Oct 31 15:24:55.951092: | newref logger@0x5648ff194bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:55.951163: | delref logger@0x5648ff194bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:55.951169: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.951172: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.951176: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:55.951325: Initializing NSS Oct 31 15:24:55.951333: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:55.977807: FIPS Mode: NO Oct 31 15:24:55.977822: NSS crypto library initialized Oct 31 15:24:55.977846: FIPS mode disabled for pluto daemon Oct 31 15:24:55.977849: FIPS HMAC integrity support [disabled] Oct 31 15:24:55.977909: libcap-ng support [enabled] Oct 31 15:24:55.977918: Linux audit support [enabled] Oct 31 15:24:55.977934: Linux audit activated Oct 31 15:24:55.977940: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2154313 Oct 31 15:24:55.977942: core dump dir: /var/tmp Oct 31 15:24:55.977943: secrets file: /etc/ipsec.secrets Oct 31 15:24:55.977945: leak-detective enabled Oct 31 15:24:55.977946: NSS crypto [enabled] Oct 31 15:24:55.977947: XAUTH PAM support [enabled] Oct 31 15:24:55.977999: | libevent is using pluto's memory allocator Oct 31 15:24:55.978003: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:55.978012: | libevent_malloc: newref ptr-libevent@0x5648ff1aa5b8 size 40 Oct 31 15:24:55.978016: | libevent_malloc: newref ptr-libevent@0x5648ff209f68 size 40 Oct 31 15:24:55.978019: | libevent_malloc: newref ptr-libevent@0x5648ff203fe8 size 40 Oct 31 15:24:55.978020: | creating event base Oct 31 15:24:55.978022: | libevent_malloc: newref ptr-libevent@0x5648ff204908 size 56 Oct 31 15:24:55.978024: | libevent_malloc: newref ptr-libevent@0x5648ff220fc8 size 664 Oct 31 15:24:55.978032: | libevent_malloc: newref ptr-libevent@0x5648ff227f48 size 24 Oct 31 15:24:55.978036: | libevent_malloc: newref ptr-libevent@0x5648ff227f98 size 384 Oct 31 15:24:55.978044: | libevent_malloc: newref ptr-libevent@0x5648ff228148 size 16 Oct 31 15:24:55.978046: | libevent_malloc: newref ptr-libevent@0x5648ff203f68 size 40 Oct 31 15:24:55.978047: | libevent_malloc: newref ptr-libevent@0x5648ff203ee8 size 48 Oct 31 15:24:55.978051: | libevent_realloc: newref ptr-libevent@0x5648ff228188 size 256 Oct 31 15:24:55.978052: | libevent_malloc: newref ptr-libevent@0x5648ff2282b8 size 16 Oct 31 15:24:55.978056: | libevent_free: delref ptr-libevent@0x5648ff204908 Oct 31 15:24:55.978058: | libevent initialized Oct 31 15:24:55.978061: | libevent_realloc: newref ptr-libevent@0x5648ff204908 size 64 Oct 31 15:24:55.978063: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:55.978068: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:55.978070: NAT-Traversal support [enabled] Oct 31 15:24:55.978072: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:55.978075: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:55.978079: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:55.978091: | checking IKEv1 state table Oct 31 15:24:55.978097: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.978099: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:55.978102: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.978103: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:55.978105: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:55.978106: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:55.978108: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.978109: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.978111: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:55.978116: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:55.978118: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.978119: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:55.978120: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:55.978122: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:55.978123: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:55.978125: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:55.978126: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:55.978127: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:55.978129: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:55.978130: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:55.978132: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:55.978133: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:55.978135: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:55.978136: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:55.978138: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.978139: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:55.978141: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.978142: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:55.978143: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:55.978145: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:55.978146: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:55.978147: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:55.978149: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:55.978150: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:55.978152: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:55.978153: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:55.978155: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:55.978156: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:55.978158: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:55.978159: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:55.978161: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:55.978162: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:55.978164: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:55.978165: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:55.978166: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:55.978168: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:55.978169: | INFO: category: informational; flags: 0: Oct 31 15:24:55.978171: | -> INFO EVENT_NULL (informational) Oct 31 15:24:55.978172: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:55.978174: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:55.978175: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978176: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:55.978178: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:55.978179: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:55.978181: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:55.978182: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:55.978184: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:55.978185: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:55.978187: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:55.978188: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:55.978190: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.978191: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:55.978192: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978194: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:55.978197: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.978210: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:55.978215: | checking IKEv2 state table Oct 31 15:24:55.978218: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978220: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:55.978222: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978224: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:55.978225: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978227: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:55.978230: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:55.978232: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:55.978233: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.978235: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:55.978239: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:55.978241: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:55.978242: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:55.978244: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:55.978245: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:55.978247: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:55.978248: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:55.978250: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:55.978251: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:55.978252: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:55.978254: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.978255: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:55.978257: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:55.978259: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:55.978260: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:55.978261: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:55.978263: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:55.978264: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978266: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:55.978267: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.978269: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:55.978270: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:55.978272: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:55.978273: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978275: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:55.978278: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:55.978280: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:55.978281: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:55.978283: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:55.978284: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:55.978286: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:55.978287: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:55.978289: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:55.978290: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:55.978292: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:55.978293: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:55.978295: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:55.978298: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:55.978299: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:55.978388: