Oct 31 15:24:54.919854: | newref logger@0x55569f46bbb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:54.919910: | delref logger@0x55569f46bbb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:54.919915: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:54.919916: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:54.919921: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:54.920049: Initializing NSS Oct 31 15:24:54.920053: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:54.947151: FIPS Mode: NO Oct 31 15:24:54.947163: NSS crypto library initialized Oct 31 15:24:54.947184: FIPS mode disabled for pluto daemon Oct 31 15:24:54.947187: FIPS HMAC integrity support [disabled] Oct 31 15:24:54.947253: libcap-ng support [enabled] Oct 31 15:24:54.947261: Linux audit support [enabled] Oct 31 15:24:54.947278: Linux audit activated Oct 31 15:24:54.947284: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2153424 Oct 31 15:24:54.947286: core dump dir: /tmp Oct 31 15:24:54.947287: secrets file: /etc/ipsec.secrets Oct 31 15:24:54.947289: leak-detective enabled Oct 31 15:24:54.947290: NSS crypto [enabled] Oct 31 15:24:54.947291: XAUTH PAM support [enabled] Oct 31 15:24:54.947344: | libevent is using pluto's memory allocator Oct 31 15:24:54.947348: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:54.947357: | libevent_malloc: newref ptr-libevent@0x55569f4f1448 size 40 Oct 31 15:24:54.947359: | libevent_malloc: newref ptr-libevent@0x55569f481288 size 40 Oct 31 15:24:54.947362: | libevent_malloc: newref ptr-libevent@0x55569f4f1928 size 40 Oct 31 15:24:54.947364: | creating event base Oct 31 15:24:54.947366: | libevent_malloc: newref ptr-libevent@0x55569f4f1c28 size 56 Oct 31 15:24:54.947367: | libevent_malloc: newref ptr-libevent@0x55569f4e8108 size 664 Oct 31 15:24:54.947380: | libevent_malloc: newref ptr-libevent@0x55569f51ea98 size 24 Oct 31 15:24:54.947381: | libevent_malloc: newref ptr-libevent@0x55569f51eae8 size 384 Oct 31 15:24:54.947390: | libevent_malloc: newref ptr-libevent@0x55569f51ec98 size 16 Oct 31 15:24:54.947391: | libevent_malloc: newref ptr-libevent@0x55569f4f18a8 size 40 Oct 31 15:24:54.947393: | libevent_malloc: newref ptr-libevent@0x55569f4f1108 size 48 Oct 31 15:24:54.947396: | libevent_realloc: newref ptr-libevent@0x55569f515268 size 256 Oct 31 15:24:54.947398: | libevent_malloc: newref ptr-libevent@0x55569f51ecd8 size 16 Oct 31 15:24:54.947401: | libevent_free: delref ptr-libevent@0x55569f4f1c28 Oct 31 15:24:54.947403: | libevent initialized Oct 31 15:24:54.947406: | libevent_realloc: newref ptr-libevent@0x55569f4f1c28 size 64 Oct 31 15:24:54.947409: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:54.947417: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:54.947422: NAT-Traversal support [enabled] Oct 31 15:24:54.947425: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:54.947431: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:54.947434: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:54.947451: | checking IKEv1 state table Oct 31 15:24:54.947460: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.947462: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:54.947465: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.947466: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:54.947468: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:54.947469: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:54.947471: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.947472: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.947474: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:54.947480: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:54.947482: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.947483: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.947484: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:54.947486: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:54.947487: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:54.947488: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:54.947490: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:54.947491: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:54.947493: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:54.947494: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:54.947495: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:54.947497: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:54.947498: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:54.947500: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:54.947501: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.947503: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:54.947504: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.947506: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:54.947507: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:54.947508: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:54.947510: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:54.947511: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:54.947513: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:54.947514: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:54.947515: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:54.947517: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:54.947518: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:54.947520: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:54.947521: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:54.947523: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:54.947524: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:54.947526: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:54.947527: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:54.947528: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:54.947530: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:54.947531: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:54.947533: | INFO: category: informational; flags: 0: Oct 31 15:24:54.947534: | -> INFO EVENT_NULL (informational) Oct 31 15:24:54.947536: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:54.947537: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:54.947539: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947540: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:54.947542: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:54.947543: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:54.947544: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:54.947546: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:54.947547: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:54.947549: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:54.947550: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:54.947552: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:54.947553: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.947554: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:54.947556: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947557: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:54.947560: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.947561: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:54.947566: | checking IKEv2 state table Oct 31 15:24:54.947568: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947570: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:54.947573: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947574: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:54.947576: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947577: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:54.947579: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:54.947580: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:54.947582: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.947584: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:54.947588: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:54.947590: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:54.947591: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:54.947593: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:54.947594: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:54.947596: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:54.947597: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:54.947599: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:54.947600: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:54.947602: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:54.947603: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.947605: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:54.947607: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.947608: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:54.947609: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:54.947611: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:54.947612: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:54.947614: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947615: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:54.947617: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.947618: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:54.947620: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.947621: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:54.947623: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947624: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:54.947626: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.947629: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:54.947631: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:54.947632: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:54.947633: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:54.947635: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:54.947636: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:54.947638: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:54.947639: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:54.947641: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:54.947643: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:54.947645: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:54.947647: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:54.947649: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:54.947736: Encryption algorithms: Oct 31 15:24:54.947741: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:54.947744: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:54.947747: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:54.947749: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:54.947752: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:54.947755: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:54.947758: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:54.947761: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:54.947764: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:54.947766: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:54.947769: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:54.947772: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:54.947774: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:54.947777: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:54.947778: Hash algorithms: Oct 31 15:24:54.947780: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:54.947783: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:54.947785: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:54.947787: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:54.947789: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:54.947790: PRF algorithms: Oct 31 15:24:54.947792: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:54.947795: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:54.947797: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:54.947801: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:54.947803: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:54.947805: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:54.947806: Integrity algorithms: Oct 31 15:24:54.947809: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:54.947812: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:54.947814: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:54.947817: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:54.947820: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:54.947822: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:54.947825: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:54.947827: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:54.947829: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:54.947831: DH algorithms: Oct 31 15:24:54.947833: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:54.947835: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:54.947837: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:54.947839: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:54.947841: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:54.947843: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:54.947845: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:54.947847: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:54.947850: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:54.947852: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:54.947854: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:54.947855: testing CAMELLIA_CBC: Oct 31 15:24:54.947857: Camellia: 16 bytes with 128-bit key Oct 31 15:24:54.947905: Camellia: 16 bytes with 128-bit key Oct 31 15:24:54.947926: Camellia: 16 bytes with 256-bit key Oct 31 15:24:54.947945: Camellia: 16 bytes with 256-bit key Oct 31 15:24:54.947963: testing AES_GCM_16: Oct 31 15:24:54.947966: empty string Oct 31 15:24:54.947986: one block Oct 31 15:24:54.948003: two blocks Oct 31 15:24:54.948021: two blocks with associated data Oct 31 15:24:54.948039: testing AES_CTR: Oct 31 15:24:54.948041: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:54.948060: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:54.948079: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:54.948098: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:54.948118: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:54.948137: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:54.948157: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:54.948175: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:54.948194: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:54.948229: testing AES_CBC: Oct 31 15:24:54.948234: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:54.948253: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:54.948273: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:54.948292: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:54.948316: testing AES_XCBC: Oct 31 15:24:54.948318: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:54.948389: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:54.948487: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:54.948562: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:54.948637: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:54.948711: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:54.948787: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:54.948946: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:54.949022: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:54.949103: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:54.949243: testing HMAC_MD5: Oct 31 15:24:54.949248: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:54.949349: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:54.949441: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:54.949566: 8 CPU cores online Oct 31 15:24:54.949570: starting up 7 helper threads Oct 31 15:24:54.949599: started thread for helper 0 Oct 31 15:24:54.949618: started thread for helper 1 Oct 31 15:24:54.949637: started thread for helper 2 Oct 31 15:24:54.949637: | starting helper thread 1 Oct 31 15:24:54.949644: seccomp security disabled for crypto helper 1 Oct 31 15:24:54.949651: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:54.949651: started thread for helper 3 Oct 31 15:24:54.949660: | starting helper thread 4 Oct 31 15:24:54.949654: | helper thread 1 has nothing to do Oct 31 15:24:54.949672: | starting helper thread 3 Oct 31 15:24:54.949678: seccomp security disabled for crypto helper 3 Oct 31 15:24:54.949679: started thread for helper 4 Oct 31 15:24:54.949681: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:54.949685: | helper thread 3 has nothing to do Oct 31 15:24:54.949666: seccomp security disabled for crypto helper 4 Oct 31 15:24:54.949693: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:54.949696: | helper thread 4 has nothing to do Oct 31 15:24:54.949705: started thread for helper 5 Oct 31 15:24:54.949711: | starting helper thread 6 Oct 31 15:24:54.949717: seccomp security disabled for crypto helper 6 Oct 31 15:24:54.949721: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:54.949725: | helper thread 6 has nothing to do Oct 31 15:24:54.949728: started thread for helper 6 Oct 31 15:24:54.949655: | starting helper thread 2 Oct 31 15:24:54.949735: | starting helper thread 7 Oct 31 15:24:54.949743: | starting helper thread 5 Oct 31 15:24:54.949742: seccomp security disabled for crypto helper 2 Oct 31 15:24:54.949758: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:54.949760: | helper thread 2 has nothing to do Oct 31 15:24:54.949748: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:54.949752: seccomp security disabled for crypto helper 5 Oct 31 15:24:54.949748: seccomp security disabled for crypto helper 7 Oct 31 15:24:54.949801: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:54.949811: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:54.949812: | helper thread 5 has nothing to do Oct 31 15:24:54.949825: | helper thread 7 has nothing to do Oct 31 15:24:54.949839: | Hard-wiring algorithms Oct 31 15:24:54.949842: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:54.949848: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:54.949849: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:54.949851: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:54.949852: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:54.949854: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:54.949855: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:54.949857: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:54.949858: | adding AES_CTR to kernel algorithm db Oct 31 15:24:54.949860: | adding AES_CBC to kernel algorithm db Oct 31 15:24:54.949861: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:54.949863: | adding NULL to kernel algorithm db Oct 31 15:24:54.949864: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:54.949866: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:54.949867: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:54.949869: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:54.949870: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:54.949872: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:54.949873: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:54.949875: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:54.949876: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:54.949877: | adding NONE to kernel algorithm db Oct 31 15:24:54.949897: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:54.949901: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:54.949902: | setup kernel fd callback Oct 31 15:24:54.949905: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55569f529dc8 Oct 31 15:24:54.949907: | libevent_malloc: newref ptr-libevent@0x55569f4ef3b8 size 128 Oct 31 15:24:54.949909: | libevent_malloc: newref ptr-libevent@0x55569f522ad8 size 16 Oct 31 15:24:54.949913: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55569f52bde8 Oct 31 15:24:54.949915: | libevent_malloc: newref ptr-libevent@0x55569f4ef468 size 128 Oct 31 15:24:54.949916: | libevent_malloc: newref ptr-libevent@0x55569f522498 size 16 Oct 31 15:24:54.950050: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:54.950068: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:54.950277: | unbound context created - setting debug level to 5 Oct 31 15:24:54.950316: | /etc/hosts lookups activated Oct 31 15:24:54.950330: | /etc/resolv.conf usage activated Oct 31 15:24:54.950362: | outgoing-port-avoid set 0-65535 Oct 31 15:24:54.950379: | outgoing-port-permit set 32768-60999 Oct 31 15:24:54.950381: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:54.950383: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:54.950385: | Setting up events, loop start Oct 31 15:24:54.950387: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55569f52f3c8 Oct 31 15:24:54.950389: | libevent_malloc: newref ptr-libevent@0x55569f52bf08 size 128 Oct 31 15:24:54.950391: | libevent_malloc: newref ptr-libevent@0x55569f522eb8 size 16 Oct 31 15:24:54.950395: | libevent_realloc: newref ptr-libevent@0x55569f52f438 size 256 Oct 31 15:24:54.950397: | libevent_malloc: newref ptr-libevent@0x55569f522b18 size 8 Oct 31 15:24:54.950398: | libevent_realloc: newref ptr-libevent@0x55569f522158 size 144 Oct 31 15:24:54.950400: | libevent_malloc: newref ptr-libevent@0x55569f482298 size 152 Oct 31 15:24:54.950403: | libevent_malloc: newref ptr-libevent@0x55569f522cc8 size 16 Oct 31 15:24:54.950405: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:54.950409: | libevent_malloc: newref ptr-libevent@0x55569f52f568 size 8 Oct 31 15:24:54.950411: | libevent_malloc: newref ptr-libevent@0x55569f4812e8 size 152 Oct 31 15:24:54.950413: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:54.950414: | libevent_malloc: newref ptr-libevent@0x55569f52f5a8 size 8 Oct 31 15:24:54.950416: | libevent_malloc: newref ptr-libevent@0x55569f52f5e8 size 152 Oct 31 15:24:54.950417: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:54.950419: | libevent_malloc: newref ptr-libevent@0x55569f52f6b8 size 8 Oct 31 15:24:54.950421: | libevent_realloc: delref ptr-libevent@0x55569f522158 Oct 31 15:24:54.950422: | libevent_realloc: newref ptr-libevent@0x55569f52f6f8 size 256 Oct 31 15:24:54.950424: | libevent_malloc: newref ptr-libevent@0x55569f52f828 size 152 Oct 31 15:24:54.950426: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:54.950663: | created addconn helper (pid:2153447) using fork+execve Oct 31 15:24:54.950676: | forked child 2153447 Oct 31 15:24:54.950687: seccomp security disabled Oct 31 15:24:54.955913: | newref struct fd@0x55569f52f988(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.955927: | fd_accept: new fd-fd@0x55569f52f988 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.955943: | whack: listen Oct 31 15:24:54.955948: listening for IKE messages Oct 31 15:24:54.955990: | Inspecting interface lo Oct 31 15:24:54.955998: | found lo with address 127.0.0.1 Oct 31 15:24:54.956002: | Inspecting interface eth0 Oct 31 15:24:54.956006: | found eth0 with address 192.0.1.254 Oct 31 15:24:54.956010: | Inspecting interface eth1 Oct 31 15:24:54.956015: | found eth1 with address 192.1.2.45 Oct 31 15:24:54.956026: | newref struct iface_dev@0x55569f52fe28(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:54.956044: Kernel supports NIC esp-hw-offload Oct 31 15:24:54.956055: | iface: marking eth1 add Oct 31 15:24:54.956059: | newref struct iface_dev@0x55569f52ff58(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:54.956064: | iface: marking eth0 add Oct 31 15:24:54.956067: | newref struct iface_dev@0x55569f530028(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:54.956070: | iface: marking lo add Oct 31 15:24:54.956144: | no interfaces to sort Oct 31 15:24:54.956162: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:54.956175: | addref ifd@0x55569f52fe28(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.956180: adding UDP interface eth1 192.1.2.45:500 Oct 31 15:24:54.956197: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:54.956220: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:54.956224: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:54.956228: | addref ifd@0x55569f52fe28(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.956232: adding UDP interface eth1 192.1.2.45:4500 Oct 31 15:24:54.956248: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:54.956256: | addref ifd@0x55569f52ff58(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.956259: adding UDP interface eth0 192.0.1.254:500 Oct 31 15:24:54.956270: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:54.956275: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:54.956277: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:54.956279: | addref ifd@0x55569f52ff58(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.956281: adding UDP interface eth0 192.0.1.254:4500 Oct 31 15:24:54.956290: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:54.956297: | addref ifd@0x55569f530028(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.956299: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:54.956310: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:54.956314: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:54.956316: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:54.956318: | addref ifd@0x55569f530028(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.956320: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:54.956327: | updating interfaces - listing interfaces that are going down Oct 31 15:24:54.956329: | updating interfaces - checking orientation Oct 31 15:24:54.956331: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:54.956346: | libevent_malloc: newref ptr-libevent@0x55569f52be58 size 128 Oct 31 15:24:54.956349: | libevent_malloc: newref ptr-libevent@0x55569f5309d8 size 16 Oct 31 15:24:54.956355: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP Oct 31 15:24:54.956357: | libevent_malloc: newref ptr-libevent@0x55569f4ef568 size 128 Oct 31 15:24:54.956359: | libevent_malloc: newref ptr-libevent@0x55569f530a18 size 16 Oct 31 15:24:54.956362: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP Oct 31 15:24:54.956364: | libevent_malloc: newref ptr-libevent@0x55569f4e4828 size 128 Oct 31 15:24:54.956366: | libevent_malloc: newref ptr-libevent@0x55569f530a58 size 16 Oct 31 15:24:54.956368: | setup callback for interface eth0 192.0.1.254:4500 fd 21 on UDP Oct 31 15:24:54.956370: | libevent_malloc: newref ptr-libevent@0x55569f4ef668 size 128 Oct 31 15:24:54.956371: | libevent_malloc: newref ptr-libevent@0x55569f530a98 size 16 Oct 31 15:24:54.956374: | setup callback for interface eth0 192.0.1.254:500 fd 20 on UDP Oct 31 15:24:54.956377: | libevent_malloc: newref ptr-libevent@0x55569f4ec088 size 128 Oct 31 15:24:54.956378: | libevent_malloc: newref ptr-libevent@0x55569f530ad8 size 16 Oct 31 15:24:54.956381: | setup callback for interface eth1 192.1.2.45:4500 fd 19 on UDP Oct 31 15:24:54.956383: | libevent_malloc: newref ptr-libevent@0x55569f4ebfd8 size 128 Oct 31 15:24:54.956385: | libevent_malloc: newref ptr-libevent@0x55569f530b18 size 16 Oct 31 15:24:54.956388: | setup callback for interface eth1 192.1.2.45:500 fd 18 on UDP Oct 31 15:24:54.957561: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:54.957570: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:54.957572: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:54.957594: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:54.957623: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:54.957636: | old food groups: Oct 31 15:24:54.957638: | new food groups: Oct 31 15:24:54.957641: | delref fd@0x55569f52f988(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.957645: | freeref fd-fd@0x55569f52f988 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.957651: | spent 0.628 (1.75) milliseconds in whack Oct 31 15:24:54.958029: | processing signal PLUTO_SIGCHLD Oct 31 15:24:54.958040: | waitpid returned pid 2153447 (exited with status 0) Oct 31 15:24:54.958043: | reaped addconn helper child (status 0) Oct 31 15:24:54.958046: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:54.958050: | spent 0.0148 (0.0147) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:54.976386: | newref struct fd@0x55569f52fef8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.976402: | fd_accept: new fd-fd@0x55569f52fef8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.976411: | whack: options (impair|debug) Oct 31 15:24:54.976414: | old debugging base+cpu-usage + none Oct 31 15:24:54.976416: | new debugging = base+cpu-usage Oct 31 15:24:54.976421: | delref fd@0x55569f52fef8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.976426: | freeref fd-fd@0x55569f52fef8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.976431: | spent 0.055 (0.0546) milliseconds in whack Oct 31 15:24:55.089276: | newref struct fd@0x55569f52f9c8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.089299: | fd_accept: new fd-fd@0x55569f52f9c8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.089310: | whack: status Oct 31 15:24:55.089558: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:55.089576: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:55.089589: | delref fd@0x55569f52f9c8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.089597: | freeref fd-fd@0x55569f52f9c8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.089610: | spent 0.335 (0.344) milliseconds in whack Oct 31 15:24:55.418689: | newref struct fd@0x55569f52fa08(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.418710: | fd_accept: new fd-fd@0x55569f52fa08 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.418726: | whack: delete 'westnet-eastnet-ikev2' Oct 31 15:24:55.418730: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.418734: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:55.418737: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.418741: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:55.418744: | whack: connection 'westnet-eastnet-ikev2' Oct 31 15:24:55.418750: | addref fd@0x55569f52fa08(1->2) (in string_logger() at log.c:838) Oct 31 15:24:55.418760: | newref string logger@0x55569f523278(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:55.418765: | Connection DB: adding connection "westnet-eastnet-ikev2" $1 Oct 31 15:24:55.418772: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.418786: | added new connection westnet-eastnet-ikev2 with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:55.418882: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:55.418887: | from whack: got --esp= Oct 31 15:24:55.418948: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:55.419003: | computed rsa CKAID Oct 31 15:24:55.419007: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:55.419010: | 7f 0f 03 50 Oct 31 15:24:55.419020: | keyid: *AQOm9dY/4 Oct 31 15:24:55.419023: | size: 274 Oct 31 15:24:55.419026: | n Oct 31 15:24:55.419029: | a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Oct 31 15:24:55.419033: | 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Oct 31 15:24:55.419036: | 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Oct 31 15:24:55.419039: | c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Oct 31 15:24:55.419042: | 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Oct 31 15:24:55.419045: | f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Oct 31 15:24:55.419048: | ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Oct 31 15:24:55.419051: | d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Oct 31 15:24:55.419054: | 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Oct 31 15:24:55.419057: | 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Oct 31 15:24:55.419060: | a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Oct 31 15:24:55.419063: | db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Oct 31 15:24:55.419066: | 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Oct 31 15:24:55.419070: | 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Oct 31 15:24:55.419073: | 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Oct 31 15:24:55.419076: | 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Oct 31 15:24:55.419079: | 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Oct 31 15:24:55.419082: | 37 f9 Oct 31 15:24:55.419085: | e Oct 31 15:24:55.419088: | 03 Oct 31 15:24:55.419091: | CKAID Oct 31 15:24:55.419094: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:55.419097: | 7f 0f 03 50 Oct 31 15:24:55.419107: | saving left CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350 extracted from raw RSA public key Oct 31 15:24:55.419308: | loaded private key matching CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350 Oct 31 15:24:55.419688: | copying key using reference slot Oct 31 15:24:55.422389: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:55.422403: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:55.422413: | spent 3.25 (3.3) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.422424: connection "westnet-eastnet-ikev2": loaded private key matching left CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350 Oct 31 15:24:55.422429: | counting wild cards for @west is 0 Oct 31 15:24:55.422458: | computed rsa CKAID Oct 31 15:24:55.422462: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.422465: | 8a 82 25 f1 Oct 31 15:24:55.422473: | keyid: *AQO9bJbr3 Oct 31 15:24:55.422476: | size: 274 Oct 31 15:24:55.422479: | n Oct 31 