Oct 31 15:24:52.890031: | newref logger@0x55e415c0ebb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:52.890103: | delref logger@0x55e415c0ebb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:52.890110: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:52.890112: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:52.890117: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:52.890272: Initializing NSS Oct 31 15:24:52.890279: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:52.919110: FIPS Mode: NO Oct 31 15:24:52.919123: NSS crypto library initialized Oct 31 15:24:52.919149: FIPS mode disabled for pluto daemon Oct 31 15:24:52.919152: FIPS HMAC integrity support [disabled] Oct 31 15:24:52.919499: libcap-ng support [enabled] Oct 31 15:24:52.919513: Linux audit support [enabled] Oct 31 15:24:52.919819: Linux audit activated Oct 31 15:24:52.919826: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2151560 Oct 31 15:24:52.919828: core dump dir: /tmp Oct 31 15:24:52.919831: secrets file: /etc/ipsec.secrets Oct 31 15:24:52.919832: leak-detective enabled Oct 31 15:24:52.919834: NSS crypto [enabled] Oct 31 15:24:52.919835: XAUTH PAM support [enabled] Oct 31 15:24:52.919888: | libevent is using pluto's memory allocator Oct 31 15:24:52.919894: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:52.919909: | libevent_malloc: newref ptr-libevent@0x55e415c94688 size 40 Oct 31 15:24:52.919913: | libevent_malloc: newref ptr-libevent@0x55e415c23e38 size 40 Oct 31 15:24:52.919916: | libevent_malloc: newref ptr-libevent@0x55e415c94b68 size 40 Oct 31 15:24:52.919919: | creating event base Oct 31 15:24:52.919922: | libevent_malloc: newref ptr-libevent@0x55e415c94e68 size 56 Oct 31 15:24:52.919925: | libevent_malloc: newref ptr-libevent@0x55e415c8b328 size 664 Oct 31 15:24:52.919937: | libevent_malloc: newref ptr-libevent@0x55e415cc1cb8 size 24 Oct 31 15:24:52.919940: | libevent_malloc: newref ptr-libevent@0x55e415c24458 size 384 Oct 31 15:24:52.919954: | libevent_malloc: newref ptr-libevent@0x55e415cc1d08 size 16 Oct 31 15:24:52.919956: | libevent_malloc: newref ptr-libevent@0x55e415c94ae8 size 40 Oct 31 15:24:52.919957: | libevent_malloc: newref ptr-libevent@0x55e415c94348 size 48 Oct 31 15:24:52.919962: | libevent_realloc: newref ptr-libevent@0x55e415cb8488 size 256 Oct 31 15:24:52.919964: | libevent_malloc: newref ptr-libevent@0x55e415cc1d48 size 16 Oct 31 15:24:52.919968: | libevent_free: delref ptr-libevent@0x55e415c94e68 Oct 31 15:24:52.919969: | libevent initialized Oct 31 15:24:52.919973: | libevent_realloc: newref ptr-libevent@0x55e415c94e68 size 64 Oct 31 15:24:52.919976: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:52.919981: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:52.919983: NAT-Traversal support [enabled] Oct 31 15:24:52.919984: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:52.919988: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:52.919990: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:52.920003: | checking IKEv1 state table Oct 31 15:24:52.920014: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.920019: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:52.920023: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.920025: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:52.920028: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:52.920030: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:52.920033: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.920035: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.920037: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:52.920045: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:52.920048: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.920050: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:52.920053: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:52.920055: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:52.920058: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:52.920060: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:52.920063: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:52.920065: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:52.920066: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:52.920068: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:52.920073: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:52.920076: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:52.920079: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:52.920082: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:52.920085: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.920087: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:52.920090: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.920093: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:52.920096: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:52.920099: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:52.920101: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:52.920103: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:52.920107: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:52.920109: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:52.920113: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:52.920115: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:52.920118: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:52.920121: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:52.920124: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:52.920126: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:52.920129: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:52.920132: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:52.920135: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:52.920137: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:52.920140: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:52.920142: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:52.920145: | INFO: category: informational; flags: 0: Oct 31 15:24:52.920148: | -> INFO EVENT_NULL (informational) Oct 31 15:24:52.920151: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:52.920153: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:52.920156: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920158: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:52.920161: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:52.920164: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:52.920167: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:52.920169: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:52.920172: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:52.920174: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:52.920177: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:52.920179: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:52.920182: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.920185: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:52.920188: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920190: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:52.920196: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.920207: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:52.920214: | checking IKEv2 state table Oct 31 15:24:52.920218: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920221: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:52.920226: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920228: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:52.920232: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920235: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:52.920239: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:52.920242: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:52.920245: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.920247: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:52.920255: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:52.920258: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:52.920260: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:52.920263: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:52.920265: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:52.920268: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:52.920270: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:52.920272: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:52.920277: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:52.920280: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:52.920283: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.920285: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:52.920288: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:52.920291: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:52.920293: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:52.920296: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:52.920298: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:52.920301: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920303: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:52.920306: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.920309: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:52.920312: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:52.920315: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:52.920318: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920320: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:52.920324: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:52.920335: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:52.920340: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:52.920343: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:52.920346: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:52.920349: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:52.920351: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:52.920354: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:52.920357: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:52.920360: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:52.920362: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:52.920366: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:52.920371: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:52.920374: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:52.920504: Encryption algorithms: Oct 31 15:24:52.920512: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:52.920517: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:52.920522: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:52.920526: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:52.920531: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:52.920535: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:52.920540: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:52.920545: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:52.920549: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:52.920554: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:52.920559: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:52.920563: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:52.920567: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:52.920571: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:52.920573: Hash algorithms: Oct 31 15:24:52.920577: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:52.920581: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:52.920585: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:52.920588: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:52.920591: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:52.920594: PRF algorithms: Oct 31 15:24:52.920597: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:52.920601: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:52.920606: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:52.920613: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:52.920617: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:52.920620: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:52.920622: Integrity algorithms: Oct 31 15:24:52.920626: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:52.920631: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:52.920636: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:52.920642: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:52.920648: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:52.920652: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:52.920657: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:52.920661: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:52.920664: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:52.920667: DH algorithms: Oct 31 15:24:52.920671: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:52.920675: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:52.920678: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:52.920682: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:52.920685: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:52.920688: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:52.920692: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:52.920696: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:52.920700: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:52.920703: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:52.920707: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:52.920710: testing CAMELLIA_CBC: Oct 31 15:24:52.920713: Camellia: 16 bytes with 128-bit key Oct 31 15:24:52.920877: Camellia: 16 bytes with 128-bit key Oct 31 15:24:52.920920: Camellia: 16 bytes with 256-bit key Oct 31 15:24:52.920960: Camellia: 16 bytes with 256-bit key Oct 31 15:24:52.921000: testing AES_GCM_16: Oct 31 15:24:52.921004: empty string Oct 31 15:24:52.921036: one block Oct 31 15:24:52.921068: two blocks Oct 31 15:24:52.921100: two blocks with associated data Oct 31 15:24:52.921130: testing AES_CTR: Oct 31 15:24:52.921134: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:52.921167: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:52.921206: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:52.921249: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:52.921288: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:52.921329: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:52.921377: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:52.921418: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:52.921456: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:52.921494: testing AES_CBC: Oct 31 15:24:52.921498: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:52.921530: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:52.921570: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:52.921607: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:52.921649: testing AES_XCBC: Oct 31 15:24:52.921653: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:52.921731: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:52.921841: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:52.921975: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:52.922119: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:52.922243: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:52.922326: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:52.922519: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:52.922597: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:52.922679: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:52.922813: testing HMAC_MD5: Oct 31 15:24:52.922816: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:52.922970: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:52.923065: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:52.923284: 8 CPU cores online Oct 31 15:24:52.923293: starting up 7 helper threads Oct 31 15:24:52.923338: started thread for helper 0 Oct 31 15:24:52.923365: started thread for helper 1 Oct 31 15:24:52.923390: started thread for helper 2 Oct 31 15:24:52.923415: started thread for helper 3 Oct 31 15:24:52.923426: | starting helper thread 4 Oct 31 15:24:52.923440: seccomp security disabled for crypto helper 4 Oct 31 15:24:52.923448: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:52.923448: started thread for helper 4 Oct 31 15:24:52.923461: | starting helper thread 5 Oct 31 15:24:52.923455: | helper thread 4 has nothing to do Oct 31 15:24:52.923476: seccomp security disabled for crypto helper 5 Oct 31 15:24:52.923480: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:52.923482: | helper thread 5 has nothing to do Oct 31 15:24:52.923488: started thread for helper 5 Oct 31 15:24:52.923495: | starting helper thread 6 Oct 31 15:24:52.923503: seccomp security disabled for crypto helper 6 Oct 31 15:24:52.923507: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:52.923510: | helper thread 6 has nothing to do Oct 31 15:24:52.923515: started thread for helper 6 Oct 31 15:24:52.923522: | starting helper thread 7 Oct 31 15:24:52.923526: seccomp security disabled for crypto helper 7 Oct 31 15:24:52.923530: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:52.923532: | helper thread 7 has nothing to do Oct 31 15:24:52.923546: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:52.923610: | Hard-wiring algorithms Oct 31 15:24:52.923614: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:52.923622: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:52.923625: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:52.923628: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:52.923631: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:52.923634: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:52.923636: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:52.923644: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:52.923647: | adding AES_CTR to kernel algorithm db Oct 31 15:24:52.923650: | adding AES_CBC to kernel algorithm db Oct 31 15:24:52.923653: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:52.923656: | adding NULL to kernel algorithm db Oct 31 15:24:52.923659: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:52.923662: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:52.923665: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:52.923668: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:52.923671: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:52.923674: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:52.923676: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:52.923679: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:52.923682: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:52.923685: | adding NONE to kernel algorithm db Oct 31 15:24:52.923718: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:52.923727: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:52.923730: | setup kernel fd callback Oct 31 15:24:52.923734: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55e415ccce38 Oct 31 15:24:52.923738: | libevent_malloc: newref ptr-libevent@0x55e415c925f8 size 128 Oct 31 15:24:52.923742: | libevent_malloc: newref ptr-libevent@0x55e415cc5b48 size 16 Oct 31 15:24:52.923749: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55e415ccee58 Oct 31 15:24:52.923752: | libevent_malloc: newref ptr-libevent@0x55e415c926a8 size 128 Oct 31 15:24:52.923754: | libevent_malloc: newref ptr-libevent@0x55e415cc5508 size 16 Oct 31 15:24:52.923984: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:52.924062: | starting helper thread 2 Oct 31 15:24:52.924067: seccomp security disabled for crypto helper 2 Oct 31 15:24:52.924070: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:52.924072: | helper thread 2 has nothing to do Oct 31 15:24:52.924113: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:52.924311: | unbound context created - setting debug level to 5 Oct 31 15:24:52.924352: | /etc/hosts lookups activated Oct 31 15:24:52.924368: | /etc/resolv.conf usage activated Oct 31 15:24:52.924420: | outgoing-port-avoid set 0-65535 Oct 31 15:24:52.924444: | outgoing-port-permit set 32768-60999 Oct 31 15:24:52.924447: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:52.924451: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:52.924454: | Setting up events, loop start Oct 31 15:24:52.924457: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55e415cd2438 Oct 31 15:24:52.924461: | libevent_malloc: newref ptr-libevent@0x55e415ccef78 size 128 Oct 31 15:24:52.924465: | libevent_malloc: newref ptr-libevent@0x55e415cc5f28 size 16 Oct 31 15:24:52.924474: | libevent_realloc: newref ptr-libevent@0x55e415cd24a8 size 256 Oct 31 15:24:52.924479: | libevent_malloc: newref ptr-libevent@0x55e415cc5b88 size 8 Oct 31 15:24:52.924483: | libevent_realloc: newref ptr-libevent@0x55e415cc51c8 size 144 Oct 31 15:24:52.924486: | libevent_malloc: newref ptr-libevent@0x55e415c252f8 size 152 Oct 31 15:24:52.924490: | libevent_malloc: newref ptr-libevent@0x55e415cc5d38 size 16 Oct 31 15:24:52.924498: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:52.924502: | libevent_malloc: newref ptr-libevent@0x55e415cd25d8 size 8 Oct 31 15:24:52.924505: | libevent_malloc: newref ptr-libevent@0x55e415c13668 size 152 Oct 31 15:24:52.924509: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:52.924512: | libevent_malloc: newref ptr-libevent@0x55e415cd2618 size 8 Oct 31 15:24:52.924514: | libevent_malloc: newref ptr-libevent@0x55e415cd2658 size 152 Oct 31 15:24:52.924517: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:52.924520: | libevent_malloc: newref ptr-libevent@0x55e415cd2728 size 8 Oct 31 15:24:52.924527: | libevent_realloc: delref ptr-libevent@0x55e415cc51c8 Oct 31 15:24:52.924530: | libevent_realloc: newref ptr-libevent@0x55e415cd2768 size 256 Oct 31 15:24:52.924533: | libevent_malloc: newref ptr-libevent@0x55e415cd2898 size 152 Oct 31 15:24:52.924536: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:52.924904: | created addconn helper (pid:2151594) using fork+execve Oct 31 15:24:52.924922: | forked child 2151594 Oct 31 15:24:52.924940: seccomp security disabled Oct 31 15:24:52.924971: | starting helper thread 1 Oct 31 15:24:52.924975: seccomp security disabled for crypto helper 1 Oct 31 15:24:52.924980: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:52.924984: | helper thread 1 has nothing to do Oct 31 15:24:52.926234: | starting helper thread 3 Oct 31 15:24:52.926246: seccomp security disabled for crypto helper 3 Oct 31 15:24:52.926251: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:52.926253: | helper thread 3 has nothing to do Oct 31 15:24:52.932625: | newref struct fd@0x55e415cd29f8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.932637: | fd_accept: new fd-fd@0x55e415cd29f8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.932649: | whack: delete 'westnet-eastnet-ikev2' Oct 31 15:24:52.932651: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.932653: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:52.932654: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.932656: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:52.932731: | whack: connection 'westnet-eastnet-ikev2' Oct 31 15:24:52.932741: | addref fd@0x55e415cd29f8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:52.932748: | newref string logger@0x55e415cc62e8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:52.932754: | Connection DB: adding connection "westnet-eastnet-ikev2" $1 Oct 31 15:24:52.932761: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.932775: | added new connection westnet-eastnet-ikev2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:52.932875: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:52.932881: | from whack: got --esp= Oct 31 15:24:52.932954: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:52.933001: | computed rsa CKAID Oct 31 15:24:52.933003: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:52.933005: | 7f 0f 03 50 Oct 31 15:24:52.933010: | keyid: *AQOm9dY/4 Oct 31 15:24:52.933012: | size: 274 Oct 31 15:24:52.933013: | n Oct 31 15:24:52.933014: | a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Oct 31 15:24:52.933016: | 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Oct 31 15:24:52.933017: | 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Oct 31 15:24:52.933019: | c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Oct 31 15:24:52.933020: | 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Oct 31 15:24:52.933021: | f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Oct 31 15:24:52.933023: | ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Oct 31 15:24:52.933024: | d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Oct 31 15:24:52.933025: | 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Oct 31 15:24:52.933027: | 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Oct 31 15:24:52.933028: | a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Oct 31 15:24:52.933029: | db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Oct 31 15:24:52.933035: | 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Oct 31 15:24:52.933036: | 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Oct 31 15:24:52.933037: | 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Oct 31 15:24:52.933039: | 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Oct 31 15:24:52.933040: | 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Oct 31 15:24:52.933041: | 37 f9 Oct 31 15:24:52.933043: | e Oct 31 15:24:52.933044: | 03 Oct 31 15:24:52.933045: | CKAID Oct 31 15:24:52.933047: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:52.933048: | 7f 0f 03 50 Oct 31 15:24:52.933056: | saving left CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350 extracted from raw RSA public key Oct 31 15:24:52.933163: | spent 0.0966 (0.0965) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.933170: | no private key matching left CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350: can't find the private key matching the NSS CKAID Oct 31 15:24:52.933172: | counting wild cards for @west is 0 Oct 31 15:24:52.933190: | computed rsa CKAID Oct 31 15:24:52.933196: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.933283: | 8a 82 25 f1 Oct 31 15:24:52.933290: | keyid: *AQO9bJbr3 Oct 31 15:24:52.933295: | size: 274 Oct 31 15:24:52.933298: | n Oct 31 15:24:52.933301: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:52.933303: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:52.933306: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:52.933308: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:52.933311: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:52.933313: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:52.933316: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:52.933318: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:52.933321: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:52.933323: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:52.933326: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:52.933328: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:52.933331: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:52.933334: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:52.933337: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:52.933339: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:52.933342: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:52.933345: | 48 ef Oct 31 15:24:52.933347: | e Oct 31 15:24:52.933350: | 03 Oct 31 15:24:52.933351: | CKAID Oct 31 15:24:52.933353: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.933354: | 8a 82 25 f1 Oct 31 15:24:52.933358: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:52.933433: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:52.933775: | copying key using reference slot Oct 31 15:24:52.935233: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:52.935243: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:52.935250: | spent 1.86 (1.89) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.935256: connection "westnet-eastnet-ikev2": loaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:52.935258: | counting wild cards for @east is 0 Oct 31 15:24:52.935262: | updating connection from left.host_addr Oct 31 15:24:52.935264: | left host_port 500 Oct 31 15:24:52.935265: | updating connection from right.host_addr Oct 31 15:24:52.935267: | right host_port 500 Oct 31 15:24:52.935272: | orienting westnet-eastnet-ikev2 Oct 31 15:24:52.935275: added IKEv2 connection "westnet-eastnet-ikev2" Oct 31 15:24:52.935290: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:52.935297: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:52.935300: | delref logger@0x55e415cc62e8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:52.935302: | delref fd@0x55e415cd29f8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:52.935304: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:52.935311: | delref fd@0x55e415cd29f8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.935321: | freeref fd-fd@0x55e415cd29f8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.935327: | spent 2.55 (2.71) milliseconds in whack Oct 31 15:24:52.935403: | newref struct fd@0x55e415cd6488(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.935407: | fd_accept: new fd-fd@0x55e415cd6488 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.935415: | whack: key Oct 31 15:24:52.935418: add keyid @west Oct 31 15:24:52.935420: | 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Oct 31 15:24:52.935455: | 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Oct 31 15:24:52.935457: | b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Oct 31 15:24:52.935458: | 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Oct 31 15:24:52.935460: | 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Oct 31 15:24:52.935461: | f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Oct 31 15:24:52.935462: | ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Oct 31 15:24:52.935464: | 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Oct 31 15:24:52.935465: | b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Oct 31 15:24:52.935466: | 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Oct 31 15:24:52.935468: | 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Oct 31 15:24:52.935469: | ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Oct 31 15:24:52.935470: | 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Oct 31 15:24:52.935472: | d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Oct 31 15:24:52.935473: | 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Oct 31 15:24:52.935474: | 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Oct 31 15:24:52.935476: | c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Oct 31 15:24:52.935477: | 15 04 37 f9 Oct 31 15:24:52.935489: | computed rsa CKAID Oct 31 15:24:52.935490: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:52.935492: | 7f 0f 03 50 Oct 31 15:24:52.935495: | keyid: *AQOm9dY/4 Oct 31 15:24:52.935497: | size: 274 Oct 31 15:24:52.935498: | n Oct 31 15:24:52.935500: | a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Oct 31 15:24:52.935501: | 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Oct 31 15:24:52.935502: | 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Oct 31 15:24:52.935504: | c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Oct 31 15:24:52.935505: | 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Oct 31 15:24:52.935506: | f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Oct 31 15:24:52.935508: | ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Oct 31 15:24:52.935509: | d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Oct 31 15:24:52.935510: | 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Oct 31 15:24:52.935512: | 