Encryption algorithms: Oct 31 15:24:55.978393: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:55.978396: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:55.978399: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:55.978402: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:55.978405: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:55.978409: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:55.978418: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:55.978425: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:55.978431: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:55.978437: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:55.978443: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:55.978448: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:55.978452: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:55.978455: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:55.978456: Hash algorithms: Oct 31 15:24:55.978459: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:55.978461: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:55.978464: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:55.978470: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:55.978476: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:55.978478: PRF algorithms: Oct 31 15:24:55.978482: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:55.978487: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:55.978492: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:55.978500: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:55.978504: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:55.978507: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:55.978509: Integrity algorithms: Oct 31 15:24:55.978512: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:55.978514: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:55.978517: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:55.978520: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:55.978523: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:55.978525: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:55.978528: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:55.978530: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:55.978532: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:55.978534: DH algorithms: Oct 31 15:24:55.978536: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:55.978538: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:55.978540: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:55.978542: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:55.978545: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:55.978549: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:55.978556: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:55.978561: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:55.978565: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:55.978570: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:55.978575: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:55.978578: testing CAMELLIA_CBC: Oct 31 15:24:55.978581: Camellia: 16 bytes with 128-bit key Oct 31 15:24:55.978631: Camellia: 16 bytes with 128-bit key Oct 31 15:24:55.978653: Camellia: 16 bytes with 256-bit key Oct 31 15:24:55.978673: Camellia: 16 bytes with 256-bit key Oct 31 15:24:55.978691: testing AES_GCM_16: Oct 31 15:24:55.978693: empty string Oct 31 15:24:55.978712: one block Oct 31 15:24:55.978729: two blocks Oct 31 15:24:55.978747: two blocks with associated data Oct 31 15:24:55.978765: testing AES_CTR: Oct 31 15:24:55.978767: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:55.978785: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:55.978805: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:55.978824: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:55.978844: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:55.978863: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:55.978883: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:55.978900: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:55.978919: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:55.978938: testing AES_CBC: Oct 31 15:24:55.978940: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:55.978957: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:55.978977: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:55.978996: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:55.979020: testing AES_XCBC: Oct 31 15:24:55.979022: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:55.979095: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:55.979174: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:55.979255: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:55.979333: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:55.979407: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:55.979535: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:55.979749: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:55.979828: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:55.979910: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:55.980044: testing HMAC_MD5: Oct 31 15:24:55.980047: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:55.980174: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:55.980281: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:55.980394: 8 CPU cores online Oct 31 15:24:55.980397: starting up 7 helper threads Oct 31 15:24:55.980425: started thread for helper 0 Oct 31 15:24:55.980433: | starting helper thread 1 Oct 31 15:24:55.980440: seccomp security disabled for crypto helper 1 Oct 31 15:24:55.980445: started thread for helper 1 Oct 31 15:24:55.980446: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:55.980456: | helper thread 1 has nothing to do Oct 31 15:24:55.980456: | starting helper thread 2 Oct 31 15:24:55.980464: seccomp security disabled for crypto helper 2 Oct 31 15:24:55.980467: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:55.980470: | helper thread 2 has nothing to do Oct 31 15:24:55.980484: started thread for helper 2 Oct 31 15:24:55.980488: | starting helper thread 3 Oct 31 15:24:55.980492: seccomp security disabled for crypto helper 3 Oct 31 15:24:55.980495: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:55.980497: | helper thread 3 has nothing to do Oct 31 15:24:55.980509: started thread for helper 3 Oct 31 15:24:55.980537: started thread for helper 4 Oct 31 15:24:55.980544: | starting helper thread 5 Oct 31 15:24:55.980549: seccomp security disabled for crypto helper 5 Oct 31 15:24:55.980562: started thread for helper 5 Oct 31 15:24:55.980566: | starting helper thread 4 Oct 31 15:24:55.980572: seccomp security disabled for crypto helper 4 Oct 31 15:24:55.980575: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:55.980578: | helper thread 4 has nothing to do Oct 31 15:24:55.980589: started thread for helper 6 Oct 31 15:24:55.980617: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:55.980612: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:55.980674: | helper thread 5 has nothing to do Oct 31 15:24:55.980683: | Hard-wiring algorithms Oct 31 15:24:55.980689: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:55.980696: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:55.980699: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:55.980709: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:55.980704: | starting helper thread 7 Oct 31 15:24:55.980723: seccomp security disabled for crypto helper 7 Oct 31 15:24:55.980716: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:55.980728: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:55.980733: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:55.980737: | helper thread 7 has nothing to do Oct 31 15:24:55.980742: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:55.980749: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:55.980750: | adding AES_CTR to kernel algorithm db Oct 31 15:24:55.980752: | adding AES_CBC to kernel algorithm db Oct 31 15:24:55.980753: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:55.980755: | adding NULL to kernel algorithm db Oct 31 