15:24:55.422482: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:55.422485: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:55.422489: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:55.422492: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:55.422495: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:55.422498: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:55.422501: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:55.422504: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:55.422507: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:55.422510: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:55.422513: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:55.422516: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:55.422519: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:55.422522: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:55.422525: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:55.422529: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:55.422532: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:55.422535: | 48 ef Oct 31 15:24:55.422538: | e Oct 31 15:24:55.422541: | 03 Oct 31 15:24:55.422544: | CKAID Oct 31 15:24:55.422547: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.422550: | 8a 82 25 f1 Oct 31 15:24:55.422559: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:55.422565: | trying secret PKK_RSA:AQOm9dY/4 Oct 31 15:24:55.422637: | spent 0.0698 (0.0697) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.422648: | no private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1: can't find the private key matching the NSS CKAID Oct 31 15:24:55.422652: | counting wild cards for @east is 0 Oct 31 15:24:55.422657: | updating connection from left.host_addr Oct 31 15:24:55.422661: | left host_port 500 Oct 31 15:24:55.422665: | updating connection from right.host_addr Oct 31 15:24:55.422668: | right host_port 500 Oct 31 15:24:55.422675: | orienting westnet-eastnet-ikev2 Oct 31 15:24:55.422682: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:55.422688: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:55.422693: | westnet-eastnet-ikev2 doesn't match 192.0.1.254:4500 at all Oct 31 15:24:55.422698: | westnet-eastnet-ikev2 doesn't match 192.0.1.254:500 at all Oct 31 15:24:55.422703: | westnet-eastnet-ikev2 doesn't match 192.1.2.45:4500 at all Oct 31 15:24:55.422707: | oriented westnet-eastnet-ikev2's this Oct 31 15:24:55.422714: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Oct 31 15:24:55.422723: | newref hp@0x55569f5379f8(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:55.422728: added IKEv2 connection "westnet-eastnet-ikev2" Oct 31 15:24:55.422743: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:55.422764: | 192.0.1.0/24===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:55.422769: | delref logger@0x55569f523278(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:55.422773: | delref fd@0x55569f52fa08(2->1) (in free_logger() at log.c:853) Oct 31 15:24:55.422776: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.422783: | delref fd@0x55569f52fa08(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.422794: | freeref fd-fd@0x55569f52fa08 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.422800: | spent 4.08 (4.13) milliseconds in whack Oct 31 15:24:55.422864: | newref struct fd@0x55569f535e28(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.422869: | fd_accept: new fd-fd@0x55569f535e28 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.422882: | whack: key Oct 31 15:24:55.422888: add keyid @west Oct 31 15:24:55.422891: | 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 Oct 31 15:24:55.422894: | 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e Oct 31 15:24:55.422897: | b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 Oct 31 15:24:55.422901: | 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 Oct 31 15:24:55.422904: | 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 Oct 31 15:24:55.422907: | f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c Oct 31 15:24:55.422910: | ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a Oct 31 15:24:55.422913: | 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 Oct 31 15:24:55.422916: | b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 Oct 31 15:24:55.422919: | 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a Oct 31 15:24:55.422922: | 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 Oct 31 15:24:55.422925: | ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc Oct 31 15:24:55.422928: | 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e Oct 31 15:24:55.422931: | d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 Oct 31 15:24:55.422934: | 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d Oct 31 15:24:55.422937: | 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f Oct 31 15:24:55.422940: | c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 Oct 31 15:24:55.422943: | 15 04 37 f9 Oct 31 15:24:55.422959: | computed rsa CKAID Oct 31 15:24:55.422963: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:55.422966: | 7f 0f 03 50 Oct 31 15:24:55.422973: | keyid: *AQOm9dY/4 Oct 31 15:24:55.422976: | size: 274 Oct 31 15:24:55.422979: | n Oct 31 15:24:55.422982: | a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 8b 49 Oct 31 15:24:55.422985: | 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e b3 96 Oct 31 15:24:55.422988: | 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 09 f0 Oct 31 15:24:55.422991: | c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 8f 95 Oct 31 15:24:55.422995: | 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 f5 99 Oct 31 15:24:55.422998: | f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c ac 34 Oct 31 15:24:55.423001: | ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a 94 d3 Oct 31 15:24:55.423004: | d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 b2 2b Oct 31 15:24:55.423007: | 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 7d 7a Oct 31 15:24:55.423010: | 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a 8f 52 Oct 31 15:24:55.423013: | a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 ca 80 Oct 31 15:24:55.423016: | db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc 2a b3 Oct 31 15:24:55.423019: | 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e d3 3a Oct 31 15:24:55.423022: | 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 87 33 Oct 31 15:24:55.423025: | 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d 6e e8 Oct 31 15:24:55.423028: | 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f c9 20 Oct 31 15:24:55.423032: | 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 15 04 Oct 31 15:24:55.423034: | 37 f9 Oct 31 15:24:55.423038: | e Oct 31 15:24:55.423041: | 03 Oct 31 15:24:55.423044: | CKAID Oct 31 15:24:55.423050: | b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 Oct 31 15:24:55.423054: | 7f 0f 03 50 Oct 31 15:24:55.423059: | newref struct pubkey@0x55569f537b48(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:55.423063: | addref pk@0x55569f537b48(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:55.423068: | delref pkp@0x55569f537b48(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:55.423072: | trying secret PKK_RSA:AQOm9dY/4 Oct 31 15:24:55.423076: | matched Oct 31 15:24:55.423079: | secrets entry for ckaid already exists Oct 31 15:24:55.423085: | spent 0.0108 (0.0106) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.423090: | delref fd@0x55569f535e28(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.423100: | freeref fd-fd@0x55569f535e28 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.423106: | spent 0.251 (0.251) milliseconds in whack Oct 31 15:24:55.423154: | newref struct fd@0x55569f531788(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.423158: | fd_accept: new fd-fd@0x55569f531788 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.423168: | whack: key Oct 31 15:24:55.423173: add keyid @east Oct 31 15:24:55.423177: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:55.423180: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:55.423183: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:55.423186: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:55.423189: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:55.423192: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:55.423195: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:55.423215: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:55.423222: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:55.423225: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:55.423228: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:55.423231: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:55.423235: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:55.423238: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:55.423241: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:55.423244: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:55.423247: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:55.423250: | 51 51 48 ef Oct 31 15:24:55.423261: | computed rsa CKAID Oct 31 15:24:55.423264: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.423267: | 8a 82 25 f1 Oct 31 15:24:55.423274: | keyid: *AQO9bJbr3 Oct 31 15:24:55.423277: | size: 274 Oct 31 15:24:55.423280: | n Oct 31 15:24:55.423284: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:55.423287: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:55.423290: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:55.423293: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:55.423296: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:55.423299: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:55.423302: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:55.423306: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:55.423309: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:55.423312: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:55.423315: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:55.423318: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:55.423321: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:55.423324: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:55.423327: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:55.423334: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:55.423337: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:55.423340: | 48 ef Oct 31 15:24:55.423343: | e Oct 31 15:24:55.423346: | 03 Oct 31 15:24:55.423350: | CKAID Oct 31 15:24:55.423353: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:55.423356: | 8a 82 25 f1 Oct 31 15:24:55.423360: | newref struct pubkey@0x55569f536c88(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:55.423364: | addref pk@0x55569f536c88(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:55.423369: | delref pkp@0x55569f536c88(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:55.423374: | trying secret PKK_RSA:AQOm9dY/4 Oct 31 15:24:55.423437: | spent 0.0616 (0.0615) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:55.423443: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:55.423448: | delref fd@0x55569f531788(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.423459: | freeref fd-fd@0x55569f531788 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.423464: | spent 0.3 (0.316) milliseconds in whack Oct 31 15:24:55.487930: | newref struct fd@0x55569f523278(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.487947: | fd_accept: new fd-fd@0x55569f523278 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.487960: | whack: initiate Oct 31 15:24:55.487963: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.487968: | connection 'westnet-eastnet-ikev2' +POLICY_UP Oct 31 15:24:55.487971: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:55.487992: | newref alloc logger@0x55569f52fb38(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.487996: | addref fd@0x55569f523278(1->2) (in new_state() at state.c:577) Oct 31 15:24:55.487998: | creating state object #1 at 0x55569f538008 Oct 31 15:24:55.488001: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:55.488010: | pstats #1 ikev2.ike started Oct 31 15:24:55.488014: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:55.488017: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:55.488034: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744569.920816 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744569.920816 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:55.488044: | orienting westnet-eastnet-ikev2 Oct 31 15:24:55.488051: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:55.488057: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:55.488062: | westnet-eastnet-ikev2 doesn't match 192.0.1.254:4500 at all Oct 31 15:24:55.488067: | westnet-eastnet-ikev2 doesn't match 192.0.1.254:500 at all Oct 31 15:24:55.488072: | westnet-eastnet-ikev2 doesn't match 192.1.2.45:4500 at all Oct 31 15:24:55.488076: | oriented westnet-eastnet-ikev2's this Oct 31 15:24:55.488086: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:55.488092: | addref fd@0x55569f523278(2->3) (in add_pending() at pending.c:86) Oct 31 15:24:55.488096: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "westnet-eastnet-ikev2" Oct 31 15:24:55.488099: "westnet-eastnet-ikev2" #1: initiating IKEv2 connection Oct 31 15:24:55.488108: | constructing local IKE proposals for westnet-eastnet-ikev2 (IKE SA initiator selecting KE) Oct 31 15:24:55.488118: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.488127: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488130: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.488139: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488143: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.488148: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488150: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.488155: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488157: "westnet-eastnet-ikev2": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:24:55.488162: "westnet-eastnet-ikev2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488166: "westnet-eastnet-ikev2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488170: "westnet-eastnet-ikev2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488174: "westnet-eastnet-ikev2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.488179: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.488182: | addref fd@0x55569f523278(3->4) (in clone_logger() at log.c:810) Oct 31 15:24:55.488184: | newref clone logger@0x55569f522ef8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.488187: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:55.488189: | state #1 has no .st_event to delete Oct 31 15:24:55.488191: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:55.488194: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55569f536e58 Oct 31 15:24:55.488197: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.488205: | libevent_malloc: newref ptr-libevent@0x55569f534d68 size 128 Oct 31 15:24:55.488223: | #1 spent 0.246 (0.253) milliseconds in ikev2_parent_outI1() Oct 31 15:24:55.488228: | RESET processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:55.488232: | delref fd@0x55569f523278(4->3) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.488236: | spent 0.312 (0.318) milliseconds in whack Oct 31 15:24:55.488236: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:55.489835: | "westnet-eastnet-ikev2" #1: spent 1.56 (1.6) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:24:55.489846: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:55.489850: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.489853: | libevent_malloc: newref ptr-libevent@0x7f52c4006108 size 128 Oct 31 15:24:55.489862: | helper thread 1 has nothing to do Oct 31 15:24:55.489876: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.489891: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.489898: | unsuspending #1 MD (nil) Oct 31 15:24:55.489902: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:55.489906: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55569eac7fe7 Oct 31 15:24:55.489914: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:24:55.489919: | DH secret MODP2048@0x7f52c4006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:55.489957: | opening output PBS reply packet Oct 31 15:24:55.489962: | **emit ISAKMP Message: Oct 31 15:24:55.489968: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.489974: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.489977: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.489980: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.489983: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.489988: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.489994: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.489998: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.490020: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.490024: | Emitting ikev2_proposals ... Oct 31 15:24:55.490027: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:55.490030: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.490033: | flags: none (0x0) Oct 31 15:24:55.490036: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.490040: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.490045: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.490049: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.490052: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.490056: | prop #: 1 (01) Oct 31 15:24:55.490059: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.490062: | spi size: 0 (00) Oct 31 15:24:55.490066: | # transforms: 11 (0b) Oct 31 15:24:55.490069: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.490073: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490076: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490079: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.490081: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.490084: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490088: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.490091: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.490095: | length/value: 256 (01 00) Oct 31 15:24:55.490100: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.490103: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490109: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490112: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.490116: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490120: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490128: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490131: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490134: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490136: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490139: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.490142: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490145: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490148: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490152: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.490155: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490163: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.490166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490172: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490175: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490177: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490180: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490183: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.490186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490189: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490192: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490195: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490197: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490210: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490213: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.490216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490222: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490225: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490227: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490229: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490231: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.490233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490237: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490239: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490245: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490246: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.490248: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490250: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490252: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490254: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490256: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490258: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490260: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.490262: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490264: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490266: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490267: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490269: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490271: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490273: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.490275: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490277: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490279: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490281: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490283: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.490284: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490286: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.490288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490290: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490292: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490294: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:55.490296: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.490299: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.490302: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.490303: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.490306: | prop #: 2 (02) Oct 31 15:24:55.490308: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.490310: | spi size: 0 (00) Oct 31 15:24:55.490312: | # transforms: 11 (0b) Oct 31 15:24:55.490315: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.490317: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.490319: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490321: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490324: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.490326: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.490328: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490330: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.490332: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.490335: | length/value: 128 (00 80) Oct 31 15:24:55.490337: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.490339: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490341: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490343: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490345: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.490347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490351: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490353: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490354: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490356: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490358: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.490360: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490362: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490364: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490366: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.490368: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490370: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490372: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490374: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.490376: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490379: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490381: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490385: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490387: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.490389: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490391: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490393: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490395: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490397: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490398: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490400: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.490402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490405: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490407: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490409: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490411: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490413: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490415: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.490417: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490419: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490420: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490422: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490426: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490428: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.490430: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490432: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490434: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490436: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490438: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490440: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490441: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.490443: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490445: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490447: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490449: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490451: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490453: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490455: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.490457: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490459: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490461: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490463: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490464: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.490466: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490468: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.490470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490472: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490474: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490477: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:55.490479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.490482: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.490484: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.490486: | prop #: 3 (03) Oct 31 15:24:55.490488: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.490491: | spi size: 0 (00) Oct 31 15:24:55.490493: | # transforms: 13 (0d) Oct 31 15:24:55.490495: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.490497: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.490499: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490503: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.490505: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.490506: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490509: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.490511: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.490513: | length/value: 256 (01 00) Oct 31 15:24:55.490515: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.490517: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490519: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490521: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490523: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.490525: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490526: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490528: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490530: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490532: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490534: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490536: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.490538: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490542: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490544: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490546: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490548: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.490550: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.490552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490553: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490555: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490558: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490564: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.490567: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.490570: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490572: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490575: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490578: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490580: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490583: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490585: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.490588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490593: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490596: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490598: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490604: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.490607: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490612: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490615: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490618: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490620: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490623: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.490626: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490628: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490630: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490632: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490634: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490636: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490637: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.490640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490641: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490643: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490645: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490649: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490651: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.490653: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490658: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490660: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490662: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490664: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490666: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.490668: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490670: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490672: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490674: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490678: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490679: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.490681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490683: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490685: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490687: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490689: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.490691: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490693: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.490695: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490699: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490701: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:55.490702: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.490706: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.490708: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.490710: | prop #: 4 (04) Oct 31 15:24:55.490712: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.490714: | spi size: 0 (00) Oct 31 15:24:55.490716: | # transforms: 13 (0d) Oct 31 15:24:55.490719: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.490721: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.490723: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490727: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.490728: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.490730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490732: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.490734: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.490738: | length/value: 128 (00 80) Oct 31 15:24:55.490740: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.490742: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490744: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490746: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490747: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.490749: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490751: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490753: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490755: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490764: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.490766: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.490768: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490770: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490772: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490775: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490778: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.490780: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.490782: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490784: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490786: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490788: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490792: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.490794: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.490796: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490797: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490799: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490801: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490805: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490807: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.490809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490811: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490813: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490815: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490817: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490818: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490821: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.490823: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490825: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490827: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490829: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490831: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490833: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490835: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.490837: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490839: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490840: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490843: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490844: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490846: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490848: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.490850: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490852: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490854: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490856: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490858: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490859: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490861: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.490863: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490867: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490869: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490871: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490873: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490875: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.490877: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490879: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490880: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490882: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490886: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490888: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.490890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490893: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490895: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490897: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.490899: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.490901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.490902: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.490904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.490906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.490908: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.490910: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:55.490912: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.490914: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:24:55.490916: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.490918: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:55.490920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.490922: | flags: none (0x0) Oct 31 15:24:55.490924: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.490927: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:55.490929: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.490932: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:55.490934: | ikev2 g^x: Oct 31 15:24:55.490936: | 3d 2f f3 f4 9f 94 03 e3 46 e7 a2 60 7f 54 d8 53 Oct 31 15:24:55.490938: | fd d0 a9 6c c1 43 f5 68 63 d5 f5 1c ad 3d 2e 04 Oct 31 15:24:55.490940: | 74 a1 64 29 7d 14 f6 d6 59 bc 92 20 11 99 0d 08 Oct 31 15:24:55.490941: | 4c 42 9b 56 4c 15 c9 a2 84 fa ff f3 0d 55 7d 7b Oct 31 15:24:55.490943: | 98 0e b6 3d fe 91 70 14 61 6b f0 f3 c8 50 54 64 Oct 31 15:24:55.490945: | 05 b2 c8 ae db be 7f d3 66 81 94 78 50 c9 de 98 Oct 31 15:24:55.490947: | e0 74 00 66 ca a5 ec e4 6f 14 1d 4e 00 be 97 66 Oct 31 15:24:55.490949: | d3 00 89 12 3c a1 08 a5 ec b8 ac c7 fc 9e 77 1d Oct 31 15:24:55.490950: | fe 74 25 dd 9c ba 58 1d a9 dc 83 92 be 6c 9f d9 Oct 31 15:24:55.490952: | 3e 07 dd 74 1e 07 3c 14 8f 29 49 06 25 b9 03 68 Oct 31 15:24:55.490954: | 5d 58 f4 7b 40 a7 f8 56 a8 a0 fe b5 96 bd a4 79 Oct 31 15:24:55.490956: | 42 58 de 27 9c 42 6d 1a 15 41 46 6b 49 f0 f7 88 Oct 31 15:24:55.490957: | 82 25 3e 6a 4f a4 b2 d5 ac 8b 97 36 e4 af 51 3e Oct 31 15:24:55.490959: | 27 64 af 64 30 9d 37 1c b4 df 1d 14 d7 8b cb f9 Oct 31 15:24:55.490961: | af 9c 87 6b a4 c9 7a 82 a8 24 31 ea 3f 80 b2 d4 Oct 31 15:24:55.490963: | d4 87 b2 8f 3f c7 b7 6c 1d 69 d9 77 ce ec 76 0d Oct 31 15:24:55.490965: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:55.490967: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:55.490969: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.490970: | flags: none (0x0) Oct 31 15:24:55.490973: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.490975: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.490977: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:55.490979: | IKEv2 nonce: Oct 31 15:24:55.490981: | 0d 5b a5 a1 af 04 09 b6 1c 8c bf ef 40 84 59 5a Oct 31 15:24:55.490984: | cc 60 95 33 2f 70 b6 6e 9d b2 af 2e 6e f9 a0 61 Oct 31 15:24:55.490986: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:55.490988: | adding a v2N Payload Oct 31 15:24:55.490990: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.490992: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.490994: | flags: none (0x0) Oct 31 15:24:55.490996: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.490998: | SPI size: 0 (00) Oct 31 15:24:55.491000: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.491002: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.491004: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.491006: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:55.491009: | adding a v2N Payload Oct 31 15:24:55.491011: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.491012: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.491014: | flags: none (0x0) Oct 31 15:24:55.491016: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.491018: | SPI size: 0 (00) Oct 31 15:24:55.491020: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:55.491022: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.491024: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.491027: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:55.491029: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:55.491031: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:55.491033: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:55.491035: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:55.491037: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:55.491039: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:55.491042: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:55.491044: | nat: IKE.SPIr is zero Oct 31 15:24:55.491060: | natd_hash: hasher=0x55569ebb9f80(20) Oct 31 15:24:55.491062: | natd_hash: icookie= Oct 31 15:24:55.491064: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.491066: | natd_hash: rcookie= Oct 31 15:24:55.491067: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.491069: | natd_hash: ip= Oct 31 15:24:55.491071: | c0 01 02 2d Oct 31 15:24:55.491073: | natd_hash: port= Oct 31 15:24:55.491074: | 01 f4 Oct 31 15:24:55.491076: | natd_hash: hash= Oct 31 15:24:55.491078: | f0 0f ee 38 2b 6a 40 e2 e4 8c b5 03 2d d9 69 36 Oct 31 15:24:55.491080: | ac da 9c 05 Oct 31 15:24:55.491081: | adding a v2N Payload Oct 31 15:24:55.491083: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.491085: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.491087: | flags: none (0x0) Oct 31 15:24:55.491089: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.491091: | SPI size: 0 (00) Oct 31 15:24:55.491093: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.491095: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.491097: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.491100: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.491102: | Notify data: Oct 31 15:24:55.491103: | f0 0f ee 38 2b 6a 40 e2 e4 8c b5 03 2d d9 69 36 Oct 31 15:24:55.491105: | ac da 9c 05 Oct 31 15:24:55.491108: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.491110: | nat: IKE.SPIr is zero Oct 31 15:24:55.491115: | natd_hash: hasher=0x55569ebb9f80(20) Oct 31 15:24:55.491117: | natd_hash: icookie= Oct 31 15:24:55.491119: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.491121: | natd_hash: rcookie= Oct 31 15:24:55.491123: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.491124: | natd_hash: ip= Oct 31 15:24:55.491126: | c0 01 02 17 Oct 31 15:24:55.491128: | natd_hash: port= Oct 31 15:24:55.491130: | 01 f4 Oct 31 15:24:55.491131: | natd_hash: hash= Oct 31 15:24:55.491133: | 39 4b 87 60 53 b1 f1 52 45 a8 d3 91 50 36 96 17 Oct 31 15:24:55.491135: | 1f fe e8 69 Oct 31 15:24:55.491137: | adding a v2N Payload Oct 31 15:24:55.491138: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.491140: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.491142: | flags: none (0x0) Oct 31 15:24:55.491144: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.491146: | SPI size: 0 (00) Oct 31 15:24:55.491148: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.491150: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.491152: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.491154: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.491156: | Notify data: Oct 31 15:24:55.491158: | 39 4b 87 60 53 b1 f1 52 45 a8 d3 91 50 36 96 17 Oct 31 15:24:55.491160: | 1f fe e8 69 Oct 31 15:24:55.491162: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.491164: | emitting length of ISAKMP Message: 842 Oct 31 15:24:55.491170: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.491174: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:55.491176: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:55.491178: | Message ID: updating counters for #1 Oct 31 15:24:55.491180: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:55.491186: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.920816 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:55.491190: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55569f5340e8 Oct 31 15:24:55.491192: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Oct 31 15:24:55.491195: | libevent_malloc: newref ptr-libevent@0x55569f536f18 size 128 Oct 31 15:24:55.491219: | #1 STATE_PARENT_I0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744569.923985 Oct 31 15:24:55.491229: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.920816 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:55.491234: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.920816 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:55.491237: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:55.491240: | announcing the state transition Oct 31 15:24:55.491243: "westnet-eastnet-ikev2" #1: sent IKE_SA_INIT request Oct 31 15:24:55.491268: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:55.491273: | 7d a4 96 cc 06 a0 5a 44 00 00 00 00 00 00 00 00 Oct 31 15:24:55.491275: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:55.491279: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:55.491281: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:55.491283: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:55.491284: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:55.491286: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:55.491288: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:55.491289: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:55.491291: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:55.491293: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:55.491295: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:55.491296: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:55.491298: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:55.491300: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:55.491302: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.491303: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.491305: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:55.491307: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:55.491309: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:55.491310: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:55.491312: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:55.491314: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:55.491315: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:55.491317: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:55.491319: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:55.491321: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:55.491322: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:55.491324: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:55.491326: | 28 00 01 08 00 0e 00 00 3d 2f f3 f4 9f 94 03 e3 Oct 31 15:24:55.491328: | 46 e7 a2 60 7f 54 d8 53 fd d0 a9 6c c1 43 f5 68 Oct 31 15:24:55.491329: | 63 d5 f5 1c ad 3d 2e 04 74 a1 64 29 7d 14 f6 d6 Oct 31 15:24:55.491331: | 59 bc 92 20 11 99 0d 08 4c 42 9b 56 4c 15 c9 a2 Oct 31 15:24:55.491333: | 84 fa ff f3 0d 55 7d 7b 98 0e b6 3d fe 91 70 14 Oct 31 15:24:55.491335: | 61 6b f0 f3 c8 50 54 64 05 b2 c8 ae db be 7f d3 Oct 31 15:24:55.491336: | 66 81 94 78 50 c9 de 98 e0 74 00 66 ca a5 ec e4 Oct 31 15:24:55.491338: | 6f 14 1d 4e 00 be 97 66 d3 00 89 12 3c a1 08 a5 Oct 31 15:24:55.491340: | ec b8 ac c7 fc 9e 77 1d fe 74 25 dd 9c ba 58 1d Oct 31 15:24:55.491342: | a9 dc 83 92 be 6c 9f d9 3e 07 dd 74 1e 07 3c 14 Oct 31 15:24:55.491343: | 8f 29 49 06 25 b9 03 68 5d 58 f4 7b 40 a7 f8 56 Oct 31 15:24:55.491345: | a8 a0 fe b5 96 bd a4 79 42 58 de 27 9c 42 6d 1a Oct 31 15:24:55.491347: | 15 41 46 6b 49 f0 f7 88 82 25 3e 6a 4f a4 b2 d5 Oct 31 15:24:55.491349: | ac 8b 97 36 e4 af 51 3e 27 64 af 64 30 9d 37 1c Oct 31 15:24:55.491350: | b4 df 1d 14 d7 8b cb f9 af 9c 87 6b a4 c9 7a 82 Oct 31 15:24:55.491352: | a8 24 31 ea 3f 80 b2 d4 d4 87 b2 8f 3f c7 b7 6c Oct 31 15:24:55.491354: | 1d 69 d9 77 ce ec 76 0d 29 00 00 24 0d 5b a5 a1 Oct 31 15:24:55.491356: | af 04 09 b6 1c 8c bf ef 40 84 59 5a cc 60 95 33 Oct 31 15:24:55.491357: | 2f 70 b6 6e 9d b2 af 2e 6e f9 a0 61 29 00 00 08 Oct 31 15:24:55.491359: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:55.491361: | 00 04 29 00 00 1c 00 00 40 04 f0 0f ee 38 2b 6a Oct 31 15:24:55.491362: | 40 e2 e4 8c b5 03 2d d9 69 36 ac da 9c 05 00 00 Oct 31 15:24:55.491364: | 00 1c 00 00 40 05 39 4b 87 60 53 b1 f1 52 45 a8 Oct 31 15:24:55.491366: | d3 91 50 36 96 17 1f fe e8 69 Oct 31 15:24:55.491407: | sent 1 messages Oct 31 15:24:55.491411: | checking that a retransmit timeout_event was already Oct 31 15:24:55.491415: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.491418: | libevent_free: delref ptr-libevent@0x55569f534d68 Oct 31 15:24:55.491421: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55569f536e58 Oct 31 15:24:55.491425: | delref logger@0x55569f522ef8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.491427: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.491430: | delref fd@0x55569f523278(3->2) (in free_logger() at log.c:854) Oct 31 15:24:55.491433: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:55.491435: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:55.491441: | #1 spent 1.5 (1.54) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.491445: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.491448: | libevent_free: delref ptr-libevent@0x7f52c4006108 Oct 31 15:24:55.495768: | spent 0.00307 (0.00298) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.495792: | newref struct msg_digest@0x55569f539cc8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.495798: | newref alloc logger@0x55569f522ef8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.495807: | *received 446 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:24:55.495811: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.495814: | 21 20 22 20 00 00 00 00 00 00 01 be 22 00 00 28 Oct 31 15:24:55.495817: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:55.495820: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:55.495822: | 04 00 00 0e 28 00 01 08 00 0e 00 00 2c d8 f0 02 Oct 31 15:24:55.495825: | 65 e3 b4 96 44 e8 0c 78 af 93 1a 9f d0 4f ff 8a Oct 31 15:24:55.495828: | ff 53 a0 22 8f a3 d2 8d a2 be 40 24 22 dc c7 a7 Oct 31 15:24:55.495831: | 01 79 91 b2 3d 38 3a 00 46 40 fb f3 fb b2 1e b7 Oct 31 15:24:55.495839: | 68 2e 40 c4 c8 a2 90 a4 e3 fe 70 0d dd 68 97 47 Oct 31 15:24:55.495842: | 4f af fa f4 4c 40 c3 87 19 ff d2 8a 43 32 aa dd Oct 31 15:24:55.495844: | 14 ae 87 da cb b4 27 d9 14 75 39 5f 9a a0 40 ef Oct 31 15:24:55.495845: | a2 54 b9 88 49 57 26 8a 19 9e b6 58 6c b6 f3 af Oct 31 15:24:55.495847: | d5 72 07 27 b8 0d 42 a9 85 61 4a 85 96 b4 a7 66 Oct 31 15:24:55.495849: | 45 4c c5 e6 52 4e ee a2 b6 21 e9 e9 8a ea 3d e7 Oct 31 15:24:55.495851: | e6 d5 33 25 b3 36 1b 61 58 d9 4d f3 b2 a0 d4 7e Oct 31 15:24:55.495853: | 2e d3 ea d2 42 61 0c 02 8a e8 67 08 4c e3 da cd Oct 31 15:24:55.495854: | 6e 58 cc 24 c5 fa d6 6b 91 7e 92 3f 1a d3 26 85 Oct 31 15:24:55.495856: | 6a 78 b9 ef df 8c cc 37 22 49 46 bb f7 05 90 1a Oct 31 15:24:55.495858: | 69 a5 ce 47 f6 57 fe 1c 27 d8 10 3d b9 0c 69 90 Oct 31 15:24:55.495860: | 7a c4 1b 77 a7 70 6a 38 9e 55 3a c2 51 8d 35 b9 Oct 31 15:24:55.495861: | 53 de 90 37 c2 6e 3b 6f 24 75 71 70 29 00 00 24 Oct 31 15:24:55.495863: | a6 22 eb 2f 10 b9 c1 78 0c 6e 8a 7d ae 94 ad c8 Oct 31 15:24:55.495865: | d4 e1 a5 c6 8f 91 4c 7e fb 67 32 ef cb 0d 27 f7 Oct 31 15:24:55.495867: | 29 00 00 08 00 00 40 2e 29 00 00 0e 00 00 40 2f Oct 31 15:24:55.495869: | 00 02 00 03 00 04 29 00 00 1c 00 00 40 04 67 f4 Oct 31 15:24:55.495870: | 33 47 a2 25 62 f2 17 19 d3 1b d5 07 18 d3 d6 f4 Oct 31 15:24:55.495872: | 54 6a 00 00 00 1c 00 00 40 05 76 45 3c d3 1b 14 Oct 31 15:24:55.495874: | d1 5c 25 8f 7f 82 7a 58 3c 0b 30 d0 13 40 Oct 31 15:24:55.495878: | **parse ISAKMP Message: Oct 31 15:24:55.495882: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.495885: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.495887: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:55.495889: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.495893: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.495896: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:55.495899: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.495902: | length: 446 (00 00 01 be) Oct 31 15:24:55.495904: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:55.495907: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:24:55.495911: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:55.495914: | #1 is idle Oct 31 15:24:55.495915: | #1 idle Oct 31 15:24:55.495917: | unpacking clear payloads Oct 31 15:24:55.495919: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:55.495922: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:55.495924: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:55.495926: | flags: none (0x0) Oct 31 15:24:55.495932: | length: 40 (00 28) Oct 31 15:24:55.495935: | processing payload: ISAKMP_NEXT_v2SA (len=36) Oct 31 15:24:55.495936: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:55.495939: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:55.495941: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:55.495943: | flags: none (0x0) Oct 31 15:24:55.495945: | length: 264 (01 08) Oct 31 15:24:55.495947: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.495949: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:55.495951: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.495953: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:55.495955: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.495957: | flags: none (0x0) Oct 31 15:24:55.495959: | length: 36 (00 24) Oct 31 15:24:55.495961: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:55.495963: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.495965: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.495967: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.495969: | flags: none (0x0) Oct 31 15:24:55.495971: | length: 8 (00 08) Oct 31 15:24:55.495973: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.495975: | SPI size: 0 (00) Oct 31 15:24:55.495977: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.495979: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:55.495982: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.495984: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.495985: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.495987: | flags: none (0x0) Oct 31 15:24:55.495990: | length: 14 (00 0e) Oct 31 15:24:55.495991: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.495994: | SPI size: 0 (00) Oct 31 15:24:55.495996: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:55.495997: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:55.495999: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.496001: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.496003: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.496005: | flags: none (0x0) Oct 31 15:24:55.496007: | length: 28 (00 1c) Oct 31 15:24:55.496009: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.496011: | SPI size: 0 (00) Oct 31 15:24:55.496013: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.496015: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.496017: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.496019: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.496021: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.496023: | flags: none (0x0) Oct 31 15:24:55.496025: | length: 28 (00 1c) Oct 31 15:24:55.496027: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.496029: | SPI size: 0 (00) Oct 31 15:24:55.496031: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.496034: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.496036: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:24:55.496038: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:24:55.496040: | message has errors Oct 31 15:24:55.496042: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:24:55.496044: | message has errors Oct 31 15:24:55.496046: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:24:55.496047: | message has errors Oct 31 15:24:55.496049: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:55.496051: | matched unencrypted message Oct 31 15:24:55.496057: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:24:55.496059: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:55.496063: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.496065: | hash algorithm identifier (network ordered) Oct 31 15:24:55.496066: | 00 02 Oct 31 15:24:55.496069: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:55.496072: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.496074: | hash algorithm identifier (network ordered) Oct 31 15:24:55.496081: | 00 03 Oct 31 15:24:55.496085: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:55.496088: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:55.496091: | hash algorithm identifier (network ordered) Oct 31 15:24:55.496094: | 00 04 Oct 31 15:24:55.496097: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:55.496100: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:24:55.496126: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.496132: | comparing remote proposals against IKE initiator (accepting) 4 local proposals Oct 31 15:24:55.496136: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:55.496138: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:55.496140: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:55.496142: | local proposal 1 type DH has 8 transforms Oct 31 15:24:55.496144: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:55.496147: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:55.496149: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:55.496151: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:55.496153: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:55.496155: | local proposal 2 type DH has 8 transforms Oct 31 15:24:55.496156: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:55.496159: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:55.496161: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:55.496163: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:55.496165: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:55.496166: | local proposal 3 type DH has 8 transforms Oct 31 15:24:55.496172: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:55.496174: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:55.496176: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:55.496178: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:55.496180: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:55.496182: | local proposal 4 type DH has 8 transforms Oct 31 15:24:55.496184: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:55.496186: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:55.496189: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.496191: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.496194: | length: 36 (00 24) Oct 31 15:24:55.496196: | prop #: 1 (01) Oct 31 15:24:55.496203: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.496210: | spi size: 0 (00) Oct 31 15:24:55.496213: | # transforms: 3 (03) Oct 31 15:24:55.496218: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:55.496221: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.496223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.496225: | length: 12 (00 0c) Oct 31 15:24:55.496227: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.496229: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.496231: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.496233: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.496236: | length/value: 256 (01 00) Oct 31 15:24:55.496239: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:55.496241: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.496243: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.496245: | length: 8 (00 08) Oct 31 15:24:55.496247: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.496249: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.496252: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:55.496254: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.496256: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.496258: | length: 8 (00 08) Oct 31 15:24:55.496260: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.496262: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.496264: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:55.496267: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:55.496271: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:55.496273: | remote proposal 1 matches local proposal 1 Oct 31 15:24:55.496276: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Oct 31 15:24:55.496278: | converting proposal to internal trans attrs Oct 31 15:24:55.496303: | natd_hash: hasher=0x55569ebb9f80(20) Oct 31 15:24:55.496310: | natd_hash: icookie= Oct 31 15:24:55.496313: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.496316: | natd_hash: rcookie= Oct 31 15:24:55.496319: | 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.496323: | natd_hash: ip= Oct 31 15:24:55.496326: | c0 01 02 2d Oct 31 15:24:55.496329: | natd_hash: port= Oct 31 15:24:55.496332: | 01 f4 Oct 31 15:24:55.496335: | natd_hash: hash= Oct 31 15:24:55.496338: | 76 45 3c d3 1b 14 d1 5c 25 8f 7f 82 7a 58 3c 0b Oct 31 15:24:55.496341: | 30 d0 13 40 Oct 31 15:24:55.496351: | natd_hash: hasher=0x55569ebb9f80(20) Oct 31 15:24:55.496354: | natd_hash: icookie= Oct 31 15:24:55.496355: | 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.496357: | natd_hash: rcookie= Oct 31 15:24:55.496361: | 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.496363: | natd_hash: ip= Oct 31 15:24:55.496365: | c0 01 02 17 Oct 31 15:24:55.496366: | natd_hash: port= Oct 31 15:24:55.496368: | 01 f4 Oct 31 15:24:55.496370: | natd_hash: hash= Oct 31 15:24:55.496372: | 67 f4 33 47 a2 25 62 f2 17 19 d3 1b d5 07 18 d3 Oct 31 15:24:55.496373: | d6 f4 54 6a Oct 31 15:24:55.496376: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:55.496378: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:55.496379: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:55.496382: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Oct 31 15:24:55.496388: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:55.496392: | DH secret MODP2048@0x7f52c4006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:55.496396: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.496399: | addref fd@0x55569f523278(2->3) (in clone_logger() at log.c:810) Oct 31 15:24:55.496401: | newref clone logger@0x55569f536e58(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.496404: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:55.496406: | state #1 has no .st_event to delete Oct 31 15:24:55.496408: | #1 requesting EVENT_RETRANSMIT-pe@0x55569f5340e8 be deleted Oct 31 15:24:55.496411: | libevent_free: delref ptr-libevent@0x55569f536f18 Oct 31 15:24:55.496414: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55569f5340e8 Oct 31 15:24:55.496416: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.496418: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55569f533ca8 Oct 31 15:24:55.496421: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.496423: | libevent_malloc: newref ptr-libevent@0x55569f534d68 size 128 Oct 31 15:24:55.496435: | #1 spent 0.363 (0.37) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:24:55.496440: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.496443: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:55.496446: | suspending state #1 and saving MD 0x55569f539cc8 Oct 31 15:24:55.496448: | addref md@0x55569f539cc8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.496450: | #1 is busy; has suspended MD 0x55569f539cc8 Oct 31 15:24:55.496450: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 3 starting job Oct 31 15:24:55.496453: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:24:55.496477: | #1 spent 0.703 (0.721) milliseconds in ikev2_process_packet() Oct 31 15:24:55.496483: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.496487: | delref mdp@0x55569f539cc8(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.496492: | spent 0.72 (0.738) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.497577: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:55.497792: | "westnet-eastnet-ikev2" #1: spent 1.33 (1.34) milliseconds in helper 3 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:24:55.497801: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 3 sending result back to state Oct 31 15:24:55.497805: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.497810: | libevent_malloc: newref ptr-libevent@0x7f52bc00cc18 size 128 Oct 31 15:24:55.497822: | helper thread 3 has nothing to do Oct 31 15:24:55.497832: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.497847: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.497859: | unsuspending #1 MD 0x55569f539cc8 Oct 31 15:24:55.497864: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 3 Oct 31 15:24:55.497867: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x55569eac7fe7 Oct 31 15:24:55.497872: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:24:55.497876: | DH secret