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Oct 31 15:24:52.935513: | a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Oct 31 15:24:52.935514: | db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Oct 31 15:24:52.935516: | 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Oct 31 15:24:52.935517: | 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Oct 31 15:24:52.935518: | 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Oct 31 15:24:52.935520: | 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Oct 31 15:24:52.935523: | 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Oct 31 15:24:52.935525: | 37 f9 Oct 31 15:24:52.935526: | e Oct 31 15:24:52.935527: | 03 Oct 31 15:24:52.935529: | CKAID Oct 31 15:24:52.935530: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:52.935531: | 7f 0f 03 50 Oct 31 15:24:52.935534: | newref struct pubkey@0x55e415cd9f28(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:52.935536: | addref pk@0x55e415cd9f28(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:52.935538: | delref pkp@0x55e415cd9f28(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:52.935541: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.935582: | spent 0.0385 (0.0388) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.935588: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:52.935592: | delref fd@0x55e415cd6488(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.935599: | freeref fd-fd@0x55e415cd6488 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.935604: | spent 0.185 (0.206) milliseconds in whack Oct 31 15:24:52.935658: | newref struct fd@0x55e415cc6008(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.935663: | fd_accept: new fd-fd@0x55e415cc6008 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.935672: | whack: key Oct 31 15:24:52.935677: add keyid @east Oct 31 15:24:52.935680: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:52.935682: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:52.935685: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:52.935687: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:52.935688: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:52.935690: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:52.935691: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:52.935692: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:52.935694: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:52.935695: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:52.935696: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:52.935698: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:52.935699: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:52.935700: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:52.935702: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:52.935703: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:52.935704: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:52.935705: | 51 51 48 ef Oct 31 15:24:52.935712: | computed rsa CKAID Oct 31 15:24:52.935713: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.935714: | 8a 82 25 f1 Oct 31 15:24:52.935718: | keyid: *AQO9bJbr3 Oct 31 15:24:52.935719: | size: 274 Oct 31 15:24:52.935721: | n Oct 31 15:24:52.935722: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:52.935723: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:52.935725: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:52.935726: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:52.935727: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:52.935729: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:52.935730: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:52.935731: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:52.935733: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:52.935734: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:52.935735: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:52.935737: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:52.935740: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:52.935742: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:52.935743: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:52.935744: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:52.935746: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:52.935747: | 48 ef Oct 31 15:24:52.935748: | e Oct 31 15:24:52.935750: | 03 Oct 31 15:24:52.935751: | CKAID Oct 31 15:24:52.935752: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:52.935754: | 8a 82 25 f1 Oct 31 15:24:52.935756: | newref struct pubkey@0x55e415cd8fc8(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:52.935758: | addref pk@0x55e415cd8fc8(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:52.935760: | delref pkp@0x55e415cd8fc8(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:52.935762: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:52.935764: | matched Oct 31 15:24:52.935765: | secrets entry for ckaid already exists Oct 31 15:24:52.935768: | spent 0.00508 (0.00497) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:52.935771: | delref fd@0x55e415cc6008(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.935776: | freeref fd-fd@0x55e415cc6008 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.935779: | spent 0.127 (0.127) milliseconds in whack Oct 31 15:24:52.935812: | newref struct fd@0x55e415cc62e8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.935814: | fd_accept: new fd-fd@0x55e415cc62e8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.935820: | whack: listen Oct 31 15:24:52.935822: listening for IKE messages Oct 31 15:24:52.942778: | Inspecting interface lo Oct 31 15:24:52.942796: | found lo with address 127.0.0.1 Oct 31 15:24:52.942799: | Inspecting interface eth0 Oct 31 15:24:52.942802: | found eth0 with address 192.0.2.254 Oct 31 15:24:52.942806: | Inspecting interface eth0 Oct 31 15:24:52.942808: | found eth0 with address 192.0.2.250 Oct 31 15:24:52.942810: | Inspecting interface eth0 Oct 31 15:24:52.942812: | found eth0 with address 192.0.2.251 Oct 31 15:24:52.942814: | Inspecting interface eth1 Oct 31 15:24:52.942817: | found eth1 with address 192.1.2.23 Oct 31 15:24:52.942827: | newref struct iface_dev@0x55e415cd9198(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.942842: Kernel supports NIC esp-hw-offload Oct 31 15:24:52.942853: | iface: marking eth1 add Oct 31 15:24:52.942856: | newref struct iface_dev@0x55e415cd9288(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.942858: | iface: marking eth0 add Oct 31 15:24:52.942860: | newref struct iface_dev@0x55e415cd9318(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.942863: | iface: marking eth0 add Oct 31 15:24:52.942865: | newref struct iface_dev@0x55e415cd93a8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.942867: | iface: marking eth0 add Oct 31 15:24:52.942869: | newref struct iface_dev@0x55e415cd9438(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:52.942871: | iface: marking lo add Oct 31 15:24:52.942924: | no interfaces to sort Oct 31 15:24:52.942942: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:52.942957: | addref ifd@0x55e415cd9198(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.942965: adding UDP interface eth1 192.1.2.23:500 Oct 31 15:24:52.942989: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:52.942999: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.943003: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.943008: | addref ifd@0x55e415cd9198(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943012: adding UDP interface eth1 192.1.2.23:4500 Oct 31 15:24:52.943027: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:52.943039: | addref ifd@0x55e415cd9288(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943043: adding UDP interface eth0 192.0.2.251:500 Oct 31 15:24:52.943057: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:52.943069: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.943072: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.943076: | addref ifd@0x55e415cd9288(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943080: adding UDP interface eth0 192.0.2.251:4500 Oct 31 15:24:52.943093: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:52.943102: | addref ifd@0x55e415cd9318(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943106: adding UDP interface eth0 192.0.2.250:500 Oct 31 15:24:52.943119: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:52.943126: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.943130: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.943133: | addref ifd@0x55e415cd9318(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943137: adding UDP interface eth0 192.0.2.250:4500 Oct 31 15:24:52.943150: | MSG_ERRQUEUE enabled on fd 24 Oct 31 15:24:52.943158: | addref ifd@0x55e415cd93a8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943162: adding UDP interface eth0 192.0.2.254:500 Oct 31 15:24:52.943176: | MSG_ERRQUEUE enabled on fd 25 Oct 31 15:24:52.943184: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.943188: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.943191: | addref ifd@0x55e415cd93a8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943245: adding UDP interface eth0 192.0.2.254:4500 Oct 31 15:24:52.943268: | MSG_ERRQUEUE enabled on fd 26 Oct 31 15:24:52.943279: | addref ifd@0x55e415cd9438(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943284: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:52.943299: | MSG_ERRQUEUE enabled on fd 27 Oct 31 15:24:52.943308: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:52.943311: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:52.943314: | addref ifd@0x55e415cd9438(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:52.943318: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:52.943323: | updating interfaces - listing interfaces that are going down Oct 31 15:24:52.943325: | updating interfaces - checking orientation Oct 31 15:24:52.943328: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:52.943331: | orienting westnet-eastnet-ikev2 Oct 31 15:24:52.943336: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:52.943342: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:52.943346: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:52.943351: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:52.943355: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:4500 at all Oct 31 15:24:52.943359: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:500 at all Oct 31 15:24:52.943363: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:52.943368: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:500 at all Oct 31 15:24:52.943372: | westnet-eastnet-ikev2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:52.943375: | oriented westnet-eastnet-ikev2's that Oct 31 15:24:52.943378: | swapping ends so that that is this Oct 31 15:24:52.943385: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Oct 31 15:24:52.943393: | newref hp@0x55e415cd6c98(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:52.943429: | libevent_malloc: newref ptr-libevent@0x55e415cd4fe8 size 128 Oct 31 15:24:52.943434: | libevent_malloc: newref ptr-libevent@0x55e415cd95d8 size 16 Oct 31 15:24:52.943445: | setup callback for interface lo 127.0.0.1:4500 fd 27 on UDP Oct 31 15:24:52.943448: | libevent_malloc: newref ptr-libevent@0x55e415cceec8 size 128 Oct 31 15:24:52.943452: | libevent_malloc: newref ptr-libevent@0x55e415cd53e8 size 16 Oct 31 15:24:52.943458: | setup callback for interface lo 127.0.0.1:500 fd 26 on UDP Oct 31 15:24:52.943465: | libevent_malloc: newref ptr-libevent@0x55e415c927a8 size 128 Oct 31 15:24:52.943468: | libevent_malloc: newref ptr-libevent@0x55e415cd5428 size 16 Oct 31 15:24:52.943474: | setup callback for interface eth0 192.0.2.254:4500 fd 25 on UDP Oct 31 15:24:52.943477: | libevent_malloc: newref ptr-libevent@0x55e415c87a68 size 128 Oct 31 15:24:52.943480: | libevent_malloc: newref ptr-libevent@0x55e415cd5468 size 16 Oct 31 15:24:52.943485: | setup callback for interface eth0 192.0.2.254:500 fd 24 on UDP Oct 31 15:24:52.943488: | libevent_malloc: newref ptr-libevent@0x55e415c928a8 size 128 Oct 31 15:24:52.943491: | libevent_malloc: newref ptr-libevent@0x55e415cd54a8 size 16 Oct 31 15:24:52.943496: | setup callback for interface eth0 192.0.2.250:4500 fd 23 on UDP Oct 31 15:24:52.943499: | libevent_malloc: newref ptr-libevent@0x55e415c8f2c8 size 128 Oct 31 15:24:52.943501: | libevent_malloc: newref ptr-libevent@0x55e415cd54e8 size 16 Oct 31 15:24:52.943506: | setup callback for interface eth0 192.0.2.250:500 fd 22 on UDP Oct 31 15:24:52.943509: | libevent_malloc: newref ptr-libevent@0x55e415c8f218 size 128 Oct 31 15:24:52.943512: | libevent_malloc: newref ptr-libevent@0x55e415cd5528 size 16 Oct 31 15:24:52.943516: | setup callback for interface eth0 192.0.2.251:4500 fd 21 on UDP Oct 31 15:24:52.943519: | libevent_malloc: newref ptr-libevent@0x55e415cd5568 size 128 Oct 31 15:24:52.943521: | libevent_malloc: newref ptr-libevent@0x55e415cd5618 size 16 Oct 31 15:24:52.943527: | setup callback for interface eth0 192.0.2.251:500 fd 20 on UDP Oct 31 15:24:52.943529: | libevent_malloc: newref ptr-libevent@0x55e415cd5658 size 128 Oct 31 15:24:52.943532: | libevent_malloc: newref ptr-libevent@0x55e415cd5708 size 16 Oct 31 15:24:52.943537: | setup callback for interface eth1 192.1.2.23:4500 fd 19 on UDP Oct 31 15:24:52.943540: | libevent_malloc: newref ptr-libevent@0x55e415cd5748 size 128 Oct 31 15:24:52.943543: | libevent_malloc: newref ptr-libevent@0x55e415cd57f8 size 16 Oct 31 15:24:52.943548: | setup callback for interface eth1 192.1.2.23:500 fd 18 on UDP Oct 31 15:24:52.945399: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:52.945421: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:52.945426: forgetting secrets Oct 31 15:24:52.945457: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:52.945592: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:52.945620: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:52.945629: | old food groups: Oct 31 15:24:52.945632: | new food groups: Oct 31 15:24:52.945638: | delref fd@0x55e415cc62e8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.945645: | freeref fd-fd@0x55e415cc62e8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.945653: | spent 1.14 (9.84) milliseconds in whack Oct 31 15:24:52.945723: | newref struct fd@0x55e415cd75c8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.945741: | fd_accept: new fd-fd@0x55e415cd75c8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.945764: | whack: initiate Oct 31 15:24:52.945770: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:52.945775: | connection 'westnet-eastnet-ikev2' +POLICY_UP Oct 31 15:24:52.945778: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:52.945799: | newref alloc logger@0x55e415cd2f88(0->1) (in new_state() at state.c:576) Oct 31 15:24:52.945802: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:52.945805: | creating state object #1 at 0x55e415cda498 Oct 31 15:24:52.945808: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:52.945820: | pstats #1 ikev2.ike started Oct 31 15:24:52.945824: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:52.945832: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:52.945841: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744567.378631 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744567.378631 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:52.945851: | orienting westnet-eastnet-ikev2 Oct 31 15:24:52.945858: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:52.945861: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:52.945865: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:52.945868: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:52.945871: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:4500 at all Oct 31 15:24:52.945875: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:500 at all Oct 31 15:24:52.945878: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:52.945881: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:500 at all Oct 31 15:24:52.945884: | westnet-eastnet-ikev2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:52.945886: | oriented westnet-eastnet-ikev2's this Oct 31 15:24:52.945893: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:52.945897: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:24:52.945901: | queuing pending IPsec SA negotiating with 192.1.2.45 IKE SA #1 "westnet-eastnet-ikev2" Oct 31 15:24:52.945904: "westnet-eastnet-ikev2" #1: initiating IKEv2 connection Oct 31 15:24:52.945911: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE) Oct 31 15:24:52.945921: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:52.945930: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945934: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:52.945939: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945943: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:52.945949: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945953: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:52.945959: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945963: "westnet-eastnet-ikev2": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:24:52.945969: "westnet-eastnet-ikev2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945974: "westnet-eastnet-ikev2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945978: "westnet-eastnet-ikev2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945983: "westnet-eastnet-ikev2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.945988: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:52.945990: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:52.945993: | newref clone logger@0x55e415cc5f68(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:52.945995: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:52.945998: | state #1 has no .st_event to delete Oct 31 15:24:52.946003: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:52.946006: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55e415c12098 Oct 31 15:24:52.946009: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:52.946012: | libevent_malloc: newref ptr-libevent@0x55e415cd5e48 size 128 Oct 31 15:24:52.946024: | #1 spent 0.248 (0.248) milliseconds in ikev2_parent_outI1() Oct 31 15:24:52.946030: | RESET processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:52.946033: | delref fd@0x55e415cd75c8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.946035: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 4 starting job Oct 31 15:24:52.946039: | freeref fd-fd@0x55e415cd75c8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.946547: | spent 0.339 (0.842) milliseconds in whack Oct 31 15:24:52.946559: | processing signal PLUTO_SIGCHLD Oct 31 15:24:52.946569: | waitpid returned pid 2151594 (exited with status 0) Oct 31 15:24:52.946572: | reaped addconn helper child (status 0) Oct 31 15:24:52.946575: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:52.946578: | spent 0.0151 (0.0151) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:52.947573: | "westnet-eastnet-ikev2" #1: spent 1.51 (1.54) milliseconds in helper 4 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:24:52.947586: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 4 sending result back to state Oct 31 15:24:52.947590: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:52.947593: | libevent_malloc: newref ptr-libevent@0x7fd974006108 size 128 Oct 31 15:24:52.947604: | helper thread 4 has nothing to do Oct 31 15:24:52.947613: | processing resume sending helper answer back to state for #1 Oct 31 15:24:52.947625: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:641) Oct 31 15:24:52.947630: | unsuspending #1 MD (nil) Oct 31 15:24:52.947633: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 4 Oct 31 15:24:52.947636: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55e414449fe7 Oct 31 15:24:52.947639: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:24:52.947643: | DH secret MODP2048@0x7fd974006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:52.947680: | opening output PBS reply packet Oct 31 15:24:52.947685: | **emit ISAKMP Message: Oct 31 15:24:52.947690: | initiator SPI: 09 de 83 ef a6 5d d1 62 Oct 31 15:24:52.947694: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.947697: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:52.947700: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:52.947703: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:52.947707: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:52.947711: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.947715: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:52.947729: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:52.947732: | Emitting ikev2_proposals ... Oct 31 15:24:52.947734: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:52.947742: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.947743: | flags: none (0x0) Oct 31 15:24:52.947745: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:52.947747: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.947750: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:52.947752: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:52.947754: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:52.947756: | prop #: 1 (01) Oct 31 15:24:52.947757: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:52.947759: | spi size: 0 (00) Oct 31 15:24:52.947761: | # transforms: 11 (0b) Oct 31 15:24:52.947762: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:52.947765: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947766: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947768: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:52.947769: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:52.947771: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947773: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:52.947774: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:52.947776: | length/value: 256 (01 00) Oct 31 15:24:52.947778: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:52.947780: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947781: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947783: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.947784: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:52.947786: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947788: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947789: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947791: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947793: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.947795: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:52.947796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947798: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947799: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947801: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:52.947803: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947806: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947807: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:52.947808: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947810: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947811: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947814: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947815: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947817: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947818: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:52.947819: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947821: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947822: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947824: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947825: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947826: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947828: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:52.947829: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947831: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947832: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947834: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947837: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947838: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:52.947840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947842: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947844: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947845: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947847: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947848: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:52.947850: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947851: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947852: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947854: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947855: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947857: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947858: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:52.947860: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947862: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947864: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947867: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947868: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:52.947870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947872: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947873: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947875: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947876: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:52.947878: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947879: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:52.947880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947882: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947883: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947885: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:52.947886: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:52.947888: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:52.947890: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:52.947892: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:52.947894: | prop #: 2 (02) Oct 31 15:24:52.947895: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:52.947897: | spi size: 0 (00) Oct 31 15:24:52.947898: | # transforms: 11 (0b) Oct 31 15:24:52.947900: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:52.947902: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:52.947903: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947905: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947906: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:52.947907: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:52.947909: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947911: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:52.947912: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:52.947914: | length/value: 128 (00 80) Oct 31 15:24:52.947915: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:52.947917: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947920: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.947921: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:52.947923: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947925: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947927: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947930: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.947931: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:52.947933: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947935: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947936: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947938: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:52.947939: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947941: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947942: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947944: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:52.947945: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947948: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947949: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947952: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947954: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:52.947955: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947956: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947958: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947959: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947963: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:52.947965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947966: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947968: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947969: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947973: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:52.947975: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947976: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947978: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947979: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947981: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947982: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947983: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:52.947985: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947986: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947989: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.947990: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.947992: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947993: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.947995: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:52.947996: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.947997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.947999: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948000: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948002: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948003: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948004: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:52.948006: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948009: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948011: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948013: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:52.948015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948020: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:52.948024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948027: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948029: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948032: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:52.948034: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:52.948039: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:52.948041: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:52.948045: | prop #: 3 (03) Oct 31 15:24:52.948047: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:52.948050: | spi size: 0 (00) Oct 31 15:24:52.948054: | # transforms: 13 (0d) Oct 31 15:24:52.948057: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:52.948060: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:52.948067: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948070: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948072: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:52.948073: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:52.948075: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948076: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:52.948078: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:52.948080: | length/value: 256 (01 00) Oct 31 15:24:52.948082: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:52.948083: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948088: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.948089: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:52.948091: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948092: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948093: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948095: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948096: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948098: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.948099: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:52.948101: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948102: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948104: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948105: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948108: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:52.948109: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:52.948111: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948114: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948115: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948116: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948118: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:52.948119: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:52.948121: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948122: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948124: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948125: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948128: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948129: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:52.948131: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948132: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948134: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948135: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948140: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948145: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948149: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:52.948151: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948156: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948159: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948162: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948166: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948169: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:52.948171: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948174: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948177: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948180: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948182: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948185: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948187: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:52.948190: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948196: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948202: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948207: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948209: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948210: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:52.948212: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948215: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948216: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948217: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948219: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948220: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:52.948222: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948223: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948225: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948226: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948229: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948230: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:52.948232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948233: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948235: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948237: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948239: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:52.948240: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948242: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:52.948243: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948246: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948248: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:52.948249: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:52.948252: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:52.948253: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:52.948255: | prop #: 4 (04) Oct 31 15:24:52.948257: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:52.948259: | spi size: 0 (00) Oct 31 15:24:52.948261: | # transforms: 13 (0d) Oct 31 15:24:52.948262: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:52.948264: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:52.948266: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948269: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:52.948270: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:52.948272: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948273: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:52.948275: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:52.948277: | length/value: 128 (00 80) Oct 31 15:24:52.948278: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:52.948280: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948283: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.948284: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:52.948286: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948287: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948289: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948290: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948291: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948293: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:52.948294: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:52.948296: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948297: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948299: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948301: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948302: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948306: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:52.948307: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:52.948309: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948310: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948312: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948314: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948316: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948317: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:52.948319: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:52.948320: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948322: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948324: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948325: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948327: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948328: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948329: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:52.948331: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948334: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948335: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948338: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948339: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:52.948341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948342: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948344: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948345: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948347: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948348: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948349: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:52.948351: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948352: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948354: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948355: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948357: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948358: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948359: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:52.948361: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948364: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948366: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948367: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948370: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948372: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:52.948373: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948374: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948376: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948377: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948379: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948380: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948382: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:52.948383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948384: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948386: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948387: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948389: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948390: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948391: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:52.948393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948394: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948396: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948397: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:52.948399: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:52.948400: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:52.948402: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:52.948403: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:52.948405: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:52.948406: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:52.948408: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:52.948409: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:52.948410: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:24:52.948412: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:52.948413: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:52.948415: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.948417: | flags: none (0x0) Oct 31 15:24:52.948418: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:52.948420: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:52.948422: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.948425: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:52.948426: | ikev2 g^x: Oct 31 15:24:52.948428: | 33 1e 4f 03 e0 8d fd f0 df 82 79 5b 0e c2 b0 9a Oct 31 15:24:52.948429: | 48 ce f7 4d cc 9c 8c 33 19 74 33 16 50 e0 6d 3d Oct 31 15:24:52.948431: | b7 fa 82 52 a6 d6 97 8c 54 36 0d 00 08 c5 74 79 Oct 31 15:24:52.948432: | 6f 27 b1 e4 07 b4 fe 62 e3 cb 73 34 af 74 3e fa Oct 31 15:24:52.948433: | 39 3a 4c bc 20 4b 1c 2b 4a c5 7b 05 60 59 e7 02 Oct 31 15:24:52.948435: | d7 ce 02 07 6a 1e de 95 21 0a 66 9a 3a 87 46 c2 Oct 31 15:24:52.948436: | 54 5e 4f b6 fc 42 bd 2b 90 93 34 6a a3 b2 fa 4e Oct 31 15:24:52.948437: | ae 2e f3 ed 92 a9 ea 11 00 a7 0a df 36 42 f5 84 Oct 31 15:24:52.948439: | fc 47 2b c9 c9 cd cf 13 9c 5f 9b 20 18 83 cb be Oct 31 15:24:52.948440: | d4 74 3e 46 c2 1f 33 68 bc 93 85 7e 21 78 2e 7f Oct 31 15:24:52.948441: | f3 b9 8e 9b 2c 8b ab 69 07 a0 f0 1e 3f 44 4b 00 Oct 31 15:24:52.948443: | d5 e4 c2 84 9b 70 70 73 37 54 e2 8b da 44 d1 d6 Oct 31 15:24:52.948444: | 52 be cd 70 f0 fc d1 b4 8a dd a8 cb 6b f1 87 9b Oct 31 15:24:52.948445: | ec f4 20 ec 11 2a e6 f5 47 12 17 ef ff 61 54 17 Oct 31 15:24:52.948447: | 16 9b af 48 c1 8a 3c f8 7d 8f 7a c6 4c 59 ec cd Oct 31 15:24:52.948448: | 45 ed 36 63 37 22 a9 ef 29 fe 25 c9 fb 6f 92 2a Oct 31 15:24:52.948449: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:52.948451: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:52.948452: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.948454: | flags: none (0x0) Oct 31 15:24:52.948456: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:52.948457: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.948459: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:52.948460: | IKEv2 nonce: Oct 31 15:24:52.948462: | 34 86 a7 b9 c6 41 4d a8 33 dd de 08 84 e8 d7 4c Oct 31 15:24:52.948463: | 38 23 84 a7 a4 6c 83 d7 ad c1 26 fb 96 9f 23 2e Oct 31 15:24:52.948465: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:52.948466: | adding a v2N Payload Oct 31 15:24:52.948468: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.948469: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.948471: | flags: none (0x0) Oct 31 15:24:52.948472: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.948474: | SPI size: 0 (00) Oct 31 15:24:52.948476: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:52.948477: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.948479: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.948480: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:52.948482: | adding a v2N Payload Oct 31 15:24:52.948483: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.948485: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.948486: | flags: none (0x0) Oct 31 15:24:52.948488: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.948489: | SPI size: 0 (00) Oct 31 15:24:52.948491: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:52.948492: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.948494: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.948495: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:52.948498: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:52.948500: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:52.948501: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:52.948503: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:52.948504: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:52.948506: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:52.948508: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:52.948510: | nat: IKE.SPIr is zero Oct 31 15:24:52.948522: | natd_hash: hasher=0x55e41453bf80(20) Oct 31 15:24:52.948524: | natd_hash: icookie= Oct 31 15:24:52.948525: | 09 de 83 ef a6 5d d1 62 Oct 31 15:24:52.948526: | natd_hash: rcookie= Oct 31 15:24:52.948528: | 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948529: | natd_hash: ip= Oct 31 15:24:52.948530: | c0 01 02 17 Oct 31 15:24:52.948532: | natd_hash: port= Oct 31 15:24:52.948533: | 01 f4 Oct 31 15:24:52.948534: | natd_hash: hash= Oct 31 15:24:52.948536: | 7a f9 2c 45 e1 6f 0a 3e 6c 98 a8 cd 53 cf 10 c0 Oct 31 15:24:52.948537: | e9 31 2b 0d Oct 31 15:24:52.948538: | adding a v2N Payload Oct 31 15:24:52.948540: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.948541: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.948543: | flags: none (0x0) Oct 31 15:24:52.948544: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.948546: | SPI size: 0 (00) Oct 31 15:24:52.948547: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:52.948549: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.948550: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.948552: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:52.948554: | Notify data: Oct 31 15:24:52.948555: | 7a f9 2c 45 e1 6f 0a 3e 6c 98 a8 cd 53 cf 10 c0 Oct 31 15:24:52.948556: | e9 31 2b 0d Oct 31 15:24:52.948558: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:52.948559: | nat: IKE.SPIr is zero Oct 31 15:24:52.948563: | natd_hash: hasher=0x55e41453bf80(20) Oct 31 15:24:52.948565: | natd_hash: icookie= Oct 31 15:24:52.948566: | 09 de 83 ef a6 5d d1 62 Oct 31 15:24:52.948567: | natd_hash: rcookie= Oct 31 15:24:52.948568: | 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948570: | natd_hash: ip= Oct 31 15:24:52.948571: | c0 01 02 2d Oct 31 15:24:52.948572: | natd_hash: port= Oct 31 15:24:52.948573: | 01 f4 Oct 31 15:24:52.948575: | natd_hash: hash= Oct 31 15:24:52.948576: | b4 d1 33 4d 17 6c 12 9f 51 df 28 5c 1e 43 8a 9a Oct 31 15:24:52.948577: | ba b2 b9 57 Oct 31 15:24:52.948579: | adding a v2N Payload Oct 31 15:24:52.948580: | ***emit IKEv2 Notify Payload: Oct 31 15:24:52.948581: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:52.948583: | flags: none (0x0) Oct 31 15:24:52.948584: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:52.948586: | SPI size: 0 (00) Oct 31 15:24:52.948587: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:52.948589: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:52.948590: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:52.948592: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:52.948593: | Notify data: Oct 31 15:24:52.948595: | b4 d1 33 4d 17 6c 12 9f 51 df 28 5c 1e 43 8a 9a Oct 31 15:24:52.948596: | ba b2 b9 57 Oct 31 15:24:52.948597: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:52.948599: | emitting length of ISAKMP Message: 842 Oct 31 15:24:52.948606: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:52.948609: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:52.948611: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:52.948612: | Message ID: updating counters for #1 Oct 31 15:24:52.948614: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:52.948619: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744567.378631 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744567.378631 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:52.948622: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55e415cd8b58 Oct 31 15:24:52.948624: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Oct 31 15:24:52.948626: | libevent_malloc: newref ptr-libevent@0x55e415cd2ae8 size 128 Oct 31 15:24:52.948629: | #1 STATE_PARENT_I0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744567.381417 Oct 31 15:24:52.948633: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744567.378631 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744567.378631 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:52.948637: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744567.378631 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744567.378631 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:52.948639: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:52.948641: | announcing the state transition Oct 31 15:24:52.948644: "westnet-eastnet-ikev2" #1: sent IKE_SA_INIT request Oct 31 15:24:52.948653: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #1) Oct 31 15:24:52.948654: | 09 de 83 ef a6 5d d1 62 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948656: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:52.948657: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:52.948659: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:52.948660: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:52.948661: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:52.948662: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:52.948664: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:52.948665: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:52.948666: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:52.948668: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:52.948669: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:52.948670: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:52.948672: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:52.948673: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:52.948677: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:52.948681: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:52.948684: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:52.948686: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:52.948688: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:52.948690: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:52.948692: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:52.948694: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:52.948697: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:52.948700: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:52.948703: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:52.948705: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:52.948707: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:52.948710: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:52.948712: | 28 00 01 08 00 0e 00 00 33 1e 4f 03 e0 8d fd f0 Oct 31 15:24:52.948715: | df 82 79 5b 0e c2 b0 9a 48 ce f7 4d cc 9c 8c 33 Oct 31 15:24:52.948717: | 19 74 33 16 50 e0 6d 3d b7 fa 82 52 a6 d6 97 8c Oct 31 15:24:52.948719: | 54 36 0d 00 08 c5 74 79 6f 27 b1 e4 07 b4 fe 62 Oct 31 15:24:52.948722: | e3 cb 73 34 af 74 3e fa 39 3a 4c bc 20 4b 1c 2b Oct 31 15:24:52.948724: | 4a c5 7b 05 60 59 e7 02 d7 ce 02 07 6a 1e de 95 Oct 31 15:24:52.948726: | 21 0a 66 9a 3a 87 46 c2 54 5e 4f b6 fc 42 bd 2b Oct 31 15:24:52.948728: | 90 93 34 6a a3 b2 fa 4e ae 2e f3 ed 92 a9 ea 11 Oct 31 15:24:52.948730: | 00 a7 0a df 36 42 f5 84 fc 47 2b c9 c9 cd cf 13 Oct 31 15:24:52.948731: | 9c 5f 9b 20 18 83 cb be d4 74 3e 46 c2 1f 33 68 Oct 31 15:24:52.948733: | bc 93 85 7e 21 78 2e 7f f3 b9 8e 9b 2c 8b ab 69 Oct 31 15:24:52.948734: | 07 a0 f0 1e 3f 44 4b 00 d5 e4 c2 84 9b 70 70 73 Oct 31 15:24:52.948735: | 37 54 e2 8b da 44 d1 d6 52 be cd 70 f0 fc d1 b4 Oct 31 15:24:52.948737: | 8a dd a8 cb 6b f1 87 9b ec f4 20 ec 11 2a e6 f5 Oct 31 15:24:52.948738: | 47 12 17 ef ff 61 54 17 16 9b af 48 c1 8a 3c f8 Oct 31 15:24:52.948739: | 7d 8f 7a c6 4c 59 ec cd 45 ed 36 63 37 22 a9 ef Oct 31 15:24:52.948741: | 29 fe 25 c9 fb 6f 92 2a 29 00 00 24 34 86 a7 b9 Oct 31 15:24:52.948742: | c6 41 4d a8 33 dd de 08 84 e8 d7 4c 38 23 84 a7 Oct 31 15:24:52.948743: | a4 6c 83 d7 ad c1 26 fb 96 9f 23 2e 29 00 00 08 Oct 31 15:24:52.948745: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:52.948746: | 00 04 29 00 00 1c 00 00 40 04 7a f9 2c 45 e1 6f Oct 31 15:24:52.948747: | 0a 3e 6c 98 a8 cd 53 cf 10 c0 e9 31 2b 0d 00 00 Oct 31 15:24:52.948749: | 00 1c 00 00 40 05 b4 d1 33 4d 17 6c 12 9f 51 df Oct 31 15:24:52.948750: | 28 5c 1e 43 8a 9a ba b2 b9 57 Oct 31 15:24:52.948793: | sent 1 messages Oct 31 15:24:52.948796: | checking that a retransmit timeout_event was already Oct 31 15:24:52.948798: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:52.948801: | libevent_free: delref ptr-libevent@0x55e415cd5e48 Oct 31 15:24:52.948803: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55e415c12098 Oct 31 15:24:52.948806: | delref logger@0x55e415cc5f68(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:52.948808: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:52.948809: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:52.948812: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:52.948814: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:52.948819: | #1 spent 1.15 (1.19) milliseconds in resume sending helper answer back to state Oct 31 15:24:52.948823: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:745) Oct 31 15:24:52.948825: | libevent_free: delref ptr-libevent@0x7fd974006108 Oct 31 15:24:52.948837: | recvmsg(,, MSG_ERRQUEUE) on eth1 returned a truncated (IKE) datagram (MSG_TRUNC) Oct 31 15:24:52.948839: | **parse ISAKMP Message (raw): Oct 31 15:24:52.948842: | initiator SPI: 09 de 83 ef a6 5d d1 62 Oct 31 15:24:52.948845: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948846: | next payload type: 33 (21) Oct 31 15:24:52.948848: | ISAKMP version: 32 (20) Oct 31 15:24:52.948850: | exchange type: 34 (22) Oct 31 15:24:52.948851: | flags: 8 (08) Oct 31 15:24:52.948853: | Message ID: 0 (00 00 00 00) Oct 31 15:24:52.948855: | length: 842 (00 00 03 4a) Oct 31 15:24:52.948858: | State DB: found IKEv2 state #1 in PARENT_I1 (find_likely_sender) Oct 31 15:24:52.948861: | MSG_ERRQUEUE packet matches IKEv2 SA #1 Oct 31 15:24:52.948862: | rejected packet: Oct 31 15:24:52.948864: | 09 de 83 ef a6 5d d1 62 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948865: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:52.948866: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:52.948868: | 80 0e 01 00 03 00 00 08 Oct 31 15:24:52.948869: | control: Oct 31 15:24:52.948870: | 30 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 Oct 31 15:24:52.948872: | 6f 00 00 00 02 03 03 00 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948873: | 02 00 00 00 c0 01 02 2d 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948874: | name: Oct 31 15:24:52.948876: | 02 00 01 f4 c0 01 02 2d 00 00 00 00 00 00 00 00 Oct 31 15:24:52.948883: "westnet-eastnet-ikev2" #1: ERROR: asynchronous network error report on eth1 (192.1.2.23:500), complainant 192.1.2.45: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] Oct 31 15:24:52.948888: | spent 0.0536 (0.0537) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:52.948891: | spent 0.0599 (0.0598) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:52.950357: | newref struct fd@0x55e415cd6228(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.950368: | fd_accept: new fd-fd@0x55e415cd6228 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:52.950380: | whack: options (impair|debug) Oct 31 15:24:52.950385: | old debugging base+cpu-usage + none Oct 31 15:24:52.950388: | new debugging = base+cpu-usage Oct 31 15:24:52.950395: | delref fd@0x55e415cd6228(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.950402: | freeref fd-fd@0x55e415cd6228 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:52.950408: | spent 0.0603 (0.0601) milliseconds in whack Oct 31 15:24:53.015124: | newref struct fd@0x55e415cd9ce8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.015144: | fd_accept: new fd-fd@0x55e415cd9ce8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.015159: | whack: delete 'westnet-eastnet-ikev2' Oct 31 15:24:53.015163: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:53.015168: "westnet-eastnet-ikev2": terminating SAs using this connection Oct 31 15:24:53.015177: | connection 'westnet-eastnet-ikev2' -POLICY_UP Oct 31 15:24:53.015181: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:24:53.015184: | removing pending policy for no connection {0x55e415cd9c58} Oct 31 15:24:53.015187: | connection not shared - terminating IKE and IPsec SA Oct 31 15:24:53.015190: | deleting states for connection - not including other IPsec SA's Oct 31 15:24:53.015193: | pass 0 Oct 31 15:24:53.015196: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:53.015212: | state #1 Oct 31 15:24:53.015224: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:53.015227: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:53.015231: | addref fd@0x55e415cd9ce8(1->2) (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:53.015234: | pstats #1 ikev2.ike deleted other Oct 31 15:24:53.015241: | #1 main thread spent 1.4 (1.44) milliseconds helper thread spent 1.51 (1.54) milliseconds in total Oct 31 15:24:53.015247: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:935) Oct 31 15:24:53.015250: | should_send_delete: no, not established Oct 31 15:24:53.015255: "westnet-eastnet-ikev2" #1: deleting state (STATE_PARENT_I1) aged 0.069455s and NOT sending notification Oct 31 15:24:53.015265: | parent state #1: PARENT_I1(half-open IKE SA) => delete Oct 31 15:24:53.015269: | unsuspending #1 MD (nil) Oct 31 15:24:53.015272: | should_send_delete: no, not established Oct 31 15:24:53.015275: | state #1 has no .st_event to delete Oct 31 15:24:53.015282: | #1 requesting EVENT_RETRANSMIT-pe@0x55e415cd8b58 be deleted Oct 31 15:24:53.015287: | libevent_free: delref ptr-libevent@0x55e415cd2ae8 Oct 31 15:24:53.015291: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55e415cd8b58 Oct 31 15:24:53.015294: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:53.015298: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:24:53.015303: | in connection_discard for connection westnet-eastnet-ikev2 Oct 31 15:24:53.015306: | State DB: deleting IKEv2 state #1 in PARENT_I1 Oct 31 15:24:53.015310: | parent state #1: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Oct 31 15:24:53.015314: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:24:53.015316: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:53.015319: | delref fd@0x55e415cd9ce8(2->1) (in delete_state() at state.c:1195) Oct 31 15:24:53.015323: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:53.015374: | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1239) Oct 31 15:24:53.015380: | delref logger@0x55e415cd2f88(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:53.015383: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:53.015385: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:53.015389: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:53.015392: | pass 1 Oct 31 15:24:53.015394: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:53.015396: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:53.015399: | deleting states for connection - not including other IPsec SA's Oct 31 15:24:53.015401: | pass 0 Oct 31 15:24:53.015403: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:53.015405: | pass 1 Oct 31 15:24:53.015407: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:53.015411: | addref fd@0x55e415cd9ce8(1->2) (in clone_logger() at log.c:809) Oct 31 15:24:53.015414: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:53.015417: | newref clone logger@0x55e415cc5f68(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:53.015421: | delref hp@0x55e415cd6c98(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:24:53.015424: | flush revival: connection 'westnet-eastnet-ikev2' wasn't on the list Oct 31 15:24:53.015427: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:53.015430: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:53.015442: | Connection DB: deleting connection $1 Oct 31 15:24:53.015446: | delref logger@0x55e415cc5f68(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:53.015449: | delref fd@0x55e415cd9ce8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:53.015451: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:53.015454: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:53.015457: | whack: connection 'westnet-eastnet-ikev2' Oct 31 15:24:53.015460: | addref fd@0x55e415cd9ce8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:53.015463: | newref string logger@0x55e415cc5f68(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:53.015466: | Connection DB: adding connection "westnet-eastnet-ikev2" $2 Oct 31 15:24:53.015472: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:53.015480: | added new connection westnet-eastnet-ikev2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:53.015560: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:53.015571: | from whack: got --esp= Oct 31 15:24:53.015624: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:53.015655: | computed rsa CKAID Oct 31 15:24:53.015659: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:53.015661: | 7f 0f 03 50 Oct 31 15:24:53.015667: | keyid: *AQOm9dY/4 