15:24:55.980757: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:55.980762: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:55.980764: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:55.980765: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:55.980767: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:55.980768: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:55.980770: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:55.980771: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:55.980772: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:55.980774: | adding NONE to kernel algorithm db Oct 31 15:24:55.980777: | starting helper thread 6 Oct 31 15:24:55.980784: seccomp security disabled for crypto helper 6 Oct 31 15:24:55.980787: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:55.980789: | helper thread 6 has nothing to do Oct 31 15:24:55.980794: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:55.980799: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:55.980800: | setup kernel fd callback Oct 31 15:24:55.980802: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x5648ff233278 Oct 31 15:24:55.980805: | libevent_malloc: newref ptr-libevent@0x5648ff208ff8 size 128 Oct 31 15:24:55.980807: | libevent_malloc: newref ptr-libevent@0x5648ff22c0b8 size 16 Oct 31 15:24:55.980812: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x5648ff2332e8 Oct 31 15:24:55.980813: | libevent_malloc: newref ptr-libevent@0x5648ff20a418 size 128 Oct 31 15:24:55.980815: | libevent_malloc: newref ptr-libevent@0x5648ff22ba78 size 16 Oct 31 15:24:55.980953: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:55.981097: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:55.981298: | unbound context created - setting debug level to 5 Oct 31 15:24:55.981334: | /etc/hosts lookups activated Oct 31 15:24:55.981353: | /etc/resolv.conf usage activated Oct 31 15:24:55.981410: | outgoing-port-avoid set 0-65535 Oct 31 15:24:55.981436: | outgoing-port-permit set 32768-60999 Oct 31 15:24:55.981440: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:55.981444: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:55.981447: | Setting up events, loop start Oct 31 15:24:55.981452: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x5648ff2389a8 Oct 31 15:24:55.981455: | libevent_malloc: newref ptr-libevent@0x5648ff235528 size 128 Oct 31 15:24:55.981459: | libevent_malloc: newref ptr-libevent@0x5648ff22c498 size 16 Oct 31 15:24:55.981466: | libevent_realloc: newref ptr-libevent@0x5648ff238a18 size 256 Oct 31 15:24:55.981469: | libevent_malloc: newref ptr-libevent@0x5648ff22c0f8 size 8 Oct 31 15:24:55.981473: | libevent_realloc: newref ptr-libevent@0x5648ff22b738 size 144 Oct 31 15:24:55.981475: | libevent_malloc: newref ptr-libevent@0x5648ff1aa8a8 size 152 Oct 31 15:24:55.981479: | libevent_malloc: newref ptr-libevent@0x5648ff22c2a8 size 16 Oct 31 15:24:55.981483: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:55.981490: | libevent_malloc: newref ptr-libevent@0x5648ff238b48 size 8 Oct 31 15:24:55.981493: | libevent_malloc: newref ptr-libevent@0x5648ff1aa6d8 size 152 Oct 31 15:24:55.981496: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:55.981499: | libevent_malloc: newref ptr-libevent@0x5648ff238b88 size 8 Oct 31 15:24:55.981502: | libevent_malloc: newref ptr-libevent@0x5648ff238bc8 size 152 Oct 31 15:24:55.981505: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:55.981508: | libevent_malloc: newref ptr-libevent@0x5648ff238c98 size 8 Oct 31 15:24:55.981511: | libevent_realloc: delref ptr-libevent@0x5648ff22b738 Oct 31 15:24:55.981514: | libevent_realloc: newref ptr-libevent@0x5648ff238cd8 size 256 Oct 31 15:24:55.981517: | libevent_malloc: newref ptr-libevent@0x5648ff238e08 size 152 Oct 31 15:24:55.981520: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:55.981872: | created addconn helper (pid:2154331) using fork+execve Oct 31 15:24:55.981890: | forked child 2154331 Oct 31 15:24:55.981907: seccomp security disabled Oct 31 15:24:55.987804: | newref struct fd@0x5648ff238f68(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.987818: | fd_accept: new fd-fd@0x5648ff238f68 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.987836: | whack: listen Oct 31 15:24:55.987841: listening for IKE messages Oct 31 15:24:55.987944: | Inspecting interface lo Oct 31 15:24:55.987954: | found lo with address 127.0.0.1 Oct 31 15:24:55.987958: | Inspecting interface eth0 Oct 31 15:24:55.987964: | found eth0 with address 192.1.3.209 Oct 31 15:24:55.987977: | newref struct iface_dev@0x5648ff239408(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.987998: Kernel supports NIC esp-hw-offload Oct 31 15:24:55.988010: | iface: marking eth0 add Oct 31 15:24:55.988014: | newref struct iface_dev@0x5648ff239538(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:55.988017: | iface: marking lo add Oct 31 15:24:55.988113: | no interfaces to sort Oct 31 15:24:55.988131: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:55.988144: | addref ifd@0x5648ff239408(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.988150: adding UDP interface eth0 192.1.3.209:500 Oct 31 15:24:55.988165: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:55.988225: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.988233: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.988238: | addref ifd@0x5648ff239408(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.988242: adding UDP interface eth0 192.1.3.209:4500 Oct 31 15:24:55.988260: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:55.988272: | addref ifd@0x5648ff239538(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.988277: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:55.988294: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:55.988303: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:55.988306: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:55.988310: | addref ifd@0x5648ff239538(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:55.988315: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:55.988321: | updating interfaces - listing interfaces that are going down Oct 31 15:24:55.988324: | updating interfaces - checking orientation Oct 31 15:24:55.988327: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:55.988345: | libevent_malloc: newref ptr-libevent@0x5648ff235478 size 128 Oct 31 15:24:55.988350: | libevent_malloc: newref ptr-libevent@0x5648ff239d68 size 16 Oct 31 15:24:55.988359: | setup callback for interface lo 127.0.0.1:4500 fd 21 on UDP Oct 31 15:24:55.988363: | libevent_malloc: newref ptr-libevent@0x5648ff20a518 size 128 Oct 31 15:24:55.988366: | libevent_malloc: newref ptr-libevent@0x5648ff239da8 size 16 Oct 31 15:24:55.988372: | setup callback for interface lo 127.0.0.1:500 fd 20 on UDP Oct 31 15:24:55.988376: | libevent_malloc: newref ptr-libevent@0x5648ff204638 size 128 Oct 31 15:24:55.988386: | libevent_malloc: newref ptr-libevent@0x5648ff239de8 size 16 Oct 31 15:24:55.988392: | setup callback for interface eth0 192.1.3.209:4500 fd 19 on UDP Oct 31 15:24:55.988395: | libevent_malloc: newref ptr-libevent@0x5648ff204168 size 128 Oct 31 15:24:55.988398: | libevent_malloc: newref ptr-libevent@0x5648ff239e28 size 16 Oct 31 15:24:55.988403: | setup callback for interface eth0 192.1.3.209:500 fd 18 on UDP Oct 31 15:24:55.990667: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:55.990686: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:55.990689: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:55.990718: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:55.990763: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:55.990782: | old food groups: Oct 31 15:24:55.990785: | new food groups: Oct 31 15:24:55.990792: | delref fd@0x5648ff238f68(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.990798: | freeref fd-fd@0x5648ff238f68 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.990807: | spent 0.778 (3.01) milliseconds in whack Oct 31 15:24:55.991648: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.991667: | waitpid returned pid 2154331 (exited with status 0) Oct 31 15:24:55.991672: | reaped addconn helper child (status 0) Oct 31 15:24:55.991677: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.991684: | spent 0.0216 (0.0215) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:56.008887: | newref struct fd@0x5648ff2394d8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.008904: | fd_accept: new fd-fd@0x5648ff2394d8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.008916: | whack: options (impair|debug) Oct 31 15:24:56.008920: | old debugging base+cpu-usage + none Oct 31 15:24:56.008922: | new debugging = base+cpu-usage Oct 31 15:24:56.008927: | delref fd@0x5648ff2394d8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.008932: | freeref fd-fd@0x5648ff2394d8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.008938: | spent 0.062 (0.0616) milliseconds in whack Oct 31 15:24:56.074093: | newref struct fd@0x5648ff238fa8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.074110: | fd_accept: new fd-fd@0x5648ff238fa8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.074122: | whack: delete 'road-eastnet' Oct 31 