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:56.512431: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:56.512434: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:56.512437: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:56.512441: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:56.512444: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:56.512448: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:56.512452: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:56.512455: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:56.512458: testing CAMELLIA_CBC: Oct 31 15:24:56.512461: Camellia: 16 bytes with 128-bit key Oct 31 15:24:56.512537: Camellia: 16 bytes with 128-bit key Oct 31 15:24:56.512569: Camellia: 16 bytes with 256-bit key Oct 31 15:24:56.512600: Camellia: 16 bytes with 256-bit key Oct 31 15:24:56.512629: testing AES_GCM_16: Oct 31 15:24:56.512633: empty string Oct 31 15:24:56.512665: one block Oct 31 15:24:56.512714: two blocks Oct 31 15:24:56.512749: two blocks with associated data Oct 31 15:24:56.512778: testing AES_CTR: Oct 31 15:24:56.512782: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:56.512812: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:56.512842: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:56.512872: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:56.512904: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:56.512933: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:56.512963: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:56.512990: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:56.513019: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:56.513049: testing AES_CBC: Oct 31 15:24:56.513052: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:56.513080: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:56.513112: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:56.513143: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:56.513181: testing AES_XCBC: Oct 31 15:24:56.513184: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:56.513316: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:56.513444: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:56.513560: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:56.513679: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:56.513833: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:56.513958: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:56.514222: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:56.514346: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:56.514474: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:56.514686: testing HMAC_MD5: Oct 31 15:24:56.514690: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:56.514917: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:56.515068: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:56.515247: 8 CPU cores online Oct 31 15:24:56.515255: starting up 7 helper threads Oct 31 15:24:56.515301: started thread for helper 0 Oct 31 15:24:56.515338: started thread for helper 1 Oct 31 15:24:56.515348: | starting helper thread 1 Oct 31 15:24:56.515364: seccomp security disabled for crypto helper 1 Oct 31 15:24:56.515353: | starting helper thread 2 Oct 31 15:24:56.515386: | starting helper thread 3 Oct 31 15:24:56.515398: seccomp security disabled for crypto helper 3 Oct 31 15:24:56.515409: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:56.515418: | helper thread 3 has nothing to do Oct 31 15:24:56.515372: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:56.515371: started thread for helper 2 Oct 31 15:24:56.515449: | helper thread 1 has nothing to do Oct 31 15:24:56.515482: started thread for helper 3 Oct 31 15:24:56.515388: seccomp security disabled for crypto helper 2 Oct 31 15:24:56.515504: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:56.515509: | helper thread 2 has nothing to do Oct 31 15:24:56.515511: started thread for helper 4 Oct 31 15:24:56.515520: | starting helper thread 4 Oct 31 15:24:56.515526: seccomp security disabled for crypto helper 4 Oct 31 15:24:56.515530: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:56.515535: | helper thread 4 has nothing to do Oct 31 15:24:56.515529: | starting helper thread 5 Oct 31 15:24:56.515549: seccomp security disabled for crypto helper 5 Oct 31 15:24:56.515555: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:56.515559: started thread for helper 5 Oct 31 15:24:56.515560: | helper thread 5 has nothing to do Oct 31 15:24:56.515594: started thread for helper 6 Oct 31 15:24:56.515595: | starting helper thread 6 Oct 31 15:24:56.515610: seccomp security disabled for crypto helper 6 Oct 31 15:24:56.515616: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:56.515619: | helper thread 6 has nothing to do Oct 31 15:24:56.515622: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:56.515630: | starting helper thread 7 Oct 31 15:24:56.515635: seccomp security disabled for crypto helper 7 Oct 31 15:24:56.515639: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:56.515642: | helper thread 7 has nothing to do Oct 31 15:24:56.515689: | Hard-wiring algorithms Oct 31 15:24:56.515692: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:56.515701: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:56.515704: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:56.515706: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:56.515709: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:56.515711: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:56.515714: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:56.515716: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:56.515718: | adding AES_CTR to kernel algorithm db Oct 31 15:24:56.515721: | adding AES_CBC to kernel algorithm db Oct 31 15:24:56.515723: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:56.515725: | adding NULL to kernel algorithm db Oct 31 15:24:56.515728: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:56.515731: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:56.515733: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:56.515736: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:56.515738: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:56.515740: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:56.515743: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:56.515745: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:56.515747: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:56.515750: | adding NONE to kernel algorithm db Oct 31 15:24:56.515789: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:56.515799: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:56.515804: | setup kernel fd callback Oct 31 15:24:56.515810: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x5557669dea00 Oct 31 15:24:56.515815: | libevent_malloc: newref ptr-libevent@0x5557669e2970 size 128 Oct 31 15:24:56.515820: | libevent_malloc: newref ptr-libevent@0x5557669d9850 size 16 Oct 31 15:24:56.515830: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x5557669db530 Oct 31 15:24:56.515834: | libevent_malloc: newref ptr-libevent@0x5557669e3620 size 128 Oct 31 15:24:56.515837: | libevent_malloc: newref ptr-libevent@0x5557669d9830 size 16 Oct 31 15:24:56.516069: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:56.516169: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:56.516399: | unbound context created - setting debug level to 5 Oct 31 15:24:56.516440: | /etc/hosts lookups activated Oct 31 15:24:56.516458: | /etc/resolv.conf usage activated Oct 31 15:24:56.516514: | outgoing-port-avoid set 0-65535 Oct 31 15:24:56.516539: | outgoing-port-permit set 32768-60999 Oct 31 15:24:56.516542: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:56.516545: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:56.516548: | Setting up events, loop start Oct 31 15:24:56.516551: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x5557669e5c70 Oct 31 15:24:56.516554: | libevent_malloc: newref ptr-libevent@0x5557669e36b0 size 128 Oct 31 15:24:56.516558: | libevent_malloc: newref ptr-libevent@0x5557669e5cb0 size 16 Oct 31 15:24:56.516564: | libevent_realloc: newref ptr-libevent@0x5557669e5cd0 size 256 Oct 31 15:24:56.516567: | libevent_malloc: newref ptr-libevent@0x5557669e5de0 size 8 Oct 31 15:24:56.516570: | libevent_realloc: newref ptr-libevent@0x5557669d8c10 size 144 Oct 31 15:24:56.516573: | libevent_malloc: newref ptr-libevent@0x5557669e5e00 size 152 Oct 31 15:24:56.516577: | libevent_malloc: newref ptr-libevent@0x5557669e5ea0 size 16 Oct 31 15:24:56.516580: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:56.516587: | libevent_malloc: newref ptr-libevent@0x5557669e5ec0 size 8 Oct 31 15:24:56.516590: | libevent_malloc: newref ptr-libevent@0x5557669e5ee0 size 152 Oct 31 15:24:56.516593: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:56.516595: | libevent_malloc: newref ptr-libevent@0x5557669e5f80 size 8 Oct 31 15:24:56.516598: | libevent_malloc: newref ptr-libevent@0x5557669e5fa0 size 152 Oct 31 15:24:56.516601: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:56.516603: | libevent_malloc: newref ptr-libevent@0x5557669e6040 size 8 Oct 31 15:24:56.516606: | libevent_realloc: delref ptr-libevent@0x5557669d8c10 Oct 31 15:24:56.516608: | libevent_realloc: newref ptr-libevent@0x5557669e6060 size 256 Oct 31 15:24:56.516611: | libevent_malloc: newref ptr-libevent@0x5557669d8c10 size 152 Oct 31 15:24:56.516614: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:56.516994: | created addconn helper (pid:2154890) using fork+execve Oct 31 15:24:56.517022: | forked child 2154890 Oct 31 15:24:56.517035: seccomp security disabled Oct 31 15:24:56.526550: | newref struct fd@0x5557669e61e0(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.526568: | fd_accept: new fd-fd@0x5557669e61e0 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.526587: | whack: listen Oct 31 15:24:56.526591: listening for IKE messages Oct 31 15:24:56.526665: | Inspecting interface lo Oct 31 15:24:56.526675: | found lo with address 127.0.0.1 Oct 31 15:24:56.526680: | Inspecting interface eth0 Oct 31 15:24:56.526684: | found eth0 with address 192.0.3.254 Oct 31 15:24:56.526689: | Inspecting interface eth1 Oct 31 15:24:56.526693: | found eth1 with address 192.1.3.33 Oct 31 15:24:56.526704: | newref struct iface_dev@0x5557669e6640(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:56.526725: Kernel supports NIC esp-hw-offload Oct 31 15:24:56.526736: | iface: marking eth1 add Oct 31 15:24:56.526740: | newref struct iface_dev@0x5557669e6710(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:56.526744: | iface: marking eth0 add Oct 31 15:24:56.526747: | newref struct iface_dev@0x5557669e67a0(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:56.526751: | iface: marking lo add Oct 31 15:24:56.526830: | no interfaces to sort Oct 31 15:24:56.526867: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:56.526893: | addref ifd@0x5557669e6640(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:56.526913: adding UDP interface eth1 192.1.3.33:500 Oct 31 15:24:56.526938: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:56.526948: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:56.526952: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:56.526956: | addref ifd@0x5557669e6640(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:56.526960: adding UDP interface eth1 192.1.3.33:4500 Oct 31 15:24:56.526978: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:56.526987: | addref ifd@0x5557669e6710(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:56.526991: adding UDP interface eth0 192.0.3.254:500 Oct 31 15:24:56.527007: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:56.527014: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:56.527018: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:56.527021: | addref ifd@0x5557669e6710(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:56.527024: adding UDP interface eth0 192.0.3.254:4500 Oct 31 15:24:56.527040: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:56.527049: | addref ifd@0x5557669e67a0(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:56.527053: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:56.527068: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:56.527076: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:56.527079: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:56.527082: | addref ifd@0x5557669e67a0(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:56.527085: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:56.527097: | updating interfaces - listing interfaces that are going down Oct 31 15:24:56.527100: | updating interfaces - checking orientation Oct 31 15:24:56.527103: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:56.527127: | libevent_malloc: newref ptr-libevent@0x5557669e6fd0 size 128 Oct 31 15:24:56.527131: | libevent_malloc: newref ptr-libevent@0x5557669e6c10 size 16 Oct 31 15:24:56.527139: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP Oct 31 15:24:56.527142: | libevent_malloc: newref ptr-libevent@0x5557669e7060 size 128 Oct 31 15:24:56.527145: | libevent_malloc: newref ptr-libevent@0x5557669e70f0 size 16 Oct 31 15:24:56.527149: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP Oct 31 15:24:56.527152: | libevent_malloc: newref ptr-libevent@0x5557669e7110 size 128 Oct 31 15:24:56.527154: | libevent_malloc: newref ptr-libevent@0x5557669e71a0 size 16 Oct 31 15:24:56.527159: | setup callback for interface eth0 192.0.3.254:4500 fd 21 on UDP Oct 31 15:24:56.527162: | libevent_malloc: newref ptr-libevent@0x5557669e71c0 size 128 Oct 31 15:24:56.527164: | libevent_malloc: newref ptr-libevent@0x5557669e7250 size 16 Oct 31 15:24:56.527169: | setup callback for interface eth0 192.0.3.254:500 fd 20 on UDP Oct 31 15:24:56.527171: | libevent_malloc: newref ptr-libevent@0x5557669e7270 size 128 Oct 31 15:24:56.527173: | libevent_malloc: newref ptr-libevent@0x5557669e7300 size 16 Oct 31 15:24:56.527178: | setup callback for interface eth1 192.1.3.33:4500 fd 19 on UDP Oct 31 15:24:56.527180: | libevent_malloc: newref ptr-libevent@0x5557669e7320 size 128 Oct 31 15:24:56.527183: | libevent_malloc: newref ptr-libevent@0x5557669e73b0 size 16 Oct 31 15:24:56.527188: | setup callback for interface eth1 192.1.3.33:500 fd 18 on UDP Oct 31 15:24:56.529015: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:56.529032: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:56.529035: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:56.529065: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:56.529110: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:56.529124: | old food groups: Oct 31 15:24:56.529127: | new food groups: Oct 31 15:24:56.529133: | delref fd@0x5557669e61e0(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.529141: | freeref fd-fd@0x5557669e61e0 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.529149: | spent 0.837 (2.61) milliseconds in whack Oct 31 15:24:56.529166: | newref struct fd@0x5557669e6200(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.529170: | fd_accept: new fd-fd@0x5557669e6200 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.529182: | whack: options (impair|debug) Oct 31 15:24:56.529187: | old debugging base+cpu-usage + none Oct 31 15:24:56.529190: | new debugging = base+cpu-usage Oct 31 15:24:56.529195: | delref fd@0x5557669e6200(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.529217: | freeref fd-fd@0x5557669e6200 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.529227: | spent 0.0629 (0.067) milliseconds in whack Oct 31 15:24:56.529857: | processing signal PLUTO_SIGCHLD Oct 31 15:24:56.529878: | waitpid returned pid 2154890 (exited with status 0) Oct 31 15:24:56.529883: | reaped addconn helper child (status 0) Oct 31 15:24:56.529889: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:56.529896: | spent 0.0261 (0.0257) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:56.608108: | newref struct fd@0x5557669e6220(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.608127: | fd_accept: new fd-fd@0x5557669e6220 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.608142: | whack: delete 'north-eastnets/0x1' Oct 31 15:24:56.608146: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.608149: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:56.608152: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.608154: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:56.608163: | whack: connection 'north-eastnets/0x1' Oct 31 15:24:56.608168: | addref fd@0x5557669e6220(1->2) (in string_logger() at log.c:838) Oct 31 15:24:56.608175: | newref string logger@0x5557669d9c20(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:56.608179: | Connection DB: adding connection "north-eastnets/0x1" $1 Oct 31 15:24:56.608185: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.608223: | added new connection north-eastnets/0x1 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:56.608287: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Oct 31 15:24:56.608296: | from whack: got --esp=aes128-sha2_512;modp3072 Oct 31 15:24:56.608321: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Oct 31 15:24:56.608390: | computed rsa CKAID Oct 31 15:24:56.608400: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.608404: | 88 aa 7c 5d Oct 31 15:24:56.608417: | keyid: *AQPl33O2P Oct 31 15:24:56.608422: | size: 274 Oct 31 15:24:56.608426: | n Oct 31 15:24:56.608430: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:56.608434: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:56.608437: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:56.608441: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:56.608445: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:56.608448: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:56.608450: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:56.608452: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:56.608454: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:56.608456: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:56.608459: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:56.608466: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:56.608469: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:56.608471: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:56.608473: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:56.608475: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:56.608477: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:56.608480: | a5 99 Oct 31 15:24:56.608482: | e Oct 31 15:24:56.608484: | 03 Oct 31 15:24:56.608486: | CKAID Oct 31 15:24:56.608489: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.608491: | 88 aa 7c 5d Oct 31 15:24:56.608498: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key Oct 31 15:24:56.608675: | loaded private key matching CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d Oct 31 15:24:56.609005: | copying key using reference slot Oct 31 15:24:56.611378: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:56.611396: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:56.611410: | spent 2.89 (2.9) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.611418: connection "north-eastnets/0x1": loaded private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d Oct 31 15:24:56.611422: | counting wild cards for @north is 0 Oct 31 15:24:56.611448: | computed rsa CKAID Oct 31 15:24:56.611452: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.611455: | 8a 82 25 f1 Oct 31 15:24:56.611462: | keyid: *AQO9bJbr3 Oct 31 15:24:56.611466: | size: 274 Oct 31 15:24:56.611469: | n Oct 31 15:24:56.611471: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:56.611474: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:56.611477: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:56.611480: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:56.611489: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:56.611501: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:56.611506: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:56.611509: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:56.611513: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:56.611517: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:56.611521: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:56.611525: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:56.611529: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:56.611533: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:56.611537: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:56.611541: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:56.611545: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:56.611549: | 48 ef Oct 31 15:24:56.611552: | e Oct 31 15:24:56.611554: | 03 Oct 31 15:24:56.611557: | CKAID Oct 31 15:24:56.611559: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.611561: | 8a 82 25 f1 Oct 31 15:24:56.611567: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:56.611573: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:24:56.611638: | spent 0.0627 (0.0627) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.611646: | no private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1: can't find the private key matching the NSS CKAID Oct 31 15:24:56.611649: | counting wild cards for @east is 0 Oct 31 15:24:56.611653: | updating connection from left.host_addr Oct 31 15:24:56.611658: | right host_nexthop 192.1.3.33 Oct 31 15:24:56.611660: | left host_port 500 Oct 31 15:24:56.611663: | updating connection from right.host_addr Oct 31 15:24:56.611666: | left host_nexthop 192.1.2.23 Oct 31 15:24:56.611668: | right host_port 500 Oct 31 15:24:56.611674: | orienting north-eastnets/0x1 Oct 31 15:24:56.611679: | north-eastnets/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:56.611683: | north-eastnets/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:24:56.611686: | north-eastnets/0x1 doesn't match 192.0.3.254:4500 at all Oct 31 15:24:56.611690: | north-eastnets/0x1 doesn't match 192.0.3.254:500 at all Oct 31 15:24:56.611693: | north-eastnets/0x1 doesn't match 192.1.3.33:4500 at all Oct 31 15:24:56.611696: | oriented north-eastnets/0x1's this Oct 31 15:24:56.611701: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Oct 31 15:24:56.611709: | newref hp@0x5557669e7fd0(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:56.611712: added IKEv2 connection "north-eastnets/0x1" Oct 31 15:24:56.611727: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:56.611739: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:56.611743: | delref logger@0x5557669d9c20(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:56.611748: | delref fd@0x5557669e6220(2->1) (in free_logger() at log.c:853) Oct 31 15:24:56.611752: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.611759: | delref fd@0x5557669e6220(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.611770: | freeref fd-fd@0x5557669e6220 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.611776: | spent 3.64 (3.68) milliseconds in whack Oct 31 15:24:56.611872: | newref struct fd@0x5557669e9aa0(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.611877: | fd_accept: new fd-fd@0x5557669e9aa0 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.611890: | whack: key Oct 31 15:24:56.611894: add keyid @north Oct 31 15:24:56.611897: | 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Oct 31 15:24:56.611903: | 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Oct 31 15:24:56.611906: | 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Oct 31 15:24:56.611908: | 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Oct 31 15:24:56.611910: | 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Oct 31 15:24:56.611913: | f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Oct 31 15:24:56.611915: | 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Oct 31 15:24:56.611917: | c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Oct 31 15:24:56.611919: | cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Oct 31 15:24:56.611921: | 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Oct 31 15:24:56.611924: | 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Oct 31 15:24:56.611926: | 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Oct 31 15:24:56.611928: | ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Oct 31 15:24:56.611930: | 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Oct 31 15:24:56.611933: | 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Oct 31 15:24:56.611935: | 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Oct 31 15:24:56.611937: | f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Oct 31 15:24:56.611939: | c7 5e a5 99 Oct 31 15:24:56.611953: | computed rsa CKAID Oct 31 15:24:56.611956: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.611958: | 88 aa 7c 5d Oct 31 15:24:56.611964: | keyid: *AQPl33O2P Oct 31 15:24:56.611966: | size: 274 Oct 31 15:24:56.611968: | n Oct 31 15:24:56.611971: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:56.611973: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:56.611975: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:56.611977: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:56.611979: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:56.611982: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:56.611984: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:56.611986: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:56.611989: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:56.611992: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:56.611996: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:56.611998: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:56.612000: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:56.612003: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:56.612005: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:56.612007: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:56.612009: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:56.612012: | a5 99 Oct 31 15:24:56.612015: | e Oct 31 15:24:56.612018: | 03 Oct 31 15:24:56.612022: | CKAID Oct 31 15:24:56.612024: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.612026: | 88 aa 7c 5d Oct 31 15:24:56.612031: | newref struct pubkey@0x5557669ec480(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:56.612036: | addref pk@0x5557669ec480(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:56.612039: | delref pkp@0x5557669ec480(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:56.612044: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:24:56.612046: | matched Oct 31 15:24:56.612050: | secrets entry for ckaid already exists Oct 31 15:24:56.612056: | spent 0.011 (0.0109) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.612061: | delref fd@0x5557669e9aa0(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.612070: | freeref fd-fd@0x5557669e9aa0 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.612076: | spent 0.213 (0.213) milliseconds in whack Oct 31 15:24:56.612119: | newref struct fd@0x5557669e8050(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.612133: | fd_accept: new fd-fd@0x5557669e8050 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.612150: | whack: key Oct 31 15:24:56.612156: add keyid @east Oct 31 15:24:56.612161: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:56.612165: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:56.612169: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:56.612173: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:56.612177: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:56.612181: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:56.612185: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:56.612189: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:56.612193: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:56.612196: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:56.612221: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:56.612224: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:56.612227: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:56.612229: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:56.612231: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:56.612233: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:56.612235: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:56.612238: | 51 51 48 ef Oct 31 15:24:56.612248: | computed rsa CKAID Oct 31 15:24:56.612250: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.612252: | 8a 82 25 f1 Oct 31 15:24:56.612258: | keyid: *AQO9bJbr3 Oct 31 15:24:56.612260: | size: 274 Oct 31 15:24:56.612262: | n Oct 31 15:24:56.612265: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:56.612267: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:56.612269: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:56.612271: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:56.612274: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:56.612276: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:56.612278: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:56.612280: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:56.612283: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:56.612285: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:56.612287: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:56.612289: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:56.612291: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:56.612293: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:56.612296: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:56.612298: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:56.612300: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:56.612302: | 48 ef Oct 31 15:24:56.612304: | e Oct 31 15:24:56.612307: | 03 Oct 31 15:24:56.612309: | CKAID Oct 31 15:24:56.612311: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.612313: | 8a 82 25 f1 Oct 31 15:24:56.612317: | newref struct pubkey@0x5557669ec590(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:56.612320: | addref pk@0x5557669ec590(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:56.612323: | delref pkp@0x5557669ec590(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:56.612327: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:24:56.612390: | spent 0.0599 (0.06) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.612399: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:56.612406: | delref fd@0x5557669e8050(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.612423: | freeref fd-fd@0x5557669e8050 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.612432: | spent 0.301 (0.319) milliseconds in whack Oct 31 15:24:56.612482: | newref struct fd@0x5557669e9530(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.612487: | fd_accept: new fd-fd@0x5557669e9530 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.612497: | whack: delete 'north-eastnets/0x2' Oct 31 15:24:56.612500: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.612503: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:56.612506: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.612508: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:56.612511: | whack: connection 'north-eastnets/0x2' Oct 31 15:24:56.612517: | addref fd@0x5557669e9530(1->2) (in string_logger() at log.c:838) Oct 31 15:24:56.612526: | newref string logger@0x5557669e9d30(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:56.612533: | Connection DB: adding connection "north-eastnets/0x2" $2 Oct 31 15:24:56.612542: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.612552: | added new connection north-eastnets/0x2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:56.612595: | ike (phase1) algorithm values: AES_CBC_256-HMAC_SHA2_256-MODP2048 Oct 31 15:24:56.612599: | from whack: got --esp=aes128-sha2_512;modp3072 Oct 31 15:24:56.612619: | ESP/AH string values: AES_CBC_128-HMAC_SHA2_512_256-MODP3072 Oct 31 15:24:56.612640: | computed rsa CKAID Oct 31 15:24:56.612642: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.612645: | 88 aa 7c 5d Oct 31 15:24:56.612650: | keyid: *AQPl33O2P Oct 31 15:24:56.612652: | size: 274 Oct 31 15:24:56.612655: | n Oct 31 15:24:56.612657: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:56.612659: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:56.612661: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:56.612664: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:56.612666: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:56.612668: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:56.612670: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:56.612672: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:56.612674: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:56.612677: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:56.612679: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:56.612681: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:56.612683: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:56.612685: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:56.612687: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:56.612690: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:56.612692: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:56.612694: | a5 99 Oct 31 15:24:56.612696: | e Oct 31 15:24:56.612698: | 03 Oct 31 15:24:56.612700: | CKAID Oct 31 15:24:56.612703: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.612705: | 88 aa 7c 5d Oct 31 15:24:56.612711: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key Oct 31 15:24:56.612715: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:24:56.612718: | matched Oct 31 15:24:56.612720: | secrets entry for ckaid already exists Oct 31 15:24:56.612725: | spent 0.00868 (0.00825) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.612729: | counting wild cards for @north is 0 Oct 31 15:24:56.612744: | computed rsa CKAID Oct 31 15:24:56.612747: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.612753: | 8a 82 25 f1 Oct 31 15:24:56.612758: | keyid: *AQO9bJbr3 Oct 31 15:24:56.612760: | size: 274 Oct 31 15:24:56.612762: | n Oct 31 15:24:56.612765: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:56.612767: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:56.612769: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:56.612771: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:56.612773: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:56.612776: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:56.612778: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:56.612780: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:56.612782: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:56.612784: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:56.612787: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:56.612789: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:56.612791: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:56.612793: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:56.612795: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:56.612797: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:56.612800: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:56.612802: | 48 ef Oct 31 15:24:56.612804: | e Oct 31 15:24:56.612806: | 03 Oct 31 15:24:56.612808: | CKAID Oct 31 15:24:56.612810: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.612813: | 8a 82 25 f1 Oct 31 15:24:56.612818: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:56.612822: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:24:56.612873: | spent 0.0491 (0.0493) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.612881: | no private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1: can't find the private key matching the NSS CKAID Oct 31 15:24:56.612884: | counting wild cards for @east is 0 Oct 31 15:24:56.612888: | updating connection from left.host_addr Oct 31 15:24:56.612892: | right host_nexthop 192.1.3.33 Oct 31 15:24:56.612894: | left host_port 500 Oct 31 15:24:56.612896: | updating connection from right.host_addr Oct 31 15:24:56.612900: | left host_nexthop 192.1.2.23 Oct 31 15:24:56.612902: | right host_port 500 Oct 31 15:24:56.612905: | orienting north-eastnets/0x2 Oct 31 15:24:56.612909: | north-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:56.612913: | north-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:56.612916: | north-eastnets/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:24:56.612920: | north-eastnets/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:24:56.612923: | north-eastnets/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:24:56.612925: | oriented north-eastnets/0x2's this Oct 31 15:24:56.612931: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Oct 31 15:24:56.612936: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x5557669e7fd0: north-eastnets/0x1 Oct 31 15:24:56.612939: added IKEv2 connection "north-eastnets/0x2" Oct 31 15:24:56.612951: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:56.612962: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.22.0/24 Oct 31 15:24:56.612968: | delref logger@0x5557669e9d30(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:56.612971: | delref fd@0x5557669e9530(2->1) (in free_logger() at log.c:853) Oct 31 15:24:56.612974: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.612978: | delref fd@0x5557669e9530(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.612990: | freeref fd-fd@0x5557669e9530 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.612995: | spent 0.52 (0.52) milliseconds in whack Oct 31 15:24:56.613039: | newref struct fd@0x5557669e9610(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.613043: | fd_accept: new fd-fd@0x5557669e9610 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.613053: | whack: key Oct 31 15:24:56.613057: | delref pkp@0x5557669ec480(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:56.613060: add keyid @north Oct 31 15:24:56.613063: | 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Oct 31 15:24:56.613065: | 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Oct 31 15:24:56.613068: | 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Oct 31 15:24:56.613070: | 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Oct 31 15:24:56.613072: | 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Oct 31 15:24:56.613074: | f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Oct 31 15:24:56.613077: | 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Oct 31 15:24:56.613079: | c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Oct 31 15:24:56.613081: | cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Oct 31 15:24:56.613083: | 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Oct 31 15:24:56.613085: | 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Oct 31 