Oct 31 15:24:53.015670: | size: 274 Oct 31 15:24:53.015672: | n Oct 31 15:24:53.015674: | a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Oct 31 15:24:53.015676: | 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Oct 31 15:24:53.015678: | 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Oct 31 15:24:53.015684: | c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Oct 31 15:24:53.015687: | 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Oct 31 15:24:53.015689: | f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Oct 31 15:24:53.015691: | ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Oct 31 15:24:53.015693: | d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Oct 31 15:24:53.015695: | 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Oct 31 15:24:53.015698: | 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Oct 31 15:24:53.015700: | a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Oct 31 15:24:53.015702: | db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Oct 31 15:24:53.015704: | 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Oct 31 15:24:53.015706: | 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Oct 31 15:24:53.015709: | 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Oct 31 15:24:53.015711: | 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Oct 31 15:24:53.015713: | 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Oct 31 15:24:53.015715: | 37 f9 Oct 31 15:24:53.015718: | e Oct 31 15:24:53.015720: | 03 Oct 31 15:24:53.015722: | CKAID Oct 31 15:24:53.015725: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:53.015727: | 7f 0f 03 50 Oct 31 15:24:53.015734: | saving left CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350 extracted from raw RSA public key Oct 31 15:24:53.015836: | spent 0.0879 (0.0943) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:53.015845: | no private key matching left CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350: can't find the private key matching the NSS CKAID Oct 31 15:24:53.015849: | counting wild cards for @west is 0 Oct 31 15:24:53.015867: | computed rsa CKAID Oct 31 15:24:53.015870: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:53.015872: | 8a 82 25 f1 Oct 31 15:24:53.015877: | keyid: *AQO9bJbr3 Oct 31 15:24:53.015879: | size: 274 Oct 31 15:24:53.015882: | n Oct 31 15:24:53.015888: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:53.015891: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:53.015893: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:53.015895: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:53.015897: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:53.015899: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:53.015901: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:53.015904: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:53.015906: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:53.015908: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:53.015910: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:53.015912: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:53.015914: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:53.015917: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:53.015919: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:53.015921: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:53.015923: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:53.015927: | 48 ef Oct 31 15:24:53.015929: | e Oct 31 15:24:53.015931: | 03 Oct 31 15:24:53.015933: | CKAID Oct 31 15:24:53.015935: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:53.015938: | 8a 82 25 f1 Oct 31 15:24:53.015943: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:53.016027: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:53.016296: | copying key using reference slot Oct 31 15:24:53.018268: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:53.018285: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:53.018296: | spent 2.33 (2.35) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:53.018304: connection "westnet-eastnet-ikev2": loaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:53.018308: | counting wild cards for @east is 0 Oct 31 15:24:53.018314: | updating connection from left.host_addr Oct 31 15:24:53.018317: | left host_port 500 Oct 31 15:24:53.018319: | updating connection from right.host_addr Oct 31 15:24:53.018322: | right host_port 500 Oct 31 15:24:53.018325: | orienting westnet-eastnet-ikev2 Oct 31 15:24:53.018331: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:53.018335: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:53.018338: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:53.018342: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:53.018346: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:4500 at all Oct 31 15:24:53.018350: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:500 at all Oct 31 15:24:53.018354: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:53.018358: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:500 at all Oct 31 15:24:53.018361: | westnet-eastnet-ikev2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:53.018364: | oriented westnet-eastnet-ikev2's that Oct 31 15:24:53.018366: | swapping ends so that that is this Oct 31 15:24:53.018372: | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none Oct 31 15:24:53.018378: | newref hp@0x55e415cd48c8(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:53.018382: added IKEv2 connection "westnet-eastnet-ikev2" Oct 31 15:24:53.018398: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:53.018410: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[@east]...192.1.2.45<192.1.2.45>[@west]===192.0.1.0/24 Oct 31 15:24:53.018414: | delref logger@0x55e415cc5f68(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:53.018418: | delref fd@0x55e415cd9ce8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:53.018420: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:53.018426: | delref fd@0x55e415cd9ce8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.018437: | freeref fd-fd@0x55e415cd9ce8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.018442: | spent 3.28 (3.33) milliseconds in whack Oct 31 15:24:53.018500: | newref struct fd@0x55e415cd7968(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.018504: | fd_accept: new fd-fd@0x55e415cd7968 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.018515: | whack: key Oct 31 15:24:53.018521: | delref pkp@0x55e415cd9f28(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:53.018526: add keyid @west Oct 31 15:24:53.018528: | 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Oct 31 15:24:53.018531: | 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Oct 31 15:24:53.018533: | b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Oct 31 15:24:53.018535: | 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Oct 31 15:24:53.018537: | 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Oct 31 15:24:53.018543: | f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Oct 31 15:24:53.018545: | ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Oct 31 15:24:53.018547: | 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Oct 31 15:24:53.018549: | b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Oct 31 15:24:53.018551: | 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Oct 31 15:24:53.018552: | 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Oct 31 15:24:53.018554: | ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Oct 31 15:24:53.018556: | 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Oct 31 15:24:53.018558: | d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Oct 31 15:24:53.018560: | 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Oct 31 15:24:53.018563: | 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Oct 31 15:24:53.018565: | c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Oct 31 15:24:53.018567: | 15 04 37 f9 Oct 31 15:24:53.018581: | computed rsa CKAID Oct 31 15:24:53.018584: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:53.018586: | 7f 0f 03 50 Oct 31 15:24:53.018591: | keyid: *AQOm9dY/4 Oct 31 15:24:53.018594: | size: 274 Oct 31 15:24:53.018597: | n Oct 31 15:24:53.018599: | a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Oct 31 15:24:53.018601: | 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Oct 31 15:24:53.018603: | 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Oct 31 15:24:53.018605: | c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Oct 31 15:24:53.018607: | 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Oct 31 15:24:53.018609: | f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Oct 31 15:24:53.018611: | ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Oct 31 15:24:53.018613: | d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Oct 31 15:24:53.018615: | 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Oct 31 15:24:53.018617: | 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Oct 31 15:24:53.018619: | a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Oct 31 15:24:53.018621: | db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Oct 31 15:24:53.018623: | 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Oct 31 15:24:53.018626: | 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Oct 31 15:24:53.018628: | 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Oct 31 15:24:53.018630: | 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Oct 31 15:24:53.018632: | 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Oct 31 15:24:53.018634: | 37 f9 Oct 31 15:24:53.018636: | e Oct 31 15:24:53.018638: | 03 Oct 31 15:24:53.018640: | CKAID Oct 31 15:24:53.018642: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:53.018645: | 7f 0f 03 50 Oct 31 15:24:53.018648: | newref struct pubkey@0x55e415cda8f8(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:53.018652: | addref pk@0x55e415cda8f8(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:53.018655: | delref pkp@0x55e415cda8f8(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:53.018659: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:53.018725: | spent 0.0642 (0.0642) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:53.018730: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:53.018734: | delref fd@0x55e415cd7968(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.018743: | freeref fd-fd@0x55e415cd7968 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.018748: | spent 0.256 (0.256) milliseconds in whack Oct 31 15:24:53.018844: | newref struct fd@0x55e415cd9ce8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.018850: | fd_accept: new fd-fd@0x55e415cd9ce8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.018860: | whack: key Oct 31 15:24:53.018865: | delref pkp@0x55e415cd8fc8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:24:53.018869: add keyid @east Oct 31 15:24:53.018874: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:53.018876: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:53.018879: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:53.018881: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:53.018883: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:53.018886: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:53.018888: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:53.018890: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:53.018893: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:53.018895: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:53.018897: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:53.018899: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:53.018901: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:53.018903: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:53.018905: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:53.018907: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:53.018910: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:53.018912: | 51 51 48 ef Oct 31 15:24:53.018922: | computed rsa CKAID Oct 31 15:24:53.018925: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:53.018927: | 8a 82 25 f1 Oct 31 15:24:53.018932: | keyid: *AQO9bJbr3 Oct 31 15:24:53.018935: | size: 274 Oct 31 15:24:53.018937: | n Oct 31 15:24:53.018939: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:53.018942: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:53.018944: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:53.018946: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:53.018948: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:53.018950: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:53.018952: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:53.018954: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:53.018956: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:53.018959: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:53.018961: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:53.018963: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:53.018965: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:53.018967: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:53.018969: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:53.018971: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:53.018974: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:53.018976: | 48 ef Oct 31 15:24:53.018978: | e Oct 31 15:24:53.018980: | 03 Oct 31 15:24:53.018983: | CKAID Oct 31 15:24:53.018985: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:53.018987: | 8a 82 25 f1 Oct 31 15:24:53.018991: | newref struct pubkey@0x55e415cd8fc8(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:53.018994: | addref pk@0x55e415cd8fc8(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:53.018997: | delref pkp@0x55e415cd8fc8(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:53.019001: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:53.019003: | matched Oct 31 15:24:53.019006: | secrets entry for ckaid already exists Oct 31 15:24:53.019011: | spent 0.0082 (0.00803) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:53.019015: | delref fd@0x55e415cd9ce8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.019023: | freeref fd-fd@0x55e415cd9ce8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.019028: | spent 0.191 (0.191) milliseconds in whack Oct 31 15:24:53.082709: | newref struct fd@0x55e415cd5f98(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.082721: | fd_accept: new fd-fd@0x55e415cd5f98 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:53.082732: | whack: status Oct 31 15:24:53.083006: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:53.083013: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:53.083072: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:53.083081: | delref fd@0x55e415cd5f98(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.083086: | freeref fd-fd@0x55e415cd5f98 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:53.083091: | spent 0.393 (0.392) milliseconds in whack Oct 31 15:24:55.491429: | spent 0.00315 (0.00311) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.491453: | newref struct msg_digest@0x55e415cdbf78(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.491457: | newref alloc logger@0x55e415c12268(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.491464: | *received 842 bytes from 192.1.2.45:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:55.491466: | 7d a4 96 cc 06 a0 5a 44 00 00 00 00 00 00 00 00 Oct 31 15:24:55.491468: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:55.491469: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:55.491471: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:55.491473: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:55.491475: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:55.491476: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:55.491479: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:55.491481: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:55.491483: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:55.491485: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:55.491487: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:55.491488: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:55.491490: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:55.491492: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:55.491493: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.491495: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.491497: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:55.491499: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:55.491500: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:55.491502: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:55.491504: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:55.491506: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:55.491507: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:55.491509: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:55.491511: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:55.491513: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:55.491514: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:55.491516: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:55.491518: | 28 00 01 08 00 0e 00 00 3d 2f f3 f4 9f 94 03 e3 Oct 31 15:24:55.491519: | 46 e7 a2 60 7f 54 d8 53 fd d0 a9 6c c1 43 f5 68 Oct 31 15:24:55.491521: | 63 d5 f5 1c ad 3d 2e 04 74 a1 64 29 7d 14 f6 d6 Oct 31 15:24:55.491523: | 59 bc 92 20 11 99 0d 08 4c 42 9b 56 4c 15 c9 a2 Oct 31 15:24:55.491525: | 84 fa ff f3 0d 55 7d 7b 98 0e b6 3d fe 91 70 14 Oct 31 15:24:55.491526: | 61 6b f0 f3 c8 50 54 64 05 b2 c8 ae db be 7f d3 Oct 31 15:24:55.491528: | 66 81 94 78 50 c9 de 98 e0 74 00 66 ca a5 ec e4 Oct 31 15:24:55.491530: | 6f 14 1d 4e 00 be 97 66 d3 00 89 12 3c a1 08 a5 Oct 31 15:24:55.491534: | ec b8 ac c7 fc 9e 77 1d fe 74 25 dd 9c ba 58 1d Oct 31 15:24:55.491536: | a9 dc 83 92 be 6c 9f d9 3e 07 dd 74 1e 07 3c 14 Oct 31 15:24:55.491537: | 8f 29 49 06 25 b9 03 68 5d 58 f4 7b 40 a7 f8 56 Oct 31 15:24:55.491539: | a8 a0 fe b5 96 bd a4 79 42 58 de 27 9c 42 6d 1a Oct 31 15:24:55.491541: | 15 41 46 6b 49 f0 f7 88 82 25 3e 6a 4f a4 b2 d5 Oct 31 15:24:55.491542: | ac 8b 97 36 e4 af 51 3e 27 64 af 64 30 9d 37 1c Oct 31 15:24:55.491544: | b4 df 1d 14 d7 8b cb f9 af 9c 87 6b a4 c9 7a 82 Oct 31 15:24:55.491546: | a8 24 31 ea 3f 80 b2 d4 d4 87 b2 8f 3f c7 b7 6c Oct 31 15:24:55.491548: | 1d 69 d9 77 ce ec 76 0d 29 00 00 24 0d 5b a5 a1 Oct 31 15:24:55.491549: | af 04 09 b6 1c 8c bf ef 40 84 59 5a cc 60 95 33 Oct 31 15:24:55.491551: | 2f 70 b6 6e 9d b2 af 2e 6e f9 a0 61 29 00 00 08 Oct 31 15:24:55.491553: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:55.491555: | 00 04 29 00 00 1c 00 00 40 04 f0 0f ee 38 2b 6a Oct 31 15:24:55.491557: | 40 e2 e4 8c b5 03 2d d9 69 36 ac da 9c 05 00 00 Oct 31 15:24:55.491558: | 00 1c 00 00 40 05 39 4b 87 60 53 b1 f1 52 45 a8 Oct 31 15:24:55.491560: | d3 91 50 36 96 17 1f fe e8 69 Oct 31 15:24:55.491564: | **parse ISAKMP Message: Oct 31 15:24:55.491568: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.491572: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.491574: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:55.491576: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.491578: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.491581: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.491584: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.491586: | length: 842 (00 00 03 4a) Oct 31 15:24:55.491589: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:55.491592: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Oct 31 15:24:55.491595: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:55.491598: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:55.491601: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:55.491603: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:55.491605: | flags: none (0x0) Oct 31 15:24:55.491607: | length: 436 (01 b4) Oct 31 15:24:55.491609: | processing payload: ISAKMP_NEXT_v2SA (len=432) Oct 31 15:24:55.491611: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:55.491614: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:55.491615: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:55.491617: | flags: none (0x0) Oct 31 15:24:55.491620: | length: 264 (01 08) Oct 31 15:24:55.491622: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.491623: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:55.491625: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.491627: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:55.491629: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.491631: | flags: none (0x0) Oct 31 15:24:55.491633: | length: 36 (00 24) Oct 31 15:24:55.491635: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:55.491637: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.491639: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.491641: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.491642: | flags: none (0x0) Oct 31 15:24:55.491645: | length: 8 (00 08) Oct 31 15:24:55.491647: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.491649: | SPI size: 0 (00) Oct 31 15:24:55.491651: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.491653: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:55.491655: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.491657: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.491659: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.491662: | flags: none (0x0) Oct 31 15:24:55.491665: | length: 14 (00 0e) Oct 31 15:24:55.491667: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.491669: | SPI size: 0 (00) Oct 31 15:24:55.491671: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:55.491672: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:55.491674: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.491676: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.491678: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.491680: | flags: none (0x0) Oct 31 15:24:55.491682: | length: 28 (00 1c) Oct 31 15:24:55.491684: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.491686: | SPI size: 0 (00) Oct 31 15:24:55.491688: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.491689: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.491691: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.491693: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.491695: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.491697: | flags: none (0x0) Oct 31 15:24:55.491699: | length: 28 (00 1c) Oct 31 15:24:55.491701: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.491703: | SPI size: 0 (00) Oct 31 15:24:55.491705: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.491707: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.491709: | DDOS disabled and no cookie sent, continuing Oct 31 15:24:55.491711: | looking for message matching transition from STATE_PARENT_R0 Oct 31 15:24:55.491713: | trying Respond to IKE_SA_INIT Oct 31 15:24:55.491715: | matched unencrypted message Oct 31 15:24:55.491720: | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Oct 31 15:24:55.491725: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Oct 31 15:24:55.491727: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:55.491730: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (westnet-eastnet-ikev2) Oct 31 15:24:55.491732: | find_next_host_connection returns "westnet-eastnet-ikev2" Oct 31 15:24:55.491734: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:55.491736: | find_next_host_connection returns Oct 31 15:24:55.491739: | found connection: "westnet-eastnet-ikev2" with policy ECDSA+IKEV2_ALLOW Oct 31 15:24:55.491760: | newref alloc logger@0x55e415c12098(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.491763: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:55.491766: | creating state object #2 at 0x55e415cdd788 Oct 31 15:24:55.491768: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:55.491781: | pstats #2 ikev2.ike started Oct 31 15:24:55.491784: | parent state #2: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Oct 31 15:24:55.491787: | #2.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:55.491794: | Message ID: IKE #2 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744569.924586 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744569.924586 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:55.491797: | orienting westnet-eastnet-ikev2 Oct 31 15:24:55.491801: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:55.491804: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:55.491807: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:4500 at all Oct 31 15:24:55.491810: | westnet-eastnet-ikev2 doesn't match 192.0.2.254:500 at all Oct 31 15:24:55.491812: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:4500 at all Oct 31 15:24:55.491815: | westnet-eastnet-ikev2 doesn't match 192.0.2.250:500 at all Oct 31 15:24:55.491818: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:4500 at all Oct 31 15:24:55.491822: | westnet-eastnet-ikev2 doesn't match 192.0.2.251:500 at all Oct 31 15:24:55.491825: | westnet-eastnet-ikev2 doesn't match 192.1.2.23:4500 at all Oct 31 15:24:55.491827: | oriented westnet-eastnet-ikev2's this Oct 31 15:24:55.491833: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1758) Oct 31 15:24:55.491838: | Message ID: IKE #2 responder starting message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.924586 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:55.491840: | calling processor Respond to IKE_SA_INIT Oct 31 15:24:55.491846: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:55.491848: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA responder matching remote proposals) Oct 31 15:24:55.491858: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.491865: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491868: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.491873: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491877: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.491882: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491884: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.491889: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491891: "westnet-eastnet-ikev2": local IKE proposals (IKE SA responder matching remote proposals): Oct 31 15:24:55.491896: "westnet-eastnet-ikev2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491900: "westnet-eastnet-ikev2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491904: "westnet-eastnet-ikev2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491908: "westnet-eastnet-ikev2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.491911: | comparing remote proposals against IKE responder 4 local proposals Oct 31 15:24:55.491914: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:55.491916: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:55.491918: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:55.491920: | local proposal 1 type DH has 8 transforms Oct 31 15:24:55.491922: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:55.491925: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:55.491927: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:55.491929: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:55.491930: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:55.491932: | local proposal 2 type DH has 8 transforms Oct 31 15:24:55.491935: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:55.491938: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:55.491940: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:55.491942: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:55.491943: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:55.491945: | local proposal 3 type DH has 8 transforms Oct 31 15:24:55.491947: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:55.491949: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:55.491951: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:55.491953: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:55.491955: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:55.491957: | local proposal 4 type DH has 8 transforms Oct 31 15:24:55.491958: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:55.491961: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:55.491963: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.491970: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.491973: | length: 100 (00 64) Oct 31 15:24:55.491976: | prop #: 1 (01) Oct 31 15:24:55.491978: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.491980: | spi size: 0 (00) Oct 31 15:24:55.491982: | # transforms: 11 (0b) Oct 31 15:24:55.491985: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:55.491987: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.491989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.491992: | length: 12 (00 0c) Oct 31 15:24:55.491993: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.491995: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.491998: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.492000: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.492002: | length/value: 256 (01 00) Oct 31 15:24:55.492006: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:55.492008: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492012: | length: 8 (00 08) Oct 31 15:24:55.492014: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492016: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.492019: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:55.492021: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Oct 31 15:24:55.492023: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Oct 31 15:24:55.492025: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Oct 31 15:24:55.492027: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492029: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492031: | length: 8 (00 08) Oct 31 15:24:55.492033: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492035: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.492037: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492039: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492041: | length: 8 (00 08) Oct 31 15:24:55.492043: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492045: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.492048: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:55.492050: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Oct 31 15:24:55.492052: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Oct 31 15:24:55.492055: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Oct 31 15:24:55.492058: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492062: | length: 8 (00 08) Oct 31 15:24:55.492063: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492065: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.492068: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492069: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492072: | length: 8 (00 08) Oct 31 15:24:55.492073: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492075: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.492077: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492081: | length: 8 (00 08) Oct 31 15:24:55.492083: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492085: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.492087: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492091: | length: 8 (00 08) Oct 31 15:24:55.492093: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492095: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.492097: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492101: | length: 8 (00 