15:24:56.074125: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.074127: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:56.074129: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.074130: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:56.074132: | whack: connection 'road-eastnet' Oct 31 15:24:56.074135: | addref fd@0x5648ff238fa8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:56.074138: | newref string logger@0x5648ff22c858(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:56.074141: | Connection DB: adding connection "road-eastnet" $1 Oct 31 15:24:56.074147: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.074157: | added new connection road-eastnet with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:56.074228: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:56.074235: | from whack: got --esp= Oct 31 15:24:56.074275: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:56.074320: | computed rsa CKAID Oct 31 15:24:56.074323: | 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Oct 31 15:24:56.074329: | 59 b0 ef 45 Oct 31 15:24:56.074336: | keyid: *AQPHFfpyJ Oct 31 15:24:56.074338: | size: 388 Oct 31 15:24:56.074340: | n Oct 31 15:24:56.074341: | c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c 3f e2 Oct 31 15:24:56.074343: | 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 a0 ef Oct 31 15:24:56.074345: | aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 17 54 Oct 31 15:24:56.074346: | 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 dd 23 Oct 31 15:24:56.074348: | 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 ac e9 Oct 31 15:24:56.074350: | da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 f5 07 Oct 31 15:24:56.074351: | a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d 41 34 Oct 31 15:24:56.074353: | d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c 73 dd Oct 31 15:24:56.074354: | 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c 3d 4a Oct 31 15:24:56.074356: | 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 f5 26 Oct 31 15:24:56.074358: | 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c bf e6 Oct 31 15:24:56.074359: | d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 2e b5 Oct 31 15:24:56.074361: | 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 7d 6b Oct 31 15:24:56.074362: | 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb 56 fb Oct 31 15:24:56.074364: | 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e f3 30 Oct 31 15:24:56.074367: | db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 4b 6a Oct 31 15:24:56.074368: | 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 05 ff Oct 31 15:24:56.074370: | 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 04 0b Oct 31 15:24:56.074372: | 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 32 1b Oct 31 15:24:56.074373: | 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed 43 48 Oct 31 15:24:56.074375: | 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c da 4d Oct 31 15:24:56.074376: | cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b 0f 8c Oct 31 15:24:56.074378: | e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c 96 74 Oct 31 15:24:56.074379: | 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 90 6a Oct 31 15:24:56.074381: | fd 31 f5 ab Oct 31 15:24:56.074383: | e Oct 31 15:24:56.074384: | 03 Oct 31 15:24:56.074386: | CKAID Oct 31 15:24:56.074389: | 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Oct 31 15:24:56.074391: | 59 b0 ef 45 Oct 31 15:24:56.074395: | saving left CKAID 1a15cce89273439c2bf4202ac1066ef259b0ef45 extracted from raw RSA public key Oct 31 15:24:56.074542: | loaded private key matching CKAID 1a15cce89273439c2bf4202ac1066ef259b0ef45 Oct 31 15:24:56.074784: | copying key using reference slot Oct 31 15:24:56.076864: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:56.076879: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:56.076888: | spent 2.47 (2.49) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.076894: connection "road-eastnet": loaded private key matching left CKAID 1a15cce89273439c2bf4202ac1066ef259b0ef45 Oct 31 15:24:56.076896: | counting wild cards for @road is 0 Oct 31 15:24:56.076916: | computed rsa CKAID Oct 31 15:24:56.076918: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.076920: | 8a 82 25 f1 Oct 31 15:24:56.076923: | keyid: *AQO9bJbr3 Oct 31 15:24:56.076925: | size: 274 Oct 31 15:24:56.076927: | n Oct 31 15:24:56.076929: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:56.076930: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:56.076932: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:56.076934: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:56.076936: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:56.076938: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:56.076944: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:56.076948: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:56.076951: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:56.076953: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:56.076962: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:56.076965: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:56.076968: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:56.076971: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:56.076974: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:56.076977: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:56.076980: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:56.076983: | 48 ef Oct 31 15:24:56.076986: | e Oct 31 15:24:56.076989: | 03 Oct 31 15:24:56.076992: | CKAID Oct 31 15:24:56.076993: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.076995: | 8a 82 25 f1 Oct 31 15:24:56.077000: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:56.077004: | trying secret PKK_RSA:AQPHFfpyJ Oct 31 15:24:56.077062: | spent 0.0548 (0.0548) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.077072: | no private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1: can't find the private key matching the NSS CKAID Oct 31 15:24:56.077077: | counting wild cards for @east is 0 Oct 31 15:24:56.077083: | updating connection from left.host_addr Oct 31 15:24:56.077088: | right host_nexthop 192.1.3.209 Oct 31 15:24:56.077091: | left host_port 500 Oct 31 15:24:56.077095: | updating connection from right.host_addr Oct 31 15:24:56.077099: | right host_port 500 Oct 31 15:24:56.077105: | orienting road-eastnet Oct 31 15:24:56.077115: | road-eastnet doesn't match 127.0.0.1:4500 at all Oct 31 15:24:56.077120: | road-eastnet doesn't match 127.0.0.1:500 at all Oct 31 15:24:56.077125: | road-eastnet doesn't match 192.1.3.209:4500 at all Oct 31 15:24:56.077128: | oriented road-eastnet's this Oct 31 15:24:56.077135: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Oct 31 15:24:56.077145: | newref hp@0x5648ff2409b8(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:56.077149: added IKEv2 connection "road-eastnet" Oct 31 15:24:56.077165: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:56.077180: | 192.1.3.209[@road]---192.1.3.254...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:56.077187: | delref logger@0x5648ff22c858(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:56.077191: | delref fd@0x5648ff238fa8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:56.077194: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.078320: | delref fd@0x5648ff238fa8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.078342: | freeref fd-fd@0x5648ff238fa8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.078350: | spent 3.15 (4.27) milliseconds in whack Oct 31 15:24:56.078413: | newref struct fd@0x5648ff23aeb8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.078420: | fd_accept: new fd-fd@0x5648ff23aeb8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.078431: | whack: key Oct 31 15:24:56.078435: add keyid @road Oct 31 15:24:56.078438: | 01 03 c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c Oct 31 15:24:56.078439: | 3f e2 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 Oct 31 15:24:56.078441: | a0 ef aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 Oct 31 15:24:56.078443: | 17 54 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 Oct 31 15:24:56.078444: | dd 23 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 Oct 31 15:24:56.078446: | ac e9 da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 Oct 31 15:24:56.078447: | f5 07 a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d Oct 31 15:24:56.078449: | 41 34 d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c Oct 31 15:24:56.078451: | 73 dd 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c Oct 31 15:24:56.078452: | 3d 4a 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 Oct 31 15:24:56.078458: | f5 26 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c Oct 31 15:24:56.078460: | bf e6 d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 Oct 31 15:24:56.078461: | 2e b5 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 Oct 31 15:24:56.078463: | 7d 6b 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb Oct 31 15:24:56.078464: | 56 fb 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e Oct 31 15:24:56.078466: | f3 30 db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 Oct 31 15:24:56.078467: | 4b 6a 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 