15:24:56.613088: | 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Oct 31 15:24:56.613090: | ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Oct 31 15:24:56.613092: | 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Oct 31 15:24:56.613094: | 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Oct 31 15:24:56.613097: | 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Oct 31 15:24:56.613099: | f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Oct 31 15:24:56.613101: | c7 5e a5 99 Oct 31 15:24:56.613110: | computed rsa CKAID Oct 31 15:24:56.613113: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.613115: | 88 aa 7c 5d Oct 31 15:24:56.613120: | keyid: *AQPl33O2P Oct 31 15:24:56.613122: | size: 274 Oct 31 15:24:56.613124: | n Oct 31 15:24:56.613127: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:56.613129: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:56.613131: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:56.613134: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:56.613136: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:56.613138: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:56.613140: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:56.613142: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:56.613145: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:56.613147: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:56.613149: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:56.613151: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:56.613153: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:56.613156: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:56.613159: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:56.613162: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:56.613170: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:56.613175: | a5 99 Oct 31 15:24:56.613179: | e Oct 31 15:24:56.613183: | 03 Oct 31 15:24:56.613187: | CKAID Oct 31 15:24:56.613191: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:56.613195: | 88 aa 7c 5d Oct 31 15:24:56.613224: | newref struct pubkey@0x5557669ec880(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:56.613235: | addref pk@0x5557669ec880(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:56.613239: | delref pkp@0x5557669ec880(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:56.613249: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:24:56.613251: | matched Oct 31 15:24:56.613254: | secrets entry for ckaid already exists Oct 31 15:24:56.613259: | spent 0.00869 (0.00843) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.613264: | delref fd@0x5557669e9610(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.613277: | freeref fd-fd@0x5557669e9610 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.613282: | spent 0.229 (0.25) milliseconds in whack Oct 31 15:24:56.613351: | newref struct fd@0x5557669ec970(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.613355: | fd_accept: new fd-fd@0x5557669ec970 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.613365: | whack: key Oct 31 15:24:56.613369: | delref pkp@0x5557669ec590(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:56.613372: add keyid @east Oct 31 15:24:56.613375: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:56.613377: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:56.613379: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:56.613382: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:56.613384: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:56.613386: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:56.613388: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:56.613390: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:56.613392: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:56.613395: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:56.613397: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:56.613399: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:56.613401: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:56.613403: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:56.613406: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:56.613409: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:56.613417: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:56.613422: | 51 51 48 ef Oct 31 15:24:56.613437: | computed rsa CKAID Oct 31 15:24:56.613441: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.613446: | 8a 82 25 f1 Oct 31 15:24:56.613454: | keyid: *AQO9bJbr3 Oct 31 15:24:56.613458: | size: 274 Oct 31 15:24:56.613462: | n Oct 31 15:24:56.613466: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:56.613470: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:56.613474: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:56.613477: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:56.613479: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:56.613482: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:56.613484: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:56.613486: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:56.613488: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:56.613490: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:56.613493: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:56.613495: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:56.613497: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:56.613499: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:56.613501: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:56.613503: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:56.613506: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:56.613508: | 48 ef Oct 31 15:24:56.613510: | e Oct 31 15:24:56.613512: | 03 Oct 31 15:24:56.613514: | CKAID Oct 31 15:24:56.613521: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.613523: | 8a 82 25 f1 Oct 31 15:24:56.613527: | newref struct pubkey@0x5557669eb790(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:56.613530: | addref pk@0x5557669eb790(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:56.613533: | delref pkp@0x5557669eb790(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:56.613537: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:24:56.613607: | spent 0.066 (0.0662) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.613616: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:56.613623: | delref fd@0x5557669ec970(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.613632: | freeref fd-fd@0x5557669ec970 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.613637: | spent 0.293 (0.293) milliseconds in whack Oct 31 15:24:57.072703: | spent 0.0026 (0.00256) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:57.072724: | newref struct msg_digest@0x5557669ecc20(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.072729: | newref alloc logger@0x5557669d9c20(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.072737: | *received 454 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:57.072739: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:57.072742: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:57.072744: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:57.072746: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:57.072748: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:57.072750: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:57.072752: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:57.072755: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:57.072757: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:57.072759: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:57.072762: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:57.072764: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:57.072766: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:57.072768: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:57.072770: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:57.072772: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:57.072775: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:57.072777: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:57.072779: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:57.072781: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:57.072783: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:57.072786: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:57.072788: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:57.072790: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:57.072792: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:57.072794: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:57.072797: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:57.072799: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:57.072801: | c0 35 33 31 47 7f Oct 31 15:24:57.072808: | **parse ISAKMP Message: Oct 31 15:24:57.072813: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:57.072817: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:57.072820: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:57.072823: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.072826: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:57.072832: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:57.072836: | Message ID: 0 (00 00 00 00) Oct 31 15:24:57.072840: | length: 454 (00 00 01 c6) Oct 31 15:24:57.072843: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:57.072846: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Oct 31 15:24:57.072850: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:57.072853: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:57.072856: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:57.072859: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:57.072862: | flags: none (0x0) Oct 31 15:24:57.072865: | length: 48 (00 30) Oct 31 15:24:57.072867: | processing payload: ISAKMP_NEXT_v2SA (len=44) Oct 31 15:24:57.072870: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:57.072873: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:57.072875: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:57.072877: | flags: none (0x0) Oct 31 15:24:57.072881: | length: 264 (01 08) Oct 31 15:24:57.072883: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:57.072885: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:57.072888: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:57.072890: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:57.072893: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:57.072895: | flags: none (0x0) Oct 31 15:24:57.072898: | length: 36 (00 24) Oct 31 15:24:57.072900: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:57.072903: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:57.072905: | ***parse IKEv2 Notify Payload: Oct 31 15:24:57.072908: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:57.072910: | flags: none (0x0) Oct 31 15:24:57.072913: | length: 8 (00 08) Oct 31 15:24:57.072916: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:57.072919: | SPI size: 0 (00) Oct 31 15:24:57.072921: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:57.072924: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:57.072926: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:57.072929: | ***parse IKEv2 Notify Payload: Oct 31 15:24:57.072931: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:57.072933: | flags: none (0x0) Oct 31 15:24:57.072936: | length: 14 (00 0e) Oct 31 15:24:57.072939: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:57.072942: | SPI size: 0 (00) Oct 31 15:24:57.072944: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:57.072946: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:57.072949: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:57.072951: | ***parse IKEv2 Notify Payload: Oct 31 15:24:57.072954: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:57.072956: | flags: none (0x0) Oct 31 15:24:57.072959: | length: 28 (00 1c) Oct 31 15:24:57.072961: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:57.072964: | SPI size: 0 (00) Oct 31 15:24:57.072966: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:57.072969: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:57.072971: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:57.072973: | ***parse IKEv2 Notify Payload: Oct 31 15:24:57.072976: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.072978: | flags: none (0x0) Oct 31 15:24:57.072981: | length: 28 (00 1c) Oct 31 15:24:57.072983: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:57.072986: | SPI size: 0 (00) Oct 31 15:24:57.072988: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:57.072991: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:57.072994: | DDOS disabled and no cookie sent, continuing Oct 31 15:24:57.073001: | looking for message matching transition from STATE_PARENT_R0 Oct 31 15:24:57.073005: | trying Respond to IKE_SA_INIT Oct 31 15:24:57.073008: | matched unencrypted message Oct 31 15:24:57.073014: | find_host_connection local=192.1.3.33:500 remote=192.1.2.23:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Oct 31 15:24:57.073020: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Oct 31 15:24:57.073024: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:57.073027: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (north-eastnets/0x2) Oct 31 15:24:57.073029: | find_next_host_connection returns "north-eastnets/0x2" Oct 31 15:24:57.073031: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:57.073034: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (north-eastnets/0x1) Oct 31 15:24:57.073036: | find_next_host_connection returns "north-eastnets/0x1" Oct 31 15:24:57.073038: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:57.073041: | find_next_host_connection returns Oct 31 15:24:57.073044: | found connection: "north-eastnets/0x2" with policy ECDSA+IKEV2_ALLOW Oct 31 15:24:57.073074: | newref alloc logger@0x5557669e9ce0(0->1) (in new_state() at state.c:576) Oct 31 15:24:57.073077: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:57.073080: | creating state object #1 at 0x5557669ee400 Oct 31 15:24:57.073083: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:57.073092: | pstats #1 ikev2.ike started Oct 31 15:24:57.073096: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Oct 31 15:24:57.073100: | #1.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:57.073109: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744571.505899 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744571.505899 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:57.073115: | orienting north-eastnets/0x2 Oct 31 15:24:57.073119: | north-eastnets/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:57.073123: | north-eastnets/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:57.073127: | north-eastnets/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:24:57.073130: | north-eastnets/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:24:57.073133: | north-eastnets/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:24:57.073136: | oriented north-eastnets/0x2's this Oct 31 15:24:57.073142: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1758) Oct 31 15:24:57.073149: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744571.505899 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:57.073151: | calling processor Respond to IKE_SA_INIT Oct 31 15:24:57.073157: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:57.073160: | constructing local IKE proposals for north-eastnets/0x2 (IKE SA responder matching remote proposals) Oct 31 15:24:57.073166: | converting ike_info AES_CBC_256-HMAC_SHA2_256-MODP2048 to ikev2 ... Oct 31 15:24:57.073171: | ... ikev2_proposal: 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:57.073173: "north-eastnets/0x2": local IKE proposals (IKE SA responder matching remote proposals): Oct 31 15:24:57.073176: "north-eastnets/0x2": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:57.073178: | comparing remote proposals against IKE responder 1 local proposals Oct 31 15:24:57.073180: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:57.073182: | local proposal 1 type PRF has 1 transforms Oct 31 15:24:57.073183: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:57.073187: | local proposal 1 type DH has 1 transforms Oct 31 15:24:57.073188: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:57.073190: | local proposal 1 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:57.073193: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.073194: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:57.073197: | length: 44 (00 2c) Oct 31 15:24:57.073210: | prop #: 1 (01) Oct 31 15:24:57.073215: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:57.073217: | spi size: 0 (00) Oct 31 15:24:57.073219: | # transforms: 4 (04) Oct 31 15:24:57.073221: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:24:57.073223: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.073225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.073226: | length: 12 (00 0c) Oct 31 15:24:57.073228: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.073230: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:57.073231: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.073233: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.073235: | length/value: 256 (01 00) Oct 31 15:24:57.073238: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:57.073240: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.073241: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.073243: | length: 8 (00 08) Oct 31 15:24:57.073244: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.073249: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:57.073252: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_256) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:57.073253: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.073255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.073256: | length: 8 (00 08) Oct 31 15:24:57.073258: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.073259: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:57.073261: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_256_128) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:24:57.073263: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:57.073264: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.073266: | length: 8 (00 08) Oct 31 15:24:57.073268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.073269: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:57.073271: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:57.073274: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none Oct 31 15:24:57.073277: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH Oct 31 15:24:57.073278: | remote proposal 1 matches local proposal 1 Oct 31 15:24:57.073282: "north-eastnets/0x2" #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Oct 31 15:24:57.073285: | accepted IKE proposal ikev2_proposal: 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 Oct 31 15:24:57.073286: | converting proposal to internal trans attrs Oct 31 15:24:57.073291: | nat: IKE.SPIr is zero Oct 31 15:24:57.073302: | natd_hash: hasher=0x5557659b6f80(20) Oct 31 15:24:57.073304: | natd_hash: icookie= Oct 31 15:24:57.073307: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:57.073309: | natd_hash: rcookie= Oct 31 15:24:57.073311: | 00 00 00 00 00 00 00 00 Oct 31 15:24:57.073313: | natd_hash: ip= Oct 31 15:24:57.073315: | c0 01 03 21 Oct 31 15:24:57.073317: | natd_hash: port= Oct 31 15:24:57.073321: | 01 f4 Oct 31 15:24:57.073322: | natd_hash: hash= Oct 31 15:24:57.073325: | 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b c0 35 Oct 31 15:24:57.073327: | 33 31 47 7f Oct 31 15:24:57.073329: | nat: IKE.SPIr is zero Oct 31 15:24:57.073335: | natd_hash: hasher=0x5557659b6f80(20) Oct 31 15:24:57.073338: | natd_hash: icookie= Oct 31 15:24:57.073340: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:57.073342: | natd_hash: rcookie= Oct 31 15:24:57.073343: | 00 00 00 00 00 00 00 00 Oct 31 15:24:57.073345: | natd_hash: ip= Oct 31 15:24:57.073347: | c0 01 02 17 Oct 31 15:24:57.073349: | natd_hash: port= Oct 31 15:24:57.073351: | 01 f4 Oct 31 15:24:57.073353: | natd_hash: hash= Oct 31 15:24:57.073355: | 8c 65 be 23 56 01 d2 50 63 da c4 97 3f f6 a2 a9 Oct 31 15:24:57.073358: | 71 33 d5 2d Oct 31 15:24:57.073361: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:57.073363: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:57.073365: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:57.073368: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Oct 31 15:24:57.073371: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:57.073373: | hash algorithm identifier (network ordered) Oct 31 15:24:57.073375: | 00 02 Oct 31 15:24:57.073377: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:57.073380: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:57.073382: | hash algorithm identifier (network ordered) Oct 31 15:24:57.073384: | 00 03 Oct 31 15:24:57.073386: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:57.073388: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:57.073390: | hash algorithm identifier (network ordered) Oct 31 15:24:57.073392: | 00 04 Oct 31 15:24:57.073395: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:57.073400: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:57.073402: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:57.073406: | newref clone logger@0x5557669d9c70(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:57.073409: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): adding job to queue Oct 31 15:24:57.073412: | state #1 has no .st_event to delete Oct 31 15:24:57.073415: | #1 STATE_PARENT_R0: retransmits: cleared Oct 31 15:24:57.073418: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5557669e77c0 Oct 31 15:24:57.073421: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:57.073424: | libevent_malloc: newref ptr-libevent@0x5557669e64e0 size 128 Oct 31 15:24:57.073438: | #1 spent 0.268 (0.282) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch() Oct 31 15:24:57.073445: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.073449: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Oct 31 15:24:57.073450: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper 3 starting job Oct 31 15:24:57.073461: | helper 3 is pausing for 2 seconds Oct 31 15:24:57.073453: | suspending state #1 and saving MD 0x5557669ecc20 Oct 31 15:24:57.073473: | addref md@0x5557669ecc20(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:57.073476: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:57.073483: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1760) Oct 31 15:24:57.073492: | #1 spent 0.78 (0.8) milliseconds in ikev2_process_packet() Oct 31 15:24:57.073497: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:57.073501: | delref mdp@0x5557669ecc20(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.073508: | spent 0.797 (0.817) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:58.674819: | spent 0.00264 (0.00263) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:58.674845: | newref struct msg_digest@0x5557669efc60(0->1) (in read_message() at demux.c:103) Oct 31 15:24:58.674850: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:24:58.674858: | *received 454 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:58.674861: | 51 7c 55 1b 42 66 f1 ad 00 00 00 00 00 00 00 00 Oct 31 15:24:58.674863: | 21 20 22 08 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:58.674865: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:58.674867: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:58.674869: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:58.674871: | 00 0e 00 00 c8 e8 5c 36 4d 2b ee 45 69 db d8 98 Oct 31 15:24:58.674873: | 0f 26 d9 3e c4 9d 8b 0f 63 26 0f 78 82 71 97 cd Oct 31 15:24:58.674875: | fa c4 bd 2b a6 38 5e 6b e5 cb 31 2e 41 c2 1c 53 Oct 31 15:24:58.674877: | 75 c6 40 fa 77 a2 79 4b b0 c2 ce ba 0c ec f2 3f Oct 31 15:24:58.674879: | 97 ea dd 2d eb 74 64 49 33 9b 9b 0c fc 13 2c 8f Oct 31 15:24:58.674882: | d0 8b 77 1e 92 0d c2 65 51 ef fe f5 40 8f 43 3b Oct 31 15:24:58.674884: | 8d bf 72 f1 1f 57 a9 8d ea 40 fd f5 0c 68 47 02 Oct 31 15:24:58.674886: | 63 01 a0 1a 30 03 01 19 94 51 d1 ff be a7 7e ef Oct 31 15:24:58.674888: | 9d 36 cb 13 fa 75 4f 3e 4c ad b4 ee ac f4 9b e6 Oct 31 15:24:58.674890: | 38 c8 2a b8 e9 72 75 5b 8c 1d 9e 50 36 a7 2d 90 Oct 31 15:24:58.674892: | be 91 91 c4 9f 77 26 2c 3b 7c 4d 13 f7 c9 57 42 Oct 31 15:24:58.674894: | ec 6f 70 c8 3a 8a 77 dc 35 66 41 57 0f 90 a5 3a Oct 31 15:24:58.674896: | 8c 48 97 de 15 40 22 54 40 93 5f c0 a6 8a 9d 22 Oct 31 15:24:58.674898: | 95 6d c4 90 ee f4 17 4e db 90 21 cb e3 92 19 bd Oct 31 15:24:58.674900: | c4 b4 1a 02 64 42 3b 79 7d 8b c4 4a 9f 89 e1 b2 Oct 31 15:24:58.674902: | 00 78 eb 4a 77 7a 6b 81 6a 88 fd 27 be 45 74 c8 Oct 31 15:24:58.674904: | 1f 74 17 a6 29 00 00 24 91 ff 48 65 b0 30 c4 ab Oct 31 15:24:58.674906: | 83 06 27 5a 12 1b b5 53 6e b2 9a 72 0e 2e db 21 Oct 31 15:24:58.674909: | 73 15 ea d6 9d e4 2e 27 29 00 00 08 00 00 40 2e Oct 31 15:24:58.674911: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:58.674913: | 00 1c 00 00 40 04 8c 65 be 23 56 01 d2 50 63 da Oct 31 15:24:58.674915: | c4 97 3f f6 a2 a9 71 33 d5 2d 00 00 00 1c 00 00 Oct 31 15:24:58.674917: | 40 05 08 29 ef 07 95 9a 24 1b 0b 15 14 e8 3d 1b Oct 31 15:24:58.674919: | c0 35 33 31 47 7f Oct 31 15:24:58.674925: | **parse ISAKMP Message: Oct 31 15:24:58.674929: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:58.674933: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:58.674936: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:58.674939: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:58.674942: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:58.674945: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:58.674949: | Message ID: 0 (00 00 00 00) Oct 31 15:24:58.674952: | length: 454 (00 00 01 c6) Oct 31 15:24:58.674956: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:58.674959: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Oct 31 15:24:58.674964: | State DB: found IKEv2 state #1 in PARENT_R0 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:58.674968: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:58.674972: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R0 Oct 31 15:24:58.674975: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:58.674979: | delref mdp@0x5557669efc60(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:58.674982: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:58.674987: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:58.674990: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:58.674996: | spent 0.185 (0.185) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.075441: | "north-eastnets/0x2" #1: spent 1.85 (2e+03) milliseconds in helper 3 processing job 1 for state #1: ikev2_inI1outR1 KE (pcr) Oct 31 15:24:59.075463: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper thread 3 sending result back to state Oct 31 15:24:59.075468: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:59.075472: | libevent_malloc: newref ptr-libevent@0x7f619c002790 size 128 Oct 31 15:24:59.075482: | helper thread 3 has nothing to do Oct 31 15:24:59.075497: | processing resume sending helper answer back to state for #1 Oct 31 15:24:59.075507: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:59.075512: | unsuspending #1 MD 0x5557669ecc20 Oct 31 15:24:59.075515: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): processing response from helper 3 Oct 31 15:24:59.075518: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): calling continuation function 0x5557658c4fe7 Oct 31 15:24:59.075521: | ikev2_parent_inI1outR1_continue() for #1 STATE_PARENT_R0: calculated ke+nonce, sending R1 Oct 31 15:24:59.075601: | opening output PBS reply packet Oct 31 15:24:59.075608: | **emit ISAKMP Message: Oct 31 15:24:59.075613: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.075617: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.075620: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:59.075623: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.075626: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:59.075629: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:59.075633: | Message ID: 0 (00 00 00 00) Oct 31 15:24:59.075636: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:59.075639: | emitting ikev2_proposal ... Oct 31 15:24:59.075642: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:59.075645: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.075648: | flags: none (0x0) Oct 31 15:24:59.075651: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:59.075653: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.075659: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.075662: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.075665: | prop #: 1 (01) Oct 31 15:24:59.075667: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:59.075670: | spi size: 0 (00) Oct 31 15:24:59.075673: | # transforms: 4 (04) Oct 31 15:24:59.075676: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:59.075679: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.075682: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.075684: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.075687: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.075689: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.075692: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.075696: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.075699: | length/value: 256 (01 00) Oct 31 15:24:59.075702: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:59.075705: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.075707: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.075710: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.075715: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:59.075718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.075721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.075724: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.075726: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.075729: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.075731: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.075734: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:59.075737: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.075739: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.075742: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.075744: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.075747: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.075749: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.075752: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.075754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.075757: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.075759: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.075762: | emitting length of IKEv2 Proposal Substructure Payload: 44 Oct 31 15:24:59.075764: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:59.075767: | emitting length of IKEv2 Security Association Payload: 48 Oct 31 15:24:59.075769: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:59.075774: | DH secret MODP2048@0x7f619c002b70: transferring ownership from helper KE to state #1 Oct 31 15:24:59.075777: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:59.075779: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.075782: | flags: none (0x0) Oct 31 15:24:59.075784: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.075787: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:59.075789: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.075793: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:59.075795: | ikev2 g^x: Oct 31 15:24:59.075798: | e7 9f d0 56 f9 37 96 0a 51 79 41 1b 14 96 a4 77 Oct 31 15:24:59.075800: | a3 70 03 14 9c 96 35 32 35 2f 38 ba 17 0f 0c ab Oct 31 15:24:59.075802: | 42 cf f6 65 76 ba 1a 01 58 1c 62 1d 5e 7c ac 21 Oct 31 15:24:59.075804: | 36 fe ab b6 96 e6 53 c6 79 5c 8b 13 f6 d3 60 ab Oct 31 15:24:59.075806: | 41 81 f0 56 79 bd 9a d7 b7 df 37 1b eb 77 44 c8 Oct 31 15:24:59.075809: | 25 57 37 3d 09 b7 6a 9b 29 62 a5 32 00 77 42 23 Oct 31 15:24:59.075811: | f6 b9 f7 7f b3 f6 11 53 4d ba 77 3b 54 78 c3 a7 Oct 31 15:24:59.075814: | 3a 7b 56 21 92 1b 6d 20 08 31 69 6c a6 db 3e 1f Oct 31 15:24:59.075816: | 40 0a 54 82 52 f0 37 cd 48 41 86 2d 72 f5 50 4a Oct 31 15:24:59.075818: | 56 f6 11 e8 4d 1a f4 95 6a 47 b1 6a 11 34 ec cd Oct 31 15:24:59.075822: | e3 57 2a b8 02 74 28 99 1c a6 9f 82 da 26 a6 af Oct 31 15:24:59.075824: | 7c 5a 7a 8d a9 c6 9d b5 54 54 c5 dd 26 84 d6 56 Oct 31 15:24:59.075827: | 2a cd c0 eb 04 64 2d 4d 9f 99 c1 d0 aa 89 d4 fc Oct 31 15:24:59.075829: | 24 20 37 70 a9 75 67 86 84 f4 dd 7a c9 d2 ad c2 Oct 31 15:24:59.075831: | 27 47 63 20 9c 14 73 30 82 fd 93 52 60 6f 8f b2 Oct 31 15:24:59.075833: | c1 c5 ab ce b6 70 fd 1a 46 0e 9d 8c 2c 0d 52 1d Oct 31 15:24:59.075835: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:59.075838: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:59.075841: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.075843: | flags: none (0x0) Oct 31 15:24:59.075846: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:59.075849: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.075852: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:59.075854: | IKEv2 nonce: Oct 31 15:24:59.075857: | 0c 1b e7 d8 b7 18 a4 6d b0 af 4b 41 39 a1 67 97 Oct 31 15:24:59.075859: | 9b 08 f0 ab 91 27 eb 5b 7c 30 c0 88 c0 d0 77 16 Oct 31 15:24:59.075861: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:59.075865: | adding a v2N Payload Oct 31 15:24:59.075868: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.075870: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.075872: | flags: none (0x0) Oct 31 15:24:59.075875: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.075878: | SPI size: 0 (00) Oct 31 15:24:59.075881: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:59.075883: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.075886: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.075888: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:59.075891: | adding a v2N Payload Oct 31 15:24:59.075894: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.075896: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.075898: | flags: none (0x0) Oct 31 15:24:59.075901: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.075903: | SPI size: 0 (00) Oct 31 15:24:59.075906: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:59.075908: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.075911: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.075914: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:59.075917: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:59.075919: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:59.075922: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:59.075925: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:59.075928: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:59.075930: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:59.075934: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:59.075945: | natd_hash: hasher=0x5557659b6f80(20) Oct 31 15:24:59.075948: | natd_hash: icookie= Oct 31 15:24:59.075951: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.075953: | natd_hash: rcookie= Oct 31 15:24:59.075955: | 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.075957: | natd_hash: ip= Oct 31 15:24:59.075959: | c0 01 03 21 Oct 31 15:24:59.075961: | natd_hash: port= Oct 31 15:24:59.075965: | 01 f4 Oct 31 15:24:59.075968: | natd_hash: hash= Oct 31 15:24:59.075970: | 87 dc e1 ba 91 3b f0 f7 12 06 4d 10 7e 46 1b 9e Oct 31 15:24:59.075972: | d1 9a d3 d3 Oct 31 15:24:59.075975: | adding a v2N Payload Oct 31 15:24:59.075977: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.075979: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.075982: | flags: none (0x0) Oct 31 15:24:59.075984: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.075987: | SPI size: 0 (00) Oct 31 15:24:59.075990: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:59.075992: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.075995: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.075998: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:59.076000: | Notify data: Oct 31 15:24:59.076003: | 87 dc e1 ba 91 3b f0 f7 12 06 4d 10 7e 46 1b 9e Oct 31 15:24:59.076005: | d1 9a d3 d3 Oct 31 15:24:59.076008: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:59.076016: | natd_hash: hasher=0x5557659b6f80(20) Oct 31 15:24:59.076019: | natd_hash: icookie= Oct 31 15:24:59.076021: | 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.076023: | natd_hash: rcookie= Oct 31 15:24:59.076025: | 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.076027: | natd_hash: ip= Oct 31 15:24:59.076030: | c0 01 02 17 Oct 31 15:24:59.076032: | natd_hash: port= Oct 31 15:24:59.076034: | 01 f4 Oct 31 15:24:59.076036: | natd_hash: hash= Oct 31 15:24:59.076038: | dd d8 c6 46 f4 db a7 c5 d0 a5 0d dc b8 ea ae 8e Oct 31 15:24:59.076040: | 06 2f 17 91 Oct 31 15:24:59.076043: | adding a v2N Payload Oct 31 15:24:59.076045: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.076048: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.076051: | flags: none (0x0) Oct 31 15:24:59.076053: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.076056: | SPI size: 0 (00) Oct 31 15:24:59.076058: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:59.076061: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.076063: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.076066: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:59.076068: | Notify data: Oct 31 15:24:59.076071: | dd d8 c6 46 f4 db a7 c5 d0 a5 0d dc b8 ea ae 8e Oct 31 15:24:59.076073: | 06 2f 17 91 Oct 31 15:24:59.076075: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:59.076078: | emitting length of ISAKMP Message: 454 Oct 31 15:24:59.076085: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.076091: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Oct 31 15:24:59.076094: | transitioning from state STATE_PARENT_R0 to state STATE_PARENT_R1 Oct 31 15:24:59.076096: | Message ID: updating counters for #1 Oct 31 15:24:59.076105: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=-1 ike.responder.recv=-1->0 ike.responder.last_contact=744571.505899->744573.508895 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:59.076112: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=-1->0 ike.responder.recv=0 ike.responder.last_contact=744573.508895 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.076118: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744573.508895 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.076124: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Oct 