MODP2048@0x7f52c4006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:55.497878: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:24:55.497912: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:55.497942: | get_connection_private_key() using CKAID b49f1aac9e456e7929c881973a0c6ad37f0f0350 to find private key for @west->@east of kind RSA Oct 31 15:24:55.497948: | trying secret PKK_RSA:AQOm9dY/4 Oct 31 15:24:55.497952: | matched Oct 31 15:24:55.497955: | secrets entry for ckaid already exists Oct 31 15:24:55.497958: | connection westnet-eastnet-ikev2's RSA private key found in NSS DB using CKAID Oct 31 15:24:55.497968: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.497972: | addref fd@0x55569f523278(3->4) (in clone_logger() at log.c:810) Oct 31 15:24:55.497975: | newref clone logger@0x55569f5340e8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.497977: | job 3 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:55.497979: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.497983: | libevent_free: delref ptr-libevent@0x55569f534d68 Oct 31 15:24:55.497985: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55569f533ca8 Oct 31 15:24:55.497988: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.497990: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55569f534d68 Oct 31 15:24:55.497993: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.497995: | libevent_malloc: newref ptr-libevent@0x55569f536f18 size 128 Oct 31 15:24:55.498009: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.498018: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:55.498019: | job 3 for #1: computing responder signature (signature): helper 4 starting job Oct 31 15:24:55.498022: | suspending state #1 and saving MD 0x55569f539cc8 Oct 31 15:24:55.498032: | hash to sign Oct 31 15:24:55.498046: | 9c 70 54 06 02 a6 a9 51 ca 8e 74 7c b2 b6 6e 7a Oct 31 15:24:55.498051: | 66 7b 5c 76 a2 3a 9a 52 71 eb 78 77 3b 1b 4a 04 Oct 31 15:24:55.498056: | 11 af 0e 3a 39 e9 19 a0 3b a9 bf 86 9d 68 1a f0 Oct 31 15:24:55.498060: | eb d1 56 68 d4 6f 9b f8 51 bf 6d 33 f3 eb 37 54 Oct 31 15:24:55.498040: | addref md@0x55569f539cc8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.498066: | RSA_sign_hash: Started using NSS Oct 31 15:24:55.498071: | #1 is busy; has suspended MD 0x55569f539cc8 Oct 31 15:24:55.498081: | delref logger@0x55569f536e58(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.498084: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.498086: | delref fd@0x55569f523278(4->3) (in free_logger() at log.c:854) Oct 31 15:24:55.498089: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:55.498092: | delref mdp@0x55569f539cc8(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:55.498097: | #1 spent 0.222 (0.237) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.498102: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.498105: | libevent_free: delref ptr-libevent@0x7f52bc00cc18 Oct 31 15:24:55.508432: | RSA_sign_hash: Ended using NSS Oct 31 15:24:55.508466: | "westnet-eastnet-ikev2" #1: spent 9.7 (10.4) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:55.508473: | "westnet-eastnet-ikev2" #1: spent 9.74 (10.4) milliseconds in v2_auth_signature() Oct 31 15:24:55.508477: | "westnet-eastnet-ikev2" #1: spent 9.76 (10.5) milliseconds in helper 4 processing job 3 for state #1: computing responder signature (signature) Oct 31 15:24:55.508480: | job 3 for #1: computing responder signature (signature): helper thread 4 sending result back to state Oct 31 15:24:55.508483: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.508487: | libevent_malloc: newref ptr-libevent@0x7f52c0000d38 size 128 Oct 31 15:24:55.508495: | helper thread 4 has nothing to do Oct 31 15:24:55.508509: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.508529: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.508536: | unsuspending #1 MD 0x55569f539cc8 Oct 31 15:24:55.508539: | job 3 for #1: computing responder signature (signature): processing response from helper 4 Oct 31 15:24:55.508543: | job 3 for #1: computing responder signature (signature): calling continuation function 0x55569e9f677f Oct 31 15:24:55.508552: | newref alloc logger@0x55569f536e58(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.508555: | addref fd@0x55569f523278(3->4) (in new_state() at state.c:577) Oct 31 15:24:55.508558: | creating state object #2 at 0x55569f53d178 Oct 31 15:24:55.508562: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:55.508570: | pstats #2 ikev2.child started Oct 31 15:24:55.508574: | duplicating state object #1 "westnet-eastnet-ikev2" as #2 for IPSEC SA Oct 31 15:24:55.508581: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:55.508592: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.920816 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:55.508596: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:24:55.508601: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:55.508608: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.920816 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:24:55.508615: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.920816 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:24:55.508620: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:24:55.508624: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.508628: | libevent_free: delref ptr-libevent@0x55569f536f18 Oct 31 15:24:55.508632: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55569f534d68 Oct 31 15:24:55.508636: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.508640: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55569f536f18 Oct 31 15:24:55.508643: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1 Oct 31 15:24:55.508646: | libevent_malloc: newref ptr-libevent@0x7f52bc00cc18 size 128 Oct 31 15:24:55.508650: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:24:55.508657: | opening output PBS reply packet Oct 31 15:24:55.508662: | **emit ISAKMP Message: Oct 31 15:24:55.508668: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.508673: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.508676: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.508682: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.508686: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.508690: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.508694: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.508698: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.508702: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:55.508705: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.508708: | flags: none (0x0) Oct 31 15:24:55.508712: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:55.508715: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.508719: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:55.508733: | IKEv2 CERT: send a certificate? Oct 31 15:24:55.508736: | IKEv2 CERT: no certificate to send Oct 31 15:24:55.508739: | IDr payload will be sent Oct 31 15:24:55.508742: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:24:55.508744: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.508747: | flags: none (0x0) Oct 31 15:24:55.508750: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.508754: | reserved: 00 00 00 Oct 31 15:24:55.508758: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:24:55.508761: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.508764: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:24:55.508768: | my identity: 77 65 73 74 Oct 31 15:24:55.508771: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Oct 31 15:24:55.508775: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:55.508777: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.508779: | flags: none (0x0) Oct 31 15:24:55.508782: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.508786: | reserved: 00 00 00 Oct 31 15:24:55.508789: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:55.508792: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.508796: | emitting 4 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:24:55.508800: | their IDr: 65 61 73 74 Oct 31 15:24:55.508802: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:24:55.508805: | not sending INITIAL_CONTACT Oct 31 15:24:55.508809: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:55.508811: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.508814: | flags: none (0x0) Oct 31 15:24:55.508817: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:55.508820: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:55.508823: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.508826: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:55.508829: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:55.508832: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:55.508836: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:55.508838: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:55.508840: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:55.508843: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:55.508847: | 03 02 01 40 Oct 31 15:24:55.508851: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:55.508853: | signature: Oct 31 15:24:55.508856: | 40 2d 54 a1 99 ad fb 66 39 b6 10 f6 6f 6d e6 28 Oct 31 15:24:55.508858: | c1 10 65 e0 b9 1b 8a 4b f8 23 15 8b e9 6f 8c c3 Oct 31 15:24:55.508861: | 9c ce b1 55 27 42 69 0b 93 04 0d 6a f1 70 89 34 Oct 31 15:24:55.508863: | 89 a9 d3 dc 36 d6 ee 48 90 c1 71 b4 37 1c 64 5e Oct 31 15:24:55.508866: | 6d 83 09 1f 53 26 ee 69 b0 c2 ea 6f ea d8 59 1f Oct 31 15:24:55.508869: | e3 ab 01 96 85 16 c9 74 c5 b7 13 95 d4 e8 d8 4c Oct 31 15:24:55.508871: | 33 58 e3 7d 6d f0 3d 8b b5 32 e0 bf 35 8f c8 6f Oct 31 15:24:55.508873: | 06 e1 71 98 a0 a7 a4 cc 67 82 a4 44 6d a5 5e 7e Oct 31 15:24:55.508875: | 5a 31 92 7a b1 49 c5 f4 36 da 27 7c dd c7 a7 db Oct 31 15:24:55.508878: | cc 20 35 bc e0 da 9e 81 f9 a6 d2 aa 78 11 35 4e Oct 31 15:24:55.508880: | 19 c6 ea 2c d1 75 73 c0 a0 00 c7 6f 44 c3 0e 47 Oct 31 15:24:55.508882: | 3c 39 51 47 b1 d7 fd 12 1b 2f 24 4e af 0a 17 3c Oct 31 15:24:55.508885: | 3a 4a 60 12 a7 aa 65 c1 28 45 00 7a db e9 f0 ed Oct 31 15:24:55.508887: | 9d ff 55 e8 3f bf 16 fd 2a 3d 7c 0c bf 9f 3b ce Oct 31 15:24:55.508889: | 1b a1 af ea 59 ef 71 ed 21 75 63 db 41 fe cd 0c Oct 31 15:24:55.508892: | 65 71 2b 2a 74 17 df 9a 35 fe 0d ae fa 61 1d b2 Oct 31 15:24:55.508894: | 5f 8b 4d 07 d2 66 a7 c7 0f 3a 08 6a 95 d2 5a 68 Oct 31 15:24:55.508897: | 7c 07 Oct 31 15:24:55.508899: | emitting length of IKEv2 Authentication Payload: 350 Oct 31 15:24:55.508902: | getting first pending from state #1 Oct 31 15:24:55.508907: | delref fd@0x55569f523278(4->3) (in first_pending() at pending.c:318) Oct 31 15:24:55.508910: | addref fd@0x55569f523278(3->4) (in first_pending() at pending.c:319) Oct 31 15:24:55.508931: | netlink_get_spi: allocated 0xe590fecb for esp.0@192.1.2.45 Oct 31 15:24:55.508936: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ikev2 (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:24:55.508945: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:55.508953: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:55.508956: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:55.508961: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:55.508965: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:55.508975: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.508978: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:55.508983: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.508987: "westnet-eastnet-ikev2": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:24:55.508992: "westnet-eastnet-ikev2": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:55.508996: "westnet-eastnet-ikev2": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:55.509000: "westnet-eastnet-ikev2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.509005: "westnet-eastnet-ikev2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.509008: | Emitting ikev2_proposals ... Oct 31 15:24:55.509011: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:55.509014: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.509017: | flags: none (0x0) Oct 31 15:24:55.509020: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.509023: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.509027: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.509031: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.509035: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.509038: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.509042: | prop #: 1 (01) Oct 31 15:24:55.509044: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.509048: | spi size: 4 (04) Oct 31 15:24:55.509056: | # transforms: 2 (02) Oct 31 15:24:55.509060: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.509064: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.509068: | our spi: e5 90 fe cb Oct 31 15:24:55.509072: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509074: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509077: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.509079: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.509082: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509085: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.509088: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.509092: | length/value: 256 (01 00) Oct 31 15:24:55.509095: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.509098: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.509101: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.509103: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509106: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.509109: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.509112: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.509115: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509118: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509120: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509123: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:55.509126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.509129: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.509132: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.509134: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.509137: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.509140: | prop #: 2 (02) Oct 31 15:24:55.509143: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.509146: | spi size: 4 (04) Oct 31 15:24:55.509149: | # transforms: 2 (02) Oct 31 15:24:55.509152: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.509155: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.509158: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.509162: | our spi: e5 90 fe cb Oct 31 15:24:55.509165: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509167: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509170: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.509173: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.509175: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509181: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.509183: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.509187: | length/value: 128 (00 80) Oct 31 15:24:55.509190: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.509193: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.509197: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.509207: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509210: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.509213: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.509215: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.509218: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509221: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509224: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509227: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:55.509229: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.509233: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.509236: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.509238: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.509242: | prop #: 3 (03) Oct 31 15:24:55.509245: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.509248: | spi size: 4 (04) Oct 31 15:24:55.509251: | # transforms: 4 (04) Oct 31 15:24:55.509254: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.509257: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.509261: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.509265: | our spi: e5 90 fe cb Oct 31 15:24:55.509268: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509271: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509273: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.509276: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.509279: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509283: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.509286: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.509289: | length/value: 256 (01 00) Oct 31 15:24:55.509292: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.509295: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509305: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509308: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.509310: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.509314: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509317: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509320: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509323: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509326: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509328: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.509334: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.509337: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509340: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509343: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509346: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.509349: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509352: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.509355: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.509357: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.509365: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509368: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509371: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509374: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:55.509377: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.509381: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.509384: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.509387: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.509390: | prop #: 4 (04) Oct 31 15:24:55.509393: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.509396: | spi size: 4 (04) Oct 31 15:24:55.509400: | # transforms: 4 (04) Oct 31 15:24:55.509403: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.509406: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.509410: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.509414: | our spi: e5 90 fe cb Oct 31 15:24:55.509417: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509420: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509422: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.509425: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.509428: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509431: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.509434: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.509437: | length/value: 128 (00 80) Oct 31 15:24:55.509441: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.509443: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509446: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509449: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.509452: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.509455: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509458: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509461: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509468: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509474: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.509476: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.509479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509482: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509485: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509488: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.509491: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.509493: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.509496: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.509498: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.509501: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.509504: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.509507: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.509510: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:55.509512: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.509515: | emitting length of IKEv2 Security Association Payload: 164 Oct 31 15:24:55.509517: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.509522: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:55.509525: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.509528: | flags: none (0x0) Oct 31 15:24:55.509531: | number of TS: 1 (01) Oct 31 15:24:55.509534: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:55.509537: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.509540: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.509543: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.509546: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.509549: | start port: 0 (00 00) Oct 31 15:24:55.509553: | end port: 65535 (ff ff) Oct 31 15:24:55.509556: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.509560: | IP start: c0 00 01 00 Oct 31 15:24:55.509563: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.509567: | IP end: c0 00 01 ff Oct 31 15:24:55.509569: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.509572: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:55.509574: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:55.509577: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.509580: | flags: none (0x0) Oct 31 15:24:55.509583: | number of TS: 1 (01) Oct 31 15:24:55.509586: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:55.509589: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.509592: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.509595: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.509599: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.509603: | start port: 0 (00 00) Oct 31 15:24:55.509606: | end port: 65535 (ff ff) Oct 31 15:24:55.509609: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.509612: | IP start: c0 00 02 00 Oct 31 15:24:55.509615: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.509619: | IP end: c0 00 02 ff Oct 31 15:24:55.509621: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.509623: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:55.509625: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:55.509627: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:55.509629: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:55.509631: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.509633: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:55.509635: | emitting length of IKEv2 Encryption Payload: 615 Oct 31 15:24:55.509637: | emitting length of ISAKMP Message: 643 Oct 31 15:24:55.509641: | **parse ISAKMP Message: Oct 31 15:24:55.509644: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.509646: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.509648: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:55.509650: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.509652: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.509654: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.509656: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.509659: | length: 643 (00 00 02 83) Oct 31 15:24:55.509661: | **parse IKEv2 Encryption Payload: Oct 31 15:24:55.509662: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:55.509664: | flags: none (0x0) Oct 31 15:24:55.509666: | length: 615 (02 67) Oct 31 15:24:55.509668: | opening output PBS reply frag packet Oct 31 15:24:55.509670: | **emit ISAKMP Message: Oct 31 15:24:55.509672: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.509675: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.509677: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.509678: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.509680: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.509682: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.509684: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.509686: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.509688: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:55.509690: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:55.509691: | flags: none (0x0) Oct 31 15:24:55.509693: | fragment number: 1 (00 01) Oct 31 15:24:55.509695: | total fragments: 2 (00 02) Oct 31 15:24:55.509697: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Oct 31 15:24:55.509699: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:55.509701: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:55.509703: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:55.509708: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:55.509710: | cleartext fragment: Oct 31 15:24:55.509711: | 24 00 00 0c 02 00 00 00 77 65 73 74 27 00 00 0c Oct 31 15:24:55.509713: | 02 00 00 00 65 61 73 74 21 00 01 5e 0e 00 00 00 Oct 31 15:24:55.509715: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:55.509716: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:55.509718: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:55.509721: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:55.509722: | 03 02 01 40 40 2d 54 a1 99 ad fb 66 39 b6 10 f6 Oct 31 15:24:55.509724: | 6f 6d e6 28 c1 10 65 e0 b9 1b 8a 4b f8 23 15 8b Oct 31 15:24:55.509725: | e9 6f 8c c3 9c ce b1 55 27 42 69 0b 93 04 0d 6a Oct 31 15:24:55.509727: | f1 70 89 34 89 a9 d3 dc 36 d6 ee 48 90 c1 71 b4 Oct 31 15:24:55.509729: | 37 1c 64 5e 6d 83 09 1f 53 26 ee 69 b0 c2 ea 6f Oct 31 15:24:55.509730: | ea d8 59 1f e3 ab 01 96 85 16 c9 74 c5 b7 13 95 Oct 31 15:24:55.509732: | d4 e8 d8 4c 33 58 e3 7d 6d f0 3d 8b b5 32 e0 bf Oct 31 15:24:55.509733: | 35 8f c8 6f 06 e1 71 98 a0 a7 a4 cc 67 82 a4 44 Oct 31 15:24:55.509735: | 6d a5 5e 7e 5a 31 92 7a b1 49 c5 f4 36 da 27 7c Oct 31 15:24:55.509736: | dd c7 a7 db cc 20 35 bc e0 da 9e 81 f9 a6 d2 aa Oct 31 15:24:55.509738: | 78 11 35 4e 19 c6 ea 2c d1 75 73 c0 a0 00 c7 6f Oct 31 15:24:55.509739: | 44 c3 0e 47 3c 39 51 47 b1 d7 fd 12 1b 2f 24 4e Oct 31 15:24:55.509741: | af 0a 17 3c 3a 4a 60 12 a7 aa 65 c1 28 45 00 7a Oct 31 15:24:55.509742: | db e9 f0 ed 9d ff 55 e8 3f bf 16 fd 2a 3d 7c 0c Oct 31 15:24:55.509744: | bf 9f 3b ce 1b a1 af ea 59 ef 71 ed 21 75 63 db Oct 31 15:24:55.509745: | 41 fe cd 0c 65 71 2b 2a 74 17 df 9a 35 fe 0d ae Oct 31 15:24:55.509747: | fa 61 1d b2 5f 8b 4d 07 d2 66 a7 c7 0f 3a 08 6a Oct 31 15:24:55.509748: | 95 d2 5a 68 7c 07 2c 00 00 a4 02 00 00 20 01 03 Oct 31 15:24:55.509750: | 04 02 e5 90 fe cb 03 00 00 0c 01 00 00 14 80 0e Oct 31 15:24:55.509751: | 01 00 00 00 00 08 05 00 00 00 02 00 00 20 02 03 Oct 31 15:24:55.509753: | 04 02 e5 90 fe cb 03 00 00 0c 01 00 00 14 80 0e Oct 31 15:24:55.509754: | 00 80 00 00 00 08 05 00 00 00 02 00 00 30 03 03 Oct 31 15:24:55.509756: | 04 04 e5 90 fe cb 03 00 00 0c 01 00 00 0c 80 0e Oct 31 15:24:55.509757: | 01 00 03 00 00 08 03 00 00 0e 03 00 00 08 Oct 31 15:24:55.509759: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:55.509761: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.509763: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:55.509765: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:55.509766: | emitting length of ISAKMP Message: 539 Oct 31 15:24:55.509778: | recording fragment 1 Oct 31 15:24:55.509781: | opening output PBS reply frag packet Oct 31 15:24:55.509782: | **emit ISAKMP Message: Oct 31 15:24:55.509785: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.509788: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.509789: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.509791: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.509793: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.509794: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.509797: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.509798: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.509800: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:55.509802: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.509804: | flags: none (0x0) Oct 31 15:24:55.509806: | fragment number: 2 (00 02) Oct 31 15:24:55.509808: | total fragments: 2 (00 02) Oct 31 15:24:55.509810: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:55.509812: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:55.509813: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:55.509815: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:55.509817: | emitting 108 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:55.509820: | cleartext fragment: Oct 31 15:24:55.509822: | 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 00 30 Oct 31 15:24:55.509823: | 04 03 04 04 e5 90 fe cb 03 00 00 0c 01 00 00 0c Oct 31 15:24:55.509825: | 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 00 08 Oct 31 15:24:55.509826: | 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 00 18 Oct 31 15:24:55.509828: | 01 00 00 00 07 00 00 10 00 00 ff ff c0 00 01 00 Oct 31 15:24:55.509829: | c0 00 01 ff 00 00 00 18 01 00 00 00 07 00 00 10 Oct 31 15:24:55.509831: | 00 00 ff ff c0 00 02 00 c0 00 02 ff Oct 31 15:24:55.509833: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:55.509834: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:55.509836: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:55.509838: | emitting length of IKEv2 Encrypted Fragment: 141 Oct 31 15:24:55.509840: | emitting length of ISAKMP Message: 169 Oct 31 15:24:55.509844: | recording fragment 2 Oct 31 15:24:55.509848: | delref logger@0x55569f5340e8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.509850: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.509852: | delref fd@0x55569f523278(4->3) (in free_logger() at log.c:854) Oct 31 15:24:55.509854: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:24:55.509859: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.509862: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.509865: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:55.509867: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:24:55.509869: | Message ID: updating counters for #2 Oct 31 15:24:55.509874: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.920816 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.509879: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744569.920816->744569.942667 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:24:55.509883: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.942667 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:24:55.509886: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55569f53b888 Oct 31 15:24:55.509888: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Oct 31 15:24:55.509890: | libevent_malloc: newref ptr-libevent@0x55569f5333f8 size 128 Oct 31 15:24:55.509894: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744569.942682 Oct 31 15:24:55.509898: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744569.942667 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:24:55.509902: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.942667 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.509905: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:24:55.509907: | announcing the state transition Oct 31 15:24:55.509911: "westnet-eastnet-ikev2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:55.509926: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:55.509928: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.509930: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Oct 31 15:24:55.509931: | 00 01 00 02 af 2a 07 41 29 29 f8 22 d7 a9 71 cb Oct 31 15:24:55.509933: | bd 02 0f 98 f5 71 21 bf 12 e0 cb 61 54 5a df a3 Oct 31 15:24:55.509934: | 96 41 d6 24 a4 0b a2 41 1f 20 10 dd 95 a5 82 04 Oct 31 15:24:55.509936: | ab 57 5d 1c 57 e3 92 36 ea 2c fb 24 0e 93 a0 ce Oct 31 15:24:55.509938: | bd 1b 66 db b5 00 13 e5 94 de 6b 56 bb 05 1f a1 Oct 31 15:24:55.509939: | c4 50 1a 2e d2 7d 2b 0a 1f ab 46 10 7b e5 da c0 Oct 31 15:24:55.509941: | e4 d0 ce 97 80 bb 4b ee 97 84 53 e3 86 4d 47 16 Oct 31 15:24:55.509942: | 74 1d 69 97 8e 4a 54 63 44 b3 4d a1 87 d3 d4 cd Oct 31 15:24:55.509944: | f5 db bd 29 af fe 6d d9 c5 c0 b2 69 c6 e7 51 7f Oct 31 15:24:55.509945: | 9f 6b e4 10 00 9f f6 d8 ed e1 2f ef 0f ee e4 54 Oct 31 15:24:55.509947: | 92 5d d0 36 9c 11 30 0e 53 f9 7f 46 fe 5b a7 2e Oct 31 15:24:55.509948: | 8a 6f d0 ee db 79 93 57 c2 4b 22 f0 61 28 75 3a Oct 31 15:24:55.509950: | 85 09 44 38 fe 93 fb 2f 93 55 0f 11 88 53 d9 f4 Oct 31 15:24:55.509951: | 67 27 c2 4b 43 3f 6a 11 1c 02 15 e6 86 8b ef 57 Oct 31 15:24:55.509953: | 77 21 92 83 6f 50 4f 45 48 93 21 fd 01 b1 83 bc Oct 31 15:24:55.509954: | 17 e1 87 f1 4b 8d c1 63 9f 8b 66 98 9f df 98 8a Oct 31 15:24:55.509956: | 83 0e 39 2c 48 9a 50 eb c7 51 84 41 7b 1f 26 5b Oct 31 15:24:55.509957: | ae 