Oct 31 15:24:56.078469: | 05 ff 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 Oct 31 15:24:56.078471: | 04 0b 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 Oct 31 15:24:56.078472: | 32 1b 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed Oct 31 15:24:56.078474: | 43 48 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c Oct 31 15:24:56.078475: | da 4d cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b Oct 31 15:24:56.078477: | 0f 8c e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c Oct 31 15:24:56.078478: | 96 74 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 Oct 31 15:24:56.078480: | 90 6a fd 31 f5 ab Oct 31 15:24:56.078499: | computed rsa CKAID Oct 31 15:24:56.078501: | 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Oct 31 15:24:56.078503: | 59 b0 ef 45 Oct 31 15:24:56.078508: | keyid: *AQPHFfpyJ Oct 31 15:24:56.078510: | size: 388 Oct 31 15:24:56.078512: | n Oct 31 15:24:56.078513: | c7 15 fa 72 27 70 a4 e1 f3 0a 70 21 f9 0c 3f e2 Oct 31 15:24:56.078515: | 65 12 87 d9 fd 12 cb af d4 e0 c2 e3 dd 77 a0 ef Oct 31 15:24:56.078517: | aa c7 d6 a2 b2 30 f2 64 b0 c5 e6 c7 a7 27 17 54 Oct 31 15:24:56.078518: | 7a 8e 32 c9 ac fd bf 8f b3 33 b9 74 74 73 dd 23 Oct 31 15:24:56.078520: | 83 11 53 d6 d4 91 0e 36 7e 67 fc 89 1e 48 ac e9 Oct 31 15:24:56.078521: | da 2e 66 9d 6e 4f e2 98 a7 dc 41 b3 a4 37 f5 07 Oct 31 15:24:56.078523: | a9 9c 23 69 83 54 87 7b ea 00 a7 5b ab 2d 41 34 Oct 31 15:24:56.078525: | d1 a3 17 1e a7 64 2d 7f ff 45 7a 5d 85 5c 73 dd Oct 31 15:24:56.078526: | 63 e7 40 ad eb 71 e6 5f 21 43 80 f5 23 4c 3d 4a Oct 31 15:24:56.078528: | 11 2c ca 9a d6 79 c5 c2 51 6e af c3 6e 99 f5 26 Oct 31 15:24:56.078529: | 1c 67 ee 8a 3e 30 4b c1 93 a7 92 34 36 8c bf e6 Oct 31 15:24:56.078531: | d0 d3 fe 78 0b 0a 64 04 44 ca 8c 83 fd f1 2e b5 Oct 31 15:24:56.078532: | 00 76 61 a6 de f1 59 67 2b 6d c2 57 e0 f2 7d 6b Oct 31 15:24:56.078534: | 9f d3 46 41 8c 31 c2 fd c4 60 72 08 3b bb 56 fb Oct 31 15:24:56.078536: | 01 fc 1d 57 4e cf 7c 0f c4 6f 72 6f 2a 0e f3 30 Oct 31 15:24:56.078537: | db a0 80 f9 70 cc bb 07 a9 f9 d7 76 99 63 4b 6a Oct 31 15:24:56.078539: | 0f 1a 37 95 cb 9b ea 17 f7 55 62 6b 8a 83 05 ff Oct 31 15:24:56.078540: | 43 78 57 dd bd 08 85 9c f1 62 35 6e 69 c7 04 0b Oct 31 15:24:56.078542: | 4b c4 1b d2 38 89 8c de 56 d0 c8 2c 51 54 32 1b Oct 31 15:24:56.078544: | 7d 27 dc cd 37 7a 4e cb 1a ec d2 ce 48 ed 43 48 Oct 31 15:24:56.078545: | 9c 8a fc 30 9f b1 57 1c a9 98 e5 84 93 6c da 4d Oct 31 15:24:56.078547: | cc 95 e3 f5 f2 a5 b3 9d 70 ae 24 8d 08 3b 0f 8c Oct 31 15:24:56.078548: | e9 5a a5 f0 4d 9c 3c 2f 7f bc 10 95 34 1c 96 74 Oct 31 15:24:56.078550: | 29 fc ab fb 8f 4b 71 aa 0b 26 b5 f0 32 98 90 6a Oct 31 15:24:56.078551: | fd 31 f5 ab Oct 31 15:24:56.078553: | e Oct 31 15:24:56.078555: | 03 Oct 31 15:24:56.078556: | CKAID Oct 31 15:24:56.078558: | 1a 15 cc e8 92 73 43 9c 2b f4 20 2a c1 06 6e f2 Oct 31 15:24:56.078559: | 59 b0 ef 45 Oct 31 15:24:56.078562: | newref struct pubkey@0x5648ff240c28(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:56.078565: | addref pk@0x5648ff240c28(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:56.078567: | delref pkp@0x5648ff240c28(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:56.078571: | trying secret PKK_RSA:AQPHFfpyJ Oct 31 15:24:56.078573: | matched Oct 31 15:24:56.078574: | secrets entry for ckaid already exists Oct 31 15:24:56.078581: | spent 0.00899 (0.00883) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.078585: | delref fd@0x5648ff23aeb8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.078592: | freeref fd-fd@0x5648ff23aeb8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.078598: | spent 0.193 (0.193) milliseconds in whack Oct 31 15:24:56.078636: | newref struct fd@0x5648ff23ca48(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.078640: | fd_accept: new fd-fd@0x5648ff23ca48 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.078649: | whack: key Oct 31 15:24:56.078652: add keyid @east Oct 31 15:24:56.078654: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:56.078656: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:56.078659: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:56.078661: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:56.078663: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:56.078665: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:56.078668: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:56.078670: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:56.078672: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:56.078675: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:56.078677: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:56.078679: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:56.078682: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:56.078684: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:56.078686: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:56.078689: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:56.078691: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:56.078694: | 51 51 48 ef Oct 31 15:24:56.078704: | computed rsa CKAID Oct 31 15:24:56.078708: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.078710: | 8a 82 25 f1 Oct 31 15:24:56.078716: | keyid: *AQO9bJbr3 Oct 31 15:24:56.078719: | size: 274 Oct 31 15:24:56.078721: | n Oct 31 15:24:56.078724: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:56.078726: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:56.078728: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:56.078730: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:56.078731: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:56.078733: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:56.078735: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:56.078736: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:56.078738: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:56.078739: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:56.078741: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:56.078742: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:56.078744: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:56.078746: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:56.078747: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:56.078749: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:56.078750: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:56.078752: | 48 ef Oct 31 15:24:56.078753: | e Oct 31 15:24:56.078755: | 03 Oct 31 15:24:56.078757: | CKAID Oct 31 15:24:56.078758: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:56.078760: | 8a 82 25 f1 Oct 31 15:24:56.078762: | newref struct pubkey@0x5648ff23e938(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:56.078765: | addref pk@0x5648ff23e938(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:56.078770: | delref pkp@0x5648ff23e938(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:56.078774: | trying secret PKK_RSA:AQPHFfpyJ Oct 31 15:24:56.078844: | spent 0.0683 (0.0684) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:56.078848: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:56.078851: | delref fd@0x5648ff23ca48(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.078858: | freeref fd-fd@0x5648ff23ca48 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.078864: | spent 0.234 (0.234) milliseconds in whack Oct 31 15:24:56.246436: | newref struct fd@0x5648ff22c858(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.246456: | fd_accept: new fd-fd@0x5648ff22c858 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.246469: | whack: initiate Oct 31 15:24:56.246473: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:56.246478: | connection 'road-eastnet' +POLICY_UP Oct 31 15:24:56.246481: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:56.246503: | newref alloc logger@0x5648ff2390d8(0->1) (in new_state() at state.c:576) Oct 31 15:24:56.246506: | addref fd@0x5648ff22c858(1->2) (in new_state() at state.c:577) Oct 31 15:24:56.246509: | creating state object #1 at 0x5648ff242088 Oct 31 15:24:56.246511: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:56.246522: | pstats #1 ikev2.ike started Oct 31 15:24:56.246525: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:56.246530: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:56.246538: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744570.679329 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744570.679329 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:56.246542: | orienting road-eastnet Oct 31 15:24:56.246548: | road-eastnet doesn't match 127.0.0.1:4500 at all Oct 31 15:24:56.246552: | road-eastnet doesn't match 127.0.0.1:500 at all Oct 31 15:24:56.246555: | road-eastnet doesn't match 192.1.3.209:4500 at all Oct 31 15:24:56.246558: | oriented road-eastnet's this Oct 31 15:24:56.246565: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:56.246570: | addref fd@0x5648ff22c858(2->3) (in add_pending() at pending.c:86) Oct 31 15:24:56.246575: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "road-eastnet" Oct 31 15:24:56.246578: "road-eastnet" #1: initiating IKEv2 connection Oct 31 15:24:56.246589: | constructing local IKE proposals for road-eastnet (IKE SA initiator selecting