31 15:24:59.076128: | announcing the state transition Oct 31 15:24:59.076134: "north-eastnets/0x2" #1: sent IKE_SA_INIT reply {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Oct 31 15:24:59.076147: | sending 454 bytes for STATE_PARENT_R0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:59.076151: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.076153: | 21 20 22 20 00 00 00 00 00 00 01 c6 22 00 00 30 Oct 31 15:24:59.076155: | 00 00 00 2c 01 01 00 04 03 00 00 0c 01 00 00 0c Oct 31 15:24:59.076157: | 80 0e 01 00 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:59.076159: | 03 00 00 0c 00 00 00 08 04 00 00 0e 28 00 01 08 Oct 31 15:24:59.076162: | 00 0e 00 00 e7 9f d0 56 f9 37 96 0a 51 79 41 1b Oct 31 15:24:59.076165: | 14 96 a4 77 a3 70 03 14 9c 96 35 32 35 2f 38 ba Oct 31 15:24:59.076167: | 17 0f 0c ab 42 cf f6 65 76 ba 1a 01 58 1c 62 1d Oct 31 15:24:59.076169: | 5e 7c ac 21 36 fe ab b6 96 e6 53 c6 79 5c 8b 13 Oct 31 15:24:59.076171: | f6 d3 60 ab 41 81 f0 56 79 bd 9a d7 b7 df 37 1b Oct 31 15:24:59.076173: | eb 77 44 c8 25 57 37 3d 09 b7 6a 9b 29 62 a5 32 Oct 31 15:24:59.076175: | 00 77 42 23 f6 b9 f7 7f b3 f6 11 53 4d ba 77 3b Oct 31 15:24:59.076177: | 54 78 c3 a7 3a 7b 56 21 92 1b 6d 20 08 31 69 6c Oct 31 15:24:59.076179: | a6 db 3e 1f 40 0a 54 82 52 f0 37 cd 48 41 86 2d Oct 31 15:24:59.076182: | 72 f5 50 4a 56 f6 11 e8 4d 1a f4 95 6a 47 b1 6a Oct 31 15:24:59.076184: | 11 34 ec cd e3 57 2a b8 02 74 28 99 1c a6 9f 82 Oct 31 15:24:59.076186: | da 26 a6 af 7c 5a 7a 8d a9 c6 9d b5 54 54 c5 dd Oct 31 15:24:59.076188: | 26 84 d6 56 2a cd c0 eb 04 64 2d 4d 9f 99 c1 d0 Oct 31 15:24:59.076190: | aa 89 d4 fc 24 20 37 70 a9 75 67 86 84 f4 dd 7a Oct 31 15:24:59.076192: | c9 d2 ad c2 27 47 63 20 9c 14 73 30 82 fd 93 52 Oct 31 15:24:59.076195: | 60 6f 8f b2 c1 c5 ab ce b6 70 fd 1a 46 0e 9d 8c Oct 31 15:24:59.076197: | 2c 0d 52 1d 29 00 00 24 0c 1b e7 d8 b7 18 a4 6d Oct 31 15:24:59.076207: | b0 af 4b 41 39 a1 67 97 9b 08 f0 ab 91 27 eb 5b Oct 31 15:24:59.076210: | 7c 30 c0 88 c0 d0 77 16 29 00 00 08 00 00 40 2e Oct 31 15:24:59.076212: | 29 00 00 0e 00 00 40 2f 00 02 00 03 00 04 29 00 Oct 31 15:24:59.076214: | 00 1c 00 00 40 04 87 dc e1 ba 91 3b f0 f7 12 06 Oct 31 15:24:59.076216: | 4d 10 7e 46 1b 9e d1 9a d3 d3 00 00 00 1c 00 00 Oct 31 15:24:59.076218: | 40 05 dd d8 c6 46 f4 db a7 c5 d0 a5 0d dc b8 ea Oct 31 15:24:59.076220: | ae 8e 06 2f 17 91 Oct 31 15:24:59.076261: | sent 1 messages Oct 31 15:24:59.076266: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:59.076270: | libevent_free: delref ptr-libevent@0x5557669e64e0 Oct 31 15:24:59.076273: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5557669e77c0 Oct 31 15:24:59.076277: | event_schedule: newref EVENT_SO_DISCARD-pe@0x5557669e77c0 Oct 31 15:24:59.076280: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Oct 31 15:24:59.076283: | libevent_malloc: newref ptr-libevent@0x5557669e64e0 size 128 Oct 31 15:24:59.076287: | delref logger@0x5557669d9c70(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:59.076290: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.076293: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.076296: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:59.076299: | delref mdp@0x5557669ecc20(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.076302: | delref logger@0x5557669d9c20(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.076304: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.076307: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.076316: | #1 spent 0.734 (0.802) milliseconds in resume sending helper answer back to state Oct 31 15:24:59.076322: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:59.076325: | libevent_free: delref ptr-libevent@0x7f619c002790 Oct 31 15:24:59.140517: | spent 0.00232 (0.0023) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.140627: | newref struct msg_digest@0x5557669ecc20(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.140634: | newref alloc logger@0x5557669d9c20(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.140642: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:59.140645: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.140647: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.140650: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.140652: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.140655: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.140657: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.140659: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.140662: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.140664: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.140667: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.140669: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.140672: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.140674: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.140676: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.140679: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.140681: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.140683: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.140685: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.140688: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.140690: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.140692: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.140695: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.140697: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.140700: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.140703: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.140845: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.140850: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.140853: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.140855: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.140857: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.140860: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.140862: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.140864: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.140867: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.140919: | c1 f2 57 66 Oct 31 15:24:59.140925: | **parse ISAKMP Message: Oct 31 15:24:59.140930: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.140934: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.140937: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.140940: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.140943: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.140946: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.140998: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.141053: | length: 548 (00 00 02 24) Oct 31 15:24:59.141059: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.141064: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.141068: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.141076: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.141080: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.141083: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.141085: | #1 is idle Oct 31 15:24:59.141092: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744573.508895 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.141098: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:59.141101: | unpacking clear payload Oct 31 15:24:59.141103: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:59.141107: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:59.141110: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:59.141112: | flags: none (0x0) Oct 31 15:24:59.141115: | length: 520 (02 08) Oct 31 15:24:59.141119: | fragment number: 1 (00 01) Oct 31 15:24:59.141122: | total fragments: 1 (00 01) Oct 31 15:24:59.141124: | processing payload: ISAKMP_NEXT_v2SKF (len=512) Oct 31 15:24:59.141127: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:59.141131: | received IKE encrypted fragment number '1', total number '1', next payload '35' Oct 31 15:24:59.141135: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:59.141138: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:59.141148: | ikev2 parent ikev2_ike_sa_process_auth_request_no_skeyid(): calculating g^{xy} in order to decrypt I2 Oct 31 15:24:59.141152: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey=AES_CBC Oct 31 15:24:59.141156: | DH secret MODP2048@0x7f619c002b70: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:59.141161: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:59.141163: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:59.141167: | newref clone logger@0x5557669d9c70(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:59.141170: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:59.141173: | state #1 deleting .st_event EVENT_SO_DISCARD Oct 31 15:24:59.141176: | libevent_free: delref ptr-libevent@0x5557669e64e0 Oct 31 15:24:59.141179: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x5557669e77c0 Oct 31 15:24:59.141182: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:59.141185: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5557669e77c0 Oct 31 15:24:59.141188: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:59.141190: | libevent_malloc: newref ptr-libevent@0x5557669e64e0 size 128 Oct 31 15:24:59.141207: | #1 spent 0.0605 (0.0627) milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in v2_dispatch() Oct 31 15:24:59.141215: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.141215: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper 1 starting job Oct 31 15:24:59.141228: | helper 1 is pausing for 2 seconds Oct 31 15:24:59.141220: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:59.141240: | suspending state #1 and saving MD 0x5557669ecc20 Oct 31 15:24:59.141243: | addref md@0x5557669ecc20(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:59.141246: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:59.141255: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.141262: | #1 spent 0.416 (0.752) milliseconds in ikev2_process_packet() Oct 31 15:24:59.141265: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.141268: | delref mdp@0x5557669ecc20(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.141272: | spent 0.428 (0.763) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.191779: | spent 0.00263 (0.00242) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.191800: | newref struct msg_digest@0x5557669f0a10(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.191804: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.191812: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:59.191815: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.191817: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.191819: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.191821: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.191824: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.191826: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.191828: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.191830: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.191833: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.191835: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.191837: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.191839: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.191841: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.191843: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.191846: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.191848: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.191850: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.191852: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.191854: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.191857: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.191859: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.191861: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.191863: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.191865: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.191868: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.191870: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.191872: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.191874: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.191877: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.191879: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.191881: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.191882: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.191884: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.191886: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.191888: | c1 f2 57 66 Oct 31 15:24:59.191894: | **parse ISAKMP Message: Oct 31 15:24:59.191899: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.191903: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.191906: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.191912: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.191915: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.191922: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.191927: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.191931: | length: 548 (00 00 02 24) Oct 31 15:24:59.191934: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.191938: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.191942: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.191950: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.191953: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.191956: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.191959: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:59.191963: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Oct 31 15:24:59.191968: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.191974: | #1 spent 0.199 (0.202) milliseconds in ikev2_process_packet() Oct 31 15:24:59.191977: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.191980: | delref mdp@0x5557669f0a10(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.191983: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.191986: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.191988: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.191993: | spent 0.219 (0.222) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.243385: | spent 0.00203 (0.00306) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.243404: | newref struct msg_digest@0x5557669f0a10(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.243409: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.243417: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:59.243419: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.243422: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.243424: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.243426: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.243428: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.243430: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.243433: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.243435: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.243437: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.243439: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.243441: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.243443: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.243446: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.243448: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.243450: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.243452: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.243454: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.243456: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.243458: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.243460: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.243462: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.243464: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.243466: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.243468: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.243473: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.243475: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.243477: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.243480: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.243482: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.243484: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.243486: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.243488: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.243490: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.243492: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.243495: | c1 f2 57 66 Oct 31 15:24:59.243500: | **parse ISAKMP Message: Oct 31 15:24:59.243505: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.243509: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.243512: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.243515: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.243517: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.243520: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.243524: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.243528: | length: 548 (00 00 02 24) Oct 31 15:24:59.243531: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.243534: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.243538: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.243546: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.243549: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.243552: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.243555: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:59.243559: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Oct 31 15:24:59.243564: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.243569: | #1 spent 0.192 (0.195) milliseconds in ikev2_process_packet() Oct 31 15:24:59.243572: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.243575: | delref mdp@0x5557669f0a10(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.243578: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.243581: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.243583: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.243588: | spent 0.212 (0.214) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.344011: | spent 0.00253 (0.00255) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.344028: | newref struct msg_digest@0x5557669f0a10(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.344033: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.344040: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:59.344043: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.344045: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.344047: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.344050: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.344052: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.344054: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.344056: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.344059: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.344063: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.344065: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.344067: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.344069: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.344072: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.344074: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.344076: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.344078: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.344080: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.344082: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.344085: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.344087: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.344089: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.344091: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.344094: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.344096: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.344098: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.344100: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.344102: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.344104: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.344106: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.344108: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.344110: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.344113: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.344115: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.344117: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.344119: | c1 f2 57 66 Oct 31 15:24:59.344125: | **parse ISAKMP Message: Oct 31 15:24:59.344130: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.344134: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.344137: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.344139: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.344142: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.344144: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.344149: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.344152: | length: 548 (00 00 02 24) Oct 31 15:24:59.344156: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.344160: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.344165: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.344172: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.344176: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.344179: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.344181: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:59.344185: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Oct 31 15:24:59.344191: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.344201: | #1 spent 0.194 (0.194) milliseconds in ikev2_process_packet() Oct 31 15:24:59.344206: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.344210: | delref mdp@0x5557669f0a10(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.344213: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.344215: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.344220: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.344225: | spent 0.22 (0.222) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.544487: | spent 0.0025 (0.0025) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.544505: | newref struct msg_digest@0x5557669f0a10(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.544509: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.544517: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:59.544519: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.544522: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.544525: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.544527: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.544529: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.544531: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.544533: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.544535: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.544538: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.544540: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.544542: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.544544: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.544546: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.544548: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.544550: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.544553: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.544555: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.544557: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.544559: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.544562: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.544564: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.544566: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.544568: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.544570: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.544572: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.544575: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.544577: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.544579: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.544581: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.544583: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.544585: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.544587: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.544590: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.544592: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.544594: | c1 f2 57 66 Oct 31 15:24:59.544600: | **parse ISAKMP Message: Oct 31 15:24:59.544605: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.544609: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.544612: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.544615: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.544617: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.544620: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.544624: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.544628: | length: 548 (00 00 02 24) Oct 31 15:24:59.544632: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.544635: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.544643: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.544650: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.544653: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.544657: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.544659: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:59.544663: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Oct 31 15:24:59.544669: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.544675: | #1 spent 0.196 (0.195) milliseconds in ikev2_process_packet() Oct 31 15:24:59.544678: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.544681: | delref mdp@0x5557669f0a10(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.544684: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.544687: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.544689: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.544694: | spent 0.215 (0.215) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.946467: | spent 0.00244 (0.00242) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.946483: | newref struct msg_digest@0x5557669f0a10(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.946488: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.946495: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:24:59.946498: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.946500: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:24:59.946503: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:24:59.946505: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:24:59.946507: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:24:59.946509: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:24:59.946511: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:24:59.946514: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:24:59.946516: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:24:59.946518: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:24:59.946520: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:24:59.946522: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:24:59.946524: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:24:59.946526: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:24:59.946529: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:24:59.946531: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:24:59.946533: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:24:59.946535: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:24:59.946537: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:24:59.946540: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:24:59.946542: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:24:59.946544: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:24:59.946546: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:24:59.946548: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:24:59.946551: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:24:59.946553: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:24:59.946555: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:24:59.946557: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:24:59.946559: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:24:59.946563: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:24:59.946566: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:24:59.946568: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:24:59.946570: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:24:59.946572: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:24:59.946575: | c1 f2 57 66 Oct 31 15:24:59.946580: | **parse ISAKMP Message: Oct 31 15:24:59.946585: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:24:59.946589: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:24:59.946592: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.946595: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.946597: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.946600: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.946604: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.946609: | length: 548 (00 00 02 24) Oct 31 15:24:59.946612: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.946615: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.946620: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.946627: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.946631: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.946634: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.946637: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:24:59.946641: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Oct 31 15:24:59.946646: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.946652: | #1 spent 0.194 (0.193) milliseconds in ikev2_process_packet() Oct 31 15:24:59.946655: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.946658: | delref mdp@0x5557669f0a10(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.946661: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.946664: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.946666: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.946671: | spent 0.213 (0.212) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:00.747572: | spent 0.00243 (0.00242) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:00.747643: | newref struct msg_digest@0x5557669f0a10(0->1) (in read_message() at demux.c:103) Oct 31 15:25:00.747650: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:00.747657: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:00.747660: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:00.747663: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:25:00.747666: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:25:00.747669: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:25:00.747671: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:25:00.747674: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:25:00.747677: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:25:00.747679: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:25:00.747685: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:25:00.747690: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:25:00.747693: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:25:00.747696: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:25:00.747698: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:25:00.747703: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:25:00.747706: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:25:00.747708: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:25:00.747711: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:25:00.747713: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:25:00.747716: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:25:00.747718: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:25:00.747721: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:25:00.747724: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:25:00.747726: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:25:00.747729: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:25:00.747734: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:25:00.747738: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:25:00.747740: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:25:00.747743: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:25:00.747745: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:25:00.747747: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:25:00.747750: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:25:00.747752: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:25:00.747754: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:25:00.747757: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:25:00.747759: | c1 f2 57 66 Oct 31 15:25:00.747765: | **parse ISAKMP Message: Oct 31 15:25:00.747770: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:00.747775: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:00.747778: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:25:00.747781: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:00.747784: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:00.747787: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:00.747791: | Message ID: 1 (00 00 00 01) Oct 31 15:25:00.747796: | length: 548 (00 00 02 24) Oct 31 15:25:00.747799: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:25:00.747803: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:25:00.747808: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:25:00.747816: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:00.747819: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:25:00.747822: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:00.747826: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:00.747829: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Oct 31 15:25:00.747835: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:00.747841: | #1 spent 0.232 (0.276) milliseconds in ikev2_process_packet() Oct 31 15:25:00.747844: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:00.747847: | delref mdp@0x5557669f0a10(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:00.747851: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:00.747853: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:00.747856: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:00.747860: | spent 0.252 (0.296) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:01.142754: | calculating skeyseed using prf=HMAC_SHA2_256 integ=HMAC_SHA2_256_128 cipherkey-size=32 salt-size=0 Oct 31 15:25:01.142919: | "north-eastnets/0x2" #1: spent 1.09 (2e+03) milliseconds in helper 1 processing job 2 for state #1: ikev2_inI2outR2 KE (pcr) Oct 31 15:25:01.142928: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper thread 1 sending result back to state Oct 31 15:25:01.142932: | scheduling resume sending helper answer back to state for #1 Oct 31 15:25:01.142935: | libevent_malloc: newref ptr-libevent@0x7f619400f000 size 128 Oct 31 15:25:01.142946: | helper thread 1 has nothing to do Oct 31 15:25:01.142959: | processing resume sending helper answer back to state for #1 Oct 31 15:25:01.142973: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:01.142980: | unsuspending #1 MD 0x5557669ecc20 Oct 31 15:25:01.142984: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): processing response from helper 1 Oct 31 15:25:01.142987: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): calling continuation function 0x5557658c4fe7 Oct 31 15:25:01.142991: | ikev2_ike_sa_process_auth_request_no_skeyid_continue() for #1 STATE_PARENT_R1: calculating g^{xy}, sending R2 Oct 31 15:25:01.142995: | DH secret MODP2048@0x7f619c002b70: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:25:01.142999: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:25:01.143003: | already have all fragments, skipping fragment collection Oct 31 15:25:01.143005: | already have all fragments, skipping fragment collection Oct 31 15:25:01.143037: | authenticator matched Oct 31 15:25:01.143050: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:25:01.143054: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Oct 31 15:25:01.143060: | **parse IKEv2 Identification - Initiator - Payload: Oct 31 15:25:01.143063: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:25:01.143066: | flags: none (0x0) Oct 31 15:25:01.143070: | length: 12 (00 0c) Oct 31 15:25:01.143073: | ID type: ID_FQDN (0x2) Oct 31 15:25:01.143076: | reserved: 00 00 00 Oct 31 15:25:01.143078: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Oct 31 15:25:01.143081: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:25:01.143083: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:25:01.143086: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:25:01.143088: | flags: none (0x0) Oct 31 15:25:01.143091: | length: 13 (00 0d) Oct 31 15:25:01.143094: | ID type: ID_FQDN (0x2) Oct 31 15:25:01.143096: | reserved: 00 00 00 Oct 31 15:25:01.143099: | processing payload: ISAKMP_NEXT_v2IDr (len=5) Oct 31 15:25:01.143101: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:25:01.143105: | **parse IKEv2 Authentication Payload: Oct 31 15:25:01.143107: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:01.143109: | flags: none (0x0) Oct 31 15:25:01.143112: | length: 350 (01 5e) Oct 31 15:25:01.143115: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:25:01.143117: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:25:01.143119: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:01.143122: | **parse IKEv2 Security Association Payload: Oct 31 15:25:01.143124: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:25:01.143126: | flags: none (0x0) Oct 31 15:25:01.143129: | length: 44 (00 2c) Oct 31 15:25:01.143132: | processing payload: ISAKMP_NEXT_v2SA (len=40) Oct 31 15:25:01.143134: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:25:01.143137: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:01.143139: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:25:01.143142: | flags: none (0x0) Oct 31 15:25:01.143145: | length: 24 (00 18) Oct 31 15:25:01.143148: | number of TS: 1 (01) Oct 31 15:25:01.143150: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:25:01.143152: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:25:01.143155: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:01.143157: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.143159: | flags: none (0x0) Oct 31 15:25:01.143165: | length: 