08) Oct 31 15:24:55.492103: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492105: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.492107: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492111: | length: 8 (00 08) Oct 31 15:24:55.492112: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492114: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.492117: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492118: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.492121: | length: 8 (00 08) Oct 31 15:24:55.492122: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492124: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.492127: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:55.492131: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:55.492133: | remote proposal 1 matches local proposal 1 Oct 31 15:24:55.492135: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.492137: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.492139: | length: 100 (00 64) Oct 31 15:24:55.492142: | prop #: 2 (02) Oct 31 15:24:55.492143: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.492145: | spi size: 0 (00) Oct 31 15:24:55.492148: | # transforms: 11 (0b) Oct 31 15:24:55.492150: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:55.492160: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492166: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492171: | length: 12 (00 0c) Oct 31 15:24:55.492174: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.492178: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.492181: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.492185: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.492189: | length/value: 128 (00 80) Oct 31 15:24:55.492195: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492206: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492214: | length: 8 (00 08) Oct 31 15:24:55.492218: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492221: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.492224: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492226: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492228: | length: 8 (00 08) Oct 31 15:24:55.492230: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492232: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.492234: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492238: | length: 8 (00 08) Oct 31 15:24:55.492240: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492242: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.492244: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492246: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492248: | length: 8 (00 08) Oct 31 15:24:55.492250: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492251: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.492253: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492257: | length: 8 (00 08) Oct 31 15:24:55.492259: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492261: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.492263: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492265: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492267: | length: 8 (00 08) Oct 31 15:24:55.492269: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492271: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.492273: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492275: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492277: | length: 8 (00 08) Oct 31 15:24:55.492279: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492281: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.492283: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492285: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492287: | length: 8 (00 08) Oct 31 15:24:55.492289: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492290: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.492293: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492294: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492297: | length: 8 (00 08) Oct 31 15:24:55.492298: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492300: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.492302: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492304: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.492306: | length: 8 (00 08) Oct 31 15:24:55.492308: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492310: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.492313: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Oct 31 15:24:55.492315: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Oct 31 15:24:55.492318: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.492319: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.492322: | length: 116 (00 74) Oct 31 15:24:55.492324: | prop #: 3 (03) Oct 31 15:24:55.492326: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.492328: | spi size: 0 (00) Oct 31 15:24:55.492330: | # transforms: 13 (0d) Oct 31 15:24:55.492332: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:55.492336: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492338: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492340: | length: 12 (00 0c) Oct 31 15:24:55.492342: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.492343: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.492345: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.492347: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.492350: | length/value: 256 (01 00) Oct 31 15:24:55.492352: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492354: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492356: | length: 8 (00 08) Oct 31 15:24:55.492358: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492360: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.492362: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492366: | length: 8 (00 08) Oct 31 15:24:55.492368: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492370: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.492372: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492373: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492376: | length: 8 (00 08) Oct 31 15:24:55.492377: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.492379: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.492381: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492385: | length: 8 (00 08) Oct 31 15:24:55.492387: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.492389: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.492391: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492393: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492395: | length: 8 (00 08) Oct 31 15:24:55.492397: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492399: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.492401: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492405: | length: 8 (00 08) Oct 31 15:24:55.492407: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492408: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.492410: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492412: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492414: | length: 8 (00 08) Oct 31 15:24:55.492416: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492418: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.492420: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492422: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492424: | length: 8 (00 08) Oct 31 15:24:55.492426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492428: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.492430: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492431: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492434: | length: 8 (00 08) Oct 31 15:24:55.492435: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492437: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.492439: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492441: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492443: | length: 8 (00 08) Oct 31 15:24:55.492445: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492447: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.492449: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492454: | length: 8 (00 08) Oct 31 15:24:55.492456: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492458: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.492460: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492462: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.492464: | length: 8 (00 08) Oct 31 15:24:55.492465: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492467: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.492470: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:55.492473: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:55.492475: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.492477: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.492479: | length: 116 (00 74) Oct 31 15:24:55.492481: | prop #: 4 (04) Oct 31 15:24:55.492483: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.492485: | spi size: 0 (00) Oct 31 15:24:55.492487: | # transforms: 13 (0d) Oct 31 15:24:55.492489: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:55.492491: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492493: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492495: | length: 12 (00 0c) Oct 31 15:24:55.492497: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.492499: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.492501: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.492502: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.492505: | length/value: 128 (00 80) Oct 31 15:24:55.492507: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492511: | length: 8 (00 08) Oct 31 15:24:55.492513: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492515: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.492517: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492519: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492521: | length: 8 (00 08) Oct 31 15:24:55.492522: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.492524: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.492526: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492528: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492530: | length: 8 (00 08) Oct 31 15:24:55.492532: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.492534: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.492536: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492538: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492540: | length: 8 (00 08) Oct 31 15:24:55.492542: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.492544: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.492546: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492548: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492550: | length: 8 (00 08) Oct 31 15:24:55.492552: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492553: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.492555: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492557: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492559: | length: 8 (00 08) Oct 31 15:24:55.492561: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492563: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.492565: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492567: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492569: | length: 8 (00 08) Oct 31 15:24:55.492572: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492574: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.492576: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492580: | length: 8 (00 08) Oct 31 15:24:55.492581: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492583: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.492585: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492587: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492589: | length: 8 (00 08) Oct 31 15:24:55.492591: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492593: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.492595: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492599: | length: 8 (00 08) Oct 31 15:24:55.492601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492603: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.492605: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492607: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.492609: | length: 8 (00 08) Oct 31 15:24:55.492610: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492612: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.492614: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.492616: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.492618: | length: 8 (00 08) Oct 31 15:24:55.492620: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.492622: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.492625: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:55.492627: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:55.492632: "westnet-eastnet-ikev2" #2: proposal 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Oct 31 15:24:55.492636: | accepted IKE proposal ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 Oct 31 15:24:55.492638: | converting proposal to internal trans attrs Oct 31 15:24:55.492643: | nat: IKE.SPIr is zero Oct 31 15:24:55.492653: | natd_hash: hasher=0x55e41453bf80(20) Oct 31 15:24:55.492655: | natd_hash: icookie= Oct 31 15:24:55.492657: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.492659: | natd_hash: rcookie= Oct 31 15:24:55.492661: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.492662: | natd_hash: ip= Oct 31 15:24:55.492664: | c0 01 02 17 Oct 31 15:24:55.492666: | natd_hash: port= Oct 31 15:24:55.492667: | 01 f4 Oct 31 15:24:55.492669: | natd_hash: hash= Oct 31 15:24:55.492671: | 39 4b 87 60 53 b1 f1 52 45 a8 d3 91 50 36 96 17 Oct 31 15:24:55.492673: | 1f fe e8 69 Oct 31 15:24:55.492674: | nat: IKE.SPIr is zero Oct 31 15:24:55.492679: | natd_hash: hasher=0x55e41453bf80(20) Oct 31 15:24:55.492681: | natd_hash: icookie= Oct 31 15:24:55.492683: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.492684: | natd_hash: rcookie= Oct 31 15:24:55.492686: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.492688: | natd_hash: ip= Oct 31 15:24:55.492691: | c0 01 02 2d Oct 31 15:24:55.492692: | natd_hash: port= Oct 31 15:24:55.492694: | 01 f4 Oct 31 15:24:55.492696: | natd_hash: hash= Oct 31 15:24:55.492697: | f0 0f ee 38 2b 6a 40 e2 e4 8c b5 03 2d d9 69 36 Oct 31 15:24:55.492699: | ac da 9c 05 Oct 31 15:24:55.492701: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:55.492703: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:55.492705: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:55.492708: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 Oct 31 15:24:55.492710: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.492712: | hash algorithm identifier (network ordered) Oct 31 15:24:55.492713: | 00 02 Oct 31 15:24:55.492715: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:55.492717: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.492719: | hash algorithm identifier (network ordered) Oct 31 15:24:55.492721: | 00 03 Oct 31 15:24:55.492722: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:55.492724: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.492726: | hash algorithm identifier (network ordered) Oct 31 15:24:55.492728: | 00 04 Oct 31 15:24:55.492729: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:55.492738: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.492740: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:55.492742: | newref clone logger@0x55e415cc6278(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.492745: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): adding job to queue Oct 31 15:24:55.492747: | state #2 has no .st_event to delete Oct 31 15:24:55.492749: | #2 STATE_PARENT_R0: retransmits: cleared Oct 31 15:24:55.492752: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55e415cda728 Oct 31 15:24:55.492754: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Oct 31 15:24:55.492757: | libevent_malloc: newref ptr-libevent@0x55e415cd2ae8 size 128 Oct 31 15:24:55.492769: | #2 spent 0.914 (0.924) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch() Oct 31 15:24:55.492773: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.492776: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Oct 31 15:24:55.492779: | suspending state #2 and saving MD 0x55e415cdbf78 Oct 31 15:24:55.492781: | addref md@0x55e415cdbf78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.492783: | #2 is busy; has suspended MD 0x55e415cdbf78 Oct 31 15:24:55.492784: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): helper 5 starting job Oct 31 15:24:55.492787: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1760) Oct 31 15:24:55.492806: | #2 spent 1.37 (1.39) milliseconds in ikev2_process_packet() Oct 31 15:24:55.492809: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.492812: | delref mdp@0x55e415cdbf78(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.492815: | spent 1.38 (1.4) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.495108: | "westnet-eastnet-ikev2" #2: spent 2.3 (2.32) milliseconds in helper 5 processing job 2 for state #2: ikev2_inI1outR1 KE (pcr) Oct 31 15:24:55.495120: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): helper thread 5 sending result back to state Oct 31 15:24:55.495125: | scheduling resume sending helper answer back to state for #2 Oct 31 15:24:55.495130: | libevent_malloc: newref ptr-libevent@0x7fd96c006108 size 128 Oct 31 15:24:55.495140: | helper thread 5 has nothing to do Oct 31 15:24:55.495150: | processing resume sending helper answer back to state for #2 Oct 31 15:24:55.495164: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.495169: | unsuspending #2 MD 0x55e415cdbf78 Oct 31 15:24:55.495172: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): processing response from helper 5 Oct 31 15:24:55.495175: | job 2 for #2: ikev2_inI1outR1 KE (build KE and nonce): calling continuation function 0x55e414449fe7 Oct 31 15:24:55.495177: | ikev2_parent_inI1outR1_continue() for #2 STATE_PARENT_R0: calculated ke+nonce, sending R1 Oct 31 15:24:55.495184: | opening output PBS reply packet Oct 31 15:24:55.495187: | **emit ISAKMP Message: Oct 31 15:24:55.495191: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.495194: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.495197: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.495223: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.495230: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.495232: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:55.495235: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.495238: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.495241: | emitting ikev2_proposal ... Oct 31 15:24:55.495243: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:55.495246: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.495248: | flags: none (0x0) Oct 31 15:24:55.495250: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.495252: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.495256: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.495259: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.495267: | prop #: 1 (01) Oct 31 15:24:55.495272: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.495276: | spi size: 0 (00) Oct 31 15:24:55.495280: | # transforms: 3 (03) Oct 31 15:24:55.495283: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.495288: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.495292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.495296: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.495299: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.495303: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.495307: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.495311: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.495315: | length/value: 256 (01 00) Oct 31 15:24:55.495319: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.495321: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.495323: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.495325: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.495327: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.495329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.495331: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.495334: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.495336: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.495338: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.495339: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.495341: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.495347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.495349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.495351: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.495353: | emitting length of IKEv2 Proposal Substructure Payload: 36 Oct 31 15:24:55.495355: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.495357: | emitting length of IKEv2 Security Association Payload: 40 Oct 31 15:24:55.495359: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.495363: | DH secret MODP2048@0x7fd96c006ba8: transferring ownership from helper KE to state #2 Oct 31 15:24:55.495365: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:55.495367: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.495369: | flags: none (0x0) Oct 31 15:24:55.495371: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.495373: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:55.495381: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.495384: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:55.495386: | ikev2 g^x: Oct 31 15:24:55.495388: | 2c d8 f0 02 65 e3 b4 96 44 e8 0c 78 af 93 1a 9f Oct 31 15:24:55.495390: | d0 4f ff 8a ff 53 a0 22 8f a3 d2 8d a2 be 40 24 Oct 31 15:24:55.495391: | 22 dc c7 a7 01 79 91 b2 3d 38 3a 00 46 40 fb f3 Oct 31 15:24:55.495393: | fb b2 1e b7 68 2e 40 c4 c8 a2 90 a4 e3 fe 70 0d Oct 31 15:24:55.495395: | dd 68 97 47 4f af fa f4 4c 40 c3 87 19 ff d2 8a Oct 31 15:24:55.495397: | 43 32 aa dd 14 ae 87 da cb b4 27 d9 14 75 39 5f Oct 31 15:24:55.495398: | 9a a0 40 ef a2 54 b9 88 49 57 26 8a 19 9e b6 58 Oct 31 15:24:55.495400: | 6c b6 f3 af d5 72 07 27 b8 0d 42 a9 85 61 4a 85 Oct 31 15:24:55.495402: | 96 b4 a7 66 45 4c c5 e6 52 4e ee a2 b6 21 e9 e9 Oct 31 15:24:55.495403: | 8a ea 3d e7 e6 d5 33 25 b3 36 1b 61 58 d9 4d f3 Oct 31 15:24:55.495405: | b2 a0 d4 7e 2e d3 ea d2 42 61 0c 02 8a e8 67 08 Oct 31 15:24:55.495407: | 4c e3 da cd 6e 58 cc 24 c5 fa d6 6b 91 7e 92 3f Oct 31 15:24:55.495409: | 1a d3 26 85 6a 78 b9 ef df 8c cc 37 22 49 46 bb Oct 31 15:24:55.495410: | f7 05 90 1a 69 a5 ce 47 f6 57 fe 1c 27 d8 10 3d Oct 31 15:24:55.495412: | b9 0c 69 90 7a c4 1b 77 a7 70 6a 38 9e 55 3a c2 Oct 31 15:24:55.495414: | 51 8d 35 b9 53 de 90 37 c2 6e 3b 6f 24 75 71 70 Oct 31 15:24:55.495416: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:55.495418: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:55.495420: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.495422: | flags: none (0x0) Oct 31 15:24:55.495424: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.495426: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.495428: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:55.495430: | IKEv2 nonce: Oct 31 15:24:55.495432: | a6 22 eb 2f 10 b9 c1 78 0c 6e 8a 7d ae 94 ad c8 Oct 31 15:24:55.495434: | d4 e1 a5 c6 8f 91 4c 7e fb 67 32 ef cb 0d 27 f7 Oct 31 15:24:55.495435: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:55.495438: | adding a v2N Payload Oct 31 15:24:55.495440: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.495442: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.495445: | flags: none (0x0) Oct 31 15:24:55.495447: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.495449: | SPI size: 0 (00) Oct 31 15:24:55.495452: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.495454: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.495456: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.495458: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:55.495460: | adding a v2N Payload Oct 31 15:24:55.495462: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.495464: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.495465: | flags: none (0x0) Oct 31 15:24:55.495467: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.495469: | SPI size: 0 (00) Oct 31 15:24:55.495471: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:55.495473: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.495475: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.495477: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:55.495480: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:55.495482: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:55.495484: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:55.495486: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:55.495488: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:55.495490: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:55.495492: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:55.495503: | natd_hash: hasher=0x55e41453bf80(20) Oct 31 15:24:55.495505: | natd_hash: icookie= Oct 31 15:24:55.495507: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.495509: | natd_hash: rcookie= Oct 31 15:24:55.495510: | 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.495512: | natd_hash: ip= Oct 31 15:24:55.495514: | c0 01 02 17 Oct 31 15:24:55.495516: | natd_hash: port= Oct 31 15:24:55.495517: | 01 f4 Oct 31 15:24:55.495519: | natd_hash: hash= Oct 31 15:24:55.495521: | 67 f4 33 47 a2 25 62 f2 17 19 d3 1b d5 07 18 d3 Oct 31 15:24:55.495523: | d6 f4 54 6a Oct 31 15:24:55.495524: | adding a v2N Payload Oct 31 15:24:55.495526: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.495528: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.495530: | flags: none (0x0) Oct 31 15:24:55.495532: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.495534: | SPI size: 0 (00) Oct 31 15:24:55.495536: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.495538: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.495540: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.495542: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.495544: | Notify data: Oct 31 15:24:55.495545: | 67 f4 33 47 a2 25 62 f2 17 19 d3 1b d5 07 18 d3 Oct 31 15:24:55.495547: | d6 f4 54 6a Oct 31 15:24:55.495549: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.495554: | natd_hash: hasher=0x55e41453bf80(20) Oct 31 15:24:55.495556: | natd_hash: icookie= Oct 31 15:24:55.495558: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.495560: | natd_hash: rcookie= Oct 31 15:24:55.495561: | 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.495563: | natd_hash: ip= Oct 31 15:24:55.495565: | c0 01 02 2d Oct 31 15:24:55.495566: | natd_hash: port= Oct 31 15:24:55.495569: | 01 f4 Oct 31 15:24:55.495571: | natd_hash: hash= Oct 31 15:24:55.495573: | 76 45 3c d3 1b 14 d1 5c 25 8f 7f 82 7a 58 3c 0b Oct 31 15:24:55.495574: | 30 d0 13 40 Oct 31 15:24:55.495576: | adding a v2N Payload Oct 31 15:24:55.495578: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.495580: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.495581: | flags: none (0x0) Oct 31 15:24:55.495583: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.495585: | SPI size: 0 (00) Oct 31 15:24:55.495587: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.495589: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.495591: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.495593: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.495595: | Notify data: Oct 31 15:24:55.495597: | 76 45 3c d3 1b 14 d1 5c 25 8f 7f 82 7a 58 3c 0b Oct 31 15:24:55.495605: | 30 d0 13 40 Oct 31 15:24:55.495607: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.495609: | emitting length of ISAKMP Message: 446 Oct 31 15:24:55.495615: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.495618: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Oct 31 15:24:55.495620: | transitioning from state STATE_PARENT_R0 to state STATE_PARENT_R1 Oct 31 15:24:55.495622: | Message ID: updating counters for #2 Oct 31 15:24:55.495629: | Message ID: IKE #2 updating responder received message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=-1 ike.responder.recv=-1->0 ike.responder.last_contact=744569.924586->744569.928421 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:55.495636: | Message ID: IKE #2 updating responder sent message response 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=-1->0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.495641: | Message ID: IKE #2 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.495644: | parent state #2: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Oct 31 15:24:55.495646: | announcing the state transition Oct 31 15:24:55.495650: "westnet-eastnet-ikev2" #2: sent IKE_SA_INIT reply {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:55.495656: | sending 446 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #2) Oct 31 15:24:55.495659: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.495660: | 21 20 22 20 00 00 00 00 00 00 01 be 22 00 00 28 Oct 31 15:24:55.495662: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:55.495664: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:55.495666: | 04 00 00 0e 28 00 01 08 00 0e 00 00 2c d8 f0 02 Oct 31 15:24:55.495667: | 65 e3 b4 96 44 e8 0c 78 af 93 1a 9f d0 4f ff 8a Oct 31 15:24:55.495669: | ff 53 a0 22 8f a3 d2 8d a2 be 40 24 22 dc c7 a7 Oct 31 15:24:55.495671: | 01 79 91 b2 3d 38 3a 00 46 40 fb f3 fb b2 1e b7 Oct 31 15:24:55.495672: | 68 2e 40 c4 c8 a2 90 a4 e3 fe 70 0d dd 68 97 47 Oct 31 15:24:55.495674: | 4f af fa f4 4c 40 c3 87 19 ff d2 8a 43 32 aa dd Oct 31 15:24:55.495676: | 14 ae 87 da cb b4 27 d9 14 75 39 5f 9a a0 40 ef Oct 31 15:24:55.495678: | a2 54 b9 88 49 57 26 8a 19 9e b6 58 6c b6 f3 af Oct 31 15:24:55.495679: | d5 72 07 27 b8 0d 42 a9 85 61 4a 85 96 b4 a7 66 Oct 31 15:24:55.495683: | 45 4c c5 e6 52 4e ee a2 b6 21 e9 e9 8a ea 3d e7 Oct 31 15:24:55.495685: | e6 d5 33 25 b3 36 1b 61 58 d9 4d f3 b2 a0 d4 7e Oct 31 15:24:55.495686: | 2e d3 ea d2 42 61 0c 02 8a e8 67 08 4c e3 da cd Oct 31 15:24:55.495688: | 6e 58 cc 24 c5 fa d6 6b 91 7e 92 3f 1a d3 26 85 Oct 31 15:24:55.495690: | 6a 78 b9 ef df 8c cc 37 22 49 46 bb f7 05 90 1a Oct 31 15:24:55.495692: | 69 a5 ce 47 f6 57 fe 1c 27 d8 10 3d b9 0c 69 90 Oct 31 15:24:55.495693: | 7a c4 1b 77 a7 70 6a 38 9e 55 3a c2 51 8d 35 b9 Oct 31 15:24:55.495695: | 53 de 90 37 c2 6e 3b 6f 24 75 71 70 29 00 00 24 Oct 31 15:24:55.495697: | a6 22 eb 2f 10 b9 c1 78 0c 6e 8a 7d ae 94 ad c8 Oct 31 15:24:55.495699: | d4 e1 a5 c6 8f 91 4c 7e fb 67 32 ef cb 0d 27 f7 Oct 31 15:24:55.495700: | 29 00 00 08 00 00 40 2e 29 00 00 0e 00 00 40 2f Oct 31 15:24:55.495702: | 00 02 00 03 00 04 29 00 00 1c 00 00 40 04 67 f4 Oct 31 15:24:55.495704: | 33 47 a2 25 62 f2 17 19 d3 1b d5 07 18 d3 d6 f4 Oct 31 15:24:55.495705: | 54 6a 00 00 00 1c 00 00 40 05 76 45 3c d3 1b 14 Oct 31 15:24:55.495707: | d1 5c 25 8f 7f 82 7a 58 3c 0b 30 d0 13 40 Oct 31 15:24:55.495741: | sent 1 messages Oct 31 15:24:55.495751: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.495756: | libevent_free: delref ptr-libevent@0x55e415cd2ae8 Oct 31 15:24:55.495761: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55e415cda728 Oct 31 15:24:55.495766: | event_schedule: newref EVENT_SO_DISCARD-pe@0x55e415cd2ae8 Oct 31 15:24:55.495770: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #2 Oct 31 15:24:55.495773: | libevent_malloc: newref ptr-libevent@0x55e415cd4338 size 128 Oct 31 15:24:55.495779: | delref