KE) Oct 31 15:24:56.246597: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:56.246607: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246611: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:56.246617: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246621: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:56.246627: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246631: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:56.246637: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246646: "road-eastnet": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:24:56.246652: "road-eastnet": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246657: "road-eastnet": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246663: "road-eastnet": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246669: "road-eastnet": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.246679: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:56.246682: | addref fd@0x5648ff22c858(3->4) (in clone_logger() at log.c:810) Oct 31 15:24:56.246685: | newref clone logger@0x5648ff22c4d8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:56.246688: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:56.246690: | state #1 has no .st_event to delete Oct 31 15:24:56.246693: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:56.246696: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23eb48 Oct 31 15:24:56.246698: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:56.246701: | libevent_malloc: newref ptr-libevent@0x5648ff23caf8 size 128 Oct 31 15:24:56.246715: | #1 spent 0.235 (0.235) milliseconds in ikev2_parent_outI1() Oct 31 15:24:56.246720: | RESET processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:56.246724: | delref fd@0x5648ff22c858(4->3) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.246724: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:56.246729: | spent 0.306 (0.306) milliseconds in whack Oct 31 15:24:56.248802: | "road-eastnet" #1: spent 1.99 (2.07) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:24:56.248816: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:56.248820: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:56.248824: | libevent_malloc: newref ptr-libevent@0x7f5c3c006108 size 128 Oct 31 15:24:56.248835: | helper thread 1 has nothing to do Oct 31 15:24:56.248847: | processing resume sending helper answer back to state for #1 Oct 31 15:24:56.248860: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:56.248865: | unsuspending #1 MD (nil) Oct 31 15:24:56.248869: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:56.248871: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x5648fed3bfe7 Oct 31 15:24:56.248874: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:24:56.248878: | DH secret MODP2048@0x7f5c3c006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:56.248907: | opening output PBS reply packet Oct 31 15:24:56.248911: | **emit ISAKMP Message: Oct 31 15:24:56.248916: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.248920: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:56.248923: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:56.248925: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.248928: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:56.248932: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:56.248936: | Message ID: 0 (00 00 00 00) Oct 31 15:24:56.248939: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:56.248961: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.248965: | Emitting ikev2_proposals ... Oct 31 15:24:56.248968: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:56.248971: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.248980: | flags: none (0x0) Oct 31 15:24:56.248983: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:56.248986: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.248990: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.248994: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.248997: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.249000: | prop #: 1 (01) Oct 31 15:24:56.249002: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:56.249005: | spi size: 0 (00) Oct 31 15:24:56.249008: | # transforms: 11 (0b) Oct 31 15:24:56.249011: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.249014: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249019: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.249022: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:56.249024: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249027: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.249030: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.249033: | length/value: 256 (01 00) Oct 31 15:24:56.249036: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.249039: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249044: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249046: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:56.249049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249054: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249057: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249059: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249062: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249064: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:56.249066: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249071: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249074: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.249082: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249085: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249087: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249089: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:56.249092: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249094: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249097: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249099: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249102: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249104: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249106: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:56.249109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249111: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249114: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249116: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249118: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249121: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249124: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:56.249126: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249128: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249131: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249134: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249136: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249138: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249140: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:56.249143: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249145: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249148: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249150: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249155: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249157: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:56.249160: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249163: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249165: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249167: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249170: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249172: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249175: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:56.249179: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249184: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249187: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249191: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249193: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:56.249196: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249213: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249219: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249222: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249224: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.249227: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249229: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:56.249231: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249234: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249236: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249239: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:56.249241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.249244: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.249247: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.249250: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.249253: | prop #: 2 (02) Oct 31 15:24:56.249256: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:56.249258: | spi size: 0 (00) Oct 31 15:24:56.249260: | # transforms: 11 (0b) Oct 31 