24 (00 18) Oct 31 15:25:01.143167: | number of TS: 1 (01) Oct 31 15:25:01.143170: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:25:01.143172: | selected state microcode Responder: process IKE_AUTH request Oct 31 15:25:01.143182: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744573.508895 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:25:01.143185: | calling processor Responder: process IKE_AUTH request Oct 31 15:25:01.143193: "north-eastnets/0x2" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Oct 31 15:25:01.143196: | no certs to decode Oct 31 15:25:01.143318: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:25:01.143329: | received IDr payload - extracting our alleged ID Oct 31 15:25:01.143888: | refine_host_connection for IKEv2: starting with "north-eastnets/0x2" Oct 31 15:25:01.143897: | match_id a=@east Oct 31 15:25:01.143901: | b=@east Oct 31 15:25:01.143903: | results matched Oct 31 15:25:01.143908: | refine_host_connection: checking "north-eastnets/0x2" against "north-eastnets/0x2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Oct 31 15:25:01.143910: | warning: not switching back to template of current instance Oct 31 15:25:01.143913: | peer expects us to be @north (ID_FQDN) according to its IDr payload Oct 31 15:25:01.143916: | this connection's local id is @north (ID_FQDN) Oct 31 15:25:01.143919: | refine_host_connection: checked "north-eastnets/0x2" against "north-eastnets/0x2", now for see if best Oct 31 15:25:01.143927: | get_connection_private_key() using CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d to find private key for @north->@east of kind RSA Oct 31 15:25:01.143930: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:25:01.143933: | matched Oct 31 15:25:01.143935: | secrets entry for ckaid already exists Oct 31 15:25:01.143938: | connection north-eastnets/0x2's RSA private key found in NSS DB using CKAID Oct 31 15:25:01.143940: | returning because exact peer id match Oct 31 15:25:01.143944: | offered CA: '%none' Oct 31 15:25:01.143948: "north-eastnets/0x2" #1: IKEv2 mode peer ID is ID_FQDN: '@east' Oct 31 15:25:01.143972: | verifying AUTH payload Oct 31 15:25:01.143978: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:25:01.143981: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:25:01.143984: | ASN.1 blob for hash algo Oct 31 15:25:01.143986: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:25:01.143988: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:25:01.143990: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:25:01.143993: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:25:01.143995: | 03 02 01 40 Oct 31 15:25:01.144017: | required RSA CA is '%any' Oct 31 15:25:01.144021: | trying all remote certificates public keys for RSA key that matches ID: @east Oct 31 15:25:01.144024: | trying all preloaded keys public keys for RSA key that matches ID: @east Oct 31 15:25:01.144027: | trying '@east' issued by CA '%any' Oct 31 15:25:01.144031: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:25:01.144033: | 8d e2 d7 c9 6f 2b ec 8e 8a 14 72 2b 1b 34 3d b6 Oct 31 15:25:01.144035: | bd bb e1 f6 58 db be 0d 68 b1 78 63 8f fe 4e b5 Oct 31 15:25:01.144037: | 6f 15 49 6d c4 1d 94 85 c1 31 c7 70 06 69 85 38 Oct 31 15:25:01.144040: | 33 da 5b ed c7 1b b8 1a b6 97 30 2c cd 52 0e 0b Oct 31 15:25:01.144114: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:25:01.144120: | addref pk@0x5557669eb790(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:25:01.144123: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Oct 31 15:25:01.144133: | #1 spent 0.0991 (0.099) milliseconds in try_all_keys() trying a pubkey Oct 31 15:25:01.144138: "north-eastnets/0x2" #1: authenticated using RSA with SHA2_512 Oct 31 15:25:01.144143: | #1 spent 0.143 (0.143) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:25:01.144163: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:25:01.144179: | get_connection_private_key() using CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d to find private key for @north->@east of kind RSA Oct 31 15:25:01.144183: | trying secret PKK_RSA:AQPl33O2P Oct 31 15:25:01.144186: | matched Oct 31 15:25:01.144189: | secrets entry for ckaid already exists Oct 31 15:25:01.144191: | connection north-eastnets/0x2's RSA private key found in NSS DB using CKAID Oct 31 15:25:01.144197: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:01.144207: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:01.144210: | newref clone logger@0x5557669e9d30(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:01.144213: | job 3 for #1: computing responder signature (signature): adding job to queue Oct 31 15:25:01.144216: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:01.144220: | libevent_free: delref ptr-libevent@0x5557669e64e0 Oct 31 15:25:01.144223: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5557669e77c0 Oct 31 15:25:01.144226: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:25:01.144229: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5557669e77c0 Oct 31 15:25:01.144232: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:25:01.144235: | libevent_malloc: newref ptr-libevent@0x5557669e64e0 size 128 Oct 31 15:25:01.144352: | ikev2_parent_inI2outR2_continue_tail returned STF_SUSPEND Oct 31 15:25:01.144447: | job 3 for #1: computing responder signature (signature): helper 2 starting job Oct 31 15:25:01.144454: | helper 2 is pausing for 2 seconds Oct 31 15:25:01.144946: | #1 spent 0.456 (1.75) milliseconds in processing: Responder: process IKE_AUTH request in v2_dispatch() Oct 31 15:25:01.144957: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:01.144963: | #1 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:25:01.144966: | suspending state #1 and saving MD 0x5557669ecc20 Oct 31 15:25:01.144970: | addref md@0x5557669ecc20(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:25:01.144973: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:01.144977: | delref logger@0x5557669d9c70(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:01.144980: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.144982: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.144986: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:25:01.144989: | delref mdp@0x5557669ecc20(2->1) (in resume_handler() at server.c:743) Oct 31 15:25:01.144994: | #1 spent 0.716 (2.01) milliseconds in resume sending helper answer back to state Oct 31 15:25:01.145000: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:01.145004: | libevent_free: delref ptr-libevent@0x7f619400f000 Oct 31 15:25:02.348983: | spent 0.00237 (0.00236) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:02.349003: | newref struct msg_digest@0x5557669f2420(0->1) (in read_message() at demux.c:103) Oct 31 15:25:02.349008: | newref alloc logger@0x5557669d9c70(0->1) (in read_message() at demux.c:103) Oct 31 15:25:02.349015: | *received 548 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:02.349017: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:02.349020: | 35 20 23 08 00 00 00 01 00 00 02 24 23 00 02 08 Oct 31 15:25:02.349022: | 00 01 00 01 82 0c 36 a5 77 10 45 97 41 3c 06 e4 Oct 31 15:25:02.349026: | e1 32 1e d9 b8 8c 6e a4 80 5b f8 5c 34 f7 ed e9 Oct 31 15:25:02.349028: | 38 e4 06 b1 f6 b3 6d 0c 9b c4 33 e3 be ab 72 9e Oct 31 15:25:02.349031: | 31 e1 dc 0e e0 2b 8e 1e 1c 63 1b 75 1e 23 f5 d3 Oct 31 15:25:02.349033: | 56 52 4f 44 84 91 6b 27 7a fc 9b 80 db e5 be 20 Oct 31 15:25:02.349035: | e7 7c 7e 8b d7 a9 3b f1 63 c2 ec ef fa 2e 36 b7 Oct 31 15:25:02.349038: | ee 95 20 9a d2 12 13 a6 bc c0 25 df 11 3d b3 73 Oct 31 15:25:02.349040: | d9 01 aa d6 65 7a 8d 2c 10 24 1a 62 36 9c 17 6d Oct 31 15:25:02.349042: | 83 74 2a 51 0f 9d 2a 24 d2 d3 84 8e f8 ea 82 1a Oct 31 15:25:02.349044: | 7d 77 f2 21 9c 9b a7 5b 09 89 11 ee 4b 0d 36 f4 Oct 31 15:25:02.349046: | 8a 3d 54 7c 32 f6 1a 51 08 bf 5c b2 e7 68 91 c2 Oct 31 15:25:02.349048: | ea d4 59 ae 8a cb bb b5 55 d8 88 60 58 da 87 f9 Oct 31 15:25:02.349050: | a1 18 42 c8 d9 e8 3b d5 07 6f 63 63 a3 c2 9a 95 Oct 31 15:25:02.349052: | 18 23 bb 15 19 2c d8 53 af 67 c6 a9 eb a0 73 ec Oct 31 15:25:02.349054: | 39 62 a0 2a 05 ab 27 2b 8f e5 41 87 23 69 ca ee Oct 31 15:25:02.349056: | 16 4d 46 40 54 7d bb 32 f0 38 9b 7a a2 dd 25 16 Oct 31 15:25:02.349058: | 27 a1 c3 16 a2 89 62 39 fa f0 1b 92 39 26 f1 9d Oct 31 15:25:02.349061: | d7 0d d2 77 b8 65 ce 36 cd 6c 22 ef 4f a3 19 0a Oct 31 15:25:02.349063: | f7 9d 2e 9b 9d 3d 0a 4e 0b 8d d8 38 eb 0d 23 0e Oct 31 15:25:02.349065: | 32 7e b2 d8 72 0a 9f 3e 7c a4 fd 59 91 58 d0 96 Oct 31 15:25:02.349067: | c0 54 4d 07 ab 84 f9 93 c6 48 ce cf eb 04 b6 5c Oct 31 15:25:02.349069: | bd 5e 7c 4a 2e 5f 68 58 1f f8 72 59 dd dc 08 64 Oct 31 15:25:02.349072: | 1e 47 bb e2 70 1c 80 b3 d0 8a 05 8b 8a 4d 55 a3 Oct 31 15:25:02.349074: | 9f f5 82 fc 5d 65 49 6a 66 a1 ee 4f 14 79 8d 0d Oct 31 15:25:02.349076: | 72 5f a3 30 f6 ac 33 29 42 d9 21 4b 60 66 c1 7c Oct 31 15:25:02.349078: | 45 4a a0 ab 3d d3 a2 45 1d d2 9f f6 3d 30 5b bf Oct 31 15:25:02.349080: | bf 70 7a 24 d0 a4 25 4e b1 6a 07 84 89 0e ec fa Oct 31 15:25:02.349083: | fe 50 0b 7b cb 5a e1 bd 39 cb 72 5d fc 2c af 2a Oct 31 15:25:02.349085: | f1 0a f0 12 c4 db 41 3e d4 70 1f 14 6e 70 22 c4 Oct 31 15:25:02.349087: | e4 ef f6 31 29 2e c1 fd 0d 5b cf 0d 88 0c 6e 3b Oct 31 15:25:02.349089: | 08 dd 09 07 cd 23 78 c3 80 47 9c a3 9d b2 2b 65 Oct 31 15:25:02.349091: | 8a 77 75 22 ea 8a 76 6c 0d 2e 7b 83 a1 ce 96 3e Oct 31 15:25:02.349093: | c1 f2 57 66 Oct 31 15:25:02.349098: | **parse ISAKMP Message: Oct 31 15:25:02.349103: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:02.349108: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:02.349111: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:25:02.349114: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:02.349116: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:02.349119: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:02.349123: | Message ID: 1 (00 00 00 01) Oct 31 15:25:02.349126: | length: 548 (00 00 02 24) Oct 31 15:25:02.349129: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:25:02.349133: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:25:02.349138: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:25:02.349146: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:02.349149: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:25:02.349152: | #1 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:02.349156: "north-eastnets/0x2" #1: discarding packet received during asynchronous work (DNS or crypto) in STATE_PARENT_R1 Oct 31 15:25:02.349161: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:02.349166: | #1 spent 0.19 (0.19) milliseconds in ikev2_process_packet() Oct 31 15:25:02.349169: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:02.349174: | delref mdp@0x5557669f2420(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:02.349178: | delref logger@0x5557669d9c70(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:02.349181: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:02.349183: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:02.349188: | spent 0.212 (0.212) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.144558: | hash to sign Oct 31 15:25:03.144579: | 65 e2 70 15 a3 e5 dd 51 89 c8 b6 2d bc 6f 05 ff Oct 31 15:25:03.144583: | dc 29 29 dd 2b 31 69 54 47 1e 46 88 16 41 fc c2 Oct 31 15:25:03.144586: | 2f 26 5f e8 35 10 d5 7a 7c 30 80 a5 35 3c a8 eb Oct 31 15:25:03.144589: | 03 d0 ad e0 5c c4 ef 35 f6 6e 70 bb 69 78 ca 14 Oct 31 15:25:03.144594: | RSA_sign_hash: Started using NSS Oct 31 15:25:03.150018: | RSA_sign_hash: Ended using NSS Oct 31 15:25:03.150035: | "north-eastnets/0x2" #1: spent 5.4 (5.44) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:25:03.150039: | "north-eastnets/0x2" #1: spent 5.45 (5.48) milliseconds in v2_auth_signature() Oct 31 15:25:03.150044: | "north-eastnets/0x2" #1: spent 5.48 (2.01e+03) milliseconds in helper 2 processing job 3 for state #1: computing responder signature (signature) Oct 31 15:25:03.150047: | job 3 for #1: computing responder signature (signature): helper thread 2 sending result back to state Oct 31 15:25:03.150050: | scheduling resume sending helper answer back to state for #1 Oct 31 15:25:03.150053: | libevent_malloc: newref ptr-libevent@0x7f6198000c80 size 128 Oct 31 15:25:03.150063: | helper thread 2 has nothing to do Oct 31 15:25:03.150075: | processing resume sending helper answer back to state for #1 Oct 31 15:25:03.150089: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:03.150094: | unsuspending #1 MD 0x5557669ecc20 Oct 31 15:25:03.150096: | job 3 for #1: computing responder signature (signature): processing response from helper 2 Oct 31 15:25:03.150099: | job 3 for #1: computing responder signature (signature): calling continuation function 0x5557657f377f Oct 31 15:25:03.150103: | parent state #1: PARENT_R1(half-open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:25:03.150106: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:25:03.150109: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:03.150112: | libevent_free: delref ptr-libevent@0x5557669e64e0 Oct 31 15:25:03.150114: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5557669e77c0 Oct 31 15:25:03.150117: | event_schedule: newref EVENT_SA_REKEY-pe@0x5557669e77c0 Oct 31 15:25:03.150120: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Oct 31 15:25:03.150122: | libevent_malloc: newref ptr-libevent@0x5557669e64e0 size 128 Oct 31 15:25:03.150211: | pstats #1 ikev2.ike established Oct 31 15:25:03.150229: | opening output PBS reply packet Oct 31 15:25:03.150235: | **emit ISAKMP Message: Oct 31 15:25:03.150241: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.150246: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.150250: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:03.150253: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.150256: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:03.150260: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:03.150265: | Message ID: 1 (00 00 00 01) Oct 31 15:25:03.150269: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:03.150273: | IKEv2 CERT: send a certificate? Oct 31 15:25:03.150276: | IKEv2 CERT: no certificate to send Oct 31 15:25:03.150279: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:03.150283: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.150286: | flags: none (0x0) Oct 31 15:25:03.150289: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:03.150296: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.150299: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:03.150310: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:25:03.150312: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:25:03.150314: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.150316: | flags: none (0x0) Oct 31 15:25:03.150318: | ID type: ID_FQDN (0x2) Oct 31 15:25:03.150321: | reserved: 00 00 00 Oct 31 15:25:03.150323: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:25:03.150325: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.150327: | emitting 5 raw bytes of my identity into IKEv2 Identification - Responder - Payload Oct 31 15:25:03.150330: | my identity: 6e 6f 72 74 68 Oct 31 15:25:03.150331: | emitting length of IKEv2 Identification - Responder - Payload: 13 Oct 31 15:25:03.150333: | added IDr payload to packet Oct 31 15:25:03.150335: | CHILD SA proposals received Oct 31 15:25:03.150337: | going to assemble AUTH payload Oct 31 15:25:03.150339: | ****emit IKEv2 Authentication Payload: Oct 31 15:25:03.150341: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.150342: | flags: none (0x0) Oct 31 15:25:03.150344: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:25:03.150346: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:25:03.150348: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.150350: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:25:03.150352: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:25:03.150354: | OID of ASN.1 Algorithm Identifier: Oct 31 15:25:03.150356: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:25:03.150358: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:25:03.150359: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:25:03.150361: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:25:03.150362: | 03 02 01 40 Oct 31 15:25:03.150365: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:25:03.150366: | signature: Oct 31 15:25:03.150368: | aa 6c c0 ac 6e 93 fe cb fa f0 ff 4c a3 ad 99 db Oct 31 15:25:03.150370: | 9d fa ed 08 22 5b 5e 96 3c ec c9 2b 9c 07 a0 b7 Oct 31 15:25:03.150371: | 70 ca 7f 61 09 82 0b 52 d6 12 58 0e b2 d8 47 81 Oct 31 15:25:03.150373: | cb 0f 48 bf 65 0a cc 80 ce 65 82 f0 e7 c1 aa 18 Oct 31 15:25:03.150374: | 8e ff d5 ab 19 04 60 d1 0a 12 c0 8c 24 68 a5 77 Oct 31 15:25:03.150376: | 0a f8 7f ad 57 58 47 c0 38 bb 24 2b 91 4d 26 98 Oct 31 15:25:03.150378: | 50 69 b4 64 e3 1e fa f6 9d d0 07 25 85 90 33 69 Oct 31 15:25:03.150379: | d9 5f 61 16 8a 5d 56 af 93 57 26 3a 3b 12 05 7f Oct 31 15:25:03.150381: | 4d 57 bc 59 87 e3 4d 61 4f 18 5b 83 b8 c1 a5 d9 Oct 31 15:25:03.150382: | df 12 aa d0 3f 71 40 b4 41 ae c6 ff 38 87 18 34 Oct 31 15:25:03.150384: | 41 0b 3a b2 21 52 d1 ed 20 b6 ab 33 04 a4 f5 12 Oct 31 15:25:03.150386: | 49 e1 83 e7 09 69 75 c1 72 41 85 dc ae c4 3d 92 Oct 31 15:25:03.150387: | 04 12 25 3e 0b c7 4e cb 65 44 73 50 29 74 76 9c Oct 31 15:25:03.150389: | 80 5d d6 24 8b c1 0b 96 1e db c6 55 c1 38 d5 78 Oct 31 15:25:03.150390: | ee dd 42 85 56 b3 5a 9c d6 7b 58 09 fe d3 97 66 Oct 31 15:25:03.150392: | 68 01 2a 7e 62 1b 89 4d 25 a4 99 95 c1 ea 6e d8 Oct 31 15:25:03.150394: | cb 4e 0b f2 be 5c ea cd bb 45 1e 2c 0a 5b 0c d7 Oct 31 15:25:03.150396: | dc 48 Oct 31 15:25:03.150398: | emitting length of IKEv2 Authentication Payload: 350 Oct 31 15:25:03.150403: | newref alloc logger@0x5557669d9c70(0->1) (in new_state() at state.c:576) Oct 31 15:25:03.150405: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:03.150411: | creating state object #2 at 0x5557669f2420 Oct 31 15:25:03.150413: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:25:03.150420: | pstats #2 ikev2.child started Oct 31 15:25:03.150423: | duplicating state object #1 "north-eastnets/0x2" as #2 for IPSEC SA Oct 31 15:25:03.150428: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:03.150435: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744573.508895 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:03.150437: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_R0(ignore) Oct 31 15:25:03.150440: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:25:03.150445: | Message ID: IKE #1 switching from IKE SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744573.508895 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:25:03.150449: | Message ID: CHILD #1.#2 switching to CHILD SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744573.508895 child.wip.initiator=-1 child.wip.responder=-1->1 Oct 31 15:25:03.150452: | switching IKEv2 MD.ST from IKE #1 ESTABLISHED_IKE_SA to CHILD #2 V2_IKE_AUTH_CHILD_R0 (in ike_auth_child_responder() at ikev2_parent.c:3282) Oct 31 15:25:03.150454: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:25:03.150457: | TSi: parsing 1 traffic selectors Oct 31 15:25:03.150460: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.150462: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.150464: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.150466: | length: 16 (00 10) Oct 31 15:25:03.150469: | start port: 0 (00 00) Oct 31 15:25:03.150471: | end port: 65535 (ff ff) Oct 31 15:25:03.150473: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.150474: | TS low Oct 31 15:25:03.150476: | c0 00 02 00 Oct 31 15:25:03.150478: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.150480: | TS high Oct 31 15:25:03.150481: | c0 00 02 ff Oct 31 15:25:03.150483: | TSi: parsed 1 traffic selectors Oct 31 15:25:03.150489: | TSr: parsing 1 traffic selectors Oct 31 15:25:03.150496: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.150501: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.150504: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.150508: | length: 16 (00 10) Oct 31 15:25:03.150512: | start port: 0 (00 00) Oct 31 15:25:03.150516: | end port: 65535 (ff ff) Oct 31 15:25:03.150519: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.150522: | TS low Oct 31 15:25:03.150525: | c0 00 03 00 Oct 31 15:25:03.150529: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.150531: | TS high Oct 31 15:25:03.150534: | c0 00 03 ff Oct 31 15:25:03.150537: | TSr: parsed 1 traffic selectors Oct 31 15:25:03.150540: | looking for best SPD in current connection Oct 31 15:25:03.150546: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:03.150550: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.150556: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: NO Oct 31 15:25:03.150557: | looking for better host pair Oct 31 15:25:03.150564: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Oct 31 15:25:03.150568: | checking hostpair 192.0.3.0/24:0 -> 192.0.22.0/24:0 is found Oct 31 15:25:03.150569: | investigating connection "north-eastnets/0x2" as a better match Oct 31 15:25:03.150572: | match_id a=@east Oct 31 15:25:03.150574: | b=@east Oct 31 15:25:03.150576: | results matched Oct 31 15:25:03.150579: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:03.150586: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.150591: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: NO Oct 31 15:25:03.150593: | investigating connection "north-eastnets/0x1" as a better match Oct 31 15:25:03.150594: | match_id a=@east Oct 31 15:25:03.150596: | b=@east Oct 31 15:25:03.150598: | results matched Oct 31 15:25:03.150601: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:03.150604: | TSi[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.150609: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:25:03.150611: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:03.150613: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:03.150615: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:03.150617: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.150621: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.150625: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:25:03.150627: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:03.150628: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:03.150630: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:03.150632: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.150634: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:03.150636: | protocol fitness found better match d north-eastnets/0x1, TSi[0],TSr[0] Oct 31 15:25:03.150639: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:25:03.150641: | printing contents struct traffic_selector Oct 31 15:25:03.150643: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.150644: | ipprotoid: 0 Oct 31 15:25:03.150646: | port range: 0-65535 Oct 31 15:25:03.150649: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:25:03.150651: | printing contents struct traffic_selector Oct 31 15:25:03.150652: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.150654: | ipprotoid: 0 Oct 31 15:25:03.150655: | port range: 0-65535 Oct 31 15:25:03.150667: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:25:03.150674: | constructing ESP/AH proposals with all DH removed for north-eastnets/0x1 (IKE_AUTH responder matching remote ESP/AH proposals) Oct 31 15:25:03.150681: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Oct 31 15:25:03.150690: | ... ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:25:03.150695: "north-eastnets/0x1": local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): Oct 31 15:25:03.150701: "north-eastnets/0x1": 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-NONE-DISABLED Oct 31 15:25:03.150704: | comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 1 local proposals Oct 31 15:25:03.150709: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:03.150716: | local proposal 1 type PRF has 0 transforms Oct 31 15:25:03.150720: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:03.150723: | local proposal 1 type DH has 1 transforms Oct 31 15:25:03.150726: | local proposal 1 type ESN has 1 transforms Oct 31 15:25:03.150730: | local proposal 1 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:25:03.150736: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.150740: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.150745: | length: 40 (00 28) Oct 31 15:25:03.150749: | prop #: 1 (01) Oct 31 15:25:03.150752: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.150756: | spi size: 4 (04) Oct 31 15:25:03.150759: | # transforms: 3 (03) Oct 31 15:25:03.150761: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:25:03.150763: | remote SPI Oct 31 15:25:03.150765: | fa fb e2 8b Oct 31 15:25:03.150767: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:25:03.150769: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.150771: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.150773: | length: 12 (00 0c) Oct 31 15:25:03.150775: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.150777: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.150779: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.150781: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.150783: | length/value: 128 (00 80) Oct 31 15:25:03.150787: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:03.150789: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.150790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.150792: | length: 8 (00 08) Oct 31 15:25:03.150794: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.150796: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.150798: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:25:03.150800: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.150802: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.150804: | length: 8 (00 08) Oct 31 15:25:03.150806: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.150807: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.150810: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:25:03.150813: | remote proposal 1 proposed transforms: ENCR+INTEG+ESN; matched: ENCR+INTEG+ESN; unmatched: none Oct 31 15:25:03.150816: | comparing remote proposal 1 containing ENCR+INTEG+ESN transforms to local proposal 1; required: ENCR+INTEG+ESN; optional: DH; matched: ENCR+INTEG+ESN Oct 31 15:25:03.150818: | remote proposal 1 matches local proposal 1 Oct 31 15:25:03.150823: "north-eastnets/0x1" #2: proposal 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-DISABLED SPI=fafbe28b chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;ESN=DISABLED[first-match] Oct 31 15:25:03.150827: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-DISABLED SPI=fafbe28b Oct 31 15:25:03.150829: | converting proposal to internal trans attrs Oct 31 15:25:03.150846: | netlink_get_spi: allocated 0xedda5998 for esp.0@192.1.3.33 Oct 31 15:25:03.150849: | emitting ikev2_proposal ... Oct 31 15:25:03.150851: | ****emit IKEv2 Security Association Payload: Oct 31 15:25:03.150852: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.150854: | flags: none (0x0) Oct 31 15:25:03.150857: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:03.150859: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.150862: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.150863: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.150866: | prop #: 1 (01) Oct 31 15:25:03.150867: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.150869: | spi size: 4 (04) Oct 31 15:25:03.150873: | # transforms: 3 (03) Oct 31 15:25:03.150875: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.150878: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:03.150880: | our spi: ed da 59 98 Oct 31 15:25:03.150882: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.150884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.150886: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.150887: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.150889: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.150891: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.150893: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.150895: | length/value: 128 (00 80) Oct 31 15:25:03.150897: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.150899: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.150901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.150903: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.150904: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.150907: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.150908: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.150910: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.150912: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.150914: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.150916: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.150917: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.150919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.150921: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.150923: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.150924: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:25:03.150926: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.150928: | emitting length of IKEv2 Security Association Payload: 44 Oct 31 15:25:03.150930: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:03.150932: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:03.150934: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.150935: | flags: none (0x0) Oct 31 15:25:03.150937: | number of TS: 1 (01) Oct 31 15:25:03.150939: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:25:03.150941: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.150943: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:03.150945: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.150947: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.150949: | start port: 0 (00 00) Oct 31 15:25:03.150951: | end port: 65535 (ff ff) Oct 31 15:25:03.150953: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:03.150956: | IP start: c0 00 02 00 Oct 31 15:25:03.150958: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:03.150963: | IP end: c0 00 02 ff Oct 31 15:25:03.150965: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:03.150966: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:25:03.150968: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:03.150970: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.150972: | flags: none (0x0) Oct 31 15:25:03.150974: | number of TS: 1 (01) Oct 31 15:25:03.150976: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:25:03.150977: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.150979: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:03.150981: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.150983: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.150985: | start port: 0 (00 00) Oct 31 15:25:03.150987: | end port: 65535 (ff ff) Oct 31 15:25:03.150989: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:03.150991: | IP start: c0 00 03 00 Oct 31 15:25:03.150993: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:03.150995: | IP end: c0 00 03 ff Oct 31 15:25:03.150997: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:03.150998: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:25:03.151000: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:25:03.151003: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:25:03.151065: | FOR_EACH_CONNECTION_... in IKE_SA_established Oct 31 15:25:03.151068: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:25:03.151071: | could_route called for north-eastnets/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:25:03.151073: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:03.151075: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.151077: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:03.151079: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.151081: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:03.151083: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:25:03.151086: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:03.151088: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:03.151090: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:03.151093: | setting IPsec SA replay-window to 32 Oct 31 15:25:03.151095: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:25:03.151098: | netlink: enabling tunnel mode Oct 31 15:25:03.151099: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:03.151101: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:03.151103: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:03.151162: | netlink response for Add SA esp.fafbe28b@192.1.2.23 included non-error error Oct 31 15:25:03.151169: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:25:03.151172: | set up outgoing SA, ref=0/0 Oct 31 15:25:03.151176: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:03.151179: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:03.151182: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:03.151187: | setting IPsec SA replay-window to 32 Oct 31 15:25:03.151191: | NIC esp-hw-offload not for connection 'north-eastnets/0x1' not available on interface eth1 Oct 31 15:25:03.151196: | netlink: enabling tunnel mode Oct 31 15:25:03.151205: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:03.151208: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:03.151211: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:03.151247: | netlink response for Add SA esp.edda5998@192.1.3.33 included non-error error Oct 31 15:25:03.151255: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:25:03.151259: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:25:03.151262: | setup_half_ipsec_sa() before proto 50 Oct 31 15:25:03.151265: | setup_half_ipsec_sa() after proto 50 Oct 31 15:25:03.151268: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:25:03.151271: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:03.151281: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:03.151286: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:03.151309: | raw_eroute result=success Oct 31 15:25:03.151311: | set up incoming SA, ref=0/0 Oct 31 15:25:03.151313: | sr for #2: unrouted Oct 31 15:25:03.151315: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:25:03.151317: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:03.151319: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.151321: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:03.151323: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.151325: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:03.151327: | route owner of "north-eastnets/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:25:03.151330: | route_and_eroute with c: north-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:25:03.151334: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:03.151344: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:03.151348: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:03.151364: | raw_eroute result=success Oct 31 15:25:03.151369: | running updown command "ipsec _updown" for verb up Oct 31 15:25:03.151372: | command executing up-client Oct 31 15:25:03.151379: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:03.151390: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:03.151419: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'... Oct 31 15:25:03.151423: | popen cmd is 1137 chars long Oct 31 15:25:03.151425: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1': Oct 31 15:25:03.151427: | cmd( 80): PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_N: Oct 31 15:25:03.151428: | cmd( 160):EXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT=: Oct 31 15:25:03.151430: | cmd( 240):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Oct 31 15:25:03.151434: | cmd( 320):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Oct 31 15:25:03.151435: | cmd( 400):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.: Oct 31 15:25:03.151437: | cmd( 480):0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' P: Oct 31 15:25:03.151439: | cmd( 560):LUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' P: Oct 31 15:25:03.151440: | cmd( 640):LUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKE: Oct 31 15:25:03.151442: | cmd( 720):V2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: Oct 31 15:25:03.151444: | cmd( 800):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: Oct 31 15:25:03.151445: | cmd( 880):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: Oct 31 15:25:03.151447: | cmd( 960):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_: Oct 31 15:25:03.151449: | cmd(1040):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfafbe28b SPI_OUT=0xedda5998 i: Oct 31 15:25:03.151450: | cmd(1120):psec _updown 2>&1: Oct 31 15:25:03.162175: | route_and_eroute: firewall_notified: true Oct 31 15:25:03.162191: | running updown command "ipsec _updown" for verb prepare Oct 31 15:25:03.162195: | command executing prepare-client Oct 31 15:25:03.162213: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:03.162234: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:03.162262: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF... Oct 31 15:25:03.162265: | popen cmd is 1142 chars long Oct 31 15:25:03.162268: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:25:03.162270: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:03.162271: | cmd( 160):UTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CL: Oct 31 15:25:03.162273: | cmd( 240):IENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.25: Oct 31 15:25:03.162275: | cmd( 320):5.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA: Oct 31 15:25:03.162276: | cmd( 400):_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192: Oct 31 15:25:03.162278: | cmd( 480):.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255: Oct 31 15:25:03.162279: | cmd( 560):.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xf: Oct 31 15:25:03.162281: | cmd( 640):rm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PF: Oct 31 15:25:03.162283: | cmd( 720):S+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' : Oct 31 15:25:03.162284: | cmd( 800):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Oct 31 15:25:03.162286: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Oct 31 15:25:03.162291: | cmd( 960):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0': Oct 31 15:25:03.162293: | cmd(1040): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfafbe28b SPI_OUT=0xedda5: Oct 31 15:25:03.162294: | cmd(1120):998 ipsec _updown 2>&1: Oct 31 15:25:03.172180: | running updown command "ipsec _updown" for verb route Oct 31 15:25:03.172194: | command executing route-client Oct 31 15:25:03.172211: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:03.172238: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:03.172287: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR... Oct 31 15:25:03.172292: | popen cmd is 1140 chars long Oct 31 15:25:03.172295: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Oct 31 15:25:03.172299: | cmd( 80):x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:25:03.172302: | cmd( 160):O_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIE: Oct 31 15:25:03.172304: | cmd( 240):NT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.: Oct 31 15:25:03.172307: | cmd( 320):255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_T: Oct 31 15:25:03.172310: | cmd( 400):YPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0: Oct 31 15:25:03.172313: | cmd( 480):.