logger@0x55e415cc6278(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.495783: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.495786: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.495791: | resume sending helper answer back to state for #2 suppresed complete_v2_state_transition() Oct 31 15:24:55.495795: | delref mdp@0x55e415cdbf78(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.495799: | delref logger@0x55e415c12268(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.495803: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.495806: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.495815: | #2 spent 0.597 (0.643) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.495823: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.495827: | libevent_free: delref ptr-libevent@0x7fd96c006108 Oct 31 15:24:55.510049: | spent 0.00252 (0.00253) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.510070: | newref struct msg_digest@0x55e415cdbf78(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.510075: | newref alloc logger@0x55e415c12268(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.510083: | *received 539 bytes from 192.1.2.45:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:55.510087: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.510090: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Oct 31 15:24:55.510093: | 00 01 00 02 af 2a 07 41 29 29 f8 22 d7 a9 71 cb Oct 31 15:24:55.510095: | bd 02 0f 98 f5 71 21 bf 12 e0 cb 61 54 5a df a3 Oct 31 15:24:55.510098: | 96 41 d6 24 a4 0b a2 41 1f 20 10 dd 95 a5 82 04 Oct 31 15:24:55.510101: | ab 57 5d 1c 57 e3 92 36 ea 2c fb 24 0e 93 a0 ce Oct 31 15:24:55.510103: | bd 1b 66 db b5 00 13 e5 94 de 6b 56 bb 05 1f a1 Oct 31 15:24:55.510106: | c4 50 1a 2e d2 7d 2b 0a 1f ab 46 10 7b e5 da c0 Oct 31 15:24:55.510109: | e4 d0 ce 97 80 bb 4b ee 97 84 53 e3 86 4d 47 16 Oct 31 15:24:55.510111: | 74 1d 69 97 8e 4a 54 63 44 b3 4d a1 87 d3 d4 cd Oct 31 15:24:55.510114: | f5 db bd 29 af fe 6d d9 c5 c0 b2 69 c6 e7 51 7f Oct 31 15:24:55.510118: | 9f 6b e4 10 00 9f f6 d8 ed e1 2f ef 0f ee e4 54 Oct 31 15:24:55.510121: | 92 5d d0 36 9c 11 30 0e 53 f9 7f 46 fe 5b a7 2e Oct 31 15:24:55.510123: | 8a 6f d0 ee db 79 93 57 c2 4b 22 f0 61 28 75 3a Oct 31 15:24:55.510126: | 85 09 44 38 fe 93 fb 2f 93 55 0f 11 88 53 d9 f4 Oct 31 15:24:55.510128: | 67 27 c2 4b 43 3f 6a 11 1c 02 15 e6 86 8b ef 57 Oct 31 15:24:55.510130: | 77 21 92 83 6f 50 4f 45 48 93 21 fd 01 b1 83 bc Oct 31 15:24:55.510132: | 17 e1 87 f1 4b 8d c1 63 9f 8b 66 98 9f df 98 8a Oct 31 15:24:55.510135: | 83 0e 39 2c 48 9a 50 eb c7 51 84 41 7b 1f 26 5b Oct 31 15:24:55.510137: | ae 0a 67 05 20 ce f2 4e 43 e6 ff c5 d9 87 85 bd Oct 31 15:24:55.510139: | ae e7 14 5d 35 13 86 e4 b8 8b 0c b0 5d 3f 77 97 Oct 31 15:24:55.510141: | 62 bd 2b be b9 cd ce 5d bb c1 79 7d 07 5b db d0 Oct 31 15:24:55.510142: | d9 c8 92 fc 5e f5 3a 85 25 04 04 c6 36 24 01 28 Oct 31 15:24:55.510144: | 07 8b ce 83 02 14 15 1a 8d 08 37 f7 8d 56 14 ce Oct 31 15:24:55.510147: | 25 10 b7 36 50 2f 61 f8 69 7e be 34 ee f8 3c 15 Oct 31 15:24:55.510149: | 4a 75 7a bd d2 81 ee ad 9e 0a 9c 34 6e cd 81 66 Oct 31 15:24:55.510151: | af 2d da 3a 8c e3 35 fb 65 16 2b d7 d7 66 f4 13 Oct 31 15:24:55.510154: | 56 64 37 ff 04 66 f3 9e b0 0e 4e 4b 14 d3 26 69 Oct 31 15:24:55.510156: | 2d 73 80 92 e7 96 da ab dc 64 fa 95 48 7d b1 f1 Oct 31 15:24:55.510159: | ca 6b 62 12 d4 bf 0a 0b 3f 2a 64 63 2e 03 c2 ed Oct 31 15:24:55.510162: | a8 29 a8 aa d3 73 80 75 c5 49 71 45 99 76 22 c6 Oct 31 15:24:55.510164: | b2 b6 af 96 73 82 dc 2d 95 44 d4 ae a7 50 87 9c Oct 31 15:24:55.510166: | 96 c4 9c 9c e9 f0 1d fc b2 78 1a f7 c1 bf 4e 3f Oct 31 15:24:55.510169: | a7 94 7a 8d ed fa 4b 0d c2 7b 6c Oct 31 15:24:55.510175: | **parse ISAKMP Message: Oct 31 15:24:55.510180: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.510186: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.510189: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:55.510193: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.510196: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.510220: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.510228: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.510233: | length: 539 (00 00 02 1b) Oct 31 15:24:55.510236: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:55.510240: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:55.510245: | State DB: found IKEv2 state #2 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:55.510254: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:55.510258: | #2 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:55.510262: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:55.510266: | #2 is idle Oct 31 15:24:55.510276: | Message ID: IKE #2 not a duplicate - message request 1 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.510283: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:55.510286: | unpacking clear payload Oct 31 15:24:55.510289: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:55.510293: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:55.510296: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:55.510299: | flags: none (0x0) Oct 31 15:24:55.510303: | length: 511 (01 ff) Oct 31 15:24:55.510307: | fragment number: 1 (00 01) Oct 31 15:24:55.510310: | total fragments: 2 (00 02) Oct 31 15:24:55.510313: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:55.510316: | #2 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:55.510322: | received IKE encrypted fragment number '1', total number '2', next payload '35' Oct 31 15:24:55.510329: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:55.510336: | #2 spent 0.276 (0.294) milliseconds in ikev2_process_packet() Oct 31 15:24:55.510339: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.510342: | delref mdp@0x55e415cdbf78(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.510345: | delref logger@0x55e415c12268(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.510348: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.510351: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.510357: | spent 0.297 (0.316) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.510369: | spent 0.00237 (0.00203) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.510377: | newref struct msg_digest@0x55e415cdbf78(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.510380: | newref alloc logger@0x55e415c12268(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.510386: | *received 169 bytes from 192.1.2.45:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:55.510389: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.510391: | 35 20 23 08 00 00 00 01 00 00 00 a9 00 00 00 8d Oct 31 15:24:55.510393: | 00 02 00 02 3a 4c 7e c5 e1 4d 68 8c 9c 7d fa ba Oct 31 15:24:55.510396: | 40 d2 ba 95 8a d1 6b 04 c4 1f 44 fb 22 7b 4f 3e Oct 31 15:24:55.510398: | c1 8e 84 19 ae da 6c c4 93 80 fe ae 03 67 93 fe Oct 31 15:24:55.510401: | 5a 22 45 4d 85 28 9b a4 e7 98 99 52 af 3e c5 9d Oct 31 15:24:55.510403: | 49 f1 05 e4 e7 24 cb ea 4d ec 18 fa c9 90 a4 ae Oct 31 15:24:55.510405: | a3 23 0c 49 22 d4 74 bd ba 34 70 d4 86 fd 2b 76 Oct 31 15:24:55.510408: | f2 ee 71 cf 0d 82 20 ff 04 99 bb 1a bf b4 80 fc Oct 31 15:24:55.510410: | e4 fd 9c b0 5b 26 c0 95 3c 18 3e da ed 7e fa b1 Oct 31 15:24:55.510412: | 0b b1 81 67 5d b3 da a0 1f Oct 31 15:24:55.510416: | **parse ISAKMP Message: Oct 31 15:24:55.510420: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.510425: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.510428: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:55.510430: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.510433: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.510436: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.510439: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.510443: | length: 169 (00 00 00 a9) Oct 31 15:24:55.510446: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:55.510450: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:55.510454: | State DB: found IKEv2 state #2 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:55.510460: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:55.510464: | #2 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:55.510467: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:55.510470: | #2 is idle Oct 31 15:24:55.510476: | Message ID: IKE #2 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.510482: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:55.510484: | unpacking clear payload Oct 31 15:24:55.510487: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:55.510490: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:55.510493: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.510498: | flags: none (0x0) Oct 31 15:24:55.510501: | length: 141 (00 8d) Oct 31 15:24:55.510505: | fragment number: 2 (00 02) Oct 31 15:24:55.510508: | total fragments: 2 (00 02) Oct 31 15:24:55.510511: | processing payload: ISAKMP_NEXT_v2SKF (len=133) Oct 31 15:24:55.510514: | #2 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:55.510517: | received IKE encrypted fragment number '2', total number '2', next payload '0' Oct 31 15:24:55.510522: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:55.510525: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:55.510529: | ikev2 parent ikev2_ike_sa_process_auth_request_no_skeyid(): calculating g^{xy} in order to decrypt I2 Oct 31 15:24:55.510535: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:55.510540: | DH secret MODP2048@0x7fd96c006ba8: transferring ownership from state #2 to helper IKEv2 DH Oct 31 15:24:55.510546: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.510549: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:55.510552: | newref clone logger@0x55e415cc6278(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.510555: | job 3 for #2: ikev2_inI2outR2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:55.510558: | state #2 deleting .st_event EVENT_SO_DISCARD Oct 31 15:24:55.510562: | libevent_free: delref ptr-libevent@0x55e415cd4338 Oct 31 15:24:55.510566: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x55e415cd2ae8 Oct 31 15:24:55.510569: | #2 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:55.510573: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55e415cc5f68 Oct 31 15:24:55.510576: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Oct 31 15:24:55.510579: | libevent_malloc: newref ptr-libevent@0x7fd96c006108 size 128 Oct 31 15:24:55.510593: | #2 spent 0.0617 (0.0616) milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in v2_dispatch() Oct 31 15:24:55.510599: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.510605: | #2 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:55.510608: | suspending state #2 and saving MD 0x55e415cdbf78 Oct 31 15:24:55.510613: | addref md@0x55e415cdbf78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.510607: | job 3 for #2: ikev2_inI2outR2 KE (compute dh (V2)): helper 6 starting job Oct 31 15:24:55.510616: | #2 is busy; has suspended MD 0x55e415cdbf78 Oct 31 15:24:55.510642: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:55.510649: | #2 spent 0.277 (0.283) milliseconds in ikev2_process_packet() Oct 31 15:24:55.510652: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.510654: | delref mdp@0x55e415cdbf78(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.510657: | spent 0.286 (0.292) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.511769: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:55.511963: | "westnet-eastnet-ikev2" #2: spent 1.28 (1.36) milliseconds in helper 6 processing job 3 for state #2: ikev2_inI2outR2 KE (pcr) Oct 31 15:24:55.511970: | job 3 for #2: ikev2_inI2outR2 KE (compute dh (V2)): helper thread 6 sending result back to state Oct 31 15:24:55.511974: | scheduling resume sending helper answer back to state for #2 Oct 31 15:24:55.511978: | libevent_malloc: newref ptr-libevent@0x7fd97000cc18 size 128 Oct 31 15:24:55.511988: | helper thread 6 has nothing to do Oct 31 15:24:55.512000: | processing resume sending helper answer back to state for #2 Oct 31 15:24:55.512012: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.512019: | unsuspending #2 MD 0x55e415cdbf78 Oct 31 15:24:55.512022: | job 3 for #2: ikev2_inI2outR2 KE (compute dh (V2)): processing response from helper 6 Oct 31 15:24:55.512025: | job 3 for #2: ikev2_inI2outR2 KE (compute dh (V2)): calling continuation function 0x55e414449fe7 Oct 31 15:24:55.512028: | ikev2_ike_sa_process_auth_request_no_skeyid_continue() for #2 STATE_PARENT_R1: calculating g^{xy}, sending R2 Oct 31 15:24:55.512032: | DH secret MODP2048@0x7fd96c006ba8: transferring ownership from helper IKEv2 DH to state #2 Oct 31 15:24:55.512035: | #2 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:55.512038: | already have all fragments, skipping fragment collection Oct 31 15:24:55.512040: | already have all fragments, skipping fragment collection Oct 31 15:24:55.512062: | #2 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:55.512067: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Oct 31 15:24:55.512072: | **parse IKEv2 Identification - Initiator - Payload: Oct 31 15:24:55.512074: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:55.512076: | flags: none (0x0) Oct 31 15:24:55.512079: | length: 12 (00 0c) Oct 31 15:24:55.512081: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.512083: | reserved: 00 00 00 Oct 31 15:24:55.512085: | processing payload: ISAKMP_NEXT_v2IDi (len=4) Oct 31 15:24:55.512087: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:55.512089: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:55.512090: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:55.512092: | flags: none (0x0) Oct 31 15:24:55.512094: | length: 12 (00 0c) Oct 31 15:24:55.512096: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.512098: | reserved: 00 00 00 Oct 31 15:24:55.512099: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:24:55.512101: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:55.512103: | **parse IKEv2 Authentication Payload: Oct 31 15:24:55.512105: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:55.512106: | flags: none (0x0) Oct 31 15:24:55.512108: | length: 350 (01 5e) Oct 31 15:24:55.512110: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:55.512112: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:24:55.512113: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:55.512115: | **parse IKEv2 Security Association Payload: Oct 31 15:24:55.512117: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:55.512118: | flags: none (0x0) Oct 31 15:24:55.512120: | length: 164 (00 a4) Oct 31 15:24:55.512122: | processing payload: ISAKMP_NEXT_v2SA (len=160) Oct 31 15:24:55.512124: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:55.512125: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:55.512127: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:55.512128: | flags: none (0x0) Oct 31 15:24:55.512130: | length: 24 (00 18) Oct 31 15:24:55.512132: | number of TS: 1 (01) Oct 31 15:24:55.512134: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:55.512136: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:55.512137: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:55.512139: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.512141: | flags: none (0x0) Oct 31 15:24:55.512142: | length: 24 (00 18) Oct 31 15:24:55.512144: | number of TS: 1 (01) Oct 31 15:24:55.512146: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:55.512148: | selected state microcode Responder: process IKE_AUTH request Oct 31 15:24:55.512153: | Message ID: IKE #2 responder starting message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:24:55.512156: | calling processor Responder: process IKE_AUTH request Oct 31 15:24:55.512164: "westnet-eastnet-ikev2" #2: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Oct 31 15:24:55.512166: | no certs to decode Oct 31 15:24:55.512171: | #2 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:55.512173: | received IDr payload - extracting our alleged ID Oct 31 15:24:55.512176: | refine_host_connection for IKEv2: starting with "westnet-eastnet-ikev2" Oct 31 15:24:55.512179: | match_id a=@west Oct 31 15:24:55.512181: | b=@west Oct 31 15:24:55.512183: | results matched Oct 31 15:24:55.512185: | refine_host_connection: checking "westnet-eastnet-ikev2" against "westnet-eastnet-ikev2", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Oct 31 15:24:55.512187: | warning: not switching back to template of current instance Oct 31 15:24:55.512189: | peer expects us to be @east (ID_FQDN) according to its IDr payload Oct 31 15:24:55.512191: | this connection's local id is @east (ID_FQDN) Oct 31 15:24:55.512193: | refine_host_connection: checked "westnet-eastnet-ikev2" against "westnet-eastnet-ikev2", now for see if best Oct 31 15:24:55.512217: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@west of kind RSA Oct 31 15:24:55.512223: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.512224: | matched Oct 31 15:24:55.512226: | secrets entry for ckaid already exists Oct 31 15:24:55.512228: | connection westnet-eastnet-ikev2's RSA private key found in NSS DB using CKAID Oct 31 15:24:55.512229: | returning because exact peer id match Oct 31 15:24:55.512232: | offered CA: '%none' Oct 31 15:24:55.512234: "westnet-eastnet-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@west' Oct 31 15:24:55.512258: | verifying AUTH payload Oct 31 15:24:55.512262: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:55.512264: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:55.512265: | ASN.1 blob for hash algo Oct 31 15:24:55.512267: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:55.512269: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:55.512270: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:55.512272: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:55.512273: | 03 02 01 40 Oct 31 15:24:55.512286: | required RSA CA is '%any' Oct 31 15:24:55.512289: | trying all remote certificates public keys for RSA key that matches ID: @west Oct 31 15:24:55.512291: | trying all preloaded keys public keys for RSA key that matches ID: @west Oct 31 15:24:55.512293: | skipping '@east' with wrong ID Oct 31 15:24:55.512295: | trying '@west' issued by CA '%any' Oct 31 15:24:55.512298: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:55.512300: | 9c 70 54 06 02 a6 a9 51 ca 8e 74 7c b2 b6 6e 7a Oct 31 15:24:55.512301: | 66 7b 5c 76 a2 3a 9a 52 71 eb 78 77 3b 1b 4a 04 Oct 31 15:24:55.512303: | 11 af 0e 3a 39 e9 19 a0 3b a9 bf 86 9d 68 1a f0 Oct 31 15:24:55.512304: | eb d1 56 68 d4 6f 9b f8 51 bf 6d 33 f3 eb 37 54 Oct 31 15:24:55.512359: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:55.512363: | addref pk@0x55e415cda8f8(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:55.512365: | an RSA Sig check passed with *AQOm9dY/4 [preloaded keys] Oct 31 15:24:55.512370: | #2 spent 0.0704 (0.0704) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:55.512372: "westnet-eastnet-ikev2" #2: authenticated using RSA with SHA2_512 Oct 31 15:24:55.512376: | #2 spent 0.0989 (0.0988) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:55.512390: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:55.512400: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@west of kind RSA Oct 31 15:24:55.512402: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:55.512406: | matched Oct 31 15:24:55.512407: | secrets entry for ckaid already exists Oct 31 15:24:55.512409: | connection westnet-eastnet-ikev2's RSA private key found in NSS DB using CKAID Oct 31 15:24:55.512413: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.512414: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:55.512417: | newref clone logger@0x55e415cd2ae8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.512419: | job 4 for #2: computing responder signature (signature): adding job to queue Oct 31 15:24:55.512421: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.512428: | libevent_free: delref ptr-libevent@0x7fd96c006108 Oct 31 15:24:55.512431: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55e415cc5f68 Oct 31 15:24:55.512433: | #2 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:55.512435: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55e415cd4828 Oct 31 15:24:55.512437: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Oct 31 15:24:55.512439: | libevent_malloc: newref ptr-libevent@0x55e415cd4338 size 128 Oct 31 15:24:55.512445: | ikev2_parent_inI2outR2_continue_tail returned STF_SUSPEND Oct 31 15:24:55.512449: | #2 spent 0.264 (0.287) milliseconds in processing: Responder: process IKE_AUTH request in v2_dispatch() Oct 31 15:24:55.512454: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.512457: | #2 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:55.512459: | suspending state #2 and saving MD 0x55e415cdbf78 Oct 31 15:24:55.512461: | addref md@0x55e415cdbf78(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.512461: | job 4 for #2: computing responder signature (signature): helper 7 starting job Oct 31 15:24:55.512475: | hash to sign Oct 31 15:24:55.512480: | 9d c8 0d f8 e7 bc 04 bc 24 f9 00 0e 26 7c f1 eb Oct 31 15:24:55.512486: | 69 c0 51 ce 7f af 59 03 3b 64 f0 8b 86 42 9c 0e Oct 31 15:24:55.512489: | 55 3d 8c cb 3f 81 0d 2c b8 ab 14 42 c9 a7 d1 bf Oct 31 15:24:55.512465: | #2 is busy; has suspended MD 0x55e415cdbf78 Oct 31 15:24:55.512497: | delref logger@0x55e415cc6278(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.512500: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.512502: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.512492: | ad 12 a4 f7 60 30 65 67 bf 73 b8 06 c1 4e a0 8f Oct 31 15:24:55.512511: | RSA_sign_hash: Started using NSS Oct 31 15:24:55.512505: | resume sending helper answer back to state for #2 suppresed complete_v2_state_transition() Oct 31 15:24:55.512519: | delref mdp@0x55e415cdbf78(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:55.512524: | #2 spent 0.469 (0.504) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.512527: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.512530: | libevent_free: delref ptr-libevent@0x7fd97000cc18 Oct 31 15:24:55.519496: | RSA_sign_hash: Ended using NSS Oct 31 15:24:55.519511: | "westnet-eastnet-ikev2" #2: spent 6.85 (7) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:55.519515: | "westnet-eastnet-ikev2" #2: spent 6.88 (7.04) milliseconds in v2_auth_signature() Oct 31 15:24:55.519518: | "westnet-eastnet-ikev2" #2: spent 6.9 (7.06) milliseconds in helper 7 processing job 4 for state #2: computing responder signature (signature) Oct 31 15:24:55.519520: | job 4 for #2: computing responder signature (signature): helper thread 7 sending result back to state Oct 31 15:24:55.519523: | scheduling resume sending helper answer back to state for #2 Oct 31 15:24:55.519526: | libevent_malloc: newref ptr-libevent@0x7fd964000d38 size 128 Oct 31 15:24:55.519533: | helper thread 7 has nothing to do Oct 31 15:24:55.519566: | processing resume sending helper answer back to state for #2 Oct 31 15:24:55.519578: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.519582: | unsuspending #2 MD 0x55e415cdbf78 Oct 31 15:24:55.519584: | job 4 for #2: computing responder signature (signature): processing response from helper 7 Oct 31 15:24:55.519585: | job 4 for #2: computing responder signature (signature): calling continuation function 0x55e41437877f Oct 31 15:24:55.519589: | parent state #2: PARENT_R1(half-open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:55.519592: | #2 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:55.519594: | state #2 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.519596: | libevent_free: delref ptr-libevent@0x55e415cd4338 Oct 31 15:24:55.519598: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55e415cd4828 Oct 31 15:24:55.519601: | event_schedule: newref EVENT_SA_REKEY-pe@0x55e415cd4828 Oct 31 15:24:55.519602: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #2 Oct 31 15:24:55.519604: | libevent_malloc: newref ptr-libevent@0x7fd97000cc18 size 128 Oct 31 15:24:55.519676: | pstats #2 ikev2.ike established Oct 31 15:24:55.519685: | opening output PBS reply packet Oct 31 15:24:55.519689: | **emit ISAKMP Message: Oct 31 15:24:55.519694: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.519698: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.519701: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.519704: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.519707: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.519710: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:55.519714: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.519718: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.519721: | IKEv2 CERT: send a certificate? Oct 31 15:24:55.519724: | IKEv2 CERT: no certificate to send Oct 31 15:24:55.519727: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:55.519729: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.519732: | flags: none (0x0) Oct 31 15:24:55.519735: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:55.519738: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.519742: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:55.519756: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:55.519760: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:55.519763: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.519765: | flags: none (0x0) Oct 31 15:24:55.519768: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.519771: | reserved: 00 00 00 Oct 31 15:24:55.519774: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:55.519777: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.519781: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Oct 31 15:24:55.519784: | my identity: 65 61 73 74 Oct 31 15:24:55.519787: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:24:55.519789: | added IDr payload to packet Oct 31 15:24:55.519792: | CHILD SA proposals received Oct 31 15:24:55.519794: | going to assemble AUTH payload Oct 31 15:24:55.519797: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:55.519801: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.519803: | flags: none (0x0) Oct 31 15:24:55.519806: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:55.519809: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:55.519814: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.519817: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:55.519820: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:55.519822: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:55.519825: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:55.519827: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:55.519829: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:55.519831: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:55.519834: | 03 02 01 40 Oct 31 15:24:55.519837: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:55.519839: | signature: Oct 31 15:24:55.519842: | 08 e7 ac cc 2f aa 91 83 68 57 97 da be 25 cb 73 Oct 31 15:24:55.519845: | 2f 21 25 53 78 c4 e1 af a0 a1 42 4d 0f d7 0c 77 Oct 31 15:24:55.519847: | 9c 03 b7 86 2c 18 34 45 29 55 4a ec 59 20 3b 47 Oct 31 15:24:55.519849: | 89 0f 85 dd 3e a3 19 0e a4 03 8a 75 76 de 20 b2 Oct 31 15:24:55.519852: | c0 ed eb fb 20 e5 9f 4e e8 c3 94 b7 81 26 c1 fb Oct 31 15:24:55.519854: | 20 a8 e8 47 b1 a5 ba a9 64 db 28 0e 47 ff 69 29 Oct 31 15:24:55.519857: | 92 e3 c9 2b c8 d6 05 0e 6f f8 d6 24 46 d1 5b 6a Oct 31 15:24:55.519859: | 3b d4 41 50 dc df c4 8d 09 ee 5b 42 82 78 0f fa Oct 31 15:24:55.519861: | 96 cc fd 02 3f 46 4c 8e 1e c8 b2 52 94 48 d3 d0 Oct 31 15:24:55.519862: | d6 06 ba 52 af dc 1f e5 f2 f8 1c 5b 4a 5c ed 5e Oct 31 15:24:55.519864: | 44 06 2d 38 ce 4b d4 7a 35 5f fc ca ec ab d4 1f Oct 31 15:24:55.519865: | a2 42 a2 ce ab af d6 ad 86 ac 6b ca 6f 7a a2 f5 Oct 31 15:24:55.519867: | 7b 7b 84 cb b3 3a b2 ca 76 1c 91 d4 af c6 bf 1b Oct 31 15:24:55.519868: | ba c4 65 8a 9f f2 62 1e 20 e2 e7 73 02 ed 03 fc Oct 31 15:24:55.519869: | eb 5d 25 3b cc dd 7a 5a 31 0d f3 f0 ed e4 f8 6d Oct 31 15:24:55.519871: | 32 f3 c5 62 4d bd e7 76 b6 9a 61 47 31 e2 f2 4e Oct 31 15:24:55.519872: | 60 e4 cb 84 05 3c ac 73 7b b9 c5 7e 87 fd 04 3f Oct 31 15:24:55.519873: | 81 2b Oct 31 15:24:55.519875: | emitting length of IKEv2 Authentication Payload: 350 Oct 31 15:24:55.519879: | newref alloc logger@0x55e415cc6278(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.519882: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:55.519883: | creating state object #3 at 0x55e415ce1e08 Oct 31 15:24:55.519885: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:24:55.519889: | pstats #3 ikev2.child started Oct 31 15:24:55.519891: | duplicating state object #2 "westnet-eastnet-ikev2" as #3 for IPSEC SA Oct 31 15:24:55.519895: | #3 setting local endpoint to 192.1.2.23:500 from #2.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:55.519901: | Message ID: CHILD #2.#3 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:55.519904: | child state #3: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_R0(ignore) Oct 31 15:24:55.519907: | #3.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:55.519911: | Message ID: IKE #2 switching from IKE SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:24:55.519914: | Message ID: CHILD #2.