0a 67 05 20 ce f2 4e 43 e6 ff c5 d9 87 85 bd Oct 31 15:24:55.509959: | ae e7 14 5d 35 13 86 e4 b8 8b 0c b0 5d 3f 77 97 Oct 31 15:24:55.509960: | 62 bd 2b be b9 cd ce 5d bb c1 79 7d 07 5b db d0 Oct 31 15:24:55.509962: | d9 c8 92 fc 5e f5 3a 85 25 04 04 c6 36 24 01 28 Oct 31 15:24:55.509964: | 07 8b ce 83 02 14 15 1a 8d 08 37 f7 8d 56 14 ce Oct 31 15:24:55.509966: | 25 10 b7 36 50 2f 61 f8 69 7e be 34 ee f8 3c 15 Oct 31 15:24:55.509971: | 4a 75 7a bd d2 81 ee ad 9e 0a 9c 34 6e cd 81 66 Oct 31 15:24:55.509975: | af 2d da 3a 8c e3 35 fb 65 16 2b d7 d7 66 f4 13 Oct 31 15:24:55.509978: | 56 64 37 ff 04 66 f3 9e b0 0e 4e 4b 14 d3 26 69 Oct 31 15:24:55.509980: | 2d 73 80 92 e7 96 da ab dc 64 fa 95 48 7d b1 f1 Oct 31 15:24:55.509983: | ca 6b 62 12 d4 bf 0a 0b 3f 2a 64 63 2e 03 c2 ed Oct 31 15:24:55.509985: | a8 29 a8 aa d3 73 80 75 c5 49 71 45 99 76 22 c6 Oct 31 15:24:55.509988: | b2 b6 af 96 73 82 dc 2d 95 44 d4 ae a7 50 87 9c Oct 31 15:24:55.509991: | 96 c4 9c 9c e9 f0 1d fc b2 78 1a f7 c1 bf 4e 3f Oct 31 15:24:55.509993: | a7 94 7a 8d ed fa 4b 0d c2 7b 6c Oct 31 15:24:55.510035: | sending 169 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:55.510041: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.510044: | 35 20 23 08 00 00 00 01 00 00 00 a9 00 00 00 8d Oct 31 15:24:55.510047: | 00 02 00 02 3a 4c 7e c5 e1 4d 68 8c 9c 7d fa ba Oct 31 15:24:55.510049: | 40 d2 ba 95 8a d1 6b 04 c4 1f 44 fb 22 7b 4f 3e Oct 31 15:24:55.510052: | c1 8e 84 19 ae da 6c c4 93 80 fe ae 03 67 93 fe Oct 31 15:24:55.510054: | 5a 22 45 4d 85 28 9b a4 e7 98 99 52 af 3e c5 9d Oct 31 15:24:55.510056: | 49 f1 05 e4 e7 24 cb ea 4d ec 18 fa c9 90 a4 ae Oct 31 15:24:55.510059: | a3 23 0c 49 22 d4 74 bd ba 34 70 d4 86 fd 2b 76 Oct 31 15:24:55.510061: | f2 ee 71 cf 0d 82 20 ff 04 99 bb 1a bf b4 80 fc Oct 31 15:24:55.510063: | e4 fd 9c b0 5b 26 c0 95 3c 18 3e da ed 7e fa b1 Oct 31 15:24:55.510066: | 0b b1 81 67 5d b3 da a0 1f Oct 31 15:24:55.510086: | sent 2 messages Oct 31 15:24:55.510089: | checking that a retransmit timeout_event was already Oct 31 15:24:55.510093: | state #2 has no .st_event to delete Oct 31 15:24:55.510098: | delref mdp@0x55569f539cc8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.510102: | delref logger@0x55569f522ef8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.510105: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.510108: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.510116: | #1 spent 1.54 (1.58) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.510123: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.510127: | libevent_free: delref ptr-libevent@0x7f52c0000d38 Oct 31 15:24:55.551685: | spent 0.00203 (0.00199) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.551702: | newref struct msg_digest@0x55569f539cc8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.551706: | newref alloc logger@0x55569f5340e8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.551712: | *received 503 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:24:55.551714: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.551715: | 2e 20 23 20 00 00 00 01 00 00 01 f7 24 00 01 db Oct 31 15:24:55.551717: | 37 61 f8 15 e0 db a8 db 12 01 d4 43 27 54 44 76 Oct 31 15:24:55.551718: | d9 a3 e5 51 96 27 c4 14 01 ed 41 45 3c 9b f6 b2 Oct 31 15:24:55.551720: | af 8f a0 02 59 c4 c5 e2 74 d9 d1 13 22 62 33 5b Oct 31 15:24:55.551721: | e3 40 a6 5e cc a5 3f f7 0b 84 4e 2f 6d 62 c3 9d Oct 31 15:24:55.551723: | 67 c4 6f 6f 16 3e e4 93 02 6f 64 06 28 15 26 b8 Oct 31 15:24:55.551724: | 33 b7 4f c0 6d a2 37 7f ae bd da 03 ee 05 8e e9 Oct 31 15:24:55.551726: | d6 d2 4f 0b 4d e4 4e e7 51 19 0a a6 33 af 54 01 Oct 31 15:24:55.551727: | 61 69 01 ca 5b a2 f4 4e 90 fa 4d fe 36 42 62 dd Oct 31 15:24:55.551729: | 0a 0c c3 88 fe 14 18 a6 bf 1f 03 6a ff 4c c4 b2 Oct 31 15:24:55.551730: | cf cd 5b 68 00 ca 40 79 30 a8 9c cb b0 e4 76 62 Oct 31 15:24:55.551732: | 6d f4 0e e4 79 b8 b3 5f 29 d6 0a 3d 72 8d 01 51 Oct 31 15:24:55.551734: | ee 5b 2b d6 c3 3a c6 a8 ea fc 2f ac 3d 81 79 90 Oct 31 15:24:55.551735: | a3 e8 9e a7 24 3d 4b 5c 71 9d ac 2f 71 ba b1 70 Oct 31 15:24:55.551737: | 38 3b 1a 78 d6 9d 32 e1 6f 5a df 87 e5 22 e0 4d Oct 31 15:24:55.551738: | 3b ae 1e 59 13 f0 ae 57 4e fe cc 65 c4 d0 2b b3 Oct 31 15:24:55.551740: | fb 17 17 dd 69 f3 c9 f3 3c fe e2 a3 42 45 ba 1b Oct 31 15:24:55.551741: | a1 ed 6f 47 a6 32 9b ba dd e3 7f c1 2b cd 90 ac Oct 31 15:24:55.551743: | 98 19 84 65 aa 31 9c 4b 06 d9 0b b8 35 27 d5 30 Oct 31 15:24:55.551744: | 73 fe 35 c0 7c 79 ab 44 ff be 2a f9 cc 0d af 8f Oct 31 15:24:55.551746: | e6 71 32 b4 b0 18 2e 37 e3 c4 d0 a7 4d 82 d3 8c Oct 31 15:24:55.551747: | 27 2a a7 e9 0b 46 17 14 7f 3d 3d 8d 6e 54 82 fb Oct 31 15:24:55.551749: | b7 83 88 ed 40 e8 ae 9d b2 2e a1 7d 2c 74 49 8a Oct 31 15:24:55.551750: | 53 11 3e 7b 25 60 9e a4 ae df 2d d7 fd 68 eb bf Oct 31 15:24:55.551752: | a7 6c 15 53 b3 6d 6c 99 60 88 76 33 88 e4 43 92 Oct 31 15:24:55.551753: | 48 c9 c7 56 1e 5b c1 57 89 f4 9c 49 92 3a 69 ab Oct 31 15:24:55.551755: | ab 06 11 12 d8 dd a7 52 de fc 4e 79 c6 84 d3 2e Oct 31 15:24:55.551756: | b1 ca 7e 23 f0 ff b8 fe 07 a4 b8 e4 9f 0c a9 35 Oct 31 15:24:55.551758: | 68 1d df da be 1c c6 18 3f 00 6f 59 a4 62 9e 20 Oct 31 15:24:55.551759: | 54 80 a6 2a 9e e0 5b ff cc 24 f9 d4 bd cb 72 b7 Oct 31 15:24:55.551761: | 91 b5 b2 cc 49 5a e5 Oct 31 15:24:55.551765: | **parse ISAKMP Message: Oct 31 15:24:55.551769: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:24:55.551771: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:24:55.551774: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:55.551775: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.551779: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.551781: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:55.551784: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.551786: | length: 503 (00 00 01 f7) Oct 31 15:24:55.551788: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:55.551791: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:55.551795: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:55.551800: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:55.551802: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:55.551804: | #2 is idle Oct 31 15:24:55.551806: | #2 idle Oct 31 15:24:55.551809: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:55.551812: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:55.551814: | unpacking clear payload Oct 31 15:24:55.551816: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:55.551818: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:55.551820: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:55.551822: | flags: none (0x0) Oct 31 15:24:55.551824: | length: 475 (01 db) Oct 31 15:24:55.551826: | processing payload: ISAKMP_NEXT_v2SK (len=471) Oct 31 15:24:55.551828: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:55.551839: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:55.551841: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:55.551844: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:55.551845: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:55.551847: | flags: none (0x0) Oct 31 15:24:55.551849: | length: 12 (00 0c) Oct 31 15:24:55.551851: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.551853: | reserved: 00 00 00 Oct 31 15:24:55.551855: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:24:55.551856: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:55.551858: | **parse IKEv2 Authentication Payload: Oct 31 15:24:55.551860: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:55.551861: | flags: none (0x0) Oct 31 15:24:55.551864: | length: 350 (01 5e) Oct 31 15:24:55.551865: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:55.551867: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:24:55.551868: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:55.551870: | **parse IKEv2 Security Association Payload: Oct 31 15:24:55.551872: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:55.551873: | flags: none (0x0) Oct 31 15:24:55.551875: | length: 36 (00 24) Oct 31 15:24:55.551877: | processing payload: ISAKMP_NEXT_v2SA (len=32) Oct 31 15:24:55.551878: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:55.551880: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:55.551882: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:55.551883: | flags: none (0x0) Oct 31 15:24:55.551885: | length: 24 (00 18) Oct 31 15:24:55.551887: | number of TS: 1 (01) Oct 31 15:24:55.551889: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:55.551890: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:55.551892: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:55.551894: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.551895: | flags: none (0x0) Oct 31 15:24:55.551897: | length: 24 (00 18) Oct 31 15:24:55.551899: | number of TS: 1 (01) Oct 31 15:24:55.551900: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:55.551902: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:24:55.551907: | calling processor Initiator: process IKE_AUTH response Oct 31 15:24:55.551910: | no certs to decode Oct 31 15:24:55.551914: | offered CA: '%none' Oct 31 15:24:55.551917: "westnet-eastnet-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Oct 31 15:24:55.551948: | verifying AUTH payload Oct 31 15:24:55.551952: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:55.551954: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:55.551955: | ASN.1 blob for hash algo Oct 31 15:24:55.551957: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:55.551958: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:55.551960: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:55.551961: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:55.551963: | 03 02 01 40 Oct 31 15:24:55.551974: | required RSA CA is '%any' Oct 31 15:24:55.551976: | trying all remote certificates public keys for RSA key that matches ID: @east Oct 31 15:24:55.551978: | trying all preloaded keys public keys for RSA key that matches ID: @east Oct 31 15:24:55.551981: | trying '@east' issued by CA '%any' Oct 31 15:24:55.551983: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:55.551985: | 9d c8 0d f8 e7 bc 04 bc 24 f9 00 0e 26 7c f1 eb Oct 31 15:24:55.551986: | 69 c0 51 ce 7f af 59 03 3b 64 f0 8b 86 42 9c 0e Oct 31 15:24:55.551988: | 55 3d 8c cb 3f 81 0d 2c b8 ab 14 42 c9 a7 d1 bf Oct 31 15:24:55.551989: | ad 12 a4 f7 60 30 65 67 bf 73 b8 06 c1 4e a0 8f Oct 31 15:24:55.552046: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:55.552049: | addref pk@0x55569f536c88(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:55.552051: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Oct 31 15:24:55.552055: | #1 spent 0.0708 (0.0709) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:55.552058: "westnet-eastnet-ikev2" #1: authenticated using RSA with SHA2_512 Oct 31 15:24:55.552066: | #1 spent 0.0995 (0.0995) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:55.552068: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:55.552072: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:24:55.552074: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:24:55.552076: | libevent_free: delref ptr-libevent@0x7f52bc00cc18 Oct 31 15:24:55.552078: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55569f536f18 Oct 31 15:24:55.552080: | event_schedule: newref EVENT_SA_REKEY-pe@0x55569f522ef8 Oct 31 15:24:55.552082: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:24:55.552084: | libevent_malloc: newref ptr-libevent@0x7f52c0000d38 size 128 Oct 31 15:24:55.552142: | pstats #1 ikev2.ike established Oct 31 15:24:55.552147: | TSi: parsing 1 traffic selectors Oct 31 15:24:55.552149: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:55.552151: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.552153: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.552155: | length: 16 (00 10) Oct 31 15:24:55.552157: | start port: 0 (00 00) Oct 31 15:24:55.552159: | end port: 65535 (ff ff) Oct 31 15:24:55.552161: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:55.552162: | TS low Oct 31 15:24:55.552164: | c0 00 01 00 Oct 31 15:24:55.552166: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:55.552167: | TS high Oct 31 15:24:55.552168: | c0 00 01 ff Oct 31 15:24:55.552170: | TSi: parsed 1 traffic selectors Oct 31 15:24:55.552171: | TSr: parsing 1 traffic selectors Oct 31 15:24:55.552173: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:55.552175: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.552176: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.552178: | length: 16 (00 10) Oct 31 15:24:55.552180: | start port: 0 (00 00) Oct 31 15:24:55.552182: | end port: 65535 (ff ff) Oct 31 15:24:55.552184: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:55.552186: | TS low Oct 31 15:24:55.552187: | c0 00 02 00 Oct 31 15:24:55.552189: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:55.552190: | TS high Oct 31 15:24:55.552191: | c0 00 02 ff Oct 31 15:24:55.552193: | TSr: parsed 1 traffic selectors Oct 31 15:24:55.552201: | evaluating our conn="westnet-eastnet-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:55.552208: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.552214: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Oct 31 15:24:55.552216: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:55.552218: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:55.552219: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:55.552221: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.552224: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.552228: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:55.552230: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:55.552231: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:55.552233: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:55.552234: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.552236: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:55.552237: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:24:55.552239: | printing contents struct traffic_selector Oct 31 15:24:55.552240: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:55.552242: | ipprotoid: 0 Oct 31 15:24:55.552243: | port range: 0-65535 Oct 31 15:24:55.552246: | ip range: 192.0.1.0-192.0.1.255 Oct 31 15:24:55.552247: | printing contents struct traffic_selector Oct 31 15:24:55.552249: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:55.552250: | ipprotoid: 0 Oct 31 15:24:55.552251: | port range: 0-65535 Oct 31 15:24:55.552254: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:55.552263: | using existing local ESP/AH proposals for westnet-eastnet-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.552265: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:24:55.552268: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:55.552270: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:55.552271: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:55.552273: | local proposal 1 type DH has 1 transforms Oct 31 15:24:55.552274: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:55.552276: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:55.552278: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:55.552279: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:55.552281: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:55.552282: | local proposal 2 type DH has 1 transforms Oct 31 15:24:55.552284: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:55.552286: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:55.552287: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:55.552289: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:55.552294: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:55.552295: | local proposal 3 type DH has 1 transforms Oct 31 15:24:55.552297: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:55.552299: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:55.552302: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:55.552303: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:55.552305: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:55.552306: | local proposal 4 type DH has 1 transforms Oct 31 15:24:55.552308: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:55.552309: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:55.552311: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.552313: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.552315: | length: 32 (00 20) Oct 31 15:24:55.552317: | prop #: 1 (01) Oct 31 15:24:55.552319: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.552320: | spi size: 4 (04) Oct 31 15:24:55.552322: | # transforms: 2 (02) Oct 31 15:24:55.552324: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:55.552326: | remote SPI Oct 31 15:24:55.552327: | 72 dc f8 1e Oct 31 15:24:55.552329: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:55.552331: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.552333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.552335: | length: 12 (00 0c) Oct 31 15:24:55.552336: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.552338: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.552340: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.552341: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.552346: | length/value: 256 (01 00) Oct 31 15:24:55.552350: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:55.552352: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.552353: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.552355: | length: 8 (00 08) Oct 31 15:24:55.552357: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.552358: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.552360: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:55.552362: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:55.552365: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:55.552367: | remote proposal 1 matches local proposal 1 Oct 31 15:24:55.552369: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Oct 31 15:24:55.552372: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=72dcf81e Oct 31 15:24:55.552374: | converting proposal to internal trans attrs Oct 31 15:24:55.552381: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:55.552436: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:24:55.552441: | could_route called for westnet-eastnet-ikev2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:55.552443: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:55.552445: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:55.552447: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:24:55.552449: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:55.552451: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:55.552454: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:55.552455: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:55.552457: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:55.552459: | setting IPsec SA replay-window to 32 Oct 31 15:24:55.552461: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Oct 31 15:24:55.552465: | netlink: enabling tunnel mode Oct 31 15:24:55.552467: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:55.552468: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:55.552470: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:55.552521: | netlink response for Add SA esp.72dcf81e@192.1.2.23 included non-error error Oct 31 15:24:55.552524: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:55.552525: | set up outgoing SA, ref=0/0 Oct 31 15:24:55.552527: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:55.552529: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:55.552530: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:55.552532: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:55.552534: | setting IPsec SA replay-window to 32 Oct 31 15:24:55.552536: | NIC esp-hw-offload not for connection 'westnet-eastnet-ikev2' not available on interface eth1 Oct 31 15:24:55.552537: | netlink: enabling tunnel mode Oct 31 15:24:55.552539: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:55.552540: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:55.552542: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:55.552566: | netlink response for Add SA esp.e590fecb@192.1.2.45 included non-error error Oct 31 15:24:55.552569: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:55.552570: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:55.552572: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:55.552573: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:55.552575: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:55.552577: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:55.552581: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:55.552584: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:55.552603: | raw_eroute result=success Oct 31 15:24:55.552606: | set up incoming SA, ref=0/0 Oct 31 15:24:55.552607: | sr for #2: unrouted Oct 31 15:24:55.552609: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:55.552610: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:55.552612: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:55.552614: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:24:55.552616: | route owner of "westnet-eastnet-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:55.552618: | route_and_eroute with c: westnet-eastnet-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:24:55.552620: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:55.552625: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:55.552627: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:55.552636: | raw_eroute result=success Oct 31 15:24:55.552638: | running updown command "ipsec _updown" for verb up Oct 31 15:24:55.552640: | command executing up-client Oct 31 15:24:55.552643: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:55.552649: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:55.552686: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE... Oct 31 15:24:55.552693: | popen cmd is 1142 chars long Oct 31 15:24:55.552697: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ike: Oct 31 15:24:55.552700: | cmd( 80):v2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUT: Oct 31 15:24:55.552701: | cmd( 160):O_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIEN: Oct 31 15:24:55.552703: | cmd( 240):T='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:24:55.552704: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Oct 31 15:24:55.552706: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:24:55.552707: | cmd( 480):2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:24:55.552708: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:24:55.552710: | cmd( 640): PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+U: Oct 31 15:24:55.552711: | cmd( 720):P+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' : Oct 31 15:24:55.552713: | cmd( 800):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Oct 31 15:24:55.552714: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Oct 31 15:24:55.552715: | cmd( 960):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0': Oct 31 15:24:55.552717: | cmd(1040): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x72dcf81e SPI_OUT=0xe590f: Oct 31 15:24:55.552718: | cmd(1120):ecb ipsec _updown 2>&1: Oct 31 15:24:55.561218: | route_and_eroute: firewall_notified: true Oct 31 15:24:55.561231: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:55.561234: | command executing prepare-client Oct 31 15:24:55.561239: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:55.561253: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:55.561277: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM... Oct 31 15:24:55.561280: | popen cmd is 1147 chars long Oct 31 15:24:55.561282: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:24:55.561283: | cmd( 80):t-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:24:55.561285: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_: Oct 31 15:24:55.561286: | cmd( 240):CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.: Oct 31 15:24:55.561290: | cmd( 320):255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_: Oct 31 15:24:55.561292: | cmd( 400):SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='1: Oct 31 15:24:55.561293: | cmd( 480):92.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.2: Oct 31 15:24:55.561295: | cmd( 560):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=': Oct 31 15:24:55.561296: | cmd( 640):xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+: Oct 31 15:24:55.561297: | cmd( 720):PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMAN: Oct 31 15:24:55.561299: | cmd( 800):ENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_P: Oct 31 15:24:55.561300: | cmd( 880):EER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER=: Oct 31 15:24:55.561302: | cmd( 960):'0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTE: Oct 31 15:24:55.561303: | cmd(1040):S='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x72dcf81e SPI_OUT=0x: Oct 31 15:24:55.561304: | cmd(1120):e590fecb ipsec _updown 2>&1: Oct 31 15:24:55.570758: | running updown command "ipsec _updown" for verb route Oct 31 15:24:55.570768: | command executing route-client Oct 31 15:24:55.570774: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:55.570789: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:55.570813: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON... Oct 31 15:24:55.570816: | popen cmd is 1145 chars long Oct 31 15:24:55.570818: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Oct 31 15:24:55.570820: | cmd( 80):ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' P: Oct 31 15:24:55.570821: | cmd( 160):LUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CL: Oct 31 15:24:55.570822: | cmd( 240):IENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.25: Oct 31 15:24:55.570824: | cmd( 320):5.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA: Oct 31 15:24:55.570825: | cmd( 400):_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192: Oct 31 15:24:55.570827: | cmd( 480):.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255: Oct 31 15:24:55.570828: | cmd( 560):.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xf: Oct 31 15:24:55.570829: | cmd( 640):rm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PF: Oct 31 15:24:55.570831: | cmd( 720):S+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANEN: Oct 31 15:24:55.570832: | cmd( 800):T' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: Oct 31 15:24:55.570842: | cmd( 880):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: Oct 31 15:24:55.570850: | cmd( 960):' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES=: Oct 31 15:24:55.570853: | cmd(1040):'0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x72dcf81e SPI_OUT=0xe5: Oct 31 15:24:55.570855: | cmd(1120):90fecb ipsec _updown 2>&1: Oct 31 15:24:55.581923: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.581949: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.581957: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.581976: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.581984: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.581990: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582002: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582012: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582020: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582028: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582039: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582049: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582526: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582543: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582552: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582560: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582565: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582571: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582577: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582583: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582590: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.582595: "westnet-eastnet-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.586409: | route_and_eroute: instance "westnet-eastnet-ikev2", setting eroute_owner {spd=0x55569f531168,sr=0x55569f531168} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:55.586532: | inR2: instance westnet-eastnet-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:24:55.586550: | #2 spent 1.56 (34.6) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:24:55.586561: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.586567: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:55.586570: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:55.586572: | Message ID: updating counters for #2 Oct 31 15:24:55.586582: | Message ID: CHILD #1.