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0: Oct 31 15:25:03.172316: | cmd( 560):' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm: Oct 31 15:25:03.172319: | cmd( 640):' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+: Oct 31 15:25:03.172322: | cmd( 720):IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PL: Oct 31 15:25:03.172325: | cmd( 800):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Oct 31 15:25:03.172328: | cmd( 880):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Oct 31 15:25:03.172331: | cmd( 960):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' V: Oct 31 15:25:03.172334: | cmd(1040):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfafbe28b SPI_OUT=0xedda599: Oct 31 15:25:03.172337: | cmd(1120):8 ipsec _updown 2>&1: Oct 31 15:25:03.194610: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194629: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194642: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194661: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194679: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194696: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194718: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194737: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194756: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194776: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194793: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194814: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194831: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194850: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194868: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194887: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194907: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194925: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194943: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194962: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194978: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.194997: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195013: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195029: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195496: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195507: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195528: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195545: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195562: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195577: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195595: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195633: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195684: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.195702: "north-eastnets/0x2" #1: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.201700: | route_and_eroute: instance "north-eastnets/0x1", setting eroute_owner {spd=0x5557669e79e0,sr=0x5557669e79e0} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:25:03.202018: | ISAKMP_v2_IKE_AUTH: instance north-eastnets/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:25:03.202027: | adding 9 bytes of padding (including 1 byte padding-length) Oct 31 15:25:03.202032: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202036: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202038: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202041: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202044: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202047: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202053: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202055: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202058: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.202061: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:03.202063: | emitting length of IKEv2 Encryption Payload: 500 Oct 31 15:25:03.202067: | emitting length of ISAKMP Message: 528 Oct 31 15:25:03.202126: | recording outgoing fragment failed Oct 31 15:25:03.202134: | delref logger@0x5557669e9d30(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:03.202138: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.202141: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.202145: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:25:03.202155: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.202161: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.202168: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_R0 PARENT_R1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:25:03.202172: | transitioning from state STATE_PARENT_R1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:03.202175: | Message ID: updating counters for #2 Oct 31 15:25:03.202187: | Message ID: CHILD #1.#2 updating responder received message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0 ike.responder.recv=0->1 ike.responder.last_contact=744573.508895->744577.634975 child.wip.initiator=-1 child.wip.responder=1->-1 Oct 31 15:25:03.202196: | Message ID: CHILD #1.#2 updating responder sent message response 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=0->1 ike.responder.recv=1 ike.responder.last_contact=744577.634975 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.202208: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744577.634975 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:03.202217: | child state #2: V2_IKE_AUTH_CHILD_R0(ignore) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:25:03.202222: | pstats #2 ikev2.child established Oct 31 15:25:03.202225: | announcing the state transition Oct 31 15:25:03.202236: "north-eastnets/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:25:03.202241: | NAT-T: encaps is 'auto' Oct 31 15:25:03.202247: "north-eastnets/0x1" #2: IPsec SA established tunnel mode {ESP=>0xfafbe28b <0xedda5998 xfrm=AES_CBC_128-HMAC_SHA2_512_256 NATOA=none NATD=none DPD=passive} Oct 31 15:25:03.202256: | sending 528 bytes for STATE_PARENT_R1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:03.202259: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.202262: | 2e 20 23 20 00 00 00 01 00 00 02 10 24 00 01 f4 Oct 31 15:25:03.202264: | 66 1b c4 8e d9 47 74 dd 3c 69 b3 81 b9 a8 30 02 Oct 31 15:25:03.202267: | 35 61 a5 9d e6 f3 50 ee a0 05 d5 d7 3f 2a 38 83 Oct 31 15:25:03.202269: | 43 7e 58 a8 61 38 6a c5 3e 41 d7 b3 dc 00 5f b1 Oct 31 15:25:03.202272: | 28 ec 87 57 3f 66 68 b9 67 8c f4 b5 7a 1f 5e cc Oct 31 15:25:03.202274: | d2 6a 38 fd 40 f2 ce 39 23 9d b5 e7 82 dd 47 31 Oct 31 15:25:03.202276: | 87 c6 38 c1 0f 70 91 20 15 d6 d3 07 ed 07 4b 4e Oct 31 15:25:03.202279: | 6e 98 27 38 6d 3c 4a 17 2c 66 b3 da 7d 1d fb 2a Oct 31 15:25:03.202281: | 0f 4a d3 84 98 fc 09 83 29 e5 15 44 f8 fb de db Oct 31 15:25:03.202286: | 22 4d 29 d1 e4 8e b6 e3 22 a2 c4 62 92 88 b9 81 Oct 31 15:25:03.202289: | 67 3d 0b 0b 45 c0 29 b1 5f a4 4e a1 3e eb b2 70 Oct 31 15:25:03.202292: | 7e ac e4 91 e6 58 eb fd 24 d8 db 12 e8 10 38 57 Oct 31 15:25:03.202294: | cc f3 6c ec 42 f1 66 3c 69 94 ec a5 b2 fb 4b 4a Oct 31 15:25:03.202297: | 9d 4f 61 ab 4e 75 5d 5f 56 51 dd c3 46 22 e5 0b Oct 31 15:25:03.202299: | e9 80 6c 06 bc c5 0e 67 3d f7 68 81 73 48 7a fb Oct 31 15:25:03.202301: | 49 66 03 f7 86 b8 96 6b ec 83 82 1d 7f db f6 b9 Oct 31 15:25:03.202304: | a8 da 70 04 16 52 ad f6 e6 44 61 7b a8 80 db a5 Oct 31 15:25:03.202306: | 7a 5b 98 3a 1d bb 74 85 bf 12 ef b2 af ce 40 80 Oct 31 15:25:03.202309: | cf 63 98 6f 5d 9d 80 6e 5f 41 71 5b 13 6a 0e 19 Oct 31 15:25:03.202312: | 6c a0 31 3c 5c 15 7c 2f e4 1e c7 11 4f f9 dc 8e Oct 31 15:25:03.202320: | 44 ec 69 2e 7f 41 ff e5 32 aa 3c 5a 9a 17 f9 da Oct 31 15:25:03.202323: | 76 40 41 d3 4b e8 a6 12 1a 8a bd 88 c4 13 ee bc Oct 31 15:25:03.202325: | 61 7b ef e9 d9 5e bc d5 02 93 95 f9 0a c9 9e 3d Oct 31 15:25:03.202328: | 3b 97 f3 e8 05 87 a3 f5 ea f7 7e 9d f8 71 26 3a Oct 31 15:25:03.202330: | 8c 38 8c be 9b 32 41 d9 37 57 4d 9f 48 64 af ac Oct 31 15:25:03.202333: | 4a 0f f4 2d 30 8d ec 78 99 56 f9 64 9d c4 11 7b Oct 31 15:25:03.202335: | e6 e7 0e b0 15 98 a6 59 a4 b5 53 46 6d 9a 0d be Oct 31 15:25:03.202338: | cd 65 6e 8a 5b 19 de 52 eb c6 eb 42 7e 1c 60 2e Oct 31 15:25:03.202340: | 45 72 ff 4f de 4c b4 c4 7b 6d 47 22 5d bb 73 c5 Oct 31 15:25:03.202343: | 1c dc 05 b2 d6 27 2a 2c e9 80 d1 8b 3b b2 02 eb Oct 31 15:25:03.202345: | b5 1f 0a 57 7e a6 78 bc c4 f4 42 be 23 50 8a 5c Oct 31 15:25:03.202348: | a5 84 94 8b 00 5a 82 69 de 2a 5f 7a ce 75 13 68 Oct 31 15:25:03.202402: | sent 1 messages Oct 31 15:25:03.202406: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:25:03.202409: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:03.202412: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:03.202415: | unpending #2's IKE SA #1 Oct 31 15:25:03.202418: | unpending state #1 connection "north-eastnets/0x1" Oct 31 15:25:03.202421: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:25:03.202424: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:03.202426: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:03.202430: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:25:03.202433: | state #2 has no .st_event to delete Oct 31 15:25:03.202437: | event_schedule: newref EVENT_SA_REKEY-pe@0x5557669ebd60 Oct 31 15:25:03.202440: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Oct 31 15:25:03.202444: | libevent_malloc: newref ptr-libevent@0x5557669eba90 size 128 Oct 31 15:25:03.202450: | delref mdp@0x5557669ecc20(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:03.202454: | delref logger@0x5557669d9c20(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:03.202457: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.202460: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.202468: | #1 spent 2.76 (52.4) milliseconds in resume sending helper answer back to state Oct 31 15:25:03.202475: | stop processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:03.202479: | libevent_free: delref ptr-libevent@0x7f6198000c80 Oct 31 15:25:03.202490: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.202496: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.202501: | spent 0.00532 (0.00523) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.202504: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.202507: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.202512: | spent 0.00377 (0.00377) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.202516: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.202521: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.202525: | spent 0.00407 (0.00374) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.273649: | spent 0.00253 (0.00229) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.273667: | newref struct msg_digest@0x5557669ecc20(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.273671: | newref alloc logger@0x5557669e9d30(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.273679: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:03.273681: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.273684: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.273686: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.273688: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.273690: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.273693: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.273695: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.273697: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.273699: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.273702: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.273704: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.273706: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.273708: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.273711: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.273713: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.273715: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.273717: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.273720: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.273722: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.273724: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.273726: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.273729: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.273731: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.273733: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.273735: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.273737: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.273740: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.273742: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.273744: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.273746: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.273749: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.273751: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.273753: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.273755: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.273758: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.273760: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.273762: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.273764: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.273769: | **parse ISAKMP Message: Oct 31 15:25:03.273774: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.273778: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.273781: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:03.273784: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.273786: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:03.273791: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.273795: | Message ID: 2 (00 00 00 02) Oct 31 15:25:03.273799: | length: 608 (00 00 02 60) Oct 31 15:25:03.273802: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:03.273806: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:03.273811: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:03.273818: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:03.273821: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:03.273825: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:03.273827: | #1 is idle Oct 31 15:25:03.273834: | Message ID: IKE #1 not a duplicate - message request 2 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744577.634975 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:03.273840: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:03.273842: | unpacking clear payload Oct 31 15:25:03.273845: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:03.273849: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:03.273851: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:03.273854: | flags: none (0x0) Oct 31 15:25:03.273857: | length: 580 (02 44) Oct 31 15:25:03.273860: | processing payload: ISAKMP_NEXT_v2SK (len=576) Oct 31 15:25:03.273863: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:03.273896: | authenticator matched Oct 31 15:25:03.273907: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:25:03.273910: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:03.273914: | **parse IKEv2 Security Association Payload: Oct 31 15:25:03.273916: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:25:03.273919: | flags: none (0x0) Oct 31 15:25:03.273922: | length: 52 (00 34) Oct 31 15:25:03.273925: | processing payload: ISAKMP_NEXT_v2SA (len=48) Oct 31 15:25:03.273927: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:25:03.273930: | **parse IKEv2 Nonce Payload: Oct 31 15:25:03.273932: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:25:03.273935: | flags: none (0x0) Oct 31 15:25:03.273938: | length: 36 (00 24) Oct 31 15:25:03.273940: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:25:03.273943: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:25:03.273946: | **parse IKEv2 Key Exchange Payload: Oct 31 15:25:03.273948: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:25:03.273950: | flags: none (0x0) Oct 31 15:25:03.273954: | length: 392 (01 88) Oct 31 15:25:03.273956: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.273959: | processing payload: ISAKMP_NEXT_v2KE (len=384) Oct 31 15:25:03.273961: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:25:03.273964: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:03.273966: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:25:03.273968: | flags: none (0x0) Oct 31 15:25:03.273971: | length: 24 (00 18) Oct 31 15:25:03.273974: | number of TS: 1 (01) Oct 31 15:25:03.273977: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:25:03.273979: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:25:03.273982: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:03.273984: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.273986: | flags: none (0x0) Oct 31 15:25:03.273990: | length: 24 (00 18) Oct 31 15:25:03.273992: | number of TS: 1 (01) Oct 31 15:25:03.273995: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:25:03.273998: | state #1 forced to match CREATE_CHILD_SA from STATE_V2_NEW_CHILD_R0->STATE_V2_ESTABLISHED_CHILD_SA by ignoring from state Oct 31 15:25:03.274003: | selected state microcode Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:25:03.274009: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:25:03.274014: | newref alloc logger@0x5557669ebd10(0->1) (in new_state() at state.c:576) Oct 31 15:25:03.274017: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:03.274020: | creating state object #3 at 0x5557669f1300 Oct 31 15:25:03.274022: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:25:03.274028: | pstats #3 ikev2.child started Oct 31 15:25:03.274031: | duplicating state object #1 "north-eastnets/0x2" as #3 for IPSEC SA Oct 31 15:25:03.274091: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:03.274103: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744577.634975 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:03.274107: | child state #3: UNDEFINED(ignore) => V2_NEW_CHILD_R0(established IKE SA) Oct 31 15:25:03.274111: | #3.st_v2_transition NULL -> V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA (in new_v2_child_state() at state.c:1666) Oct 31 15:25:03.274115: | "north-eastnets/0x2" #1 received Respond to CREATE_CHILD_SA IPsec SA Request CREATE_CHILD_SA Child "north-eastnets/0x2" #3 in STATE_V2_NEW_CHILD_R0 will process it further Oct 31 15:25:03.274117: | forcing ST #1 to CHILD #1.#3 in FSM processor Oct 31 15:25:03.274124: | Message ID: CHILD #1.#3 responder starting message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744577.634975 child.wip.initiator=-1 child.wip.responder=-1->2 Oct 31 15:25:03.274127: | calling processor Respond to CREATE_CHILD_SA IPsec SA Request Oct 31 15:25:03.274132: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:25:03.274135: | constructing ESP/AH proposals with default DH MODP2048 for north-eastnets/0x2 (CREATE_CHILD_SA responder matching remote ESP/AH proposals) Oct 31 15:25:03.274140: | converting proposal AES_CBC_128-HMAC_SHA2_512_256-MODP3072 to ikev2 ... Oct 31 15:25:03.274147: | ... ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:25:03.274150: "north-eastnets/0x2": local ESP/AH proposals (CREATE_CHILD_SA responder matching remote ESP/AH proposals): Oct 31 15:25:03.274155: "north-eastnets/0x2": 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED Oct 31 15:25:03.274158: | comparing remote proposals against CREATE_CHILD_SA responder matching remote ESP/AH proposals 1 local proposals Oct 31 15:25:03.274162: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:03.274164: | local proposal 1 type PRF has 0 transforms Oct 31 15:25:03.274167: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:03.274169: | local proposal 1 type DH has 1 transforms Oct 31 15:25:03.274172: | local proposal 1 type ESN has 1 transforms Oct 31 15:25:03.274176: | local proposal 1 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:25:03.274179: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.274182: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.274185: | length: 48 (00 30) Oct 31 15:25:03.274188: | prop #: 1 (01) Oct 31 15:25:03.274191: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.274194: | spi size: 4 (04) Oct 31 15:25:03.274196: | # transforms: 4 (04) Oct 31 15:25:03.274207: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:25:03.274209: | remote SPI Oct 31 15:25:03.274212: | 7f b4 c1 c8 Oct 31 15:25:03.274214: | Comparing remote proposal 1 containing 4 transforms against local proposal [1..1] of 1 local proposals Oct 31 15:25:03.274222: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.274225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.274228: | length: 12 (00 0c) Oct 31 15:25:03.274230: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.274233: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.274236: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.274239: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.274242: | length/value: 128 (00 80) Oct 31 15:25:03.274246: | remote proposal 1 transform 0 (ENCR=AES_CBC_128) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:03.274249: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.274252: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.274255: | length: 8 (00 08) Oct 31 15:25:03.274257: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.274259: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.274263: | remote proposal 1 transform 1 (INTEG=HMAC_SHA2_512_256) matches local proposal 1 type 3 (INTEG) transform 0 Oct 31 15:25:03.274265: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.274268: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.274270: | length: 8 (00 08) Oct 31 15:25:03.274273: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.274275: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.274278: | remote proposal 1 transform 2 (DH=MODP3072) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:25:03.274281: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.274283: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.274286: | length: 8 (00 08) Oct 31 15:25:03.274289: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.274291: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.274294: | remote proposal 1 transform 3 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:25:03.274298: | remote proposal 1 proposed transforms: ENCR+INTEG+DH+ESN; matched: ENCR+INTEG+DH+ESN; unmatched: none Oct 31 15:25:03.274303: | comparing remote proposal 1 containing ENCR+INTEG+DH+ESN transforms to local proposal 1; required: ENCR+INTEG+DH+ESN; optional: none; matched: ENCR+INTEG+DH+ESN Oct 31 15:25:03.274306: | remote proposal 1 matches local proposal 1 Oct 31 15:25:03.274312: "north-eastnets/0x2" #3: proposal 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED SPI=7fb4c1c8 chosen from remote proposals 1:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;DH=MODP3072;ESN=DISABLED[first-match] Oct 31 15:25:03.274317: | CREATE_CHILD_SA responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_CBC_128-HMAC_SHA2_512_256-MODP3072-DISABLED SPI=7fb4c1c8 Oct 31 15:25:03.274320: | converting proposal to internal trans attrs Oct 31 15:25:03.274324: | updating #3's .st_oakley with preserved PRF, but why update? Oct 31 15:25:03.274328: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:25:03.274330: | TSi: parsing 1 traffic selectors Oct 31 15:25:03.274333: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.274336: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.274338: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.274341: | length: 16 (00 10) Oct 31 15:25:03.274344: | start port: 0 (00 00) Oct 31 15:25:03.274347: | end port: 65535 (ff ff) Oct 31 15:25:03.274350: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.274352: | TS low Oct 31 15:25:03.274354: | c0 00 16 00 Oct 31 15:25:03.274357: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.274359: | TS high Oct 31 15:25:03.274361: | c0 00 16 ff Oct 31 15:25:03.274364: | TSi: parsed 1 traffic selectors Oct 31 15:25:03.274366: | TSr: parsing 1 traffic selectors Oct 31 15:25:03.274368: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.274371: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.274375: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.274378: | length: 16 (00 10) Oct 31 15:25:03.274381: | start port: 0 (00 00) Oct 31 15:25:03.274383: | end port: 65535 (ff ff) Oct 31 15:25:03.274386: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.274388: | TS low Oct 31 15:25:03.274390: | c0 00 03 00 Oct 31 15:25:03.274392: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.274395: | TS high Oct 31 15:25:03.274397: | c0 00 03 ff Oct 31 15:25:03.274399: | TSr: parsed 1 traffic selectors Oct 31 15:25:03.274401: | looking for best SPD in current connection Oct 31 15:25:03.274408: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:03.274414: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.274422: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:25:03.274425: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:03.274427: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:03.274430: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:03.274433: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.274438: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.274444: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:25:03.274447: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:03.274449: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:03.274452: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:03.274455: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.274457: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:03.274460: | found better spd route for TSi[0],TSr[0] Oct 31 15:25:03.274462: | looking for better host pair Oct 31 15:25:03.274468: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Oct 31 15:25:03.274473: | checking hostpair 192.0.3.0/24:0 -> 192.0.22.0/24:0 is found Oct 31 15:25:03.274476: | investigating connection "north-eastnets/0x2" as a better match Oct 31 15:25:03.274479: | match_id a=@east Oct 31 15:25:03.274482: | b=@east Oct 31 15:25:03.274484: | results matched Oct 31 15:25:03.274490: | evaluating our conn="north-eastnets/0x2" I=192.0.22.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:03.274494: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.274501: | match address end->client=192.0.22.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: YES fitness 32 Oct 31 15:25:03.274504: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:03.274506: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:03.274509: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:03.274511: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.274516: | TSr[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.274523: | match address end->client=192.0.3.0/24 == TSr[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:25:03.274525: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:03.274528: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:03.274530: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:03.274533: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.274588: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:03.274594: | investigating connection "north-eastnets/0x1" as a better match Oct 31 15:25:03.274598: | match_id a=@east Oct 31 15:25:03.274600: | b=@east Oct 31 15:25:03.274603: | results matched Oct 31 15:25:03.274609: | evaluating our conn="north-eastnets/0x1" I=192.0.2.0/24:0:0/0 R=192.0.3.0/24:0:0/0 to their: Oct 31 15:25:03.274616: | TSi[0] .net=192.0.22.0-192.0.22.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.274624: | match address end->client=192.0.2.0/24 == TSi[0]net=192.0.22.0-192.0.22.255: NO Oct 31 15:25:03.274626: | did not find a better connection using host pair Oct 31 15:25:03.274629: | printing contents struct traffic_selector Oct 31 15:25:03.274632: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.274634: | ipprotoid: 0 Oct 31 15:25:03.274636: | port range: 0-65535 Oct 31 15:25:03.274640: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:25:03.274643: | printing contents struct traffic_selector Oct 31 15:25:03.274645: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.274647: | ipprotoid: 0 Oct 31 15:25:03.274649: | port range: 0-65535 Oct 31 15:25:03.274654: | ip range: 192.0.22.0-192.0.22.255 Oct 31 15:25:03.274659: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:03.274662: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:03.274665: | newref clone logger@0x5557669e7800(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:03.274668: | job 4 for #3: Child Responder KE and nonce nr (build KE and nonce): adding job to queue Oct 31 15:25:03.274671: | state #3 has no .st_event to delete Oct 31 15:25:03.274674: | #3 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:25:03.274677: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5557669273e0 Oct 31 15:25:03.274680: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:03.274683: | libevent_malloc: newref ptr-libevent@0x7f6198000c80 size 128 Oct 31 15:25:03.274695: | #3 spent 0.516 (0.563) milliseconds in processing: Respond to CREATE_CHILD_SA IPsec SA Request in v2_dispatch() Oct 31 15:25:03.274702: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.274707: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.274710: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:25:03.274713: | suspending state #3 and saving MD 0x5557669ecc20 Oct 31 15:25:03.274717: | addref md@0x5557669ecc20(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:25:03.274719: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:03.274724: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:03.274725: | job 4 for #3: Child Responder KE and nonce nr (build KE and nonce): helper 4 starting job Oct 31 15:25:03.274729: | #1 spent 0.995 (1.09) milliseconds in ikev2_process_packet() Oct 31 15:25:03.274747: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.274751: | delref mdp@0x5557669ecc20(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.274755: | spent 1.02 (1.11) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.274739: | helper 4 is pausing for 2 seconds Oct 31 15:25:03.324016: | spent 0.00278 (0.00275) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.324046: | newref struct msg_digest@0x5557669f5da0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.324051: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.324058: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:03.324061: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.324064: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.324066: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.324068: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.324070: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.324072: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.324074: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.324079: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.324081: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.324083: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.324085: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.324087: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.324090: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.324092: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.324094: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.324097: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.324098: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.324101: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.324103: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.324105: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.324107: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.324110: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.324112: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.324114: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.324117: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.324119: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.324121: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.324123: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.324125: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.324128: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.324130: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.324132: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.324134: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.324136: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.324138: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.324140: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.324142: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.324145: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.324150: | **parse ISAKMP Message: Oct 31 15:25:03.324155: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.324159: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.324162: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:03.324165: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.324167: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:03.324170: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.324174: | Message ID: 2 (00 00 00 02) Oct 31 15:25:03.324178: | length: 608 (00 00 02 60) Oct 31 15:25:03.324181: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:03.324184: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:03.324189: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:03.324196: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:03.324265: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:03.324270: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_R0 (find_v2_sa_by_responder_wip) Oct 31 15:25:03.324273: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:03.324276: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_NEW_CHILD_R0 Oct 31 15:25:03.324282: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:03.324290: | #1 spent 0.236 (0.281) milliseconds in ikev2_process_packet() Oct 31 15:25:03.324293: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.324296: | delref mdp@0x5557669f5da0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.324299: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.324302: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.324305: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.324309: | spent 0.256 (0.301) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.375451: | spent 0.00365 (0.00315) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.375478: | newref struct msg_digest@0x5557669f5da0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.375483: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.375490: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:03.375493: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.375496: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.375498: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.375500: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.375502: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.375505: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.375507: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.375509: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.375512: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.375514: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.375516: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.375518: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.375521: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.375523: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.375526: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.375528: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.375531: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.375534: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.375536: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.375539: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.375541: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.375544: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.375546: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.375549: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.375552: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.375555: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.375557: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.375560: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.375563: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.375565: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.375568: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.375571: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.375573: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.375575: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.375578: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.375580: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.375582: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.375585: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.375590: | **parse ISAKMP Message: Oct 31 15:25:03.375602: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.375606: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.375609: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:03.375612: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.375616: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:03.375619: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.375624: | Message ID: 2 (00 00 00 02) Oct 31 15:25:03.375630: | length: 608 (00 00 02 60) Oct 31 15:25:03.375634: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:03.375641: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:03.375651: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:03.375661: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:03.375664: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:03.375671: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_R0 (find_v2_sa_by_responder_wip) Oct 31 15:25:03.375674: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:03.375677: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_NEW_CHILD_R0 