#3 switching to CHILD SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744569.928421 child.wip.initiator=-1 child.wip.responder=-1->1 Oct 31 15:24:55.519918: | switching IKEv2 MD.ST from IKE #2 ESTABLISHED_IKE_SA to CHILD #3 V2_IKE_AUTH_CHILD_R0 (in ike_auth_child_responder() at ikev2_parent.c:3282) Oct 31 15:24:55.519920: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:55.519923: | TSi: parsing 1 traffic selectors Oct 31 15:24:55.519925: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:55.519927: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.519929: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.519931: | length: 16 (00 10) Oct 31 15:24:55.519933: | start port: 0 (00 00) Oct 31 15:24:55.519935: | end port: 65535 (ff ff) Oct 31 15:24:55.519936: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:55.519938: | TS low Oct 31 15:24:55.519939: | c0 00 01 00 Oct 31 15:24:55.519941: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:55.519942: | TS high Oct 31 15:24:55.519944: | c0 00 01 ff Oct 31 15:24:55.519945: | TSi: parsed 1 traffic selectors Oct 31 15:24:55.519947: | TSr: parsing 1 traffic selectors Oct 31 15:24:55.519948: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:55.519950: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.519951: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.519953: | length: 16 (00 10) Oct 31 15:24:55.519955: | start port: 0 (00 00) Oct 31 15:24:55.519957: | end port: 65535 (ff ff) Oct 31 15:24:55.519958: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:55.519960: | TS low Oct 31 15:24:55.519961: | c0 00 02 00 Oct 31 15:24:55.519962: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:55.519964: | TS high Oct 31 15:24:55.519965: | c0 00 02 ff Oct 31 15:24:55.519966: | TSr: parsed 1 traffic selectors Oct 31 15:24:55.519968: | looking for best SPD in current connection Oct 31 15:24:55.519972: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:55.519976: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.519981: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Oct 31 15:24:55.519983: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:55.519985: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:55.519987: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:55.519988: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.519991: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.519995: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:55.519996: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:55.519998: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:55.520000: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:55.520001: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.520003: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:55.520004: | found better spd route for TSi[0],TSr[0] Oct 31 15:24:55.520006: | looking for better host pair Oct 31 15:24:55.520010: | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports Oct 31 15:24:55.520013: | checking hostpair 192.0.2.0/24:0 -> 192.0.1.0/24:0 is found Oct 31 15:24:55.520014: | investigating connection "westnet-eastnet-ikev2" as a better match Oct 31 15:24:55.520017: | match_id a=@west Oct 31 15:24:55.520018: | b=@west Oct 31 15:24:55.520020: | results matched Oct 31 15:24:55.520023: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:55.520025: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.520029: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Oct 31 15:24:55.520032: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:55.520033: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:55.520035: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:55.520037: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.520039: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.520043: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:55.520045: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:55.520047: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:55.520052: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:55.520056: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.520058: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:55.520060: | did not find a better connection using host pair Oct 31 15:24:55.520064: | printing contents struct traffic_selector Oct 31 15:24:55.520066: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:55.520068: | ipprotoid: 0 Oct 31 15:24:55.520071: | port range: 0-65535 Oct 31 15:24:55.520074: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:55.520076: | printing contents struct traffic_selector Oct 31 15:24:55.520077: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:55.520078: | ipprotoid: 0 Oct 31 15:24:55.520080: | port range: 0-65535 Oct 31 15:24:55.520082: | ip range: 192.0.1.0-192.0.1.255 Oct 31 15:24:55.520085: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ikev2 (IKE_AUTH responder matching remote ESP/AH proposals) Oct 31 15:24:55.520089: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:55.520095: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:55.520096: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:55.520099: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:55.520101: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:55.520104: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.520105: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:55.520108: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.520110: "westnet-eastnet-ikev2": local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): Oct 31 15:24:55.520113: "westnet-eastnet-ikev2": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:55.520115: "westnet-eastnet-ikev2": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:55.520118: "westnet-eastnet-ikev2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.520120: "westnet-eastnet-ikev2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.520122: | comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Oct 31 15:24:55.520124: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:55.520126: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:55.520128: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:55.520129: | local proposal 1 type DH has 1 transforms Oct 31 15:24:55.520131: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:55.520133: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:55.520135: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:55.520136: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:55.520137: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:55.520139: | local proposal 2 type DH has 1 transforms Oct 31 15:24:55.520140: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:55.520142: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:55.520145: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:55.520147: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:55.520148: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:55.520149: | local proposal 3 type DH has 1 transforms Oct 31 15:24:55.520151: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:55.520153: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:55.520154: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:55.520156: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:55.520157: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:55.520158: | local proposal 4 type DH has 1 transforms Oct 31 15:24:55.520160: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:55.520162: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:55.520164: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.520166: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.520168: | length: 32 (00 20) Oct 31 15:24:55.520170: | prop #: 1 (01) Oct 31 15:24:55.520171: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.520173: | spi size: 4 (04) Oct 31 15:24:55.520175: | # transforms: 2 (02) Oct 31 15:24:55.520177: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:55.520179: | remote SPI Oct 31 15:24:55.520180: | e5 90 fe cb Oct 31 15:24:55.520182: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:55.520184: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520186: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520187: | length: 12 (00 0c) Oct 31 15:24:55.520189: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.520191: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.520192: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.520194: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.520196: | length/value: 256 (01 00) Oct 31 15:24:55.520204: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:55.520211: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520212: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.520214: | length: 8 (00 08) Oct 31 15:24:55.520216: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.520217: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.520220: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:55.520221: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Oct 31 15:24:55.520223: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Oct 31 15:24:55.520225: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Oct 31 15:24:55.520227: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:55.520230: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:55.520232: | remote proposal 1 matches local proposal 1 Oct 31 15:24:55.520234: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.520235: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.520237: | length: 32 (00 20) Oct 31 15:24:55.520238: | prop #: 2 (02) Oct 31 15:24:55.520240: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.520242: | spi size: 4 (04) Oct 31 15:24:55.520243: | # transforms: 2 (02) Oct 31 15:24:55.520245: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:55.520246: | remote SPI Oct 31 15:24:55.520248: | e5 90 fe cb Oct 31 15:24:55.520249: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:55.520253: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520254: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520257: | length: 12 (00 0c) Oct 31 15:24:55.520259: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.520261: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.520263: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.520266: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.520269: | length/value: 128 (00 80) Oct 31 15:24:55.520272: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520275: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.520278: | length: 8 (00 08) Oct 31 15:24:55.520280: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.520287: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.520291: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Oct 31 15:24:55.520293: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Oct 31 15:24:55.520296: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.520298: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.520301: | length: 48 (00 30) Oct 31 15:24:55.520303: | prop #: 3 (03) Oct 31 15:24:55.520306: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.520308: | spi size: 4 (04) Oct 31 15:24:55.520311: | # transforms: 4 (04) Oct 31 15:24:55.520314: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:55.520316: | remote SPI Oct 31 15:24:55.520318: | e5 90 fe cb Oct 31 15:24:55.520321: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:55.520323: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520329: | length: 12 (00 0c) Oct 31 15:24:55.520331: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.520333: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.520335: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.520337: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.520340: | length/value: 256 (01 00) Oct 31 15:24:55.520343: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520346: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520349: | length: 8 (00 08) Oct 31 15:24:55.520351: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.520354: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.520356: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520359: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520361: | length: 8 (00 08) Oct 31 15:24:55.520363: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.520366: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.520368: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520371: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.520374: | length: 8 (00 08) Oct 31 15:24:55.520376: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.520378: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.520382: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:55.520384: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:55.520386: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.520387: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.520389: | length: 48 (00 30) Oct 31 15:24:55.520391: | prop #: 4 (04) Oct 31 15:24:55.520392: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.520394: | spi size: 4 (04) Oct 31 15:24:55.520395: | # transforms: 4 (04) Oct 31 15:24:55.520397: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:55.520399: | remote SPI Oct 31 15:24:55.520403: | e5 90 fe cb Oct 31 15:24:55.520405: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:55.520406: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520410: | length: 12 (00 0c) Oct 31 15:24:55.520411: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.520413: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.520414: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.520416: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.520417: | length/value: 128 (00 80) Oct 31 15:24:55.520419: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520421: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520422: | length: 8 (00 08) Oct 31 15:24:55.520424: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.520425: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.520427: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520428: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520430: | length: 8 (00 08) Oct 31 15:24:55.520431: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.520433: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.520435: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520436: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.520438: | length: 8 (00 08) Oct 31 15:24:55.520439: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.520441: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.520443: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:55.520445: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:55.520449: "westnet-eastnet-ikev2" #3: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=e590fecb chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Oct 31 15:24:55.520452: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=e590fecb Oct 31 15:24:55.520454: | converting proposal to internal trans attrs Oct 31 15:24:55.520471: | netlink_get_spi: allocated 0x72dcf81e for esp.0@192.1.2.23 Oct 31 15:24:55.520473: | emitting ikev2_proposal ... Oct 31 15:24:55.520475: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:55.520476: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.520478: | flags: none (0x0) Oct 31 15:24:55.520480: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.520482: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.520484: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.520486: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.520487: | prop #: 1 (01) Oct 31 15:24:55.520489: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.520490: | spi size: 4 (04) Oct 31 15:24:55.520492: | # transforms: 2 (02) Oct 31 15:24:55.520494: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.520496: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.520498: | our spi: 72 dc f8 1e Oct 31 15:24:55.520500: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520503: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.520504: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.520507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.520515: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.520517: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.520519: | length/value: 256 (01 00) Oct 31 15:24:55.520522: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.520524: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.520525: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.520527: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.520528: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.520530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.520532: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.520533: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.520535: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:55.520536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.520538: | emitting length of IKEv2 Security Association Payload: 36 Oct 31 15:24:55.520539: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.520542: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:55.520543: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.520545: | flags: none (0x0) Oct 31 15:24:55.520546: | number of TS: 1 (01) Oct 31 15:24:55.520548: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:55.520550: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.520551: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.520553: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.520554: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.520556: | start port: 0 (00 00) Oct 31 15:24:55.520558: | end port: 65535 (ff ff) Oct 31 15:24:55.520560: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.520562: | IP start: c0 00 01 00 Oct 31 15:24:55.520564: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.520566: | IP end: c0 00 01 ff Oct 31 15:24:55.520567: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.520568: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:55.520570: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:55.520572: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.520573: | flags: none (0x0) Oct 31 15:24:55.520575: | number of TS: 1 (01) Oct 31 15:24:55.520576: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:55.520578: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.520580: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.520581: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.520582: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.520584: | start port: 0 (00 00) Oct 31 15:24:55.520586: | end port: 65535 (ff ff) Oct 31 15:24:55.520588: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.520590: | IP start: c0 00 02 00 Oct 31 15:24:55.520591: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.520594: | IP end: c0 00 02 ff Oct 31 15:24:55.520595: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.520597: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:55.520599: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:55.520601: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:55.520657: | FOR_EACH_CONNECTION_... in IKE_SA_established Oct 31 15:24:55.520660: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:24:55.520662: | could_route called for westnet-eastnet-ikev2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:55.520663: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:55.520665: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:55.520667: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:24:55.520669: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:55.520672: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:55.520674: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:55.520676: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:55.520677: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:55.520680: | setting IPsec SA replay-window to 32 Oct 31 15:24:55.520682: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Oct 31 15:24:55.520684: | netlink: enabling tunnel mode Oct 31 15:24:55.520686: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:55.520687: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:55.520689: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:55.520744: | netlink response for Add SA esp.e590fecb@192.1.2.45 included non-error error Oct 31 15:24:55.520750: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:55.520753: | set up outgoing SA, ref=0/0 Oct 31 15:24:55.520757: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:55.520759: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:55.520762: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:55.520764: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:55.520769: | setting IPsec SA replay-window to 32 Oct 31 15:24:55.520772: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Oct 31 15:24:55.520775: | netlink: enabling tunnel mode Oct 31 15:24:55.520777: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:24:55.520780: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:55.520782: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:55.520824: | netlink response for Add SA esp.72dcf81e@192.1.2.23 included non-error error Oct 31 15:24:55.520829: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:55.520832: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:55.520834: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:55.520836: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:55.520839: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:55.520841: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:55.520851: | add inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:55.520855: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:55.520887: | raw_eroute result=success Oct 31 15:24:55.520891: | set up incoming SA, ref=0/0 Oct 31 15:24:55.520894: | sr for #3: unrouted Oct 31 15:24:55.520897: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:55.520900: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:55.520903: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:55.520910: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:24:55.520913: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:55.520917: | route_and_eroute with c: westnet-eastnet-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Oct 31 15:24:55.520920: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:55.520929: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.0@192.1.2.45 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:24:55.520933: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:55.520948: | raw_eroute result=success Oct 31 15:24:55.520952: | running updown command "ipsec _updown" for verb up Oct 31 15:24:55.520955: | command executing up-client Oct 31 15:24:55.520960: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:55.520970: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:55.521004: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:24:55.521009: | popen cmd is 1139 chars long Oct 31 15:24:55.521012: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike: Oct 31 15:24:55.521014: | cmd( 80):v2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:55.521017: | cmd( 160):O_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIEN: Oct 31 15:24:55.521020: | cmd( 240):T='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:24:55.521022: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Oct 31 15:24:55.521024: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:24:55.521027: | cmd( 480):1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:24:55.521030: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:24:55.521032: | cmd( 640): PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+I: Oct 31 15:24:55.521035: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLU: Oct 31 15:24:55.521037: | cmd( 800):TO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_: Oct 31 15:24:55.521040: | cmd( 880):INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUT: Oct 31 15:24:55.521042: | cmd( 960):O_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VT: Oct 31 15:24:55.521045: | cmd(1040):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe590fecb SPI_OUT=0x72dcf81e: Oct 31 15:24:55.521048: | cmd(1120): ipsec _updown 2>&1: Oct 31 15:24:55.529517: | route_and_eroute: firewall_notified: true Oct 31 15:24:55.529528: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:55.529532: | command executing prepare-client Oct 31 15:24:55.529537: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:55.529553: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:55.529578: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CO... Oct 31 15:24:55.529581: | popen cmd is 1144 chars long Oct 31 15:24:55.529583: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:24:55.529585: | cmd( 80):t-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:55.529586: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_: Oct 31 15:24:55.529588: | cmd( 240):CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.: Oct 31 15:24:55.529589: | cmd( 320):255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_: Oct 31 15:24:55.529591: | cmd( 400):SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='1: Oct 31 15:24:55.529592: | cmd( 480):92.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.2: Oct 31 15:24:55.529594: | cmd( 560):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=': Oct 31 15:24:55.529595: | cmd( 640):xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+: Oct 31 15:24:55.529597: | cmd( 720):PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT: Oct 31 15:24:55.529598: | cmd( 800):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Oct 31 15:24:55.529600: | cmd( 880):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Oct 31 15:24:55.529601: | cmd( 960): PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES=': Oct 31 15:24:55.529603: | cmd(1040):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe590fecb SPI_OUT=0x72d: Oct 31 15:24:55.529604: | cmd(1120):cf81e ipsec _updown 2>&1: Oct 31 15:24:55.537325: | running updown command "ipsec _updown" for verb route Oct 31 15:24:55.537341: | command executing route-client Oct 31 15:24:55.537347: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:55.537361: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:55.537386: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG... Oct 31 15:24:55.537391: | popen cmd is 1142 chars long Oct 31 15:24:55.537393: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Oct 31 15:24:55.537395: | cmd( 80):ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P: Oct 31 15:24:55.537396: | cmd( 160):LUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CL: Oct 31 15:24:55.537398: | cmd( 240):IENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.25: Oct 31 15:24:55.537399: | cmd( 320):5.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA: Oct 31 15:24:55.537400: | cmd( 400):_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192: Oct 31 15:24:55.537402: | cmd( 480):.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255: Oct 31 15:24:55.537403: | cmd( 560):.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xf: Oct 31 15:24:55.537404: | cmd( 640):rm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PF: Oct 31 15:24:55.537406: | cmd( 720):S+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' : Oct 31 15:24:55.537407: | cmd( 800):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Oct 31 15:24:55.537409: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Oct 31 15:24:55.537410: | cmd( 960):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0': Oct 31 15:24:55.537411: | cmd(1040): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe590fecb SPI_OUT=0x72dcf: Oct 31 15:24:55.537413: | cmd(1120):81e ipsec _updown 2>&1: Oct 31 15:24:55.547475: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547489: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547492: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547495: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547497: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547498: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547501: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547508: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547560: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547566: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547568: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547570: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547572: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547575: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547576: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547580: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547632: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547639: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547641: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547643: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547647: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547978: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547981: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547982: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547985: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547989: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.547999: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.548008: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.548018: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.548028: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.548039: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.551346: | route_and_eroute: instance "westnet-eastnet-ikev2", setting eroute_owner {spd=0x55e415cd3948,sr=0x55e415cd3948} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:55.551409: | ISAKMP_v2_IKE_AUTH: instance westnet-eastnet-ikev2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #2 Oct 31 15:24:55.551415: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:55.551418: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.551420: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:55.551421: | emitting length of IKEv2 Encryption Payload: 475 Oct 31 15:24:55.551423: | emitting length of ISAKMP Message: 503 Oct 31 15:24:55.551442: | recording outgoing fragment failed Oct 31 15:24:55.551451: | delref logger@0x55e415cd2ae8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.551454: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.551457: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.551461: | XXX: resume sending helper answer back to state for #2 switched MD.ST to #3 Oct 31 15:24:55.551469: | suspend processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.551474: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.551480: | #3 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_R0 PARENT_R1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:55.551484: | transitioning from state STATE_PARENT_R1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:55.551486: | Message ID: updating counters for #3 Oct 31 15:24:55.551496: | Message ID: CHILD #2.#3 updating responder received message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0 ike.responder.recv=0->1 ike.responder.last_contact=744569.928421->744569.984286 child.wip.initiator=-1 child.wip.responder=1->-1 Oct 31 15:24:55.551504: | Message ID: CHILD #2.