#2 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.942667 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.586586: | #2 requesting EVENT_RETRANSMIT-pe@0x55569f53b888 be deleted Oct 31 15:24:55.586595: | libevent_free: delref ptr-libevent@0x55569f5333f8 Oct 31 15:24:55.586599: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55569f53b888 Oct 31 15:24:55.586601: | #2 STATE_PARENT_I2: retransmits: cleared Oct 31 15:24:55.586606: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744569.942667->744570.019371 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:24:55.586610: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.586614: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.586617: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:55.586620: | pstats #2 ikev2.child established Oct 31 15:24:55.586621: | announcing the state transition Oct 31 15:24:55.586628: "westnet-eastnet-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:24:55.586637: | NAT-T: encaps is 'auto' Oct 31 15:24:55.586641: "westnet-eastnet-ikev2" #2: IPsec SA established tunnel mode {ESP=>0x72dcf81e <0xe590fecb xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:55.586645: | releasing #2's fd-fd@0x55569f523278 because IKEv2 transitions finished Oct 31 15:24:55.586647: | delref fd@0x55569f523278(3->2) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:55.586649: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:55.586651: | unpending #2's IKE SA #1 Oct 31 15:24:55.586652: | unpending state #1 connection "westnet-eastnet-ikev2" Oct 31 15:24:55.586655: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ikev2" Oct 31 15:24:55.586657: | delref fd@0x55569f523278(2->1) (in delete_pending() at pending.c:218) Oct 31 15:24:55.586659: | removing pending policy for no connection {0x55569f537cd8} Oct 31 15:24:55.586660: | releasing #1's fd-fd@0x55569f523278 because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:55.586662: | delref fd@0x55569f523278(1->0) (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.586668: | freeref fd-fd@0x55569f523278 (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.586670: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.586673: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:24:55.586674: | state #2 has no .st_event to delete Oct 31 15:24:55.586677: | event_schedule: newref EVENT_SA_REKEY-pe@0x55569f53b888 Oct 31 15:24:55.586679: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Oct 31 15:24:55.586681: | libevent_malloc: newref ptr-libevent@0x55569f53c048 size 128 Oct 31 15:24:55.586692: | stop processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:55.586698: | #1 spent 1.56 (34.6) milliseconds Oct 31 15:24:55.586702: | #1 spent 1.95 (35) milliseconds in ikev2_process_packet() Oct 31 15:24:55.586705: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.586709: | delref mdp@0x55569f539cc8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.586712: | delref logger@0x55569f5340e8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.586715: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.586717: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.586723: | spent 1.97 (35) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.586737: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.586743: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.586748: | spent 0.00508 (0.00505) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:55.586750: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.586754: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.586757: | spent 0.00345 (0.00338) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:55.586760: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.586763: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.586767: | spent 0.00354 (0.00349) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:58.803339: | newref struct fd@0x55569f53d128(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.803355: | fd_accept: new fd-fd@0x55569f53d128 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.803370: | whack: traffic_status Oct 31 15:24:58.803375: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:24:58.803378: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:58.803387: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:24:58.803406: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:24:58.803422: | delref fd@0x55569f53d128(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.803431: | freeref fd-fd@0x55569f53d128 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.803439: | spent 0.122 (0.247) milliseconds in whack Oct 31 15:25:00.962875: | newref struct fd@0x55569f53c3a8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:00.962898: | fd_accept: new fd-fd@0x55569f53c3a8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:00.962913: | whack: status Oct 31 15:25:00.963109: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:00.963114: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:00.963187: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:00.963191: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:00.963211: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:25:00.963234: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:25:00.963257: | delref fd@0x55569f53c3a8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:00.963265: | freeref fd-fd@0x55569f53c3a8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:00.963274: | spent 0.407 (0.409) milliseconds in whack Oct 31 15:25:01.456709: | spent 0.0026 (0.00259) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:01.456729: | newref struct msg_digest@0x55569f539cc8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.456735: | newref alloc logger@0x55569f536f18(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.456743: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:25:01.456746: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.456749: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:01.456752: | 86 92 ac 60 69 b8 bd b6 a2 17 d5 b6 4d 43 34 15 Oct 31 15:25:01.456755: | 07 af 8b fb d1 0c 97 77 9a c7 7c bb f0 cc 69 fc Oct 31 15:25:01.456812: | 76 27 ac 49 8d Oct 31 15:25:01.456818: | **parse ISAKMP Message: Oct 31 15:25:01.456823: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:25:01.456828: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.456832: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:01.456835: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.456837: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.456840: | flags: none (0x0) Oct 31 15:25:01.456844: | Message ID: 0 (00 00 00 00) Oct 31 15:25:01.456849: | length: 69 (00 00 00 45) Oct 31 15:25:01.456852: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:01.456856: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:01.456860: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:01.456873: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:01.456878: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Oct 31 15:25:01.456882: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:01.456885: | #1 is idle Oct 31 15:25:01.456893: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.456899: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:01.456902: | unpacking clear payload Oct 31 15:25:01.456905: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:01.456909: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:01.456913: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:01.456918: | flags: none (0x0) Oct 31 15:25:01.456923: | length: 41 (00 29) Oct 31 15:25:01.456926: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:25:01.456929: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:01.456946: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:01.456950: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:01.456954: | **parse IKEv2 Delete Payload: Oct 31 15:25:01.456957: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.456960: | flags: none (0x0) Oct 31 15:25:01.456967: | length: 12 (00 0c) Oct 31 15:25:01.456971: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:01.456974: | SPI size: 4 (04) Oct 31 15:25:01.456978: | number of SPIs: 1 (00 01) Oct 31 15:25:01.456981: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:25:01.456984: | selected state microcode Informational Request Oct 31 15:25:01.456992: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:25:01.456995: | calling processor Informational Request Oct 31 15:25:01.457000: | an informational request should send a response Oct 31 15:25:01.457007: | opening output PBS information exchange reply packet Oct 31 15:25:01.457013: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:01.457016: | **emit ISAKMP Message: Oct 31 15:25:01.457021: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:25:01.457026: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.457031: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.457035: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.457038: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.457041: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:01.457045: | Message ID: 0 (00 00 00 00) Oct 31 15:25:01.457048: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.457052: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:01.457055: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.457058: | flags: none (0x0) Oct 31 15:25:01.457062: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:01.457065: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:01.457068: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:01.457077: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:25:01.457083: | SPI Oct 31 15:25:01.457086: | 72 dc f8 1e Oct 31 15:25:01.457089: | delete IKEv2_SEC_PROTO_ESP SA(0x72dcf81e) Oct 31 15:25:01.457095: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:01.457097: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:25:01.457099: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x72dcf81e) Oct 31 15:25:01.457150: "westnet-eastnet-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Oct 31 15:25:01.457157: | #2 requesting EVENT_SA_REKEY-pe@0x55569f53b888 be deleted Oct 31 15:25:01.457161: | libevent_free: delref ptr-libevent@0x55569f53c048 Oct 31 15:25:01.457165: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55569f53b888 Oct 31 15:25:01.457168: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55569f5340e8 Oct 31 15:25:01.457478: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Oct 31 15:25:01.457487: | libevent_malloc: newref ptr-libevent@0x55569f5333f8 size 128 Oct 31 15:25:01.457492: | ****emit IKEv2 Delete Payload: Oct 31 15:25:01.457495: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.457498: | flags: none (0x0) Oct 31 15:25:01.457500: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:01.457503: | SPI size: 4 (04) Oct 31 15:25:01.457506: | number of SPIs: 1 (00 01) Oct 31 15:25:01.457509: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:01.457511: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:01.457515: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:25:01.457518: | local SPIs: e5 90 fe cb Oct 31 15:25:01.457522: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:01.457526: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:01.457530: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:01.457534: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:01.457538: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:25:01.457541: | emitting length of ISAKMP Message: 69 Oct 31 15:25:01.457576: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:01.457579: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.457581: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:01.457583: | 97 5f 5e 0a d0 bf 0a 4f 1b 98 40 13 0c f0 85 85 Oct 31 15:25:01.457585: | bf 9b b2 d8 e2 c9 8e 8f f3 c4 45 99 f3 91 f7 f9 Oct 31 15:25:01.457587: | 2a 63 98 5b 6c Oct 31 15:25:01.457662: | sent 1 messages Oct 31 15:25:01.457673: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:01.457682: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744569.920816 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:01.457691: | #1 spent 0.307 (0.689) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:25:01.457698: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:01.457703: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:25:01.457707: | Message ID: updating counters for #1 Oct 31 15:25:01.457716: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744569.920816->744575.890506 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:25:01.457724: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744575.890506 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.457732: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744575.890506 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.457735: | announcing the state transition Oct 31 15:25:01.457739: "westnet-eastnet-ikev2" #1: established IKE SA Oct 31 15:25:01.457746: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:01.457749: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.457754: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:01.457758: | 97 5f 5e 0a d0 bf 0a 4f 1b 98 40 13 0c f0 85 85 Oct 31 15:25:01.457760: | bf 9b b2 d8 e2 c9 8e 8f f3 c4 45 99 f3 91 f7 f9 Oct 31 15:25:01.457763: | 2a 63 98 5b 6c Oct 31 15:25:01.457779: | sent 1 messages Oct 31 15:25:01.457840: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:25:01.457850: | stop processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:01.457857: | #1 spent 0.673 (1.15) milliseconds in ikev2_process_packet() Oct 31 15:25:01.457860: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:01.457864: | delref mdp@0x55569f539cc8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.457868: | delref logger@0x55569f536f18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.457871: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.457873: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.457879: | spent 0.695 (1.18) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:01.457887: | timer_event_cb: processing event@0x55569f5340e8 Oct 31 15:25:01.457891: | handling event EVENT_SA_REPLACE for child state #2 Oct 31 15:25:01.457895: | libevent_free: delref ptr-libevent@0x55569f5333f8 Oct 31 15:25:01.457900: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55569f5340e8 Oct 31 15:25:01.457907: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:01.457911: | picked newest_ipsec_sa #2 for #2 Oct 31 15:25:01.457914: | replacing stale CHILD SA Oct 31 15:25:01.457918: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:01.457922: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:25:01.457929: | newref alloc logger@0x55569f53b888(0->1) (in new_state() at state.c:576) Oct 31 15:25:01.457932: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:01.457935: | creating state object #3 at 0x55569f539cc8 Oct 31 15:25:01.457939: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:25:01.457948: | pstats #3 ikev2.child started Oct 31 15:25:01.457953: | duplicating state object #1 "westnet-eastnet-ikev2" as #3 for IPSEC SA Oct 31 15:25:01.457959: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:01.457969: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744575.890506 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:01.457974: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Oct 31 15:25:01.457981: | #3.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:25:01.457987: | suspend processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:01.457994: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:01.458000: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:25:01.458004: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ikev2 (ESP/AH initiator emitting proposals) Oct 31 15:25:01.458010: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:25:01.458017: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:01.458021: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:25:01.458026: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:01.458031: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:01.458038: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.458044: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:01.458049: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.458054: "westnet-eastnet-ikev2": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:25:01.458060: "westnet-eastnet-ikev2": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:01.458065: "westnet-eastnet-ikev2": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:01.458070: "westnet-eastnet-ikev2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.458075: "westnet-eastnet-ikev2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.458082: | #3 schedule rekey initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 to replace #2 using IKE# 1 pfs=MODP2048 Oct 31 15:25:01.458086: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x55569f53c1e8 Oct 31 15:25:01.458089: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Oct 31 15:25:01.458092: | libevent_malloc: newref ptr-libevent@0x55569f53c048 size 128 Oct 31 15:25:01.458101: | RESET processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:25:01.458108: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x55569f536f18 Oct 31 15:25:01.458111: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Oct 31 15:25:01.458115: | libevent_malloc: newref ptr-libevent@0x55569f533668 size 128 Oct 31 15:25:01.458122: | #2 spent 0.232 (0.233) milliseconds in timer_event_cb() EVENT_SA_REPLACE Oct 31 15:25:01.458125: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:01.458184: | timer_event_cb: processing event@0x55569f53c1e8 Oct 31 15:25:01.458190: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Oct 31 15:25:01.458193: | libevent_free: delref ptr-libevent@0x55569f53c048 Oct 31 15:25:01.458255: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x55569f53c1e8 Oct 31 15:25:01.458263: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:01.458270: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:01.458326: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:01.458334: | newref clone logger@0x55569f5340e8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:01.458337: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:25:01.458340: | state #3 has no .st_event to delete Oct 31 15:25:01.458343: | #3 STATE_V2_REKEY_CHILD_I0: retransmits: cleared Oct 31 15:25:01.458346: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55569f5333f8 Oct 31 15:25:01.458508: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:01.458515: | libevent_malloc: newref ptr-libevent@0x55569f53c048 size 128 Oct 31 15:25:01.458528: | #3 spent 0.115 (0.342) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:25:01.458534: | stop processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:01.458539: | timer_event_cb: processing event@0x55569f536f18 Oct 31 15:25:01.458546: | handling event EVENT_SA_EXPIRE for child state #2 Oct 31 15:25:01.458538: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 6 starting job Oct 31 15:25:01.458551: | libevent_free: delref ptr-libevent@0x55569f533668 Oct 31 15:25:01.458565: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x55569f536f18 Oct 31 15:25:01.458571: | start processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:01.458575: | picked newest_ipsec_sa #2 for #2 Oct 31 15:25:01.458577: | un-established partial CHILD SA timeout (SA expired) Oct 31 15:25:01.458580: | pstats #2 ikev2.child re-failed exchange-timeout Oct 31 15:25:01.458583: | should_send_delete: no, just because Oct 31 15:25:01.458586: | pstats #2 ikev2.child deleted completed Oct 31 15:25:01.458590: | #2 main thread spent 1.79 (34.9) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:01.458596: | [RE]START processing: state #2 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.458599: | should_send_delete: no, just because Oct 31 15:25:01.458604: "westnet-eastnet-ikev2" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 5.950052s and NOT sending notification Oct 31 15:25:01.458607: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:01.458612: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:25:01.458679: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:25:01.458692: "westnet-eastnet-ikev2" #2: ESP traffic information: in=3KB out=3KB Oct 31 15:25:01.458697: | unsuspending #2 MD (nil) Oct 31 15:25:01.458700: | should_send_delete: no, just because Oct 31 15:25:01.458703: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:25:01.458707: | state #2 has no .st_event to delete Oct 31 15:25:01.458710: | #2 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:01.458766: | running updown command "ipsec _updown" for verb down Oct 31 15:25:01.458771: | command executing down-client Oct 31 15:25:01.458776: | get_sa_info esp.72dcf81e@192.1.2.23 Oct 31 15:25:01.458789: | get_sa_info esp.e590fecb@192.1.2.45 Oct 31 15:25:01.458881: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFI... Oct 31 15:25:01.458887: | popen cmd is 1150 chars long Oct 31 15:25:01.458890: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Oct 31 15:25:01.458893: | cmd( 80):kev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:01.458899: | cmd( 160):UTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLI: Oct 31 15:25:01.458902: | cmd( 240):ENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:25:01.458904: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:25:01.458907: | cmd( 400):TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.: Oct 31 15:25:01.458909: | cmd( 480):0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:25:01.458911: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:01.458913: | cmd( 640):m' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:25:01.458916: | cmd( 720):+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT: Oct 31 15:25:01.458918: | cmd( 800):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Oct 31 15:25:01.458920: | cmd( 880):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Oct 31 15:25:01.458924: | cmd( 960): PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='3360' PLUTO_OUTBYTE: Oct 31 15:25:01.458928: | cmd(1040):S='3360' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x72dcf81e SPI_OUT: Oct 31 15:25:01.458931: | cmd(1120):=0xe590fecb ipsec _updown 2>&1: Oct 31 15:25:01.460568: | "westnet-eastnet-ikev2" #3: spent 1.81 (2.03) milliseconds in helper 6 processing job 4 for state #3: Child Rekey Initiator KE and nonce ni (pcr) Oct 31 15:25:01.460580: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 6 sending result back to state Oct 31 15:25:01.460584: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:01.460588: | libevent_malloc: newref ptr-libevent@0x7f52b4006108 size 128 Oct 31 15:25:01.460594: | helper thread 6 has nothing to do Oct 31 15:25:01.522638: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:01.522655: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:01.522661: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:01.522666: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:01.522772: | delete esp.72dcf81e@192.1.2.23 Oct 31 15:25:01.522778: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:01.522948: | netlink response for Del SA esp.72dcf81e@192.1.2.23 included non-error error Oct 31 15:25:01.522955: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:01.522964: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk.10000@192.1.2.45 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:01.523265: | raw_eroute result=success Oct 31 15:25:01.523275: | delete esp.e590fecb@192.1.2.45 Oct 31 15:25:01.523278: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:01.523386: | netlink response for Del SA esp.e590fecb@192.1.2.45 included non-error error Oct 31 15:25:01.523394: | in connection_discard for connection westnet-eastnet-ikev2 Oct 31 15:25:01.523398: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Oct 31 15:25:01.523403: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:01.523407: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:01.523410: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.523412: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.523415: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:01.523422: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.523430: | delref logger@0x55569f536e58(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.523436: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.523438: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.523443: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Oct 31 15:25:01.523446: | can't expire unused IKE SA #1; it has the child #3 Oct 31 15:25:01.523449: | in statetime_stop() and could not find #2 Oct 31 15:25:01.523452: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:01.523473: | spent 0.00203 (0.00199) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:01.523486: | newref struct msg_digest@0x55569f541f98(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.523491: | newref alloc logger@0x55569f536f18(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.523497: | *received 65 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:25:01.523500: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.523503: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Oct 31 15:25:01.523505: | 75 a3 0b 31 3c ce 92 32 6a d3 66 ae 97 40 c7 22 Oct 31 15:25:01.523507: | 70 81 04 8b 35 1f c5 50 72 97 c3 c8 8e e4 f0 11 Oct 31 15:25:01.523509: | 61 Oct 31 15:25:01.523514: | **parse ISAKMP Message: Oct 31 15:25:01.523519: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:25:01.523523: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.523526: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:01.523529: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.523531: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.523534: | flags: none (0x0) Oct 31 15:25:01.523539: | Message ID: 1 (00 00 00 01) Oct 31 15:25:01.523542: | length: 65 (00 00 00 41) Oct 31 15:25:01.523546: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:01.523549: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:01.523553: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:01.523560: | start processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:01.523564: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:25:01.523567: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:01.523569: | #1 is idle Oct 31 15:25:01.523578: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744575.890506 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.523583: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:01.523586: | unpacking clear payload Oct 31 15:25:01.523589: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:01.523592: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:01.523595: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:01.523597: | flags: none (0x0) Oct 31 15:25:01.523600: | length: 37 (00 25) Oct 31 15:25:01.523603: | processing payload: ISAKMP_NEXT_v2SK (len=33) Oct 31 15:25:01.523606: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:01.523627: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:01.523631: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:01.523635: | **parse IKEv2 Delete Payload: Oct 31 15:25:01.523637: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.523640: | flags: none (0x0) Oct 31 15:25:01.523643: | length: 8 (00 08) Oct 31 15:25:01.523646: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.523649: | SPI size: 0 (00) Oct 31 15:25:01.523652: | number of SPIs: 0 (00 00) Oct 31 15:25:01.523654: | processing payload: ISAKMP_NEXT_v2D (len=0) Oct 31 15:25:01.523657: | selected state microcode Informational Request Oct 31 15:25:01.523668: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744575.890506 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:25:01.523671: | calling processor Informational Request Oct 31 15:25:01.523675: | an informational request should send a response Oct 31 15:25:01.523681: | opening output PBS information exchange reply packet Oct 31 15:25:01.523683: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:01.523686: | **emit ISAKMP Message: Oct 31 15:25:01.523690: | initiator SPI: 7d a4 96 cc 06 a0 5a 44 Oct 31 15:25:01.523694: | responder SPI: 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.523696: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.523698: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.523701: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.523703: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:01.523707: | Message ID: 1 (00 00 00 01) Oct 31 15:25:01.523710: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.523715: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:01.523717: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.523719: | flags: none (0x0) Oct 31 15:25:01.523722: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:01.523725: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:01.523729: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:01.523741: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:01.523745: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:01.523748: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:01.523751: | emitting length of IKEv2 Encryption Payload: 29 Oct 31 15:25:01.523753: | emitting length of ISAKMP Message: 57 Oct 31 15:25:01.523768: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:01.523772: | 7d a4 96 cc 06 a0 5a 44 9f 77 a8 cc 55 20 77 9e Oct 31 15:25:01.523774: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Oct 31 15:25:01.523776: | 89 de 5e 64 20 de 0c 4d 32 83 6e 58 d1 2d 73 4d Oct 31 15:25:01.523779: | 8d 5f 21 92 80 6f d2 0b 1a Oct 31 15:25:01.523805: | sent 1 messages Oct 31 15:25:01.523813: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744575.890506 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:01.523820: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.019371 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744575.890506 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:01.523825: | pstats #3 ikev2.child deleted other Oct 31 15:25:01.523829: | #3 main thread spent 0.115 (0.342) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:01.523835: | suspend processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.523839: | start processing: state #3 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.523842: | should_send_delete: no, just because Oct 31 15:25:01.523849: "westnet-eastnet-ikev2" #3: deleting other state #3 (STATE_V2_REKEY_CHILD_I0) aged 0.065919s and NOT sending notification Oct 31 15:25:01.523853: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => delete Oct 31 15:25:01.523856: | unsuspending #3 MD (nil) Oct 31 15:25:01.523858: | should_send_delete: no, just because Oct 31 15:25:01.523861: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Oct 31 15:25:01.523864: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:01.523868: | libevent_free: delref ptr-libevent@0x55569f53c048 Oct 31 15:25:01.523872: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55569f5333f8 Oct 31 15:25:01.523875: | #3 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:01.523879: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:01.523886: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk.10000@192.1.2.45 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:01.523900: | raw_eroute result=success Oct 31 15:25:01.523904: | in connection_discard for connection westnet-eastnet-ikev2 Oct 31 15:25:01.523906: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Oct 31 15:25:01.523910: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:01.523913: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:01.523915: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.523918: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.523920: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:01.523925: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.523930: | resume processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.523934: | delref logger@0x55569f53b888(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.523937: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.523939: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.523942: | State DB: IKEv2 state not found (delete_ike_family) Oct 31 15:25:01.523945: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:01.523950: | #1 main thread spent 6.83 (40.5) milliseconds helper thread spent 12.7 (13.4) milliseconds in total Oct 31 15:25:01.523954: | [RE]START processing: state #1 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.523957: | should_send_delete: no, just because Oct 31 15:25:01.523961: "westnet-eastnet-ikev2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 6.035968s and NOT sending notification Oct 31 15:25:01.523964: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:01.524179: | unsuspending #1 MD (nil) Oct 31 15:25:01.524185: | should_send_delete: no, just because Oct 31 15:25:01.524188: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:01.524192: | libevent_free: delref ptr-libevent@0x7f52c0000d38 Oct 31 15:25:01.524195: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55569f522ef8 Oct 31 15:25:01.524197: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:01.524208: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:01.524211: | picked newest_isakmp_sa #0 for #1 Oct 31 15:25:01.524214: "westnet-eastnet-ikev2" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:01.524218: | add revival: connection 'westnet-eastnet-ikev2' added to the list and scheduled for 0 seconds Oct 31 15:25:01.524221: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Oct 31 15:25:01.524226: | in connection_discard for connection westnet-eastnet-ikev2 Oct 31 15:25:01.524228: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:01.524232: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:01.524235: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:01.524239: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.524242: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.524245: | delref pkp@0x55569f536c88(2->1) (in delete_state() at state.c:1202) Oct 31 15:25:01.524261: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.524277: | delref logger@0x55569f52fb38(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.524281: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.524283: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.524286: | in statetime_stop() and could not find #1 Oct 31 15:25:01.524289: | XXX: processor 'Informational Request' for #1 deleted state MD.ST Oct 31 15:25:01.524292: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:01.524294: | in statetime_stop() and could not find #1 Oct 31 15:25:01.524297: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:01.524299: | delref mdp@0x55569f541f98(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.524302: | delref logger@0x55569f536f18(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.524305: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.524307: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.524313: | spent 0.671 (0.846) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:01.524321: | processing resume sending helper answer back to state for #3 Oct 31 15:25:01.524380: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 6 Oct 31 15:25:01.524386: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): was cancelled; ignoring respose Oct 31 15:25:01.524401: | delref logger@0x55569f5340e8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:01.524405: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.524407: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.524413: | (#3) spent 0.0327 (0.0326) milliseconds in resume sending helper answer back to state Oct 31 15:25:01.524417: | libevent_free: delref ptr-libevent@0x7f52b4006108 Oct 31 15:25:01.524420: | processing signal PLUTO_SIGCHLD Oct 31 15:25:01.524425: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:01.524431: | spent 0.00592 (0.00609) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:01.524437: | processing global timer EVENT_REVIVE_CONNS Oct 31 15:25:01.524440: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:01.524443: "westnet-eastnet-ikev2": initiating connection which received a Delete/Notify but must remain up per local policy Oct 31 15:25:01.524447: | connection 'westnet-eastnet-ikev2' +POLICY_UP Oct 31 15:25:01.524450: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:01.524458: | newref alloc logger@0x55569f5333f8(0->1) (in new_state() at state.c:576) Oct 31 15:25:01.524461: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:01.524464: | creating state object #4 at 0x55569f538008 Oct 31 15:25:01.524467: | State DB: adding IKEv2 state #4 in UNDEFINED Oct 31 15:25:01.524475: | pstats #4 ikev2.ike started Oct 31 15:25:01.524479: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:25:01.524483: | #4.