Oct 31 15:25:03.375686: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:03.375692: | #1 spent 0.253 (0.253) milliseconds in ikev2_process_packet() Oct 31 15:25:03.375695: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.375698: | delref mdp@0x5557669f5da0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.375701: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.375704: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.375706: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.375711: | spent 0.272 (0.272) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.475873: | spent 0.00247 (0.00246) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.475889: | newref struct msg_digest@0x5557669f5da0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.475893: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.475898: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:03.475899: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.475901: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.475903: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.475904: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.475906: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.475907: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.475909: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.475910: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.475912: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.475913: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.475915: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.475916: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.475918: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.475919: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.475921: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.475922: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.475924: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.475925: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.475927: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.475931: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.475933: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.475934: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.475936: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.475937: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.475939: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.475940: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.475942: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.475943: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.475944: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.475946: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.475947: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.475949: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.475950: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.475952: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.475953: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.475955: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.475956: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.475958: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.475962: | **parse ISAKMP Message: Oct 31 15:25:03.475965: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.475967: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.475969: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:03.475971: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.475973: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:03.475975: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.475978: | Message ID: 2 (00 00 00 02) Oct 31 15:25:03.475980: | length: 608 (00 00 02 60) Oct 31 15:25:03.475982: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:03.475985: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:03.475988: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:03.475993: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:03.475995: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:03.475998: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_R0 (find_v2_sa_by_responder_wip) Oct 31 15:25:03.476000: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:03.476002: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_NEW_CHILD_R0 Oct 31 15:25:03.476006: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:03.476009: | #1 spent 0.143 (0.143) milliseconds in ikev2_process_packet() Oct 31 15:25:03.476011: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.476014: | delref mdp@0x5557669f5da0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.476016: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.476018: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.476019: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.476022: | spent 0.156 (0.156) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.677562: | spent 0.00266 (0.00263) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.677581: | newref struct msg_digest@0x5557669f5da0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.677586: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.677597: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:03.677600: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.677603: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:03.677604: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:03.677606: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:03.677607: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:03.677608: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:03.677610: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:03.677611: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:03.677613: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:03.677614: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:03.677615: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:03.677617: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:03.677618: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:03.677619: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:03.677621: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:03.677622: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:03.677623: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:03.677625: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:03.677626: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:03.677627: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:03.677629: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:03.677630: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:03.677631: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:03.677633: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:03.677634: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:03.677635: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:03.677637: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:03.677638: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:03.677639: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:03.677641: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:03.677642: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:03.677644: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:03.677645: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:03.677646: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:03.677648: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:03.677649: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:03.677650: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:03.677652: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:03.677656: | **parse ISAKMP Message: Oct 31 15:25:03.677659: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:03.677662: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:03.677665: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:03.677671: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.677674: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:03.677676: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.677681: | Message ID: 2 (00 00 00 02) Oct 31 15:25:03.677690: | length: 608 (00 00 02 60) Oct 31 15:25:03.677694: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:03.677698: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:03.677703: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:03.677711: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:03.677718: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:03.677722: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_R0 (find_v2_sa_by_responder_wip) Oct 31 15:25:03.677725: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:03.677729: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_NEW_CHILD_R0 Oct 31 15:25:03.677733: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:03.677737: | #1 spent 0.179 (0.183) milliseconds in ikev2_process_packet() Oct 31 15:25:03.677739: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.677741: | delref mdp@0x5557669f5da0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.677743: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.677745: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.677746: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.677750: | spent 0.193 (0.197) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:04.078149: | spent 0.00233 (0.00233) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:04.078167: | newref struct msg_digest@0x5557669f5da0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.078171: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.078176: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:04.078177: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:04.078179: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:04.078181: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:04.078182: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:04.078183: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:04.078185: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:04.078186: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:04.078187: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:04.078189: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:04.078190: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:04.078192: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:04.078193: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:04.078194: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:04.078196: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:04.078197: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:04.078203: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:04.078205: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:04.078207: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:04.078208: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:04.078209: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:04.078211: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:04.078212: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:04.078214: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:04.078215: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:04.078216: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:04.078218: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:04.078219: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:04.078221: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:04.078222: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:04.078223: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:04.078225: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:04.078229: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:04.078230: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:04.078231: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:04.078233: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:04.078234: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:04.078235: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:04.078237: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:04.078241: | **parse ISAKMP Message: Oct 31 15:25:04.078244: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:04.078247: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:04.078248: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:04.078250: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:04.078252: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:04.078254: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:04.078256: | Message ID: 2 (00 00 00 02) Oct 31 15:25:04.078259: | length: 608 (00 00 02 60) Oct 31 15:25:04.078260: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:04.078263: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:04.078271: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:04.078277: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:04.078279: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:04.078281: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_R0 (find_v2_sa_by_responder_wip) Oct 31 15:25:04.078283: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:04.078286: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_NEW_CHILD_R0 Oct 31 15:25:04.078289: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:04.078293: | #1 spent 0.146 (0.152) milliseconds in ikev2_process_packet() Oct 31 15:25:04.078295: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:04.078297: | delref mdp@0x5557669f5da0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.078299: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.078300: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.078302: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.078305: | spent 0.159 (0.164) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:04.879024: | spent 0.00295 (0.00288) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:04.879046: | newref struct msg_digest@0x5557669f5da0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.879050: | newref alloc logger@0x5557669d9cc0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.879056: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:04.879058: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:04.879060: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:04.879062: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:04.879063: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:04.879065: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:04.879067: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:04.879068: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:04.879070: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:04.879073: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:04.879076: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:04.879078: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:04.879085: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:04.879088: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:04.879090: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:04.879093: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:04.879096: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:04.879099: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:04.879102: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:04.879105: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:04.879108: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:04.879110: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:04.879113: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:04.879116: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:04.879119: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:04.879121: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:04.879124: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:04.879126: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:04.879129: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:04.879132: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:04.879135: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:04.879138: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:04.879141: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:04.879143: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:04.879145: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:04.879148: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:04.879151: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:04.879153: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:04.879156: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:04.879163: | **parse ISAKMP Message: Oct 31 15:25:04.879169: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:04.879174: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:04.879178: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:04.879181: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:04.879184: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:04.879187: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:04.879192: | Message ID: 2 (00 00 00 02) Oct 31 15:25:04.879196: | length: 608 (00 00 02 60) Oct 31 15:25:04.879307: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:04.879317: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:04.879324: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:04.879334: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:04.879338: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:04.879342: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_R0 (find_v2_sa_by_responder_wip) Oct 31 15:25:04.879346: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:04.879350: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_NEW_CHILD_R0 Oct 31 15:25:04.879356: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:04.879363: | #1 spent 0.25 (0.346) milliseconds in ikev2_process_packet() Oct 31 15:25:04.879367: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:04.879371: | delref mdp@0x5557669f5da0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.879375: | delref logger@0x5557669d9cc0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.879383: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.879386: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.879392: | spent 0.28 (0.376) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:05.278752: | "north-eastnets/0x2" #3: spent 3.9 (2e+03) milliseconds in helper 4 processing job 4 for state #3: Child Responder KE and nonce nr (pcr) Oct 31 15:25:05.278770: | job 4 for #3: Child Responder KE and nonce nr (build KE and nonce): helper thread 4 sending result back to state Oct 31 15:25:05.278775: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:05.278779: | libevent_malloc: newref ptr-libevent@0x7f618c0018f0 size 128 Oct 31 15:25:05.278785: | libevent_realloc: delref ptr-libevent@0x5557669d59d0 Oct 31 15:25:05.278787: | libevent_realloc: newref ptr-libevent@0x5557669a6130 size 128 Oct 31 15:25:05.278798: | helper thread 4 has nothing to do Oct 31 15:25:05.278810: | processing resume sending helper answer back to state for #3 Oct 31 15:25:05.278824: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:05.278830: | unsuspending #3 MD 0x5557669ecc20 Oct 31 15:25:05.278834: | job 4 for #3: Child Responder KE and nonce nr (build KE and nonce): processing response from helper 4 Oct 31 15:25:05.278837: | job 4 for #3: Child Responder KE and nonce nr (build KE and nonce): calling continuation function 0x5557658c4fe7 Oct 31 15:25:05.278840: | ikev2_child_inIoutR_continue() for #3 STATE_V2_NEW_CHILD_R0 Oct 31 15:25:05.278844: | DH secret MODP3072@0x7f618c004e80: transferring ownership from helper KE to state #3 Oct 31 15:25:05.278847: | DH secret MODP3072@0x7f618c004e80: transferring ownership from state #3 to helper DH Oct 31 15:25:05.278851: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:05.278853: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:05.278855: | newref clone logger@0x5557669d9cc0(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:05.278857: | job 5 for #3: DHv2 for child sa (dh): adding job to queue Oct 31 15:25:05.278859: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:05.278861: | libevent_free: delref ptr-libevent@0x7f6198000c80 Oct 31 15:25:05.278863: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5557669273e0 Oct 31 15:25:05.278866: | #3 STATE_V2_NEW_CHILD_R0: retransmits: cleared Oct 31 15:25:05.278867: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5557669273e0 Oct 31 15:25:05.278869: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:05.278871: | libevent_malloc: newref ptr-libevent@0x7f6198000c80 size 128 Oct 31 15:25:05.278879: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:05.278882: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_SUSPEND Oct 31 15:25:05.278884: | suspending state #3 and saving MD 0x5557669ecc20 Oct 31 15:25:05.278886: | addref md@0x5557669ecc20(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:25:05.278888: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:05.278890: | delref logger@0x5557669e7800(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:05.278889: | job 5 for #3: DHv2 for child sa (dh): helper 5 starting job Oct 31 15:25:05.278893: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:05.278904: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:05.278908: | resume sending helper answer back to state for #3 suppresed complete_v2_state_transition() Oct 31 15:25:05.278911: | delref mdp@0x5557669ecc20(2->1) (in resume_handler() at server.c:743) Oct 31 15:25:05.278900: | helper 5 is pausing for 2 seconds Oct 31 15:25:05.278917: | #3 spent 0.0821 (0.0861) milliseconds in resume sending helper answer back to state Oct 31 15:25:05.278929: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:05.278936: | libevent_free: delref ptr-libevent@0x7f618c0018f0 Oct 31 15:25:06.480788: | spent 0.00234 (0.00233) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:06.480813: | newref struct msg_digest@0x5557669f77f0(0->1) (in read_message() at demux.c:103) Oct 31 15:25:06.480818: | newref alloc logger@0x5557669e7800(0->1) (in read_message() at demux.c:103) Oct 31 15:25:06.480825: | *received 608 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:06.480829: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:06.480831: | 2e 20 24 08 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:06.480833: | 8e 3a 99 25 62 36 55 27 80 d1 b7 4a 47 70 39 ce Oct 31 15:25:06.480835: | 61 b7 4e 2a 1f 65 c6 27 f6 c3 6a 32 a7 89 b7 7a Oct 31 15:25:06.480837: | ef 55 49 47 4b 8f c0 cd 9c a0 d1 7c ca b2 27 14 Oct 31 15:25:06.480840: | 6c a0 80 c9 e6 3c 7a af fb 6b 85 b1 b7 7e 11 f4 Oct 31 15:25:06.480842: | 31 c9 b6 96 f8 0b 86 9b 00 9c 0f d4 a5 02 34 93 Oct 31 15:25:06.480844: | be 2c 8d 61 6e 1a 6d d1 52 3b d7 71 7d 45 5c c0 Oct 31 15:25:06.480846: | 20 3c a9 cd a6 d4 02 47 ba 28 6e 3b c3 a8 00 3f Oct 31 15:25:06.480848: | 07 24 34 50 1d 66 ba 33 b8 c6 40 ff 44 2c 9e 3b Oct 31 15:25:06.480851: | fa b0 7e d0 47 ea 40 02 e4 9e 4d 6e e0 e8 10 c8 Oct 31 15:25:06.480853: | 18 9a a7 2a d1 d5 29 04 03 4e 1d c6 48 dd d8 03 Oct 31 15:25:06.480855: | 28 8f 29 76 e0 38 6b 26 44 2a dc 1c f8 d1 4e d4 Oct 31 15:25:06.480857: | cb 78 93 34 e4 74 5c 16 11 e0 f1 b9 89 85 92 56 Oct 31 15:25:06.480859: | 90 28 6b c8 d7 54 3c 57 d3 7d b7 cf 0e f3 08 e8 Oct 31 15:25:06.480861: | af bc 2e f7 6f 8b b8 34 06 10 3f 84 a8 f7 40 6e Oct 31 15:25:06.480864: | 6d d0 7d 8d c5 3e 79 0b 7b 06 d7 96 b3 ee 3c a4 Oct 31 15:25:06.480866: | 5f 26 d2 5f a8 93 16 95 08 1b 6e 09 de 76 01 57 Oct 31 15:25:06.480868: | 0d 56 a1 27 3a 71 46 96 35 f7 66 2b cb 06 e9 be Oct 31 15:25:06.480870: | 6e a5 95 d7 65 5e 06 9b 13 48 96 36 8f 92 65 c5 Oct 31 15:25:06.480872: | 0f 17 fc 2d 85 18 38 c1 37 b4 39 7a db 57 bc a4 Oct 31 15:25:06.480875: | 27 71 77 e8 8b 88 ce 0c a6 15 3d 73 ac 87 05 bf Oct 31 15:25:06.480877: | e7 57 ae 2a a9 d5 ac cb 31 eb a3 01 d6 49 09 c7 Oct 31 15:25:06.480879: | a9 65 20 11 94 85 30 32 1c b6 b7 08 df 66 51 e3 Oct 31 15:25:06.480881: | 2b 43 bb 91 b8 4f 6e fb fa 68 9f 0a 3a 58 1a bf Oct 31 15:25:06.480883: | dc 3c 1c 86 d0 ff d5 d2 22 4e f8 e0 31 33 39 cf Oct 31 15:25:06.480885: | 9d 23 f4 58 1d b7 77 74 99 81 d2 c5 cb da 58 fa Oct 31 15:25:06.480888: | 74 27 d1 19 e5 b2 a2 88 2a b3 a6 c7 ec 30 67 88 Oct 31 15:25:06.480890: | 5e c0 2a 8b c0 d3 5c bd c0 2f c3 04 a6 41 61 d6 Oct 31 15:25:06.480892: | af 1a 95 06 75 fa 2b 65 c8 ac c6 26 c8 ec 08 73 Oct 31 15:25:06.480894: | bc 86 12 3f 47 3f c6 ec a1 11 f3 75 5e 8d 19 ae Oct 31 15:25:06.480896: | db 07 5e 0f cc f6 95 b9 83 bb 45 1d 6c 51 f1 5c Oct 31 15:25:06.480899: | a0 6d 6e ad b2 df c2 4d f4 94 00 ba 4a b8 ce 38 Oct 31 15:25:06.480901: | 6b 47 35 66 80 6c d4 9a 27 37 70 5a 14 b6 ed c9 Oct 31 15:25:06.480903: | ba a2 b6 a0 6f dc e3 08 8d 62 6c 72 44 b9 a0 56 Oct 31 15:25:06.480905: | 4c 52 74 71 18 46 cb 8b 6e ec 79 4f 79 72 f4 bd Oct 31 15:25:06.480908: | 77 5b 76 fe 38 f9 0a e3 3b 6a 65 bc ba 77 c7 07 Oct 31 15:25:06.480910: | 65 d1 4c ff de 58 22 32 ab 8a 27 53 29 89 2f ac Oct 31 15:25:06.480915: | **parse ISAKMP Message: Oct 31 15:25:06.480920: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:06.480924: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:06.480927: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:06.480930: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:06.480933: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:06.480936: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:06.480940: | Message ID: 2 (00 00 00 02) Oct 31 15:25:06.480946: | length: 608 (00 00 02 60) Oct 31 15:25:06.480950: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:06.480954: | I am the IKE SA Original Responder receiving an IKEv2 CREATE_CHILD_SA request Oct 31 15:25:06.480959: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:06.480965: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:06.480969: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:06.480973: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_R0 (find_v2_sa_by_responder_wip) Oct 31 15:25:06.480976: | #3 is busy; has suspended MD 0x5557669ecc20 Oct 31 15:25:06.480980: "north-eastnets/0x2" #3: discarding packet received during asynchronous work (DNS or crypto) in STATE_V2_NEW_CHILD_R0 Oct 31 15:25:06.480985: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:06.480991: | #1 spent 0.211 (0.211) milliseconds in ikev2_process_packet() Oct 31 15:25:06.480993: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:06.480997: | delref mdp@0x5557669f77f0(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:06.480999: | delref logger@0x5557669e7800(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:06.481002: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:06.481005: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:06.481074: | spent 0.238 (0.294) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:07.281881: | "north-eastnets/0x2" #3: spent 2.23 (2e+03) milliseconds in helper 5 processing job 5 for state #3: DHv2 for child sa (dh) Oct 31 15:25:07.281900: | job 5 for #3: DHv2 for child sa (dh): helper thread 5 sending result back to state Oct 31 15:25:07.281905: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:07.281909: | libevent_malloc: newref ptr-libevent@0x7f6190001140 size 128 Oct 31 15:25:07.281921: | helper thread 5 has nothing to do Oct 31 15:25:07.281933: | processing resume sending helper answer back to state for #3 Oct 31 15:25:07.281947: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:07.281953: | unsuspending #3 MD 0x5557669ecc20 Oct 31 15:25:07.281956: | job 5 for #3: DHv2 for child sa (dh): processing response from helper 5 Oct 31 15:25:07.281959: | job 5 for #3: DHv2 for child sa (dh): calling continuation function 0x5557658c67cb Oct 31 15:25:07.281963: | DH secret MODP3072@0x7f618c004e80: transferring ownership from helper IKEv2 DH to state #3 Oct 31 15:25:07.281966: | ikev2_child_inIoutR_continue_continue() for #3 STATE_V2_NEW_CHILD_R0 Oct 31 15:25:07.281973: | opening output PBS reply packet Oct 31 15:25:07.281977: | **emit ISAKMP Message: Oct 31 15:25:07.281982: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:07.281986: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:07.281989: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:07.281992: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.281995: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:07.281998: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:07.282002: | Message ID: 2 (00 00 00 02) Oct 31 15:25:07.282005: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:07.282009: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:07.282012: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.282013: | flags: none (0x0) Oct 31 15:25:07.282015: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:07.282017: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.282023: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:07.282048: | netlink_get_spi: allocated 0x58de34ec for esp.0@192.1.3.33 Oct 31 15:25:07.282051: | emitting ikev2_proposal ... Oct 31 15:25:07.282052: | ****emit IKEv2 Security Association Payload: Oct 31 15:25:07.282054: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.282056: | flags: none (0x0) Oct 31 15:25:07.282058: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:07.282059: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.282063: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.282065: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.282067: | prop #: 1 (01) Oct 31 15:25:07.282068: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.282070: | spi size: 4 (04) Oct 31 15:25:07.282072: | # transforms: 4 (04) Oct 31 15:25:07.282073: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.282076: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.282078: | our spi: 58 de 34 ec Oct 31 15:25:07.282080: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.282081: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.282083: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.282084: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.282086: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.282088: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.282090: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.282092: | length/value: 128 (00 80) Oct 31 15:25:07.282093: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.282095: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.282096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.282098: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.282099: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.282101: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.282103: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.282104: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.282106: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.282107: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.282109: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.282110: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.282112: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.282114: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.282115: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.282117: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.282118: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.282119: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.282121: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.282123: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.282127: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.282129: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.282131: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:25:07.282132: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.282134: | emitting length of IKEv2 Security Association Payload: 52 Oct 31 15:25:07.282135: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:07.282137: | ****emit IKEv2 Nonce Payload: Oct 31 15:25:07.282138: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.282140: | flags: none (0x0) Oct 31 15:25:07.282142: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:07.282143: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.282145: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:07.282146: | IKEv2 nonce: Oct 31 15:25:07.282148: | 9e 5c e3 23 8c 84 80 aa e8 b8 eb 9e 2e 62 02 21 Oct 31 15:25:07.282150: | 90 79 1f 8a 7a 36 31 3f b3 81 e1 6e b7 c3 85 80 Oct 31 15:25:07.282151: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:07.282153: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:25:07.282154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.282156: | flags: none (0x0) Oct 31 15:25:07.282157: | DH group: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.282159: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:07.282161: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.282162: | emitting 384 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:07.282164: | ikev2 g^x: Oct 31 15:25:07.282165: | 1f e5 7f 97 d9 c7 1b 98 a5 a2 6f 3f 84 d5 63 64 Oct 31 15:25:07.282167: | 03 0a e0 21 a7 72 f8 15 66 11 14 aa 3e 37 ec fc Oct 31 15:25:07.282168: | 62 f8 6b ff 8e 9b 12 e9 5d 00 dd 6c c4 61 86 ff Oct 31 15:25:07.282170: | f5 31 1d ae 91 5a 4d 29 9e 8f e5 35 75 3d a4 02 Oct 31 15:25:07.282171: | 1f e4 4f dd 15 8f d9 ff d1 8a 58 4b 4e ab d2 30 Oct 31 15:25:07.282172: | f3 fa ed 1d a2 0f c1 67 94 fa 5f 03 c4 a6 70 ea Oct 31 15:25:07.282174: | 60 e2 7e 84 da 66 5e 37 0d 60 d2 78 3f dc 26 27 Oct 31 15:25:07.282175: | 96 21 12 bc bc 13 de 31 88 09 51 12 72 d8 1f d0 Oct 31 15:25:07.282177: | a6 b0 a3 ab 7a f4 28 ab e6 5d 7e 30 ae e9 1c fe Oct 31 15:25:07.282178: | 39 1d 7f 2e c3 a3 d3 eb 20 be 8d d3 09 1b 85 2a Oct 31 15:25:07.282180: | 76 10 2b f7 ef 60 c3 08 ed 88 0b ac 52 44 c8 55 Oct 31 15:25:07.282182: | 87 e1 0d 09 dc c4 7a 7d c6 0b d9 61 2c 0a c5 bb Oct 31 15:25:07.282184: | 42 bf 02 cf e9 64 30 5e b0 6d 93 ce 45 65 9b 65 Oct 31 15:25:07.282188: | 4e 65 4e 78 41 8e 9f e1 f2 b8 c2 26 03 5e 09 b8 Oct 31 15:25:07.282191: | 46 90 cb 65 f0 08 ea 07 fe 99 6d f2 a8 21 da 40 Oct 31 15:25:07.282194: | a2 54 20 bb f7 e6 f3 9b 7a 66 c1 2c 8f 47 77 a2 Oct 31 15:25:07.282196: | c5 04 f2 9a d4 c4 43 fa 5e ad 0f 53 18 54 27 49 Oct 31 15:25:07.282215: | 2f ea ab 15 b9 cf 62 a5 71 f7 08 d9 f9 78 05 0e Oct 31 15:25:07.282223: | 86 d0 c3 46 73 23 32 5a 8e 5c fb b0 62 74 f3 c4 Oct 31 15:25:07.282225: | 92 cf e0 98 8c 9c da fd 9d 7c 80 4e e2 8d d6 fa Oct 31 15:25:07.282227: | df cb 9a ee c6 85 c2 db eb cb 9c e1 1b 8f ae c5 Oct 31 15:25:07.282229: | d9 9b e4 2d 3b ac 50 cb 5f 35 07 6c 00 d7 80 27 Oct 31 15:25:07.282232: | 07 00 44 3f 39 f2 80 c5 df 29 29 1b 18 84 0c 73 Oct 31 15:25:07.282234: | 1c 53 48 bd a8 cd b1 f9 4c b1 70 a2 69 f4 71 67 Oct 31 15:25:07.282239: | emitting length of IKEv2 Key Exchange Payload: 392 Oct 31 15:25:07.282243: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:07.282246: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.282249: | flags: none (0x0) Oct 31 15:25:07.282252: | number of TS: 1 (01) Oct 31 15:25:07.282255: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:25:07.282258: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.282260: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:07.282261: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.282263: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.282265: | start port: 0 (00 00) Oct 31 15:25:07.282267: | end port: 65535 (ff ff) Oct 31 15:25:07.282269: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:07.282271: | IP start: c0 00 16 00 Oct 31 15:25:07.282273: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:07.282275: | IP end: c0 00 16 ff Oct 31 15:25:07.282277: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:07.282278: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:25:07.282280: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:07.282281: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.282283: | flags: none (0x0) Oct 31 15:25:07.282284: | number of TS: 1 (01) Oct 31 15:25:07.282286: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:25:07.282288: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.282289: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:07.282291: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.282292: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.282294: | start port: 0 (00 00) Oct 31 15:25:07.282296: | end port: 65535 (ff ff) Oct 31 15:25:07.282297: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:07.282299: | IP start: c0 00 03 00 Oct 31 15:25:07.282301: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:07.282302: | IP end: c0 00 03 ff Oct 31 15:25:07.282304: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:07.282305: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:25:07.282307: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:25:07.282310: | integ=HMAC_SHA2_512_256: .key_size=64 encrypt=AES_CBC: .key_size=16 .salt_size=0 keymat_len=80 Oct 31 15:25:07.282381: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:25:07.282384: | could_route called for north-eastnets/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:25:07.282386: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.282388: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.282390: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.282391: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.282393: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.282395: | route owner of "north-eastnets/0x2" unrouted: NULL; eroute owner: NULL Oct 31 15:25:07.282398: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:07.282400: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:07.282402: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:07.282404: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.282406: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:25:07.282410: | netlink: enabling tunnel mode Oct 31 15:25:07.282412: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:25:07.282413: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.282415: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.282474: | netlink response for Add SA esp.7fb4c1c8@192.1.2.23 included non-error error Oct 31 15:25:07.282479: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:25:07.282481: | set up outgoing SA, ref=0/0 Oct 31 15:25:07.282483: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA2_512_256 Oct 31 15:25:07.282485: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Oct 31 15:25:07.282486: | st->st_esp.keymat_len=80 is encrypt_keymat_size=16 + integ_keymat_size=64 Oct 31 15:25:07.282488: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.282490: | NIC esp-hw-offload not for connection 'north-eastnets/0x2' not available on interface eth1 Oct 31 15:25:07.282492: | netlink: enabling tunnel mode Oct 31 15:25:07.282493: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:25:07.282495: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.282498: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.282541: | netlink response for Add SA esp.58de34ec@192.1.3.33 included non-error error Oct 31 15:25:07.282546: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:25:07.282549: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:25:07.282551: | setup_half_ipsec_sa() before proto 50 Oct 31 15:25:07.282554: | setup_half_ipsec_sa() after proto 50 Oct 31 15:25:07.282556: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:25:07.282560: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:07.282568: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:25:07.282571: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.282594: | raw_eroute result=success Oct 31 15:25:07.282598: | set up incoming SA, ref=0/0 Oct 31 15:25:07.282600: | sr for #3: unrouted Oct 31 15:25:07.282602: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:25:07.282607: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.282611: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.282613: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.282616: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.282618: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.282621: | route owner of "north-eastnets/0x2" unrouted: NULL; eroute owner: NULL Oct 31 15:25:07.282624: | route_and_eroute with c: north-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Oct 31 15:25:07.282627: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:07.282636: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:25:07.282639: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.282656: | raw_eroute result=success Oct 31 15:25:07.282660: | running updown command "ipsec _updown" for verb up Oct 31 15:25:07.282663: | command executing up-client Oct 31 15:25:07.282667: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:07.282678: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:07.282703: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:25:07.282709: | popen cmd is 1139 chars long Oct 31 15:25:07.282710: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2': Oct 31 15:25:07.282712: | cmd( 80): PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_N: Oct 31 15:25:07.282714: | cmd( 160):EXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT=: Oct 31 15:25:07.282715: | cmd( 240):'192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255: Oct 31 15:25:07.282716: | cmd( 320):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Oct 31 15:25:07.282718: | cmd( 400):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22: Oct 31 15:25:07.282719: | cmd( 480):.