#3 updating responder sent message response 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=0->1 ike.responder.recv=1 ike.responder.last_contact=744569.984286 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.551510: | Message ID: IKE #2 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744569.984286 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.551513: | child state #3: V2_IKE_AUTH_CHILD_R0(ignore) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:55.551518: | pstats #3 ikev2.child established Oct 31 15:24:55.551520: | announcing the state transition Oct 31 15:24:55.551526: "westnet-eastnet-ikev2" #3: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.1.0-192.0.1.255:0-65535 0] Oct 31 15:24:55.551529: | NAT-T: encaps is 'auto' Oct 31 15:24:55.551533: "westnet-eastnet-ikev2" #3: IPsec SA established tunnel mode {ESP=>0xe590fecb <0x72dcf81e xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:55.551538: | sending 503 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #2) Oct 31 15:24:55.551540: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.551541: | 2e 20 23 20 00 00 00 01 00 00 01 f7 24 00 01 db Oct 31 15:24:55.551543: | 37 61 f8 15 e0 db a8 db 12 01 d4 43 27 54 44 76 Oct 31 15:24:55.551544: | d9 a3 e5 51 96 27 c4 14 01 ed 41 45 3c 9b f6 b2 Oct 31 15:24:55.551546: | af 8f a0 02 59 c4 c5 e2 74 d9 d1 13 22 62 33 5b Oct 31 15:24:55.551547: | e3 40 a6 5e cc a5 3f f7 0b 84 4e 2f 6d 62 c3 9d Oct 31 15:24:55.551548: | 67 c4 6f 6f 16 3e e4 93 02 6f 64 06 28 15 26 b8 Oct 31 15:24:55.551550: | 33 b7 4f c0 6d a2 37 7f ae bd da 03 ee 05 8e e9 Oct 31 15:24:55.551551: | d6 d2 4f 0b 4d e4 4e e7 51 19 0a a6 33 af 54 01 Oct 31 15:24:55.551552: | 61 69 01 ca 5b a2 f4 4e 90 fa 4d fe 36 42 62 dd Oct 31 15:24:55.551554: | 0a 0c c3 88 fe 14 18 a6 bf 1f 03 6a ff 4c c4 b2 Oct 31 15:24:55.551555: | cf cd 5b 68 00 ca 40 79 30 a8 9c cb b0 e4 76 62 Oct 31 15:24:55.551557: | 6d f4 0e e4 79 b8 b3 5f 29 d6 0a 3d 72 8d 01 51 Oct 31 15:24:55.551558: | ee 5b 2b d6 c3 3a c6 a8 ea fc 2f ac 3d 81 79 90 Oct 31 15:24:55.551559: | a3 e8 9e a7 24 3d 4b 5c 71 9d ac 2f 71 ba b1 70 Oct 31 15:24:55.551561: | 38 3b 1a 78 d6 9d 32 e1 6f 5a df 87 e5 22 e0 4d Oct 31 15:24:55.551562: | 3b ae 1e 59 13 f0 ae 57 4e fe cc 65 c4 d0 2b b3 Oct 31 15:24:55.551563: | fb 17 17 dd 69 f3 c9 f3 3c fe e2 a3 42 45 ba 1b Oct 31 15:24:55.551565: | a1 ed 6f 47 a6 32 9b ba dd e3 7f c1 2b cd 90 ac Oct 31 15:24:55.551566: | 98 19 84 65 aa 31 9c 4b 06 d9 0b b8 35 27 d5 30 Oct 31 15:24:55.551568: | 73 fe 35 c0 7c 79 ab 44 ff be 2a f9 cc 0d af 8f Oct 31 15:24:55.551569: | e6 71 32 b4 b0 18 2e 37 e3 c4 d0 a7 4d 82 d3 8c Oct 31 15:24:55.551570: | 27 2a a7 e9 0b 46 17 14 7f 3d 3d 8d 6e 54 82 fb Oct 31 15:24:55.551572: | b7 83 88 ed 40 e8 ae 9d b2 2e a1 7d 2c 74 49 8a Oct 31 15:24:55.551573: | 53 11 3e 7b 25 60 9e a4 ae df 2d d7 fd 68 eb bf Oct 31 15:24:55.551574: | a7 6c 15 53 b3 6d 6c 99 60 88 76 33 88 e4 43 92 Oct 31 15:24:55.551576: | 48 c9 c7 56 1e 5b c1 57 89 f4 9c 49 92 3a 69 ab Oct 31 15:24:55.551577: | ab 06 11 12 d8 dd a7 52 de fc 4e 79 c6 84 d3 2e Oct 31 15:24:55.551578: | b1 ca 7e 23 f0 ff b8 fe 07 a4 b8 e4 9f 0c a9 35 Oct 31 15:24:55.551580: | 68 1d df da be 1c c6 18 3f 00 6f 59 a4 62 9e 20 Oct 31 15:24:55.551581: | 54 80 a6 2a 9e e0 5b ff cc 24 f9 d4 bd cb 72 b7 Oct 31 15:24:55.551583: | 91 b5 b2 cc 49 5a e5 Oct 31 15:24:55.551610: | sent 1 messages Oct 31 15:24:55.551612: | releasing #3's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:55.551614: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:55.551616: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:55.551617: | unpending #3's IKE SA #2 Oct 31 15:24:55.551619: | unpending state #2 connection "westnet-eastnet-ikev2" Oct 31 15:24:55.551621: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:55.551622: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.551624: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.551626: | #3 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:55.551628: | state #3 has no .st_event to delete Oct 31 15:24:55.551632: | event_schedule: newref EVENT_SA_REKEY-pe@0x55e415cd2ae8 Oct 31 15:24:55.551634: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #3 Oct 31 15:24:55.551636: | libevent_malloc: newref ptr-libevent@0x55e415cdf728 size 128 Oct 31 15:24:55.551640: | delref mdp@0x55e415cdbf78(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.551642: | delref logger@0x55e415c12268(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.551644: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.551645: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.551653: | #2 spent 2.48 (32.1) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.551656: | stop processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.551659: | libevent_free: delref ptr-libevent@0x7fd964000d38 Oct 31 15:24:55.551668: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.551672: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.551675: | spent 0.00398 (0.00388) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:55.551677: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.551679: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.551681: | spent 0.00234 (0.00235) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:55.551683: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.551685: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.551687: | spent 0.00232 (0.00232) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:59.838119: | newref struct fd@0x55e415cdf6c8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:59.838133: | fd_accept: new fd-fd@0x55e415cdf6c8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:59.838149: | whack: status Oct 31 15:24:59.838614: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:59.838624: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:59.838698: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:59.838703: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:59.838721: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:59.838741: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:59.838767: | delref fd@0x55e415cdf6c8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:59.838775: | freeref fd-fd@0x55e415cdf6c8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:59.838784: | spent 0.517 (0.676) milliseconds in whack Oct 31 15:25:01.456039: | newref struct fd@0x55e415cdf6c8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:01.456059: | fd_accept: new fd-fd@0x55e415cdf6c8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:01.456075: shutting down Oct 31 15:25:01.456088: | leaking fd-fd@0x55e415cdf6c8's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:01.456093: | delref fd@0x55e415cdf6c8(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:01.456096: | freeref fd-fd@0x55e415cdf6c8 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:01.456116: | shutting down helper thread 2 Oct 31 15:25:01.456148: | helper thread 2 exited Oct 31 15:25:01.456161: | shutting down helper thread 1 Oct 31 15:25:01.456194: | helper thread 1 exited Oct 31 15:25:01.456221: | shutting down helper thread 3 Oct 31 15:25:01.456252: | helper thread 3 exited Oct 31 15:25:01.456263: | shutting down helper thread 4 Oct 31 15:25:01.456273: | helper thread 4 exited Oct 31 15:25:01.456329: | shutting down helper thread 5 Oct 31 15:25:01.456338: | helper thread 5 exited Oct 31 15:25:01.456389: | shutting down helper thread 6 Oct 31 15:25:01.456401: | helper thread 6 exited Oct 31 15:25:01.456415: | shutting down helper thread 7 Oct 31 15:25:01.456442: | helper thread 7 exited Oct 31 15:25:01.456450: 7 helper threads shutdown Oct 31 15:25:01.456454: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:01.456458: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:01.456464: forgetting secrets Oct 31 15:25:01.456477: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:01.456480: | delref pkp@0x55e415cd8fc8(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:01.456483: | delref pkp@0x55e415cda8f8(2->1) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:01.456485: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:01.456487: | pass 0 Oct 31 15:25:01.456488: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:01.456490: | state #3 Oct 31 15:25:01.456496: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:01.456498: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:01.456500: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:01.456502: | pstats #3 ikev2.child deleted completed Oct 31 15:25:01.456506: | #3 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:01.456509: | [RE]START processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:935) Oct 31 15:25:01.456511: | should_send_delete: yes Oct 31 15:25:01.456515: "westnet-eastnet-ikev2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 5.936635s and sending notification Oct 31 15:25:01.456517: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:01.456521: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:25:01.456534: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:25:01.456539: "westnet-eastnet-ikev2" #3: ESP traffic information: in=3KB out=3KB Oct 31 15:25:01.456542: | unsuspending #3 MD (nil) Oct 31 15:25:01.456544: | should_send_delete: yes Oct 31 15:25:01.456546: | #3 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:01.456548: | opening output PBS informational exchange delete request Oct 31 15:25:01.456551: | **emit ISAKMP Message: Oct 31 15:25:01.456554: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:25:01.456556: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.456558: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.456560: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.456566: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.456573: | flags: none (0x0) Oct 31 15:25:01.456578: | Message ID: 0 (00 00 00 00) Oct 31 15:25:01.456581: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.456586: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:01.456589: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.456592: | flags: none (0x0) Oct 31 15:25:01.456595: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:01.456598: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:01.456602: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:01.456611: | ****emit IKEv2 Delete Payload: Oct 31 15:25:01.456613: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.456615: | flags: none (0x0) Oct 31 15:25:01.456616: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:01.456619: | SPI size: 4 (04) Oct 31 15:25:01.456621: | number of SPIs: 1 (00 01) Oct 31 15:25:01.456622: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:01.456624: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:01.456626: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:01.456628: | local spis: 72 dc f8 1e Oct 31 15:25:01.456630: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:01.456634: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:01.456636: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:01.456637: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:01.456639: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:25:01.456640: | emitting length of ISAKMP Message: 69 Oct 31 15:25:01.456655: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #2) Oct 31 15:25:01.456658: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.456659: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:01.456660: | 86 92 ac 60 69 b8 bd b6 a2 17 d5 b6 4d 43 34 15 Oct 31 15:25:01.456662: | 07 af 8b fb d1 0c 97 77 9a c7 7c bb f0 cc 69 fc Oct 31 15:25:01.456663: | 76 27 ac 49 8d Oct 31 15:25:01.456690: | sent 1 messages Oct 31 15:25:01.456696: | Message ID: IKE #2 sender #3 in send_delete hacking around record 'n' send Oct 31 15:25:01.456704: | Message ID: IKE #2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744569.984286 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:01.456708: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55e415cd4a08 Oct 31 15:25:01.456712: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Oct 31 15:25:01.456715: | libevent_malloc: newref ptr-libevent@0x7fd964000d38 size 128 Oct 31 15:25:01.456772: | #2 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744575.889503 Oct 31 15:25:01.456782: | Message ID: IKE #2 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744569.984286 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:01.456786: | state #3 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:01.456791: | libevent_free: delref ptr-libevent@0x55e415cdf728 Oct 31 15:25:01.456794: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55e415cd2ae8 Oct 31 15:25:01.456798: | #3 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:01.457020: | running updown command "ipsec _updown" for verb down Oct 31 15:25:01.457357: | command executing down-client Oct 31 15:25:01.457364: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:25:01.457381: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:25:01.457420: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR... Oct 31 15:25:01.457427: | popen cmd is 1147 chars long Oct 31 15:25:01.457434: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Oct 31 15:25:01.457437: | cmd( 80):kev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:01.457440: | cmd( 160):UTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLI: Oct 31 15:25:01.457445: | cmd( 240):ENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:25:01.457447: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_: Oct 31 15:25:01.457450: | cmd( 400):TYPE='ESP' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.: Oct 31 15:25:01.457452: | cmd( 480):0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:25:01.457455: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:01.457458: | cmd( 640):m' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:25:01.457461: | cmd( 720):+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' P: Oct 31 15:25:01.457464: | cmd( 800):LUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Oct 31 15:25:01.457466: | cmd( 880):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Oct 31 15:25:01.457469: | cmd( 960):UTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='3360' PLUTO_OUTBYTES=': Oct 31 15:25:01.457472: | cmd(1040):3360' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe590fecb SPI_OUT=0x: Oct 31 15:25:01.457477: | cmd(1120):72dcf81e ipsec _updown 2>&1: Oct 31 15:25:01.472413: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Oct 31 15:25:01.472428: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Oct 31 15:25:01.472479: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:01.472583: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:01.472704: | delete esp.e590fecb@192.1.2.45 Oct 31 15:25:01.472857: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:01.472903: | netlink response for Del SA esp.e590fecb@192.1.2.45 included non-error error Oct 31 15:25:01.472909: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:01.472917: | delete inbound eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:01.472955: | raw_eroute result=success Oct 31 15:25:01.472961: | delete esp.72dcf81e@192.1.2.23 Oct 31 15:25:01.472964: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:01.472985: | netlink response for Del SA esp.72dcf81e@192.1.2.23 included non-error error Oct 31 15:25:01.472992: | in connection_discard for connection westnet-eastnet-ikev2 Oct 31 15:25:01.472995: | State DB: deleting IKEv2 state #3 in ESTABLISHED_CHILD_SA Oct 31 15:25:01.473000: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:01.473003: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:01.473006: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.473009: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.473011: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:01.473018: | stop processing: state #3 from 192.1.2.45:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.473025: | delref logger@0x55e415cc6278(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.473028: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.473030: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.473034: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:01.473036: | state #2 Oct 31 15:25:01.473039: | pass 1 Oct 31 15:25:01.473041: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:01.473043: | state #2 Oct 31 15:25:01.473048: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:01.473054: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:01.473057: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:01.473059: | pstats #2 ikev2.ike deleted completed Oct 31 15:25:01.473066: | #2 main thread spent 5.47 (35.2) milliseconds helper thread spent 10.5 (10.7) milliseconds in total Oct 31 15:25:01.473071: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.45:500 (in delete_state() at state.c:935) Oct 31 15:25:01.473074: | should_send_delete: yes Oct 31 15:25:01.473130: "westnet-eastnet-ikev2" #2: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 5.981317s and sending notification Oct 31 15:25:01.473190: | parent state #2: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:01.473261: | unsuspending #2 MD (nil) Oct 31 15:25:01.473269: | should_send_delete: yes Oct 31 15:25:01.473273: | #2 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA Oct 31 15:25:01.473276: | opening output PBS informational exchange delete request Oct 31 15:25:01.473279: | **emit ISAKMP Message: Oct 31 15:25:01.473435: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:25:01.473444: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.473448: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.473452: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.473504: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.473605: | flags: none (0x0) Oct 31 15:25:01.473612: | Message ID: 1 (00 00 00 01) Oct 31 15:25:01.473616: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.473620: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:01.473623: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.473625: | flags: none (0x0) Oct 31 15:25:01.473628: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:01.473631: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:01.473634: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:01.473644: | ****emit IKEv2 Delete Payload: Oct 31 15:25:01.473647: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.473650: | flags: none (0x0) Oct 31 15:25:01.473652: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.473655: | SPI size: 0 (00) Oct 31 15:25:01.473659: | number of SPIs: 0 (00 00) Oct 31 15:25:01.473662: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:01.473665: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:01.473668: | emitting length of IKEv2 Delete Payload: 8 Oct 31 15:25:01.473722: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:01.473728: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:01.473731: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:01.473734: | emitting length of IKEv2 Encryption Payload: 37 Oct 31 15:25:01.473877: | emitting length of ISAKMP Message: 65 Oct 31 15:25:01.473905: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.2.45:500 using UDP (for #2) Oct 31 15:25:01.473909: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.473911: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Oct 31 15:25:01.473913: | 75 a3 0b 31 3c ce 92 32 6a d3 66 ae 97 40 c7 22 Oct 31 15:25:01.473916: | 70 81 04 8b 35 1f c5 50 72 97 c3 c8 8e e4 f0 11 Oct 31 15:25:01.473918: | 61 Oct 31 15:25:01.473949: | sent 1 messages Oct 31 15:25:01.473953: | Message ID: IKE #2 sender #2 in send_delete hacking around record 'n' send Oct 31 15:25:01.473964: | Message ID: IKE #2 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744569.984286 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:25:01.473970: | Message ID: IKE #2 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744569.984286 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:25:01.473977: | Message ID: IKE #2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=-1 ike.initiator.last_contact=744569.924586 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744569.984286 ike.wip.initiator=0->1 ike.wip.responder=-1 Oct 31 15:25:01.473981: | state #2 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:01.473986: | libevent_free: delref ptr-libevent@0x7fd97000cc18 Oct 31 15:25:01.473990: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55e415cd4828 Oct 31 15:25:01.473993: | #2 requesting EVENT_RETRANSMIT-pe@0x55e415cd4a08 be deleted Oct 31 15:25:01.473996: | libevent_free: delref ptr-libevent@0x7fd964000d38 Oct 31 15:25:01.473999: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55e415cd4a08 Oct 31 15:25:01.474001: | #2 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:01.474005: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:01.474008: | in connection_discard for connection westnet-eastnet-ikev2 Oct 31 15:25:01.474010: | State DB: deleting IKEv2 state #2 in ESTABLISHED_IKE_SA Oct 31 15:25:01.474014: | parent state #2: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:01.474017: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:01.474020: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.474022: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.474025: | delref pkp@0x55e415cda8f8(1->0) (in delete_state() at state.c:1202) Oct 31 15:25:01.474041: | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.474057: | delref logger@0x55e415c12098(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.474060: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.474063: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.474066: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:01.474073: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.1.0/24:0 Oct 31 15:25:01.474079: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.1.0/24:0 Oct 31 15:25:01.474082: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:01.474104: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:01.474156: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:01.474160: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:01.474162: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:25:01.474164: | route owner of "westnet-eastnet-ikev2" unrouted: NULL Oct 31 15:25:01.474173: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:01.474177: | command executing unroute-client Oct 31 15:25:01.474225: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT='192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED... Oct 31 15:25:01.474237: | popen cmd is 1085 chars long Oct 31 15:25:01.474241: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:25:01.474244: | cmd( 80):t-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:25:01.474247: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.45' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_: Oct 31 15:25:01.474249: | cmd( 240):CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.: Oct 31 15:25:01.474251: | cmd( 320):255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_: Oct 31 15:25:01.474254: | cmd( 400):SA_TYPE='none' PLUTO_PEER='192.1.2.45' PLUTO_PEER_ID='@west' PLUTO_PEER_CLIENT=': Oct 31 15:25:01.474256: | cmd( 480):192.0.1.0/24' PLUTO_PEER_CLIENT_NET='192.0.1.0' PLUTO_PEER_CLIENT_MASK='255.255.: Oct 31 15:25:01.474259: | cmd( 560):255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=: Oct 31 15:25:01.474261: | cmd( 640):'xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV: Oct 31 15:25:01.474264: | cmd( 720):2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Oct 31 15:25:01.474266: | cmd( 800):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Oct 31 15:25:01.474269: | cmd( 880):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Oct 31 15:25:01.474271: | cmd( 960):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Oct 31 15:25:01.474274: | cmd(1040):no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:01.495752: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495828: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495833: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495836: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495838: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495844: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495911: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495946: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495962: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495973: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.495987: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496000: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496010: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496019: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496037: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496055: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496072: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496091: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496108: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496122: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496141: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496161: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496176: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496187: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496640: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496659: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496678: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496693: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496718: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496755: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496793: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496836: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496909: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.496928: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:01.534765: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:01.534779: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:01.534783: | newref clone logger@0x55e415ce01f8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:01.534786: | delref hp@0x55e415cd48c8(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:01.534789: | flush revival: connection 'westnet-eastnet-ikev2' wasn't on the list Oct 31 15:25:01.534791: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:01.534793: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:01.534807: | Connection DB: deleting connection $2 Oct 31 15:25:01.534814: | delref logger@0x55e415ce01f8(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:01.534817: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.534820: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.534823: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:01.534826: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:01.534831: | iface: marking eth1 dead Oct 31 15:25:01.534834: | iface: marking eth0 dead Oct 31 15:25:01.534836: | iface: marking eth0 dead Oct 31 15:25:01.534839: | iface: marking eth0 dead Oct 31 15:25:01.534841: | iface: marking lo dead Oct 31 15:25:01.534844: | updating interfaces - listing interfaces that are going down Oct 31 15:25:01.534851: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:01.534858: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:01.534862: shutting down interface eth0 192.0.2.254:4500 Oct 31 15:25:01.534866: shutting down interface eth0 192.0.2.254:500 Oct 31 15:25:01.534869: shutting down interface eth0 192.0.2.250:4500 Oct 31 15:25:01.534874: shutting down interface eth0 192.0.2.250:500 Oct 31 15:25:01.534878: shutting down interface eth0 192.0.2.251:4500 Oct 31 15:25:01.534882: shutting down interface eth0 192.0.2.251:500 Oct 31 15:25:01.534886: shutting down interface eth1 192.1.2.23:4500 Oct 31 15:25:01.534890: shutting down interface eth1 192.1.2.23:500 Oct 31 15:25:01.534892: | updating interfaces - deleting the dead Oct 31 15:25:01.534896: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:01.534906: | libevent_free: delref ptr-libevent@0x55e415cd4fe8 Oct 31 15:25:01.534912: | delref id@0x55e415cd9438(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534923: | libevent_free: delref ptr-libevent@0x55e415cceec8 Oct 31 15:25:01.534927: | delref id@0x55e415cd9438(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534934: | libevent_free: delref ptr-libevent@0x55e415c927a8 Oct 31 15:25:01.534938: | delref id@0x55e415cd93a8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534945: | libevent_free: delref ptr-libevent@0x55e415c87a68 Oct 31 15:25:01.534948: | delref id@0x55e415cd93a8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534953: | libevent_free: delref ptr-libevent@0x55e415c928a8 Oct 31 15:25:01.534957: | delref id@0x55e415cd9318(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534962: | libevent_free: delref ptr-libevent@0x55e415c8f2c8 Oct 31 15:25:01.534964: | delref id@0x55e415cd9318(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534968: | libevent_free: delref ptr-libevent@0x55e415c8f218 Oct 31 15:25:01.534970: | delref id@0x55e415cd9288(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534974: | libevent_free: delref ptr-libevent@0x55e415cd5568 Oct 31 15:25:01.534976: | delref id@0x55e415cd9288(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534980: | libevent_free: delref ptr-libevent@0x55e415cd5658 Oct 31 15:25:01.534981: | delref id@0x55e415cd9198(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534986: | libevent_free: delref ptr-libevent@0x55e415cd5748 Oct 31 15:25:01.534987: | delref id@0x55e415cd9198(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534991: | delref id@0x55e415cd9198(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534993: | delref id@0x55e415cd9288(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534994: | delref id@0x55e415cd9318(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534996: | delref id@0x55e415cd93a8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534998: | delref id@0x55e415cd9438(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:01.534999: | updating interfaces - checking orientation Oct 31 15:25:01.535001: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:01.536794: | libevent_free: delref ptr-libevent@0x55e415ccef78 Oct 31 15:25:01.536803: | free_event_entry: delref EVENT_NULL-pe@0x55e415cd2438 Oct 31 15:25:01.536808: | libevent_free: delref ptr-libevent@0x55e415c926a8 Oct 31 15:25:01.536809: | free_event_entry: delref EVENT_NULL-pe@0x55e415ccee58 Oct 31 15:25:01.536812: | libevent_free: delref ptr-libevent@0x55e415c925f8 Oct 31 15:25:01.536814: | free_event_entry: delref EVENT_NULL-pe@0x55e415ccce38 Oct 31 15:25:01.536816: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:01.536818: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:01.536819: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:01.536821: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:01.536822: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:01.536824: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:01.536825: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:01.536826: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:01.536828: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:01.536831: | libevent_free: delref ptr-libevent@0x55e415c252f8 Oct 31 15:25:01.536832: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:01.536834: | libevent_free: delref ptr-libevent@0x55e415c13668 Oct 31 15:25:01.536836: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:01.536838: | libevent_free: delref ptr-libevent@0x55e415cd2658 Oct 31 15:25:01.536839: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:01.536841: | libevent_free: delref ptr-libevent@0x55e415cd2898 Oct 31 15:25:01.536843: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:01.536844: | releasing event base Oct 31 15:25:01.536859: | libevent_free: delref ptr-libevent@0x55e415cd2768 Oct 31 15:25:01.536865: | libevent_free: delref ptr-libevent@0x55e415c24458 Oct 31 15:25:01.536870: | libevent_free: delref ptr-libevent@0x55e415cc1cb8 Oct 31 15:25:01.536873: | libevent_free: delref ptr-libevent@0x55e415c94e68 Oct 31 15:25:01.536876: | libevent_free: delref ptr-libevent@0x55e415cc1d08 Oct 31 15:25:01.536879: | libevent_free: delref ptr-libevent@0x55e415cc5f28 Oct 31 15:25:01.536882: | libevent_free: delref ptr-libevent@0x55e415cc5d38 Oct 31 15:25:01.536884: | libevent_free: delref ptr-libevent@0x55e415cc1d48 Oct 31 15:25:01.536887: | libevent_free: delref ptr-libevent@0x55e415cc5b48 Oct 31 15:25:01.536890: | libevent_free: delref ptr-libevent@0x55e415cc5508 Oct 31 15:25:01.536895: | libevent_free: delref ptr-libevent@0x55e415cd57f8 Oct 31 15:25:01.536899: | libevent_free: delref ptr-libevent@0x55e415cd5708 Oct 31 15:25:01.536903: | libevent_free: delref ptr-libevent@0x55e415cd5618 Oct 31 15:25:01.536906: | libevent_free: delref ptr-libevent@0x55e415cd5528 Oct 31 15:25:01.536909: | libevent_free: delref ptr-libevent@0x55e415cd54e8 Oct 31 15:25:01.536911: | libevent_free: delref ptr-libevent@0x55e415cd54a8 Oct 31 15:25:01.536914: | libevent_free: delref ptr-libevent@0x55e415cd5468 Oct 31 15:25:01.536917: | libevent_free: delref ptr-libevent@0x55e415cd5428 Oct 31 15:25:01.536919: | libevent_free: delref ptr-libevent@0x55e415cd53e8 Oct 31 15:25:01.536922: | libevent_free: delref ptr-libevent@0x55e415cd95d8 Oct 31 15:25:01.536924: | libevent_free: delref ptr-libevent@0x55e415cb8488 Oct 31 15:25:01.536928: | libevent_free: delref ptr-libevent@0x55e415cd2618 Oct 31 15:25:01.536930: | libevent_free: delref ptr-libevent@0x55e415cd25d8 Oct 31 15:25:01.536933: | libevent_free: delref ptr-libevent@0x55e415cc5b88 Oct 31 15:25:01.536936: | libevent_free: delref ptr-libevent@0x55e415cd2728 Oct 31 15:25:01.536938: | libevent_free: delref ptr-libevent@0x55e415cd24a8 Oct 31 15:25:01.536941: | libevent_free: delref ptr-libevent@0x55e415c94ae8 Oct 31 15:25:01.536943: | libevent_free: delref ptr-libevent@0x55e415c94348 Oct 31 15:25:01.536944: | libevent_free: delref ptr-libevent@0x55e415c8b328 Oct 31 15:25:01.536946: | releasing global libevent data Oct 31 15:25:01.536948: | libevent_free: delref ptr-libevent@0x55e415c94688 Oct 31 15:25:01.536950: | libevent_free: delref ptr-libevent@0x55e415c23e38 Oct 31 15:25:01.536953: | libevent_free: delref ptr-libevent@0x55e415c94b68 Oct 31 15:25:01.537002: leak detective found no leaks