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:25:01.524492: | Message ID: IKE #4 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744575.957282 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744575.957282 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:25:01.524495: | orienting westnet-eastnet-ikev2 Oct 31 15:25:01.524500: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:01.524504: | westnet-eastnet-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:25:01.524508: | westnet-eastnet-ikev2 doesn't match 192.0.1.254:4500 at all Oct 31 15:25:01.524511: | westnet-eastnet-ikev2 doesn't match 192.0.1.254:500 at all Oct 31 15:25:01.524516: | westnet-eastnet-ikev2 doesn't match 192.1.2.45:4500 at all Oct 31 15:25:01.524519: | oriented westnet-eastnet-ikev2's this Oct 31 15:25:01.524525: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:25:01.524528: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:25:01.524533: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #4 "westnet-eastnet-ikev2" Oct 31 15:25:01.524536: "westnet-eastnet-ikev2" #4: initiating IKEv2 connection Oct 31 15:25:01.524552: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator selecting KE): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:01.524559: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:01.524561: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:01.524564: | newref clone logger@0x55569f534d68(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:01.524567: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:25:01.524569: | state #4 has no .st_event to delete Oct 31 15:25:01.524572: | #4 STATE_PARENT_I0: retransmits: cleared Oct 31 15:25:01.524574: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55569f53c1e8 Oct 31 15:25:01.524577: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Oct 31 15:25:01.524580: | libevent_malloc: newref ptr-libevent@0x55569f53c3e8 size 128 Oct 31 15:25:01.524591: | #4 spent 0.143 (0.143) milliseconds in ikev2_parent_outI1() Oct 31 15:25:01.524598: | RESET processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:25:01.524603: | spent 0.162 (0.162) milliseconds in global timer EVENT_REVIVE_CONNS Oct 31 15:25:01.524602: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): helper 2 starting job Oct 31 15:25:01.529288: | "westnet-eastnet-ikev2" #4: spent 1.93 (4.68) milliseconds in helper 2 processing job 5 for state #4: ikev2_outI1 KE (pcr) Oct 31 15:25:01.529306: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): helper thread 2 sending result back to state Oct 31 15:25:01.529312: | scheduling resume sending helper answer back to state for #4 Oct 31 15:25:01.529317: | libevent_malloc: newref ptr-libevent@0x7f52b8006108 size 128 Oct 31 15:25:01.529438: | helper thread 2 has nothing to do Oct 31 15:25:01.529447: | processing resume sending helper answer back to state for #4 Oct 31 15:25:01.529461: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:01.529467: | unsuspending #4 MD (nil) Oct 31 15:25:01.529471: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): processing response from helper 2 Oct 31 15:25:01.529474: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55569eac7fe7 Oct 31 15:25:01.529477: | ikev2_parent_outI1_continue() for #4 STATE_PARENT_I0 Oct 31 15:25:01.529481: | DH secret MODP2048@0x7f52b8006ba8: transferring ownership from helper KE to state #4 Oct 31 15:25:01.529486: | opening output PBS reply packet Oct 31 15:25:01.529490: | **emit ISAKMP Message: Oct 31 15:25:01.529495: | initiator SPI: 30 4b 14 af 5f 82 41 f5 Oct 31 15:25:01.529500: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:25:01.529503: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.529505: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.529511: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:01.529514: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:01.529518: | Message ID: 0 (00 00 00 00) Oct 31 15:25:01.529522: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.529540: | using existing local IKE proposals for connection westnet-eastnet-ikev2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:01.529544: | Emitting ikev2_proposals ... Oct 31 15:25:01.529547: | ***emit IKEv2 Security Association Payload: Oct 31 15:25:01.529550: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.529552: | flags: none (0x0) Oct 31 15:25:01.529555: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:01.529558: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.529562: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:01.529566: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.529569: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.529572: | prop #: 1 (01) Oct 31 15:25:01.529574: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.529577: | spi size: 0 (00) Oct 31 15:25:01.529580: | # transforms: 11 (0b) Oct 31 15:25:01.529583: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.529586: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529591: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.529593: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:01.529596: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529599: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.529601: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.529605: | length/value: 256 (01 00) Oct 31 15:25:01.529608: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.529611: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529613: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529615: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.529618: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.529621: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529626: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529628: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529630: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529633: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.529635: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.529637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529645: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529648: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:01.529650: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529655: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529657: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.529659: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529664: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529667: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529671: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529673: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.529676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529682: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529684: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529688: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529691: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.529693: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529698: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529701: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529703: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529705: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529708: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.529710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529712: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529715: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529718: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529721: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529723: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529725: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.529728: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529730: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529732: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529737: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529741: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529744: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.529746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529751: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529754: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529756: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529759: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529761: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.529763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529768: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529770: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529773: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.529775: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529777: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.529780: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529783: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529785: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529787: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:01.529790: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.529794: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:01.529797: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.529800: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.529803: | prop #: 2 (02) Oct 31 15:25:01.529805: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.529808: | spi size: 0 (00) Oct 31 15:25:01.529810: | # transforms: 11 (0b) Oct 31 15:25:01.529813: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.529816: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.529819: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529821: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529823: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.529826: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:01.529829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529831: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.529834: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.529837: | length/value: 128 (00 80) Oct 31 15:25:01.529839: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.529845: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529848: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529850: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.529852: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.529855: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529857: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529860: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529863: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529865: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529867: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.529870: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.529872: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529874: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529877: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529879: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:01.529882: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529884: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529886: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529889: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.529891: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529896: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529898: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529906: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.529908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529911: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529913: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529916: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529922: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.529925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529927: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529930: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529932: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529940: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.529944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529949: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529951: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529956: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529958: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.529961: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529963: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529965: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529968: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529970: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529975: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.529978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529983: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.529985: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.529987: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529990: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.529992: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.529994: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.529997: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.529999: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530002: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530004: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.530006: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530008: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.530011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530014: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530016: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530019: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:01.530021: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.530025: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.530027: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.530030: | prop #: 3 (03) Oct 31 15:25:01.530032: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.530035: | spi size: 0 (00) Oct 31 15:25:01.530038: | # transforms: 13 (0d) Oct 31 15:25:01.530042: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.530044: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.530048: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530053: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.530055: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:01.530057: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530060: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.530062: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.530065: | length/value: 256 (01 00) Oct 31 15:25:01.530068: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.530070: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530075: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.530077: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.530080: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530082: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530085: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530088: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530092: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.530094: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.530097: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530099: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530102: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530104: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530106: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530109: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.530111: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:01.530113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530118: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530121: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530124: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530126: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.530128: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:01.530131: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530133: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530135: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530140: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530144: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530146: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.530149: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530151: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530154: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530156: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530161: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530164: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.530166: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530168: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530171: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530173: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530178: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530180: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.530183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530185: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530188: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530190: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530192: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530195: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530197: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.530207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530213: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530215: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530218: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530220: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530222: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.530225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530227: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530229: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530232: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530234: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530237: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530239: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.530242: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530246: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530248: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530251: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530253: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530255: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530258: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.530260: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530262: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530265: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530268: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530270: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.530272: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530274: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.530277: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530282: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530284: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:01.530287: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.530291: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.530293: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:01.530296: | prop #: 4 (04) Oct 31 15:25:01.530349: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.530355: | spi size: 0 (00) Oct 31 15:25:01.530359: | # transforms: 13 (0d) Oct 31 15:25:01.530362: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.530365: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.530368: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530371: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530373: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.530376: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:01.530378: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530381: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.530384: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.530387: | length/value: 128 (00 80) Oct 31 15:25:01.530390: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.530393: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530398: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.530401: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.530404: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530408: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530411: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530414: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530419: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.530421: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.530424: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530426: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530429: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530432: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530434: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530437: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.530439: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:01.530442: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530445: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530447: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530450: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530453: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530455: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.530457: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:01.530460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530463: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530465: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530468: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530470: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530473: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530476: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.530479: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530481: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530484: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530486: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530488: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530491: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530493: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.530496: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530501: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530504: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530508: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530511: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530514: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.530517: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530519: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530522: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530525: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530530: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530532: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.530535: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530537: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530540: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530542: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530545: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530547: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530550: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.530553: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530555: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530558: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530561: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530566: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530568: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.530571: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530573: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530576: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530578: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530581: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530583: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530585: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.530588: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530591: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530594: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530596: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.530599: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.530601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.530604: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.530606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.530610: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.530613: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.530616: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:01.530618: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.530621: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:25:01.530623: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:01.530626: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:25:01.530629: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.530631: | flags: none (0x0) Oct 31 15:25:01.530634: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.530637: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:01.530639: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.530643: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:01.530645: | ikev2 g^x: Oct 31 15:25:01.530648: | 28 83 6b 6b 78 a7 23 84 72 6a 1d eb c7 06 84 fa Oct 31 15:25:01.530650: | 01 6b 29 c7 71 a8 d4 32 91 fe 57 4a 3f d5 6c ed Oct 31 15:25:01.530652: | f4 05 fd c2 62 fb 25 1a af e1 55 18 0b 0d b7 65 Oct 31 15:25:01.530655: | 5d f5 da c4 a4 93 65 37 85 d7 8a ca cc de 71 e9 Oct 31 15:25:01.530657: | 12 36 7b 23 c3 c3 d8 b0 1b 64 7f 80 e8 66 d6 aa Oct 31 15:25:01.530659: | 32 f9 ae 8e 2c bf 52 92 af a9 30 5f 00 07 30 f6 Oct 31 15:25:01.530661: | fc 66 94 4e c4 82 d7 a9 be 4c 42 2b d4 3a 62 90 Oct 31 15:25:01.530664: | 88 96 d7 38 cc 0c b7 44 11 2a af 8c f6 c4 c3 f7 Oct 31 15:25:01.530666: | ad 78 77 ea 27 14 37 1a 04 68 f8 a0 94 54 de 8e Oct 31 15:25:01.530669: | b9 de a9 13 1f 87 66 70 7c ee 11 17 58 9f 50 5a Oct 31 15:25:01.530671: | 29 c6 d7 0f 10 bc 85 71 b3 f4 11 f5 81 87 34 f8 Oct 31 15:25:01.530673: | 98 16 d9 ca 75 78 46 6d cb 96 30 4f ab 91 a5 cf Oct 31 15:25:01.530675: | 2d 9f bf 1b 1e 49 0f 17 49 8d 99 34 23 2d e3 a1 Oct 31 15:25:01.530678: | 3b 26 cf ba 56 09 bd 5f 08 f1 f2 ee 33 9c 55 11 Oct 31 15:25:01.530680: | d3 64 50 63 1a 6c 4b 3d ea a6 7f b3 49 17 ec 15 Oct 31 15:25:01.530682: | 56 c0 e0 2e 34 11 90 f1 a2 02 a2 d4 25 fc 31 dd Oct 31 15:25:01.530684: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:25:01.530687: | ***emit IKEv2 Nonce Payload: Oct 31 15:25:01.530690: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.530692: | flags: none (0x0) Oct 31 15:25:01.530695: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:01.530697: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.530701: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:01.530704: | IKEv2 nonce: Oct 31 15:25:01.530706: | 69 d2 63 1e 91 6e 0f 3a cf 14 d9 9e 52 c7 21 0a Oct 31 15:25:01.530708: | 8a 39 a8 e0 0f 2e 66 05 de 72 a3 55 e2 8f f9 5c Oct 31 15:25:01.530711: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:01.530713: | adding a v2N Payload Oct 31 15:25:01.530716: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.530718: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.530721: | flags: none (0x0) Oct 31 15:25:01.530723: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.530726: | SPI size: 0 (00) Oct 31 15:25:01.530729: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:01.530733: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.530736: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.530739: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:25:01.530742: | adding a v2N Payload Oct 31 15:25:01.530745: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.530747: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.530749: | flags: none (0x0) Oct 31 15:25:01.530752: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.530755: | SPI size: 0 (00) Oct 31 15:25:01.530757: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:25:01.530760: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.530762: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.530766: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:25:01.530769: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:25:01.530771: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:25:01.530774: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:25:01.530778: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:25:01.530780: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:25:01.530783: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:25:01.530786: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:25:01.530788: | nat: IKE.SPIr is zero Oct 31 15:25:01.530802: | natd_hash: hasher=0x55569ebb9f80(20) Oct 31 15:25:01.530805: | natd_hash: icookie= Oct 31 15:25:01.530807: | 30 4b 14 af 5f 82 41 f5 Oct 31 15:25:01.530809: | natd_hash: rcookie= Oct 31 15:25:01.530811: | 00 00 00 00 00 00 00 00 Oct 31 15:25:01.530814: | natd_hash: ip= Oct 31 15:25:01.530816: | c0 01 02 2d Oct 31 15:25:01.530818: | natd_hash: port= Oct 31 15:25:01.530820: | 01 f4 Oct 31 15:25:01.530822: | natd_hash: hash= Oct 31 15:25:01.530824: | ab 2a 89 20 6e 3a b0 f4 13 4e d0 87 27 cf 19 42 Oct 31 15:25:01.530826: | 07 f6 8b e2 Oct 31 15:25:01.530828: | adding a v2N Payload Oct 31 15:25:01.530831: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.530833: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.530835: | flags: none (0x0) Oct 31 15:25:01.530838: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.530841: | SPI size: 0 (00) Oct 31 15:25:01.530843: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:01.530846: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.530848: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.530852: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:01.530854: | Notify data: Oct 31 15:25:01.530857: | ab 2a 89 20 6e 3a b0 f4 13 4e d0 87 27 cf 19 42 Oct 31 15:25:01.530859: | 07 f6 8b e2 Oct 31 15:25:01.530861: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:01.530863: | nat: IKE.SPIr is zero Oct 31 15:25:01.530871: | natd_hash: hasher=0x55569ebb9f80(20) Oct 31 15:25:01.530874: | natd_hash: icookie= Oct 31 15:25:01.530877: | 30 4b 14 af 5f 82 41 f5 Oct 31 15:25:01.530879: | natd_hash: rcookie= Oct 31 15:25:01.530881: | 00 00 00 00 00 00 00 00 Oct 31 15:25:01.530883: | natd_hash: ip= Oct 31 15:25:01.530885: | c0 01 02 17 Oct 31 15:25:01.530887: | natd_hash: port= Oct 31 15:25:01.530888: | 01 f4 Oct 31 15:25:01.530891: | natd_hash: hash= Oct 31 15:25:01.530893: | 8e f4 63 11 5d 06 78 a8 c0 f1 8d c9 de 80 5a 62 Oct 31 15:25:01.530897: | 3f 37 32 04 Oct 31 15:25:01.530900: | adding a v2N Payload Oct 31 15:25:01.530902: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.530904: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.530907: | flags: none (0x0) Oct 31 15:25:01.530909: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.530912: | SPI size: 0 (00) Oct 31 15:25:01.530914: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:01.530917: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.530919: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.530922: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:01.530925: | Notify data: Oct 31 15:25:01.530927: | 8e f4 63 11 5d 06 78 a8 c0 f1 8d c9 de 80 5a 62 Oct 31 15:25:01.530929: | 3f 37 32 04 Oct 31 15:25:01.530932: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:01.530934: | emitting length of ISAKMP Message: 842 Oct 31 15:25:01.530942: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:01.530947: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:25:01.530950: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:25:01.530952: | Message ID: updating counters for #4 Oct 31 15:25:01.530955: | Message ID: IKE #4 skipping update_recv as MD is fake Oct 31 15:25:01.530962: | Message ID: IKE #4 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744575.957282 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744575.957282 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:01.530967: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55569f52fb38 Oct 31 15:25:01.530970: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Oct 31 15:25:01.530973: | libevent_malloc: newref ptr-libevent@0x55569f53c528 size 128 Oct 31 15:25:01.530978: | #4 STATE_PARENT_I0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744575.963762 Oct 31 15:25:01.530984: | Message ID: IKE #4 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744575.957282 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744575.957282 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:01.530990: | Message ID: IKE #4 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744575.957282 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744575.957282 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:01.530994: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:25:01.530997: | announcing the state transition Oct 31 15:25:01.531001: "westnet-eastnet-ikev2" #4: sent IKE_SA_INIT request Oct 31 15:25:01.531009: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #4) Oct 31 15:25:01.531012: | 30 4b 14 af 5f 82 41 f5 00 00 00 00 00 00 00 00 Oct 31 