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:25:07.282720: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:25:07.282722: | cmd( 640): PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+I: Oct 31 15:25:07.282723: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLU: Oct 31 15:25:07.282725: | cmd( 800):TO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_: Oct 31 15:25:07.282726: | cmd( 880):INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUT: Oct 31 15:25:07.282727: | cmd( 960):O_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VT: Oct 31 15:25:07.282729: | cmd(1040):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7fb4c1c8 SPI_OUT=0x58de34ec: Oct 31 15:25:07.282730: | cmd(1120): ipsec _updown 2>&1: Oct 31 15:25:07.292495: | route_and_eroute: firewall_notified: true Oct 31 15:25:07.292505: | running updown command "ipsec _updown" for verb prepare Oct 31 15:25:07.292508: | command executing prepare-client Oct 31 15:25:07.292514: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:07.292529: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:07.292553: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO... Oct 31 15:25:07.292556: | popen cmd is 1144 chars long Oct 31 15:25:07.292557: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:25:07.292559: | cmd( 80):/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:07.292560: | cmd( 160):UTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CL: Oct 31 15:25:07.292564: | cmd( 240):IENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.25: Oct 31 15:25:07.292566: | cmd( 320):5.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA: Oct 31 15:25:07.292567: | cmd( 400):_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192: Oct 31 15:25:07.292569: | cmd( 480):.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.2: Oct 31 15:25:07.292570: | cmd( 560):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=': Oct 31 15:25:07.292571: | cmd( 640):xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+: Oct 31 15:25:07.292573: | cmd( 720):PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT: Oct 31 15:25:07.292574: | cmd( 800):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Oct 31 15:25:07.292576: | cmd( 880):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Oct 31 15:25:07.292577: | cmd( 960): PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES=': Oct 31 15:25:07.292578: | cmd(1040):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7fb4c1c8 SPI_OUT=0x58d: Oct 31 15:25:07.292580: | cmd(1120):e34ec ipsec _updown 2>&1: Oct 31 15:25:07.302293: | running updown command "ipsec _updown" for verb route Oct 31 15:25:07.302308: | command executing route-client Oct 31 15:25:07.302314: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:07.302332: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:07.302360: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG... Oct 31 15:25:07.302365: | popen cmd is 1142 chars long Oct 31 15:25:07.302368: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0: Oct 31 15:25:07.302371: | cmd( 80):x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:25:07.302374: | cmd( 160):O_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIE: Oct 31 15:25:07.302376: | cmd( 240):NT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.: Oct 31 15:25:07.302379: | cmd( 320):255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_T: Oct 31 15:25:07.302381: | cmd( 400):YPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0: Oct 31 15:25:07.302383: | cmd( 480):.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255: Oct 31 15:25:07.302386: | cmd( 560):.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xf: Oct 31 15:25:07.302389: | cmd( 640):rm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PF: Oct 31 15:25:07.302391: | cmd( 720):S+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' : Oct 31 15:25:07.302393: | cmd( 800):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Oct 31 15:25:07.302396: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Oct 31 15:25:07.302401: | cmd( 960):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0': Oct 31 15:25:07.302403: | cmd(1040): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7fb4c1c8 SPI_OUT=0x58de3: Oct 31 15:25:07.302405: | cmd(1120):4ec ipsec _updown 2>&1: Oct 31 15:25:07.313392: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313409: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313413: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313417: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313421: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313426: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313439: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313449: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313468: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313483: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313560: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313566: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313569: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313572: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313574: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313577: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313581: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313584: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313587: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313599: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313614: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313627: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313640: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313653: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313978: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.313996: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314017: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314031: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314046: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314058: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314071: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314087: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314100: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.314114: "north-eastnets/0x2" #3: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.317566: | route_and_eroute: instance "north-eastnets/0x2", setting eroute_owner {spd=0x5557669e8320,sr=0x5557669e8320} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:25:07.317647: | ISAKMP_v2_CREATE_CHILD_SA: instance north-eastnets/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Oct 31 15:25:07.317653: | adding 16 bytes of padding (including 1 byte padding-length) Oct 31 15:25:07.317656: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317658: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317660: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317662: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317663: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317665: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317666: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317668: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317669: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317671: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317672: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317674: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317675: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317677: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317684: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317689: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.317692: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:07.317695: | emitting length of IKEv2 Encryption Payload: 580 Oct 31 15:25:07.317698: | emitting length of ISAKMP Message: 608 Oct 31 15:25:07.317760: "north-eastnets/0x2" #3: negotiated new IPsec SA [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Oct 31 15:25:07.317765: | delref logger@0x5557669d9cc0(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:07.317767: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.317768: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:07.317774: | [RE]START processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.317777: | #3 complete_v2_state_transition() V2_NEW_CHILD_R0->ESTABLISHED_CHILD_SA with status STF_OK Oct 31 15:25:07.317779: | transitioning from state STATE_V2_NEW_CHILD_R0 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:07.317780: | Message ID: updating counters for #3 Oct 31 15:25:07.317787: | Message ID: CHILD #1.#3 updating responder received message request 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=1 ike.responder.recv=1->2 ike.responder.last_contact=744577.634975->744581.750579 child.wip.initiator=-1 child.wip.responder=2->-1 Oct 31 15:25:07.317791: | Message ID: CHILD #1.#3 updating responder sent message response 2: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=1->2 ike.responder.recv=2 ike.responder.last_contact=744581.750579 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.317794: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744581.750579 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:07.317800: | child state #3: V2_NEW_CHILD_R0(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:25:07.317802: | pstats #3 ikev2.child established Oct 31 15:25:07.317804: | announcing the state transition Oct 31 15:25:07.317808: "north-eastnets/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.22.0-192.0.22.255:0-65535 0] Oct 31 15:25:07.317811: | NAT-T: encaps is 'auto' Oct 31 15:25:07.317814: "north-eastnets/0x2" #3: IPsec SA established tunnel mode {ESP=>0x7fb4c1c8 <0x58de34ec xfrm=AES_CBC_128-HMAC_SHA2_512_256-MODP3072 NATOA=none NATD=none DPD=passive} Oct 31 15:25:07.317819: | sending 608 bytes for STATE_V2_NEW_CHILD_R0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:07.317821: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:07.317822: | 2e 20 24 20 00 00 00 02 00 00 02 60 21 00 02 44 Oct 31 15:25:07.317824: | 3e 4a ad b8 cc 8a 00 28 03 74 da 8d c8 ae d5 62 Oct 31 15:25:07.317825: | ec fe 1e 39 fb 33 d5 ff 6d 7d d8 85 d2 8b 68 54 Oct 31 15:25:07.317826: | 14 0f f9 0a a6 87 08 f8 7b 00 ae 36 74 f5 62 7f Oct 31 15:25:07.317828: | 00 35 27 70 c5 01 9a 93 fa dc df 53 41 19 7c 24 Oct 31 15:25:07.317829: | 9c 89 e6 b8 72 a3 f3 cc 1f 62 82 f0 10 97 7f bb Oct 31 15:25:07.317830: | 81 ab e7 f1 80 25 59 35 05 c9 72 5f bd cb 97 5c Oct 31 15:25:07.317832: | 00 4b 67 e5 0d d9 c9 26 80 b4 10 05 35 79 94 da Oct 31 15:25:07.317833: | c0 ca 40 e7 53 f5 a1 a6 f1 3c 4c 8d 7b 3a 6f da Oct 31 15:25:07.317834: | a1 92 c2 ab 19 34 4c fe f5 cc d6 31 72 30 1a bf Oct 31 15:25:07.317836: | 83 77 a8 eb 1e 80 60 d7 b6 cd 4c 20 ee 1d a2 ad Oct 31 15:25:07.317837: | 26 05 cf 07 31 e6 9a 48 2e 99 d7 48 06 74 c9 e8 Oct 31 15:25:07.317838: | a8 14 58 10 62 97 46 98 e4 9c 6b 3e d6 f4 3d 0c Oct 31 15:25:07.317840: | 93 26 95 ba 07 ad d3 cf e1 f2 fe 8f 04 d2 32 8d Oct 31 15:25:07.317841: | 04 5f d4 76 53 cd 70 11 b3 03 b6 a3 31 f3 bb 23 Oct 31 15:25:07.317843: | 7f de bc de 33 78 e1 34 a7 62 fe 0e 09 c6 7b fc Oct 31 15:25:07.317844: | 81 50 a5 ac 74 54 4f 58 1e be d2 89 1b 62 aa a4 Oct 31 15:25:07.317846: | d6 c8 5f 92 f5 49 42 09 c5 f0 63 6b a0 ed cf 6f Oct 31 15:25:07.317851: | f1 c2 c9 f8 3e 2d 95 e0 21 9f b9 07 3c 61 86 49 Oct 31 15:25:07.317854: | 70 03 0a 4a dd ce 19 a1 30 5b 0a 5f df e0 d0 52 Oct 31 15:25:07.317856: | 20 8c 33 87 09 54 74 13 c6 0a 13 70 54 f8 92 45 Oct 31 15:25:07.317858: | 0f 46 a9 31 c0 99 f6 79 34 6f 29 a6 3d 2d fb 95 Oct 31 15:25:07.317861: | 56 b2 21 05 7b e0 01 d3 55 6d 26 fc 67 c5 f5 53 Oct 31 15:25:07.317863: | 20 2f 7f da 77 3a f2 9a c2 40 a6 b7 03 30 4d 41 Oct 31 15:25:07.317865: | 94 de ff ae da 28 96 b4 73 fd 30 87 5c 55 6e 6d Oct 31 15:25:07.317867: | 6c bc 9a cc 3f ee 6b 0e 77 71 0e 50 05 3d 88 97 Oct 31 15:25:07.317870: | 93 a8 35 31 20 a1 e6 09 2e 6a b4 bc c8 ea f1 48 Oct 31 15:25:07.317872: | a8 07 53 0d af 14 0e 92 38 63 96 dc b7 b4 5f 3d Oct 31 15:25:07.317874: | 36 39 51 95 ef 71 46 66 f0 0e 90 53 83 ce 9e bb Oct 31 15:25:07.317877: | cc 28 6a dd fd c0 07 e2 7e ce 0f 58 e8 79 12 de Oct 31 15:25:07.317879: | a7 c5 a4 9e 16 fc bd db 19 2c fb e7 79 5d a4 87 Oct 31 15:25:07.317881: | 9d f0 aa e3 a8 d0 e7 1e cf 8d 10 2d 37 2f 51 01 Oct 31 15:25:07.317884: | 24 59 8b cc 6e c3 27 8b af d1 25 bf 89 24 ba f2 Oct 31 15:25:07.317886: | 63 4b 99 c3 07 88 d8 0e 7a 61 c6 1e e1 4b 20 53 Oct 31 15:25:07.317888: | 66 c9 22 f5 6e 5b 99 30 98 b4 66 5f 88 07 6f e7 Oct 31 15:25:07.317891: | bd 59 88 eb 52 80 da b7 e0 6e fe 50 de 92 f0 a3 Oct 31 15:25:07.317892: | 2e ee 8d d7 88 11 e5 f6 ee 81 79 31 61 25 6e bd Oct 31 15:25:07.317931: | sent 1 messages Oct 31 15:25:07.317934: | releasing #3's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:25:07.317935: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.317938: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.317940: | unpending #3's IKE SA #1 Oct 31 15:25:07.317942: | unpending state #1 connection "north-eastnets/0x2" Oct 31 15:25:07.317944: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:25:07.317945: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.317946: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.317949: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:25:07.317951: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:07.317955: | libevent_free: delref ptr-libevent@0x7f6198000c80 Oct 31 15:25:07.317957: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5557669273e0 Oct 31 15:25:07.317959: | event_schedule: newref EVENT_SA_REKEY-pe@0x5557669273e0 Oct 31 15:25:07.317961: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Oct 31 15:25:07.317962: | libevent_malloc: newref ptr-libevent@0x7f6198000c80 size 128 Oct 31 15:25:07.317966: | delref mdp@0x5557669ecc20(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.317972: | delref logger@0x5557669e9d30(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.317976: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.317978: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:07.317986: | #3 spent 1.85 (36) milliseconds in resume sending helper answer back to state Oct 31 15:25:07.317991: | stop processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:07.317995: | libevent_free: delref ptr-libevent@0x7f6190001140 Oct 31 15:25:07.318006: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.318011: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.318018: | spent 0.00567 (0.00574) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:07.318023: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.318027: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.318031: | spent 0.00367 (0.00375) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:07.318033: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.318037: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.318041: | spent 0.00374 (0.00373) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:15.899297: | newref struct fd@0x555766927420(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:15.899309: | fd_accept: new fd-fd@0x555766927420 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:15.899320: | whack: traffic_status Oct 31 15:25:15.899322: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:25:15.899325: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:15.899332: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:15.899346: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:15.899360: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:15.899366: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:15.899374: | delref fd@0x555766927420(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:15.899381: | freeref fd-fd@0x555766927420 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:15.899388: | spent 0.0996 (0.0993) milliseconds in whack Oct 31 15:25:16.005578: | newref struct fd@0x555766927420(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.005592: | fd_accept: new fd-fd@0x555766927420 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.005605: | whack: status Oct 31 15:25:16.005799: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:16.005805: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:16.005950: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:16.005955: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:16.005965: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:16.005986: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:16.006021: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:16.006033: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:16.006053: | delref fd@0x555766927420(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:16.006060: | freeref fd-fd@0x555766927420 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:16.006068: | spent 0.501 (0.5) milliseconds in whack Oct 31 15:25:16.236846: | spent 0.00251 (0.00252) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:16.236866: | newref struct msg_digest@0x5557669ecc20(0->1) (in read_message() at demux.c:103) Oct 31 15:25:16.236871: | newref alloc logger@0x5557669e9d30(0->1) (in read_message() at demux.c:103) Oct 31 15:25:16.236877: | *received 80 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:16.236880: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.236882: | 2e 20 25 08 00 00 00 03 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.236884: | 4a 77 55 ad 70 28 1a 9a 91 c0 68 bf a0 cc 02 9d Oct 31 15:25:16.236887: | 0f b8 b8 54 70 a4 e4 93 a9 eb b6 41 63 de 3b ca Oct 31 15:25:16.236889: | 9f c3 1b 5c 70 63 6a a5 28 cd 89 c1 d4 ef c1 4a Oct 31 15:25:16.236893: | **parse ISAKMP Message: Oct 31 15:25:16.236898: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.236902: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.236905: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:16.236908: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.236910: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.236913: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:16.236917: | Message ID: 3 (00 00 00 03) Oct 31 15:25:16.236921: | length: 80 (00 00 00 50) Oct 31 15:25:16.236923: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:16.236927: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:16.236932: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:16.236940: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:16.236943: | #1 st.st_msgid_lastrecv 2 md.hdr.isa_msgid 00000003 Oct 31 15:25:16.236946: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:16.236948: | #1 is idle Oct 31 15:25:16.236955: | Message ID: IKE #1 not a duplicate - message request 3 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744581.750579 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:16.236961: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:16.236963: | unpacking clear payload Oct 31 15:25:16.236966: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:16.236969: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:16.236972: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:16.236974: | flags: none (0x0) Oct 31 15:25:16.236978: | length: 52 (00 34) Oct 31 15:25:16.236980: | processing payload: ISAKMP_NEXT_v2SK (len=48) Oct 31 15:25:16.236983: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:16.237014: | authenticator matched Oct 31 15:25:16.237024: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:16.237027: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:16.237030: | **parse IKEv2 Delete Payload: Oct 31 15:25:16.237033: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.237035: | flags: none (0x0) Oct 31 15:25:16.237039: | length: 12 (00 0c) Oct 31 15:25:16.237041: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:16.237044: | SPI size: 4 (04) Oct 31 15:25:16.237047: | number of SPIs: 1 (00 01) Oct 31 15:25:16.237049: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:25:16.237052: | selected state microcode Informational Request Oct 31 15:25:16.237062: | Message ID: IKE #1 responder starting message request 3: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744581.750579 ike.wip.initiator=-1 ike.wip.responder=-1->3 Oct 31 15:25:16.237065: | calling processor Informational Request Oct 31 15:25:16.237068: | an informational request should send a response Oct 31 15:25:16.237073: | opening output PBS information exchange reply packet Oct 31 15:25:16.237075: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:16.237078: | **emit ISAKMP Message: Oct 31 15:25:16.237082: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.237086: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.237089: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:16.237091: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.237094: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.237096: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:16.237100: | Message ID: 3 (00 00 00 03) Oct 31 15:25:16.237102: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:16.237106: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:16.237108: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.237110: | flags: none (0x0) Oct 31 15:25:16.237113: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:16.237116: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:16.237119: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:16.237127: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:25:16.237129: | SPI Oct 31 15:25:16.237132: | 7f b4 c1 c8 Oct 31 15:25:16.237134: | delete IKEv2_SEC_PROTO_ESP SA(0x7fb4c1c8) Oct 31 15:25:16.237138: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:16.237140: | State DB: found IKEv2 state #3 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:25:16.237143: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x7fb4c1c8) Oct 31 15:25:16.237146: "north-eastnets/0x2" #1: received Delete SA payload: delete IPsec State #3 now Oct 31 15:25:16.237149: | pstats #3 ikev2.child deleted completed Oct 31 15:25:16.237154: | #3 main thread spent 2.44 (36.7) milliseconds helper thread spent 6.13 (4.01e+03) milliseconds in total Oct 31 15:25:16.237160: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:16.237164: | start processing: state #3 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:16.237167: | should_send_delete: no, just because Oct 31 15:25:16.237171: "north-eastnets/0x2" #3: deleting other state #3 (STATE_V2_ESTABLISHED_CHILD_SA) aged 12.963156s and NOT sending notification Oct 31 15:25:16.237174: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:16.237179: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:16.237193: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:16.237217: "north-eastnets/0x2" #3: ESP traffic information: in=0B out=0B Oct 31 15:25:16.237224: | unsuspending #3 MD (nil) Oct 31 15:25:16.237226: | should_send_delete: no, just because Oct 31 15:25:16.237230: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:25:16.237233: | state #3 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:16.237237: | libevent_free: delref ptr-libevent@0x7f6198000c80 Oct 31 15:25:16.237240: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5557669273e0 Oct 31 15:25:16.237242: | #3 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:16.237346: | running updown command "ipsec _updown" for verb down Oct 31 15:25:16.237356: | command executing down-client Oct 31 15:25:16.237362: | get_sa_info esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:16.237376: | get_sa_info esp.58de34ec@192.1.3.33 Oct 31 15:25:16.237411: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR... Oct 31 15:25:16.237416: | popen cmd is 1141 chars long Oct 31 15:25:16.237419: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Oct 31 15:25:16.237422: | cmd( 80):2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:16.237424: | cmd( 160):_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIEN: Oct 31 15:25:16.237427: | cmd( 240):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:25:16.237429: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Oct 31 15:25:16.237431: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:25:16.237433: | cmd( 480):22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:25:16.237438: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:16.237441: | cmd( 640):m' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:25:16.237443: | cmd( 720):+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' P: Oct 31 15:25:16.237446: | cmd( 800):LUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Oct 31 15:25:16.237448: | cmd( 880):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Oct 31 15:25:16.237450: | cmd( 960):UTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' : Oct 31 15:25:16.237453: | cmd(1040):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x7fb4c1c8 SPI_OUT=0x58de34: Oct 31 15:25:16.237455: | cmd(1120):ec ipsec _updown 2>&1: Oct 31 15:25:16.249762: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Oct 31 15:25:16.249776: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Oct 31 15:25:16.249781: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.249785: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:16.249823: | delete esp.7fb4c1c8@192.1.2.23 Oct 31 15:25:16.249828: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.249846: | netlink response for Del SA esp.7fb4c1c8@192.1.2.23 included non-error error Oct 31 15:25:16.249850: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.249858: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:16.249991: | raw_eroute result=success Oct 31 15:25:16.249998: | delete esp.58de34ec@192.1.3.33 Oct 31 15:25:16.250005: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.250023: | netlink response for Del SA esp.58de34ec@192.1.3.33 included non-error error Oct 31 15:25:16.250028: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:25:16.250032: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Oct 31 15:25:16.250036: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:16.250040: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:16.250043: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.250046: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.250049: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:16.250066: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.250074: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.250082: | delref logger@0x5557669ebd10(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:16.250086: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.250089: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.250093: | ****emit IKEv2 Delete Payload: Oct 31 15:25:16.250097: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.250100: | flags: none (0x0) Oct 31 15:25:16.250103: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:16.250107: | SPI size: 4 (04) Oct 31 15:25:16.250111: | number of SPIs: 1 (00 01) Oct 31 15:25:16.250115: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:16.250118: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:16.250122: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:25:16.250125: | local SPIs: 58 de 34 ec Oct 31 15:25:16.250128: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:16.250131: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:16.250134: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250137: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250140: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250142: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.250145: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:16.250147: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:16.250149: | emitting length of ISAKMP Message: 80 Oct 31 15:25:16.250194: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:16.250211: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.250215: | 2e 20 25 20 00 00 00 03 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.250218: | c9 53 8c 97 b9 5f ef b1 66 02 95 40 7e e2 b1 ef Oct 31 15:25:16.250219: | 3c c0 b3 28 f6 fa f3 f9 90 d1 6d f4 cc 49 26 4a Oct 31 15:25:16.250221: | 6f c0 67 46 1d 4c d2 1b 38 cb 57 a3 cb 12 75 97 Oct 31 15:25:16.250318: | sent 1 messages Oct 31 15:25:16.250328: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=2 ike.responder.recv=2 ike.responder.last_contact=744581.750579 ike.wip.initiator=-1 ike.wip.responder=3 Oct 31 15:25:16.250336: | Message ID: IKE #1 updating responder sent message response 3: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=2->3 ike.responder.recv=2 ike.responder.last_contact=744581.750579 ike.wip.initiator=-1 ike.wip.responder=3 Oct 31 15:25:16.250346: | #1 spent 0.819 (13.3) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:25:16.250352: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:16.250358: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:25:16.250361: | Message ID: updating counters for #1 Oct 31 15:25:16.250369: | Message ID: IKE #1 updating responder received message request 3: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=3 ike.responder.recv=2->3 ike.responder.last_contact=744581.750579->744590.68316 ike.wip.initiator=-1 ike.wip.responder=3->-1 Oct 31 15:25:16.250376: | Message ID: IKE #1 updating responder sent message response 3: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=3 ike.responder.recv=3 ike.responder.last_contact=744590.68316 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:16.250382: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=3 ike.responder.recv=3 ike.responder.last_contact=744590.68316 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:16.250385: | announcing the state transition Oct 31 15:25:16.250389: "north-eastnets/0x2" #1: established IKE SA Oct 31 15:25:16.250401: | sending 80 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:16.250404: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.250406: | 2e 20 25 20 00 00 00 03 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.250408: | c9 53 8c 97 b9 5f ef b1 66 02 95 40 7e e2 b1 ef Oct 31 15:25:16.250411: | 3c c0 b3 28 f6 fa f3 f9 90 d1 6d f4 cc 49 26 4a Oct 31 15:25:16.250413: | 6f c0 67 46 1d 4c d2 1b 38 cb 57 a3 cb 12 75 97 Oct 31 15:25:16.250431: | sent 1 messages Oct 31 15:25:16.250435: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:25:16.250441: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:16.250448: | #1 spent 1.14 (13.6) milliseconds in ikev2_process_packet() Oct 31 15:25:16.250451: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:16.250455: | delref mdp@0x5557669ecc20(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:16.250458: | delref logger@0x5557669e9d30(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:16.250461: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.250463: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.250469: | spent 1.17 (13.6) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:16.250482: | spent 0.00164 (0.00189) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:16.250491: | newref struct msg_digest@0x5557669ecc20(0->1) (in read_message() at demux.c:103) Oct 31 15:25:16.250494: | newref alloc logger@0x7f618c001660(0->1) (in read_message() at demux.c:103) Oct 31 15:25:16.250499: | *received 80 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:16.250501: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.250503: | 2e 20 25 08 00 00 00 04 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.250505: | a4 5c a6 d1 63 51 33 34 4b cf b4 e3 dd 4b 73 ed Oct 31 15:25:16.250507: | ae 7f 66 1a 4a c1 da e5 67 b5 54 da e6 b5 f3 36 Oct 31 15:25:16.250509: | a0 86 28 4b 87 4e 1b 44 08 57 df a8 ff e7 93 21 Oct 31 15:25:16.250513: | **parse ISAKMP Message: Oct 31 15:25:16.250517: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.250521: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.250523: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:16.250528: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.250530: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.250533: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:16.250537: | Message ID: 4 (00 00 00 04) Oct 31 15:25:16.250539: | length: 80 (00 00 00 50) Oct 31 15:25:16.250541: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:16.250543: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:16.250547: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:16.250553: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:16.250557: | #1 st.st_msgid_lastrecv 3 md.hdr.isa_msgid 00000004 Oct 31 15:25:16.250559: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:16.250561: | #1 is idle Oct 31 15:25:16.250566: | Message ID: IKE #1 not a duplicate - message request 4 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=3 ike.responder.recv=3 ike.responder.last_contact=744590.68316 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:16.250571: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:16.250573: | unpacking clear payload Oct 31 15:25:16.250575: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:16.250578: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:16.250581: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:16.250583: | flags: none (0x0) Oct 31 15:25:16.250586: | length: 52 (00 34) Oct 31 15:25:16.250589: | processing payload: ISAKMP_NEXT_v2SK (len=48) Oct 31 15:25:16.250591: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:16.250613: | authenticator matched Oct 31 15:25:16.250624: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:16.250627: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:16.250629: | **parse IKEv2 Delete Payload: Oct 31 15:25:16.250631: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.250632: | flags: none (0x0) Oct 31 15:25:16.250634: | length: 12 (00 0c) Oct 31 15:25:16.250636: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:16.250638: | SPI size: 4 (04) Oct 31 15:25:16.250640: | number of SPIs: 1 (00 01) Oct 31 15:25:16.250641: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:25:16.250643: | selected state microcode Informational Request Oct 31 15:25:16.250647: | Message ID: IKE #1 responder starting message request 4: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=3 ike.responder.recv=3 ike.responder.last_contact=744590.68316 ike.wip.initiator=-1 ike.wip.responder=-1->4 Oct 31 15:25:16.250653: | calling processor Informational Request Oct 31 15:25:16.250656: | an informational request should send a response Oct 31 15:25:16.250660: | opening output PBS information exchange reply packet Oct 31 15:25:16.250662: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:16.250663: | **emit ISAKMP Message: Oct 31 15:25:16.250666: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.250668: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.250670: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:16.250671: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.250673: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.250674: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:16.250676: | Message ID: 4 (00 00 00 04) Oct 31 15:25:16.250678: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:16.250680: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:16.250682: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.250685: | flags: none (0x0) Oct 31 15:25:16.250687: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:16.250689: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:16.250691: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:16.250695: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:25:16.250696: | SPI Oct 31 15:25:16.250698: | fa fb e2 8b Oct 31 15:25:16.250699: | delete IKEv2_SEC_PROTO_ESP SA(0xfafbe28b) Oct 31 15:25:16.250702: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:16.250704: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:25:16.250709: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0xfafbe28b) Oct 31 15:25:16.250716: "north-eastnets/0x2" #1: received Delete SA payload: delete IPsec State #2 now Oct 31 15:25:16.250719: | pstats #2 ikev2.child deleted completed Oct 31 15:25:16.250723: | #2 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:16.250729: | suspend processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:16.250734: | start processing: state #2 connection "north-eastnets/0x1" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:16.250736: | should_send_delete: no, just because Oct 31 15:25:16.250741: "north-eastnets/0x1" #2: deleting other state #2 connection (STATE_V2_ESTABLISHED_CHILD_SA) "north-eastnets/0x1" aged 13.100338s and NOT sending notification Oct 31 15:25:16.250744: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:16.250749: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:16.250762: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:16.250769: "north-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Oct 31 15:25:16.250771: | unsuspending #2 MD (nil) Oct 31 15:25:16.250773: | should_send_delete: no, just because Oct 31 15:25:16.250775: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:25:16.250777: | state #2 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:16.250780: | libevent_free: delref ptr-libevent@0x5557669eba90 Oct 31 15:25:16.250781: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5557669ebd60 Oct 31 15:25:16.250783: | #2 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:16.250821: | running updown command "ipsec _updown" for verb down Oct 31 15:25:16.250827: | command executing down-client Oct 31 15:25:16.250832: | get_sa_info esp.fafbe28b@192.1.2.23 Oct 31 15:25:16.250842: | get_sa_info esp.edda5998@192.1.3.33 Oct 31 15:25:16.250873: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED... Oct 31 15:25:16.250879: | popen cmd is 1143 chars long Oct 31 15:25:16.250882: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x: Oct 31 15:25:16.250886: | cmd( 80):1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:16.250889: | cmd( 160):_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIEN: Oct 31 15:25:16.250892: | cmd( 240):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:25:16.250894: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Oct 31 15:25:16.250897: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:25:16.250899: | cmd( 480):2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:25:16.250901: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:25:16.250904: | cmd( 640): PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+I: Oct 31 15:25:16.250906: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLU: Oct 31 15:25:16.250909: | cmd( 800):TO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_: Oct 31 15:25:16.251027: | cmd( 880):INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUT: Oct 31 15:25:16.251031: | cmd( 960):O_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES='168: Oct 31 15:25:16.251033: | cmd(1040):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfafbe28b SPI_OUT=0xedda: Oct 31 15:25:16.251035: | cmd(1120):5998 ipsec _updown 2>&1: Oct 31 15:25:16.264868: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:16.264885: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:16.264890: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.264962: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:16.265256: | delete esp.fafbe28b@192.1.2.23 Oct 31 15:25:16.265265: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.265436: | netlink response for Del SA esp.fafbe28b@192.1.2.23 included non-error error Oct 31 15:25:16.265443: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.265452: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:16.265886: | raw_eroute result=success Oct 31 15:25:16.265895: | delete esp.edda5998@192.1.3.33 Oct 31 15:25:16.265899: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:16.266083: | netlink response for Del SA esp.edda5998@192.1.3.33 included non-error error Oct 31 15:25:16.266092: | in connection_discard for connection north-eastnets/0x1 Oct 31 15:25:16.266097: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Oct 31 15:25:16.266103: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:16.266107: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:16.266110: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.266113: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.266116: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:16.266124: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.266131: | resume processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.266138: | delref logger@0x5557669d9c70(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:16.266141: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.266144: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.266149: | ****emit IKEv2 Delete Payload: Oct 31 15:25:16.266153: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.266156: | flags: none (0x0) Oct 31 15:25:16.266162: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:16.266166: | SPI size: 4 (04) Oct 31 15:25:16.266170: | number of SPIs: 1 (00 01) Oct 31 15:25:16.266174: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:16.266177: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:16.266181: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:25:16.266185: | local SPIs: ed da 59 98 Oct 31 15:25:16.266188: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:16.266191: | adding 4 bytes of padding (including 1 byte padding-length) Oct 31 15:25:16.266194: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266202: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266209: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266212: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266216: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:16.266218: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:16.266221: | emitting length of ISAKMP Message: 80 Oct 31 15:25:16.266275: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:16.266279: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.266282: | 2e 20 25 20 00 00 00 04 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.266284: | c8 00 a1 e8 e6 ff 0e 1f 2c 00 77 08 33 a4 de b4 Oct 31 15:25:16.266286: | 4a 09 ad 0d 61 7c dd f7 5d 59 0e 52 b7 2d 74 e0 Oct 31 15:25:16.266289: | ec 42 8c df 53 9c 2c 4d 7b d4 f7 60 3d 29 39 4a Oct 31 15:25:16.266330: | sent 1 messages Oct 31 15:25:16.266339: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=3 ike.responder.recv=3 ike.responder.last_contact=744590.68316 ike.wip.initiator=-1 ike.wip.responder=4 Oct 31 15:25:16.266347: | Message ID: IKE #1 updating responder sent message response 4: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=3->4 ike.responder.recv=3 ike.responder.last_contact=744590.68316 ike.wip.initiator=-1 ike.wip.responder=4 Oct 31 15:25:16.266358: | #1 spent 0.814 (15.7) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:25:16.266364: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:16.266370: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:25:16.266373: | Message ID: updating counters for #1 Oct 31 15:25:16.266380: | Message ID: IKE #1 updating responder received message request 4: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=4 ike.responder.recv=3->4 ike.responder.last_contact=744590.68316->744590.699172 ike.wip.initiator=-1 ike.wip.responder=4->-1 Oct 31 15:25:16.266387: | Message ID: IKE #1 updating responder sent message response 4: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=4 ike.responder.recv=4 ike.responder.last_contact=744590.699172 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:16.266394: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=4 ike.responder.recv=4 ike.responder.last_contact=744590.699172 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:16.266399: | announcing the state transition Oct 31 15:25:16.266403: "north-eastnets/0x2" #1: established IKE SA Oct 31 15:25:16.266410: | sending 80 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:16.266413: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.266416: | 2e 20 25 20 00 00 00 04 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.266418: | c8 00 a1 e8 e6 ff 0e 1f 2c 00 77 08 33 a4 de b4 Oct 31 15:25:16.266421: | 4a 09 ad 0d 61 7c dd f7 5d 59 0e 52 b7 2d 74 e0 Oct 31 15:25:16.266423: | ec 42 8c df 53 9c 2c 4d 7b d4 f7 60 3d 29 39 4a Oct 31 15:25:16.266440: | sent 1 messages Oct 31 15:25:16.266444: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:25:16.266450: | stop processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:16.266456: | #1 spent 1.08 (16) milliseconds in ikev2_process_packet() Oct 31 15:25:16.266460: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:16.266463: | delref mdp@0x5557669ecc20(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:16.266467: | delref logger@0x7f618c001660(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:16.266470: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.266472: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.266477: | spent 1.11 (16) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:16.266487: | processing signal PLUTO_SIGCHLD Oct 31 15:25:16.266494: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:16.266499: | spent 0.00597 (0.00581) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:16.266501: | processing signal PLUTO_SIGCHLD Oct 31 15:25:16.266558: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:16.266566: | spent 0.0149 (0.00813) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:16.266579: | spent 0.00174 (0.00172) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:16.266588: | newref struct msg_digest@0x5557669ecc20(0->1) (in read_message() at demux.c:103) Oct 31 15:25:16.266592: | newref alloc logger@0x5557669ebd60(0->1) (in read_message() at demux.c:103) Oct 31 15:25:16.266598: | *received 80 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:16.266601: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.266604: | 2e 20 25 08 00 00 00 05 00 00 00 50 2a 00 00 34 Oct 31 15:25:16.266606: | 69 e5 e9 bc 22 d3 de 45 7e 64 63 2a c8 45 84 4c Oct 31 15:25:16.266608: | 00 5e 84 f3 56 ee f7 de bd d3 4a 51 7e f2 40 f4 Oct 31 15:25:16.266611: | ce 0b d8 57 bb 64 e5 84 d7 47 d5 67 6f 51 12 f7 Oct 31 15:25:16.266616: | **parse ISAKMP Message: Oct 31 15:25:16.266620: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.266625: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.266628: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:16.266631: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.266633: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.266636: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:16.266641: | Message ID: 5 (00 00 00 05) Oct 31 15:25:16.266645: | length: 80 (00 00 00 50) Oct 31 15:25:16.266648: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:16.266651: | I am the IKE SA Original Responder receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:16.266655: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:16.266662: | start processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:16.266666: | #1 st.st_msgid_lastrecv 4 md.hdr.isa_msgid 00000005 Oct 31 15:25:16.266669: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:16.266727: | #1 is idle Oct 31 15:25:16.266790: | Message ID: IKE #1 not a duplicate - message request 5 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=4 ike.responder.recv=4 ike.responder.last_contact=744590.699172 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:16.266797: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:16.266801: | unpacking clear payload Oct 31 15:25:16.266804: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:16.266808: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:16.266811: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:16.266813: | flags: none (0x0) Oct 31 15:25:16.266817: | length: 52 (00 34) Oct 31 15:25:16.266820: | processing payload: ISAKMP_NEXT_v2SK (len=48) Oct 31 15:25:16.266823: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:16.266847: | authenticator matched Oct 31 15:25:16.266857: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:16.266861: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:16.266864: | **parse IKEv2 Delete Payload: Oct 31 15:25:16.266867: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.266870: | flags: none (0x0) Oct 31 15:25:16.266874: | length: 8 (00 08) Oct 31 15:25:16.266877: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:16.266880: | SPI size: 0 (00) Oct 31 15:25:16.266884: | number of SPIs: 0 (00 00) Oct 31 15:25:16.266886: | processing payload: ISAKMP_NEXT_v2D (len=0) Oct 31 15:25:16.266889: | selected state microcode Informational Request Oct 31 15:25:16.266897: | Message ID: IKE #1 responder starting message request 5: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=4 ike.responder.recv=4 ike.responder.last_contact=744590.699172 ike.wip.initiator=-1 ike.wip.responder=-1->5 Oct 31 15:25:16.266900: | calling processor Informational Request Oct 31 15:25:16.266904: | an informational request should send a response Oct 31 15:25:16.266910: | opening output PBS information exchange reply packet Oct 31 15:25:16.266913: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:16.266916: | **emit ISAKMP Message: Oct 31 15:25:16.266922: | initiator SPI: 51 7c 55 1b 42 66 f1 ad Oct 31 15:25:16.266926: | responder SPI: 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.266930: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:16.266932: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:16.266935: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:16.266938: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:16.266942: | Message ID: 5 (00 00 00 05) Oct 31 15:25:16.266946: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:16.266949: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:16.266952: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:16.266955: | flags: none (0x0) Oct 31 15:25:16.266958: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:16.266961: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:16.266965: | emitting 16 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:16.266976: | adding 16 bytes of padding (including 1 byte padding-length) Oct 31 15:25:16.266979: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266983: | emitting 1 0x01 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266986: | emitting 1 0x02 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266989: | emitting 1 0x03 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266994: | emitting 1 0x04 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.266998: | emitting 1 0x05 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267001: | emitting 1 0x06 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267004: | emitting 1 0x07 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267007: | emitting 1 0x08 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267010: | emitting 1 0x09 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267013: | emitting 1 0x0a repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267016: | emitting 1 0x0b repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267019: | emitting 1 0x0c repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267022: | emitting 1 0x0d repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267025: | emitting 1 0x0e repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267028: | emitting 1 0x0f repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:16.267031: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:16.267034: | emitting length of IKEv2 Encryption Payload: 52 Oct 31 15:25:16.267037: | emitting length of ISAKMP Message: 80 Oct 31 15:25:16.267123: | sending 80 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:16.267128: | 51 7c 55 1b 42 66 f1 ad 61 7a 11 68 b3 c4 7a f9 Oct 31 15:25:16.267131: | 2e 20 25 20 00 00 00 05 00 00 00 50 00 00 00 34 Oct 31 15:25:16.267133: | 4a c8 5d bd 90 d7 e7 9b d7 ec 75 67 7a 21 01 15 Oct 31 15:25:16.267136: | ae f2 70 68 28 25 cb b3 23 14 74 4d 8f 8b 72 07 Oct 31 15:25:16.267138: | 0b ee 7e b4 1c b7 d2 fe 52 07 f8 0b b6 36 c7 6d Oct 31 15:25:16.267158: | sent 1 messages Oct 31 15:25:16.267166: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=4 ike.responder.recv=4 ike.responder.last_contact=744590.699172 ike.wip.initiator=-1 ike.wip.responder=5 Oct 31 15:25:16.267173: | Message ID: IKE #1 updating responder sent message response 5: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744571.505899 ike.responder.sent=4->5 ike.responder.recv=4 ike.responder.last_contact=744590.699172 ike.wip.initiator=-1 ike.wip.responder=5 Oct 31 15:25:16.267176: | State DB: IKEv2 state not found (delete_ike_family) Oct 31 15:25:16.267179: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:16.267185: | #1 main thread spent 11.4 (90.4) milliseconds helper thread spent 8.42 (6.01e+03) milliseconds in total Oct 31 15:25:16.267191: | [RE]START processing: state #1 connection "north-eastnets/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:16.267193: | should_send_delete: no, just because Oct 31 15:25:16.267201: "north-eastnets/0x2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 19.194124s and NOT sending notification Oct 31 15:25:16.267208: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:16.267445: | unsuspending #1 MD (nil) Oct 31 15:25:16.267451: | should_send_delete: no, just because Oct 31 15:25:16.267454: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:16.267459: | libevent_free: delref ptr-libevent@0x5557669e64e0 Oct 31 15:25:16.267462: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5557669e77c0 Oct 31 15:25:16.267465: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:16.267469: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:16.267475: | in connection_discard for connection north-eastnets/0x2 Oct 31 15:25:16.267478: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:16.267482: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:16.267485: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:16.267488: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.267491: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:16.267494: | delref pkp@0x5557669eb790(2->1) (in delete_state() at state.c:1202) Oct 31 15:25:16.267510: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:16.267526: | delref logger@0x5557669e9ce0(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:16.267530: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.267587: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.267593: | in statetime_stop() and could not find #1 Oct 31 15:25:16.267596: | XXX: processor 'Informational Request' for #1 deleted state MD.ST Oct 31 15:25:16.267599: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:16.267602: | in statetime_stop() and could not find #1 Oct 31 15:25:16.267605: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:16.267609: | delref mdp@0x5557669ecc20(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:16.267612: | delref logger@0x5557669ebd60(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:16.267615: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.267618: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.267624: | spent 0.67 (1.05) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:16.517898: | processing global timer EVENT_SHUNT_SCAN Oct 31 15:25:16.517918: | checking for aged bare shunts from shunt table to expire Oct 31 15:25:16.517927: | spent 0.00627 (0.0058) milliseconds in global timer EVENT_SHUNT_SCAN Oct 31 15:25:16.694372: | newref struct fd@0x5557669ec780(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.694388: | fd_accept: new fd-fd@0x5557669ec780 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:16.694401: shutting down Oct 31 15:25:16.694409: | leaking fd-fd@0x5557669ec780's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:16.694413: | delref fd@0x5557669ec780(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:16.694416: | freeref fd-fd@0x5557669ec780 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:16.694452: | shutting down helper thread 6 Oct 31 15:25:16.694509: | helper thread 6 exited Oct 31 15:25:16.694529: | shutting down helper thread 7 Oct 31 15:25:16.694590: | helper thread 7 exited Oct 31 15:25:16.694604: | shutting down helper thread 3 Oct 31 15:25:16.694668: | helper thread 3 exited Oct 31 15:25:16.694682: | shutting down helper thread 1 Oct 31 15:25:16.694693: | helper thread 1 exited Oct 31 15:25:16.694705: | shutting down helper thread 2 Oct 31 15:25:16.694760: | helper thread 2 exited Oct 31 15:25:16.694768: | shutting down helper thread 4 Oct 31 15:25:16.694776: | helper thread 4 exited Oct 31 15:25:16.694800: | shutting down helper thread 5 Oct 31 15:25:16.694809: | helper thread 5 exited Oct 31 15:25:16.694814: 7 helper threads shutdown Oct 31 15:25:16.694818: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:16.694821: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:16.694823: forgetting secrets Oct 31 15:25:16.694834: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:16.694837: | delref pkp@0x5557669eb790(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:16.694839: | delref pkp@0x5557669ec880(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:16.694842: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:16.694843: | pass 0 Oct 31 15:25:16.694845: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.694849: | pass 1 Oct 31 15:25:16.694851: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.694857: | shunt_eroute() called for connection 'north-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Oct 31 15:25:16.694860: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Oct 31 15:25:16.694875: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.694926: | priority calculation of connection "north-eastnets/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:16.694935: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:16.694937: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:16.694939: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:16.694941: | conn north-eastnets/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:16.694942: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:16.694945: | route owner of "north-eastnets/0x2" unrouted: NULL Oct 31 15:25:16.694947: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:16.694948: | command executing unroute-client Oct 31 15:25:16.694966: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED... Oct 31 15:25:16.694968: | popen cmd is 1085 chars long Oct 31 15:25:16.694970: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:25:16.694971: | cmd( 80):/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:16.694973: | cmd( 160):UTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CL: Oct 31 15:25:16.694974: | cmd( 240):IENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.25: Oct 31 15:25:16.694975: | cmd( 320):5.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA: Oct 31 15:25:16.694977: | cmd( 400):_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='19: Oct 31 15:25:16.694978: | cmd( 480):2.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.: Oct 31 15:25:16.694980: | cmd( 560):255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=: Oct 31 15:25:16.694981: | cmd( 640):'xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV: Oct 31 15:25:16.694982: | cmd( 720):2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Oct 31 15:25:16.694984: | cmd( 800):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Oct 31 15:25:16.694985: | cmd( 880):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Oct 31 15:25:16.694986: | cmd( 960):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Oct 31 15:25:16.694988: | cmd(1040):no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:16.704045: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704062: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704067: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704069: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704085: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704087: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704097: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704107: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704116: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704125: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704135: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704145: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704157: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704165: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704176: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704184: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704196: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704228: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704233: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704236: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704239: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704251: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704261: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704270: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704280: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704289: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704299: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704310: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704320: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704329: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704348: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704366: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704387: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704400: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704404: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704742: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704750: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704763: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704772: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704781: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704791: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704802: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704813: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704823: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.704832: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.708654: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:16.708666: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:16.708670: | newref clone logger@0x7f619c0037e0(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:16.708672: | flush revival: connection 'north-eastnets/0x2' wasn't on the list Oct 31 15:25:16.708678: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:16.708679: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:16.708683: | Connection DB: deleting connection $2 Oct 31 15:25:16.708686: | delref logger@0x7f619c0037e0(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:16.708688: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.708689: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.708691: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:16.708693: | pass 0 Oct 31 15:25:16.708695: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.708696: | pass 1 Oct 31 15:25:16.708697: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:16.708703: | shunt_eroute() called for connection 'north-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:16.708719: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:16.708722: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.708773: | priority calculation of connection "north-eastnets/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:16.708787: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:16.708790: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:16.708793: | conn north-eastnets/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:16.708796: | route owner of "north-eastnets/0x1" unrouted: NULL Oct 31 15:25:16.708799: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:16.708801: | command executing unroute-client Oct 31 15:25:16.708828: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:25:16.708832: | popen cmd is 1083 chars long Oct 31 15:25:16.708834: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-eastnets: Oct 31 15:25:16.708837: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:16.708839: | cmd( 160):UTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CL: Oct 31 15:25:16.708841: | cmd( 240):IENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.25: Oct 31 15:25:16.708844: | cmd( 320):5.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA: Oct 31 15:25:16.708846: | cmd( 400):_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='19: Oct 31 15:25:16.708848: | cmd( 480):2.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.25: Oct 31 15:25:16.708851: | cmd( 560):5.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='x: Oct 31 15:25:16.708853: | cmd( 640):frm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_: Oct 31 15:25:16.708856: | cmd( 720):ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Oct 31 15:25:16.708860: | cmd( 800):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Oct 31 15:25:16.708863: | cmd( 880):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Oct 31 15:25:16.708865: | cmd( 960):_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no: Oct 31 15:25:16.708867: | cmd(1040):' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:16.718436: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718455: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718460: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718474: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718484: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718494: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718504: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718513: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718522: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718532: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718541: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718551: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718562: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718572: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718582: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718647: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718653: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718656: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718659: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718662: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718665: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718674: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718681: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718691: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718700: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718709: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718720: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718730: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718740: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718748: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718758: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718768: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718778: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718788: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.718799: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719043: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719062: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719076: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719089: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719100: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719110: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719121: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719132: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719141: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.719151: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:16.723239: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:16.723250: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:16.723255: | newref clone logger@0x5557669e65b0(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:16.723260: | delref hp@0x5557669e7fd0(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:16.723268: | flush revival: connection 'north-eastnets/0x1' wasn't on the list Oct 31 15:25:16.723271: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:16.723274: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:16.723280: | Connection DB: deleting connection $1 Oct 31 15:25:16.723284: | delref logger@0x5557669e65b0(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:16.723286: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:16.723289: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:16.723292: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:16.723295: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:16.723299: | iface: marking eth1 dead Oct 31 15:25:16.723301: | iface: marking eth0 dead Oct 31 15:25:16.723304: | iface: marking lo dead Oct 31 15:25:16.723306: | updating interfaces - listing interfaces that are going down Oct 31 15:25:16.723312: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:16.723317: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:16.723321: shutting down interface eth0 192.0.3.254:4500 Oct 31 15:25:16.723324: shutting down interface eth0 192.0.3.254:500 Oct 31 15:25:16.723328: shutting down interface eth1 192.1.3.33:4500 Oct 31 15:25:16.723332: shutting down interface eth1 192.1.3.33:500 Oct 31 15:25:16.723334: | updating interfaces - deleting the dead Oct 31 15:25:16.723340: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:16.723349: | libevent_free: delref ptr-libevent@0x5557669e6fd0 Oct 31 15:25:16.723354: | delref id@0x5557669e67a0(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723366: | libevent_free: delref ptr-libevent@0x5557669e7060 Oct 31 15:25:16.723370: | delref id@0x5557669e67a0(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723377: | libevent_free: delref ptr-libevent@0x5557669e7110 Oct 31 15:25:16.723381: | delref id@0x5557669e6710(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723388: | libevent_free: delref ptr-libevent@0x5557669e71c0 Oct 31 15:25:16.723391: | delref id@0x5557669e6710(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723398: | libevent_free: delref ptr-libevent@0x5557669e7270 Oct 31 15:25:16.723402: | delref id@0x5557669e6640(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723408: | libevent_free: delref ptr-libevent@0x5557669e7320 Oct 31 15:25:16.723412: | delref id@0x5557669e6640(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723417: | delref id@0x5557669e6640(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723421: | delref id@0x5557669e6710(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723424: | delref id@0x5557669e67a0(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:16.723426: | updating interfaces - checking orientation Oct 31 15:25:16.723428: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:16.725157: | libevent_free: delref ptr-libevent@0x5557669e36b0 Oct 31 15:25:16.725169: | free_event_entry: delref EVENT_NULL-pe@0x5557669e5c70 Oct 31 15:25:16.725174: | libevent_free: delref ptr-libevent@0x5557669e3620 Oct 31 15:25:16.725177: | free_event_entry: delref EVENT_NULL-pe@0x5557669db530 Oct 31 15:25:16.725181: | libevent_free: delref ptr-libevent@0x5557669e2970 Oct 31 15:25:16.725184: | free_event_entry: delref EVENT_NULL-pe@0x5557669dea00 Oct 31 15:25:16.725191: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:16.725194: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:16.725196: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:16.725203: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:16.725207: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:16.725209: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:16.725211: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:16.725214: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:16.725216: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:16.725220: | libevent_free: delref ptr-libevent@0x5557669e5e00 Oct 31 15:25:16.725223: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:16.725232: | libevent_free: delref ptr-libevent@0x5557669e5ee0 Oct 31 15:25:16.725235: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:16.725238: | libevent_free: delref ptr-libevent@0x5557669e5fa0 Oct 31 15:25:16.725240: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:16.725243: | libevent_free: delref ptr-libevent@0x5557669d8c10 Oct 31 15:25:16.725245: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:16.725247: | releasing event base Oct 31 15:25:16.725262: | libevent_free: delref ptr-libevent@0x5557669e6060 Oct 31 15:25:16.725266: | libevent_free: delref ptr-libevent@0x55576699c260 Oct 31 15:25:16.725270: | libevent_free: delref ptr-libevent@0x5557669d3c00 Oct 31 15:25:16.725272: | libevent_free: delref ptr-libevent@0x5557669a6130 Oct 31 15:25:16.725275: | libevent_free: delref ptr-libevent@0x5557669d3cd0 Oct 31 15:25:16.725277: | libevent_free: delref ptr-libevent@0x5557669e5cb0 Oct 31 15:25:16.725280: | libevent_free: delref ptr-libevent@0x5557669e5ea0 Oct 31 15:25:16.725282: | libevent_free: delref ptr-libevent@0x5557669d3da0 Oct 31 15:25:16.725284: | libevent_free: delref ptr-libevent@0x5557669d9850 Oct 31 15:25:16.725286: | libevent_free: delref ptr-libevent@0x5557669d9830 Oct 31 15:25:16.725289: | libevent_free: delref ptr-libevent@0x5557669e73b0 Oct 31 15:25:16.725291: | libevent_free: delref ptr-libevent@0x5557669e7300 Oct 31 15:25:16.725293: | libevent_free: delref ptr-libevent@0x5557669e7250 Oct 31 15:25:16.725295: | libevent_free: delref ptr-libevent@0x5557669e71a0 Oct 31 15:25:16.725298: | libevent_free: delref ptr-libevent@0x5557669e70f0 Oct 31 15:25:16.725300: | libevent_free: delref ptr-libevent@0x5557669e6c10 Oct 31 15:25:16.725314: | libevent_free: delref ptr-libevent@0x5557669d58c0 Oct 31 15:25:16.725317: | libevent_free: delref ptr-libevent@0x5557669e5f80 Oct 31 15:25:16.725319: | libevent_free: delref ptr-libevent@0x5557669e5ec0 Oct 31 15:25:16.725321: | libevent_free: delref ptr-libevent@0x5557669e5de0 Oct 31 15:25:16.725323: | libevent_free: delref ptr-libevent@0x5557669e6040 Oct 31 15:25:16.725326: | libevent_free: delref ptr-libevent@0x5557669e5cd0 Oct 31 15:25:16.725328: | libevent_free: delref ptr-libevent@0x5557669d5850 Oct 31 15:25:16.725331: | libevent_free: delref ptr-libevent@0x5557669d5880 Oct 31 15:25:16.725333: | libevent_free: delref ptr-libevent@0x5557669d55b0 Oct 31 15:25:16.725335: | releasing global libevent data Oct 31 15:25:16.725338: | libevent_free: delref ptr-libevent@0x5557669cbd40 Oct 31 15:25:16.725340: | libevent_free: delref ptr-libevent@0x5557669d3e70 Oct 31 15:25:16.725343: | libevent_free: delref ptr-libevent@0x5557669d5540