15:25:01.531014: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:25:01.531016: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:01.531018: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:01.531020: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:01.531022: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:01.531024: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:01.531026: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:01.531029: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:01.531031: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:01.531034: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:01.531037: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:01.531039: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:01.531042: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:01.531044: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:01.531046: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:01.531048: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:01.531050: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:01.531052: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:01.531054: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:01.531056: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:01.531058: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:01.531060: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:01.531062: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:01.531064: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:01.531066: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:01.531068: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:01.531070: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:01.531073: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:01.531075: | 28 00 01 08 00 0e 00 00 28 83 6b 6b 78 a7 23 84 Oct 31 15:25:01.531077: | 72 6a 1d eb c7 06 84 fa 01 6b 29 c7 71 a8 d4 32 Oct 31 15:25:01.531079: | 91 fe 57 4a 3f d5 6c ed f4 05 fd c2 62 fb 25 1a Oct 31 15:25:01.531082: | af e1 55 18 0b 0d b7 65 5d f5 da c4 a4 93 65 37 Oct 31 15:25:01.531084: | 85 d7 8a ca cc de 71 e9 12 36 7b 23 c3 c3 d8 b0 Oct 31 15:25:01.531086: | 1b 64 7f 80 e8 66 d6 aa 32 f9 ae 8e 2c bf 52 92 Oct 31 15:25:01.531088: | af a9 30 5f 00 07 30 f6 fc 66 94 4e c4 82 d7 a9 Oct 31 15:25:01.531090: | be 4c 42 2b d4 3a 62 90 88 96 d7 38 cc 0c b7 44 Oct 31 15:25:01.531092: | 11 2a af 8c f6 c4 c3 f7 ad 78 77 ea 27 14 37 1a Oct 31 15:25:01.531094: | 04 68 f8 a0 94 54 de 8e b9 de a9 13 1f 87 66 70 Oct 31 15:25:01.531096: | 7c ee 11 17 58 9f 50 5a 29 c6 d7 0f 10 bc 85 71 Oct 31 15:25:01.531098: | b3 f4 11 f5 81 87 34 f8 98 16 d9 ca 75 78 46 6d Oct 31 15:25:01.531100: | cb 96 30 4f ab 91 a5 cf 2d 9f bf 1b 1e 49 0f 17 Oct 31 15:25:01.531102: | 49 8d 99 34 23 2d e3 a1 3b 26 cf ba 56 09 bd 5f Oct 31 15:25:01.531105: | 08 f1 f2 ee 33 9c 55 11 d3 64 50 63 1a 6c 4b 3d Oct 31 15:25:01.531107: | ea a6 7f b3 49 17 ec 15 56 c0 e0 2e 34 11 90 f1 Oct 31 15:25:01.531109: | a2 02 a2 d4 25 fc 31 dd 29 00 00 24 69 d2 63 1e Oct 31 15:25:01.531111: | 91 6e 0f 3a cf 14 d9 9e 52 c7 21 0a 8a 39 a8 e0 Oct 31 15:25:01.531114: | 0f 2e 66 05 de 72 a3 55 e2 8f f9 5c 29 00 00 08 Oct 31 15:25:01.531116: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:25:01.531118: | 00 04 29 00 00 1c 00 00 40 04 ab 2a 89 20 6e 3a Oct 31 15:25:01.531120: | b0 f4 13 4e d0 87 27 cf 19 42 07 f6 8b e2 00 00 Oct 31 15:25:01.531122: | 00 1c 00 00 40 05 8e f4 63 11 5d 06 78 a8 c0 f1 Oct 31 15:25:01.531124: | 8d c9 de 80 5a 62 3f 37 32 04 Oct 31 15:25:01.531151: | sent 1 messages Oct 31 15:25:01.531155: | checking that a retransmit timeout_event was already Oct 31 15:25:01.531159: | state #4 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:01.531162: | libevent_free: delref ptr-libevent@0x55569f53c3e8 Oct 31 15:25:01.531165: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55569f53c1e8 Oct 31 15:25:01.531169: | delref logger@0x55569f534d68(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:01.531172: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.531174: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.531177: | resume sending helper answer back to state for #4 suppresed complete_v2_state_transition() Oct 31 15:25:01.531183: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:01.531189: | #4 spent 1.66 (1.72) milliseconds in resume sending helper answer back to state Oct 31 15:25:01.531194: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:01.531197: | libevent_free: delref ptr-libevent@0x7f52b8006108 Oct 31 15:25:02.031724: | timer_event_cb: processing event@0x55569f52fb38 Oct 31 15:25:02.031740: | handling event EVENT_RETRANSMIT for parent state #4 Oct 31 15:25:02.031744: | libevent_free: delref ptr-libevent@0x55569f53c528 Oct 31 15:25:02.031748: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55569f52fb38 Oct 31 15:25:02.031756: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:02.031760: | IKEv2 retransmit event Oct 31 15:25:02.031766: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:02.031769: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ikev2" #4 attempt 2 of 0 Oct 31 15:25:02.031773: | and parent for 192.1.2.23 "westnet-eastnet-ikev2" #4 keying attempt 1 of 0; retransmit 1 Oct 31 15:25:02.031778: | #4 STATE_PARENT_I1: retransmits: current time 744576.464572 Oct 31 15:25:02.031781: | #4 STATE_PARENT_I1: retransmits: retransmit count 0 exceeds limit? NO Oct 31 15:25:02.031784: | #4 STATE_PARENT_I1: retransmits: deltatime 0.5 exceeds limit? NO Oct 31 15:25:02.031786: | #4 STATE_PARENT_I1: retransmits: monotime 0.50081 exceeds limit? NO Oct 31 15:25:02.031790: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55569f52fb38 Oct 31 15:25:02.031793: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Oct 31 15:25:02.031796: | libevent_malloc: newref ptr-libevent@0x55569f53c3e8 size 128 Oct 31 15:25:02.031801: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 0.5 seconds for response Oct 31 15:25:02.031809: | sending 842 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #4) Oct 31 15:25:02.031812: | 30 4b 14 af 5f 82 41 f5 00 00 00 00 00 00 00 00 Oct 31 15:25:02.031816: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:25:02.031818: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:02.031820: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:02.031822: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:02.031824: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:02.031826: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:02.031828: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:02.031830: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:02.031832: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:02.031834: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:02.031836: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:02.031838: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:02.031840: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:02.031842: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:02.031844: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:02.031847: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:02.031849: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:02.031853: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:02.031855: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:02.031857: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:02.031859: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:02.031861: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:02.031863: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:02.031869: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:02.031872: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:02.031874: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:02.031876: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:02.031878: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:02.031880: | 28 00 01 08 00 0e 00 00 28 83 6b 6b 78 a7 23 84 Oct 31 15:25:02.031882: | 72 6a 1d eb c7 06 84 fa 01 6b 29 c7 71 a8 d4 32 Oct 31 15:25:02.031884: | 91 fe 57 4a 3f d5 6c ed f4 05 fd c2 62 fb 25 1a Oct 31 15:25:02.031886: | af e1 55 18 0b 0d b7 65 5d f5 da c4 a4 93 65 37 Oct 31 15:25:02.031888: | 85 d7 8a ca cc de 71 e9 12 36 7b 23 c3 c3 d8 b0 Oct 31 15:25:02.031890: | 1b 64 7f 80 e8 66 d6 aa 32 f9 ae 8e 2c bf 52 92 Oct 31 15:25:02.031892: | af a9 30 5f 00 07 30 f6 fc 66 94 4e c4 82 d7 a9 Oct 31 15:25:02.031895: | be 4c 42 2b d4 3a 62 90 88 96 d7 38 cc 0c b7 44 Oct 31 15:25:02.031897: | 11 2a af 8c f6 c4 c3 f7 ad 78 77 ea 27 14 37 1a Oct 31 15:25:02.031899: | 04 68 f8 a0 94 54 de 8e b9 de a9 13 1f 87 66 70 Oct 31 15:25:02.031901: | 7c ee 11 17 58 9f 50 5a 29 c6 d7 0f 10 bc 85 71 Oct 31 15:25:02.031903: | b3 f4 11 f5 81 87 34 f8 98 16 d9 ca 75 78 46 6d Oct 31 15:25:02.031905: | cb 96 30 4f ab 91 a5 cf 2d 9f bf 1b 1e 49 0f 17 Oct 31 15:25:02.031907: | 49 8d 99 34 23 2d e3 a1 3b 26 cf ba 56 09 bd 5f Oct 31 15:25:02.031909: | 08 f1 f2 ee 33 9c 55 11 d3 64 50 63 1a 6c 4b 3d Oct 31 15:25:02.031912: | ea a6 7f b3 49 17 ec 15 56 c0 e0 2e 34 11 90 f1 Oct 31 15:25:02.031914: | a2 02 a2 d4 25 fc 31 dd 29 00 00 24 69 d2 63 1e Oct 31 15:25:02.031916: | 91 6e 0f 3a cf 14 d9 9e 52 c7 21 0a 8a 39 a8 e0 Oct 31 15:25:02.031919: | 0f 2e 66 05 de 72 a3 55 e2 8f f9 5c 29 00 00 08 Oct 31 15:25:02.031921: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:25:02.031922: | 00 04 29 00 00 1c 00 00 40 04 ab 2a 89 20 6e 3a Oct 31 15:25:02.031924: | b0 f4 13 4e d0 87 27 cf 19 42 07 f6 8b e2 00 00 Oct 31 15:25:02.031927: | 00 1c 00 00 40 05 8e f4 63 11 5d 06 78 a8 c0 f1 Oct 31 15:25:02.031929: | 8d c9 de 80 5a 62 3f 37 32 04 Oct 31 15:25:02.031952: | sent 1 messages Oct 31 15:25:02.031962: | #4 spent 0.234 (0.237) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:02.031969: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:02.413293: | kernel_process_msg_cb process netlink message Oct 31 15:25:02.413314: | netlink_get: XFRM_MSG_ACQUIRE message Oct 31 15:25:02.413318: | xfrm netlink msg len 376 Oct 31 15:25:02.413324: | xfrm acquire rtattribute type 5 ... Oct 31 15:25:02.413327: | ... xfrm template attribute with reqid:0, spi:0, proto:50 Oct 31 15:25:02.413330: | xfrm acquire rtattribute type 16 ... Oct 31 15:25:02.413332: | ... xfrm policy type ignored Oct 31 15:25:02.413344: | add bare shunt 0x55569f53c978 192.0.1.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:25:02.413350: | stripping address 192.0.1.254 of is_endpoint=0 hport=8 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:25:02.413354: | stripping address 192.0.2.254 of is_endpoint=0 hport=0 ipproto=1 (in subnet_prefix() at ip_subnet.c:114) Oct 31 15:25:02.413362: initiate on demand from 192.0.1.254:8 to 192.0.2.254:0 proto=1 because: acquire Oct 31 15:25:02.413370: | find_connection: looking for policy for connection: 192.0.1.254:1/8 -> 192.0.2.254:1/0 Oct 31 15:25:02.413373: | FOR_EACH_CONNECTION_... in find_connection_for_clients Oct 31 15:25:02.413380: | find_connection: conn "westnet-eastnet-ikev2" has compatible peers: 192.0.1.0/24:0 -> 192.0.2.0/24:0 [pri: 25214986] Oct 31 15:25:02.413383: | find_connection: first OK "westnet-eastnet-ikev2" [pri:25214986]{0x55569f530ff8} (child none) Oct 31 15:25:02.413386: | find_connection: concluding with "westnet-eastnet-ikev2" [pri:25214986]{0x55569f530ff8} kind=CK_PERMANENT Oct 31 15:25:02.413393: | assign hold, routing was prospective erouted, needs to be erouted HOLD Oct 31 15:25:02.413396: | assign_holdpass() need broad(er) shunt Oct 31 15:25:02.413399: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:02.413406: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:02.413409: | netlink_raw_eroute: SPI_HOLD implemented as no-op Oct 31 15:25:02.413411: | raw_eroute result=success Oct 31 15:25:02.413414: | assign_holdpass() eroute_connection() done Oct 31 15:25:02.413416: | fiddle_bare_shunt called Oct 31 15:25:02.413420: | subnet from endpoint 192.0.1.254:8 (in fiddle_bare_shunt() at kernel.c:1338) Oct 31 15:25:02.413424: | subnet from address 192.0.2.254 (in fiddle_bare_shunt() at kernel.c:1339) Oct 31 15:25:02.413427: | fiddle_bare_shunt with transport_proto 1 Oct 31 15:25:02.413429: | removing specific host-to-host bare shunt Oct 31 15:25:02.413436: | delete narrow %hold eroute 192.0.1.254/32:8 --1-> 192.0.2.254/32:0 => %hold using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:02.413439: | netlink_raw_eroute: SPI_PASS Oct 31 15:25:02.413443: | stripping address 192.0.1.254 of is_endpoint=1 hport=8 ipproto=0 (in selector_prefix() at ip_selector.c:153) Oct 31 15:25:02.413460: | raw_eroute result=success Oct 31 15:25:02.413464: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Oct 31 15:25:02.413472: | delete bare shunt 0x55569f53c978 192.0.1.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Oct 31 15:25:02.413475: assign_holdpass() delete_bare_shunt() failed Oct 31 15:25:02.413478: initiate_ondemand_body() failed to install negotiation_shunt, Oct 31 15:25:02.413481: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:02.413486: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "westnet-eastnet-ikev2" Oct 31 15:25:02.413491: | initiate on demand using RSASIG from 192.0.1.254 to 192.0.2.254 Oct 31 15:25:02.413500: | spent 0.185 (0.185) milliseconds in kernel message Oct 31 15:25:02.532646: | timer_event_cb: processing event@0x55569f52fb38 Oct 31 15:25:02.532660: | handling event EVENT_RETRANSMIT for parent state #4 Oct 31 15:25:02.532665: | libevent_free: delref ptr-libevent@0x55569f53c3e8 Oct 31 15:25:02.532669: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55569f52fb38 Oct 31 15:25:02.532677: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:02.532682: | IKEv2 retransmit event Oct 31 15:25:02.532767: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in retransmit_v2_msg() at retry.c:143) Oct 31 15:25:02.532775: | handling event EVENT_RETRANSMIT for 192.1.2.23 "westnet-eastnet-ikev2" #4 attempt 2 of 0 Oct 31 15:25:02.532779: | and parent for 192.1.2.23 "westnet-eastnet-ikev2" #4 keying attempt 1 of 0; retransmit 2 Oct 31 15:25:02.532785: | #4 STATE_PARENT_I1: retransmits: current time 744576.965579 Oct 31 15:25:02.532788: | #4 STATE_PARENT_I1: retransmits: retransmit count 1 exceeds limit? NO Oct 31 15:25:02.532791: | #4 STATE_PARENT_I1: retransmits: deltatime 1 exceeds limit? NO Oct 31 15:25:02.532794: | #4 STATE_PARENT_I1: retransmits: monotime 1.001817 exceeds limit? NO Oct 31 15:25:02.532798: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55569f52fb38 Oct 31 15:25:02.532801: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Oct 31 15:25:02.532805: | libevent_malloc: newref ptr-libevent@0x55569f53c3e8 size 128 Oct 31 15:25:02.532811: "westnet-eastnet-ikev2" #4: STATE_PARENT_I1: retransmission; will wait 1 seconds for response Oct 31 15:25:02.532819: | sending 842 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #4) Oct 31 15:25:02.532823: | 30 4b 14 af 5f 82 41 f5 00 00 00 00 00 00 00 00 Oct 31 15:25:02.532825: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:25:02.532832: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:02.532834: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:02.532836: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:02.532838: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:02.532841: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:02.532843: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:02.532845: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:02.532848: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:02.532850: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:02.532852: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:02.532854: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:02.532857: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:02.532859: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:02.532862: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:02.532864: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:02.532866: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:02.532868: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:02.532870: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:02.532873: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:02.532875: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:02.532877: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:02.532879: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:02.532881: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:02.532884: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:02.532886: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:02.532888: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:02.532890: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:02.532893: | 28 00 01 08 00 0e 00 00 28 83 6b 6b 78 a7 23 84 Oct 31 15:25:02.532895: | 72 6a 1d eb c7 06 84 fa 01 6b 29 c7 71 a8 d4 32 Oct 31 15:25:02.532898: | 91 fe 57 4a 3f d5 6c ed f4 05 fd c2 62 fb 25 1a Oct 31 15:25:02.532900: | af e1 55 18 0b 0d b7 65 5d f5 da c4 a4 93 65 37 Oct 31 15:25:02.532902: | 85 d7 8a ca cc de 71 e9 12 36 7b 23 c3 c3 d8 b0 Oct 31 15:25:02.532904: | 1b 64 7f 80 e8 66 d6 aa 32 f9 ae 8e 2c bf 52 92 Oct 31 15:25:02.532907: | af a9 30 5f 00 07 30 f6 fc 66 94 4e c4 82 d7 a9 Oct 31 15:25:02.532909: | be 4c 42 2b d4 3a 62 90 88 96 d7 38 cc 0c b7 44 Oct 31 15:25:02.532911: | 11 2a af 8c f6 c4 c3 f7 ad 78 77 ea 27 14 37 1a Oct 31 15:25:02.532913: | 04 68 f8 a0 94 54 de 8e b9 de a9 13 1f 87 66 70 Oct 31 15:25:02.532915: | 7c ee 11 17 58 9f 50 5a 29 c6 d7 0f 10 bc 85 71 Oct 31 15:25:02.532918: | b3 f4 11 f5 81 87 34 f8 98 16 d9 ca 75 78 46 6d Oct 31 15:25:02.532920: | cb 96 30 4f ab 91 a5 cf 2d 9f bf 1b 1e 49 0f 17 Oct 31 15:25:02.532922: | 49 8d 99 34 23 2d e3 a1 3b 26 cf ba 56 09 bd 5f Oct 31 15:25:02.532924: | 08 f1 f2 ee 33 9c 55 11 d3 64 50 63 1a 6c 4b 3d Oct 31 15:25:02.532926: | ea a6 7f b3 49 17 ec 15 56 c0 e0 2e 34 11 90 f1 Oct 31 15:25:02.532929: | a2 02 a2 d4 25 fc 31 dd 29 00 00 24 69 d2 63 1e Oct 31 15:25:02.532931: | 91 6e 0f 3a cf 14 d9 9e 52 c7 21 0a 8a 39 a8 e0 Oct 31 15:25:02.532934: | 0f 2e 66 05 de 72 a3 55 e2 8f f9 5c 29 00 00 08 Oct 31 15:25:02.532936: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:25:02.532938: | 00 04 29 00 00 1c 00 00 40 04 ab 2a 89 20 6e 3a Oct 31 15:25:02.532940: | b0 f4 13 4e d0 87 27 cf 19 42 07 f6 8b e2 00 00 Oct 31 15:25:02.532942: | 00 1c 00 00 40 05 8e f4 63 11 5d 06 78 a8 c0 f1 Oct 31 15:25:02.532945: | 8d c9 de 80 5a 62 3f 37 32 04 Oct 31 15:25:02.533365: | sent 1 messages Oct 31 15:25:02.533382: | #4 spent 0.657 (0.736) milliseconds in timer_event_cb() EVENT_RETRANSMIT Oct 31 15:25:02.533389: | stop processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:02.558399: | newref struct fd@0x55569f535e28(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.558412: | fd_accept: new fd-fd@0x55569f535e28 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.558425: shutting down Oct 31 15:25:02.558432: | leaking fd-fd@0x55569f535e28's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:02.558436: | delref fd@0x55569f535e28(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:02.558439: | freeref fd-fd@0x55569f535e28 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:02.558454: | shutting down helper thread 5 Oct 31 15:25:02.558486: | helper thread 5 exited Oct 31 15:25:02.558499: | shutting down helper thread 7 Oct 31 15:25:02.558515: | helper thread 7 exited Oct 31 15:25:02.558523: | shutting down helper thread 1 Oct 31 15:25:02.558544: | helper thread 1 exited Oct 31 15:25:02.558552: | shutting down helper thread 3 Oct 31 15:25:02.558572: | helper thread 3 exited Oct 31 15:25:02.558586: | shutting down helper thread 4 Oct 31 15:25:02.558625: | helper thread 4 exited Oct 31 15:25:02.558641: | shutting down helper thread 6 Oct 31 15:25:02.558654: | helper thread 6 exited Oct 31 15:25:02.558666: | shutting down helper thread 2 Oct 31 15:25:02.558676: | helper thread 2 exited Oct 31 15:25:02.558681: 7 helper threads shutdown Oct 31 15:25:02.558684: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:02.558687: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:02.558690: forgetting secrets Oct 31 15:25:02.558703: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:02.558708: | delref pkp@0x55569f536c88(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:02.558712: | delref pkp@0x55569f537b48(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:02.558717: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:25:02.558719: | removing pending policy for no connection {0x55569f53c048} Oct 31 15:25:02.558722: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:02.558725: | pass 0 Oct 31 15:25:02.558728: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:02.558730: | state #4 Oct 31 15:25:02.558737: | start processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:02.558740: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:02.558742: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:02.558745: | pstats #4 ikev2.ike deleted other Oct 31 15:25:02.558750: | #4 main thread spent 2.7 (2.84) milliseconds helper thread spent 1.93 (4.68) milliseconds in total Oct 31 15:25:02.558756: | [RE]START processing: state #4 connection "westnet-eastnet-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:02.558759: | should_send_delete: no, not established Oct 31 15:25:02.558764: "westnet-eastnet-ikev2" #4: deleting state (STATE_PARENT_I1) aged 1.034305s and NOT sending notification Oct 31 15:25:02.558767: | parent state #4: PARENT_I1(half-open IKE SA) => delete Oct 31 15:25:02.558770: | unsuspending #4 MD (nil) Oct 31 15:25:02.558772: | should_send_delete: no, not established Oct 31 15:25:02.558775: | state #4 has no .st_event to delete Oct 31 15:25:02.558778: | #4 requesting EVENT_RETRANSMIT-pe@0x55569f52fb38 be deleted Oct 31 15:25:02.558782: | libevent_free: delref ptr-libevent@0x55569f53c3e8 Oct 31 15:25:02.558785: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55569f52fb38 Oct 31 15:25:02.558787: | #4 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:02.558790: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:02.558795: | picked newest_isakmp_sa #0 for #4 Oct 31 15:25:02.558799: "westnet-eastnet-ikev2" #4: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:02.558802: | add revival: connection 'westnet-eastnet-ikev2' added to the list and scheduled for 5 seconds Oct 31 15:25:02.558805: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Oct 31 15:25:02.558810: | in connection_discard for connection westnet-eastnet-ikev2 Oct 31 15:25:02.558812: | State DB: deleting IKEv2 state #4 in PARENT_I1 Oct 31 15:25:02.558816: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Oct 31 15:25:02.558818: | releasing #4's fd-fd@(nil) because deleting state Oct 31 15:25:02.558820: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:02.558828: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:02.558830: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:02.558844: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:02.558849: | delref logger@0x55569f5333f8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:02.558851: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:02.558853: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:02.558856: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:02.558858: | pass 1 Oct 31 15:25:02.558861: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:02.558867: | shunt_eroute() called for connection 'westnet-eastnet-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:02.558872: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:02.558875: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:02.558920: | priority calculation of connection "westnet-eastnet-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:02.558936: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:02.558940: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:02.558943: | conn westnet-eastnet-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:25:02.558946: | route owner of "westnet-eastnet-ikev2" unrouted: NULL Oct 31 15:25:02.558949: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:02.558952: | command executing unroute-client Oct 31 15:25:02.558982: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU... Oct 31 15:25:02.558985: | popen cmd is 1088 chars long Oct 31 15:25:02.558988: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:25:02.558990: | cmd( 80):t-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='': Oct 31 15:25:02.558992: | cmd( 160): PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_: Oct 31 15:25:02.558994: | cmd( 240):CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.: Oct 31 15:25:02.558998: | cmd( 320):255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_: Oct 31 15:25:02.559001: | cmd( 400):SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT=': Oct 31 15:25:02.559003: | cmd( 480):192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.: Oct 31 15:25:02.559005: | cmd( 560):255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=: Oct 31 15:25:02.559007: | cmd( 640):'xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+I: Oct 31 15:25:02.559009: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLU: Oct 31 15:25:02.559011: | cmd( 800):TO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_: Oct 31 15:25:02.559013: | cmd( 880):INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUT: Oct 31 15:25:02.559015: | cmd( 960):O_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARE: Oct 31 15:25:02.559017: | cmd(1040):D='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:02.575944: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576063: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576100: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576136: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576169: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576204: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576221: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576236: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576251: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576388: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576424: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576466: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576479: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576495: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576510: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576526: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576544: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576559: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576573: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.576587: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577117: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577160: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577197: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577242: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577278: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577291: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577309: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577490: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577497: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.577500: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:02.592383: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:02.592401: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:02.592407: | newref clone logger@0x55569f536f18(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:02.592413: | delref hp@0x55569f5379f8(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:02.592420: | flush revival: connection 'westnet-eastnet-ikev2' revival flushed Oct 31 15:25:02.592424: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:02.592426: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:02.592441: | Connection DB: deleting connection $1 Oct 31 15:25:02.592445: | delref logger@0x55569f536f18(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:02.592448: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:02.592450: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:02.592454: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:02.592457: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:02.592462: | iface: marking eth1 dead Oct 31 15:25:02.592464: | iface: marking eth0 dead Oct 31 15:25:02.592466: | iface: marking lo dead Oct 31 15:25:02.592468: | updating interfaces - listing interfaces that are going down Oct 31 15:25:02.592474: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:02.592478: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:02.592482: shutting down interface eth0 192.0.1.254:4500 Oct 31 15:25:02.592488: shutting down interface eth0 192.0.1.254:500 Oct 31 15:25:02.592494: shutting down interface eth1 192.1.2.45:4500 Oct 31 15:25:02.592498: shutting down interface eth1 192.1.2.45:500 Oct 31 15:25:02.592501: | updating interfaces - deleting the dead Oct 31 15:25:02.592506: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:02.592515: | libevent_free: delref ptr-libevent@0x55569f52be58 Oct 31 15:25:02.592519: | delref id@0x55569f530028(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592531: | libevent_free: delref ptr-libevent@0x55569f4ef568 Oct 31 15:25:02.592535: | delref id@0x55569f530028(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592543: | libevent_free: delref ptr-libevent@0x55569f4e4828 Oct 31 15:25:02.592547: | delref id@0x55569f52ff58(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592553: | libevent_free: delref ptr-libevent@0x55569f4ef668 Oct 31 15:25:02.592557: | delref id@0x55569f52ff58(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592564: | libevent_free: delref ptr-libevent@0x55569f4ec088 Oct 31 15:25:02.592567: | delref id@0x55569f52fe28(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592574: | libevent_free: delref ptr-libevent@0x55569f4ebfd8 Oct 31 15:25:02.592578: | delref id@0x55569f52fe28(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592583: | delref id@0x55569f52fe28(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592587: | delref id@0x55569f52ff58(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592590: | delref id@0x55569f530028(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.592593: | updating interfaces - checking orientation Oct 31 15:25:02.592595: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:02.595001: | libevent_free: delref ptr-libevent@0x55569f52bf08 Oct 31 15:25:02.595015: | free_event_entry: delref EVENT_NULL-pe@0x55569f52f3c8 Oct 31 15:25:02.595021: | libevent_free: delref ptr-libevent@0x55569f4ef468 Oct 31 15:25:02.595025: | free_event_entry: delref EVENT_NULL-pe@0x55569f52bde8 Oct 31 15:25:02.595029: | libevent_free: delref ptr-libevent@0x55569f4ef3b8 Oct 31 15:25:02.595033: | free_event_entry: delref EVENT_NULL-pe@0x55569f529dc8 Oct 31 15:25:02.595264: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:02.595272: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:02.595276: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:02.595278: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:02.595281: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:02.595284: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:02.595286: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:02.595289: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:02.595291: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:02.595300: | libevent_free: delref ptr-libevent@0x55569f482298 Oct 31 15:25:02.595303: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:02.595307: | libevent_free: delref ptr-libevent@0x55569f4812e8 Oct 31 15:25:02.595310: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:02.595314: | libevent_free: delref ptr-libevent@0x55569f52f5e8 Oct 31 15:25:02.595317: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:02.595320: | libevent_free: delref ptr-libevent@0x55569f52f828 Oct 31 15:25:02.595323: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:02.595325: | releasing event base Oct 31 15:25:02.595339: | libevent_free: delref ptr-libevent@0x55569f52f6f8 Oct 31 15:25:02.595343: | libevent_free: delref ptr-libevent@0x55569f51eae8 Oct 31 15:25:02.595347: | libevent_free: delref ptr-libevent@0x55569f51ea98 Oct 31 15:25:02.595350: | libevent_free: delref ptr-libevent@0x55569f4f1c28 Oct 31 15:25:02.595353: | libevent_free: delref ptr-libevent@0x55569f51ec98 Oct 31 15:25:02.595356: | libevent_free: delref ptr-libevent@0x55569f522eb8 Oct 31 15:25:02.595359: | libevent_free: delref ptr-libevent@0x55569f522cc8 Oct 31 15:25:02.595361: | libevent_free: delref ptr-libevent@0x55569f51ecd8 Oct 31 15:25:02.595364: | libevent_free: delref ptr-libevent@0x55569f522ad8 Oct 31 15:25:02.595367: | libevent_free: delref ptr-libevent@0x55569f522498 Oct 31 15:25:02.595369: | libevent_free: delref ptr-libevent@0x55569f530b18 Oct 31 15:25:02.595372: | libevent_free: delref ptr-libevent@0x55569f530ad8 Oct 31 15:25:02.595375: | libevent_free: delref ptr-libevent@0x55569f530a98 Oct 31 15:25:02.595377: | libevent_free: delref ptr-libevent@0x55569f530a58 Oct 31 15:25:02.595380: | libevent_free: delref ptr-libevent@0x55569f530a18 Oct 31 15:25:02.595382: | libevent_free: delref ptr-libevent@0x55569f5309d8 Oct 31 15:25:02.595385: | libevent_free: delref ptr-libevent@0x55569f515268 Oct 31 15:25:02.595388: | libevent_free: delref ptr-libevent@0x55569f52f5a8 Oct 31 15:25:02.595391: | libevent_free: delref ptr-libevent@0x55569f52f568 Oct 31 15:25:02.595393: | libevent_free: delref ptr-libevent@0x55569f522b18 Oct 31 15:25:02.595396: | libevent_free: delref ptr-libevent@0x55569f52f6b8 Oct 31 15:25:02.595399: | libevent_free: delref ptr-libevent@0x55569f52f438 Oct 31 15:25:02.595402: | libevent_free: delref ptr-libevent@0x55569f4f18a8 Oct 31 15:25:02.595405: | libevent_free: delref ptr-libevent@0x55569f4f1108 Oct 31 15:25:02.595408: | libevent_free: delref ptr-libevent@0x55569f4e8108 Oct 31 15:25:02.595411: | releasing global libevent data Oct 31 15:25:02.595414: | libevent_free: delref ptr-libevent@0x55569f4f1448 Oct 31 15:25:02.595417: | libevent_free: delref ptr-libevent@0x55569f481288 Oct 31 15:25:02.595420: | libevent_free: delref ptr-libevent@0x55569f4f1928 Oct 31 15:25:02.595470: leak detective found no leaks