15:24:56.249263: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.249266: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.249269: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249271: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249273: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.249276: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:56.249278: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249281: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.249283: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.249286: | length/value: 128 (00 80) Oct 31 15:24:56.249289: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.249292: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249294: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249296: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249299: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:56.249301: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249306: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249308: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249311: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249316: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249318: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:56.249320: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249323: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249325: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249328: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.249330: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249333: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249335: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249337: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:56.249340: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249342: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249345: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249347: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249350: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249352: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249354: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:56.249357: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249359: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249362: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249364: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249367: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249369: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249371: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:56.249374: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249376: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249378: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249381: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249383: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249386: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249388: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:56.249391: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249397: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249400: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249405: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249407: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:56.249410: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249412: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249415: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249417: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249419: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249422: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249424: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:56.249427: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249429: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249432: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249434: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249436: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249439: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249441: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:56.249444: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249446: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249448: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249451: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249453: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.249455: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249458: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:56.249460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249463: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249465: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249468: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:56.249470: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.249474: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.249476: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.249479: | prop #: 3 (03) Oct 31 15:24:56.249481: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:56.249484: | spi size: 0 (00) Oct 31 15:24:56.249487: | # transforms: 13 (0d) Oct 31 15:24:56.249490: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.249492: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.249497: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249499: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249502: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.249504: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:56.249507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249509: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.249512: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.249515: | length/value: 256 (01 00) Oct 31 15:24:56.249517: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.249520: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249522: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249525: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249527: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:56.249530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249532: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249534: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249537: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249542: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249544: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:56.249547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249552: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249554: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249556: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249559: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.249561: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:56.249564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249566: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249569: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249571: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249576: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.249578: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:56.249581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249583: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249586: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249588: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249590: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249593: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249595: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:56.249599: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249602: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249604: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249607: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249611: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249613: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:56.249616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249618: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249621: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249623: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249626: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249630: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:56.249633: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249635: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249638: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249640: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249642: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249645: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249647: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:56.249650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249654: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249657: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249661: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249664: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:56.249666: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249669: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249671: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249674: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249678: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249680: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:56.249683: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249685: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249690: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249693: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249695: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249698: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249700: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:56.249703: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249707: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249710: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249712: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.249714: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249717: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:56.249719: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249722: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249725: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249727: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:56.249729: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.249734: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.249736: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:56.249739: | prop #: 4 (04) Oct 31 15:24:56.249741: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:56.249744: | spi size: 0 (00) Oct 31 15:24:56.249747: | # transforms: 13 (0d) Oct 31 15:24:56.249750: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.249752: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.249755: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249760: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.249762: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:56.249764: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249767: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.249769: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.249773: | length/value: 128 (00 80) Oct 31 15:24:56.249775: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.249778: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249780: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249782: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249785: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:56.249787: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249790: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249792: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249795: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249799: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249801: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.249804: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:56.249806: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249808: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249811: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249814: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249816: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249818: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.249821: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:56.249823: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249826: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249828: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249831: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249835: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.249837: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:56.249840: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249842: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249845: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249847: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249850: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249852: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249854: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:56.249857: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249859: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249862: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249864: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249866: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249869: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249871: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:56.249873: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249876: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249878: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249881: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249883: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249885: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249888: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:56.249890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249894: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249897: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249899: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249901: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249906: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:56.249909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249911: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249913: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249916: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249920: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249923: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:56.249925: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249928: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249930: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249933: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249939: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:56.249942: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249944: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249947: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249949: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249952: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249954: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249956: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:56.249959: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249964: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249966: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.249969: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.249971: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.249973: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:56.249976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.249978: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.249981: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.249985: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:56.249987: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.249989: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:24:56.249992: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:56.249994: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:56.249997: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.249999: | flags: none (0x0) Oct 31 15:24:56.250002: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:56.250005: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:56.250007: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.250011: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:56.250013: | ikev2 g^x: Oct 31 15:24:56.250016: | 7f 6a 2f ff 3a 6e cf f7 0b a7 67 5f 1b a2 92 de Oct 31 15:24:56.250018: | f1 89 73 b7 7e ed 99 2d 6f 6b 27 47 e8 8c 4b 1d Oct 31 15:24:56.250020: | c4 08 f1 d3 ca 06 45 5b 62 b4 5d 6c a2 08 9f 72 Oct 31 15:24:56.250023: | dd 85 d2 0d c4 b0 d3 37 62 40 23 db 3a 2a 69 72 Oct 31 15:24:56.250025: | c4 25 af 6d 69 3a 16 2e 5b 04 16 50 0a 32 6a c7 Oct 31 15:24:56.250027: | 03 01 c0 c6 dd 8e 30 c7 01 65 2d c2 31 9f bf b1 Oct 31 15:24:56.250029: | 3f 2b c0 25 4d 78 e8 4f df 72 88 07 21 65 b6 3e Oct 31 15:24:56.250031: | d4 ce e2 1b 22 c7 00 6c 7c 49 56 66 60 e6 c2 5d Oct 31 15:24:56.250033: | 9c b5 ea 42 9c 43 c7 9d d2 68 f5 43 15 30 9a bc Oct 31 15:24:56.250036: | 5d fc 84 12 c5 6a 1b f8 3d ed 10 3e 00 c9 00 ae Oct 31 15:24:56.250038: | 04 30 0b 76 80 f0 f0 fd 67 20 65 59 d2 56 f4 0b Oct 31 15:24:56.250040: | 5e ab 65 cd 2f e1 20 9d 74 a3 ef 88 82 e4 57 9d Oct 31 15:24:56.250042: | ee dd 7d 25 e4 16 cd f9 36 3f 84 8f 91 42 a5 8c Oct 31 15:24:56.250044: | 94 4f f0 7c ec 92 51 17 2b 21 bd 05 b5 17 93 da Oct 31 15:24:56.250046: | 2d 28 17 09 95 2c be 7c c3 14 78 66 d3 de 2e 50 Oct 31 15:24:56.250048: | 13 10 11 ad 30 88 f0 59 36 47 e3 4e 40 2a 7c 3e Oct 31 15:24:56.250051: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:56.250053: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:56.250055: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.250058: | flags: none (0x0) Oct 31 15:24:56.250061: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:56.250063: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.250066: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:56.250068: | IKEv2 nonce: Oct 31 15:24:56.250071: | c4 04 d3 ca b7 32 2c 71 d9 b4 90 3b 84 db 41 4c Oct 31 15:24:56.250073: | 26 51 d7 c7 d8 7d fb cd 59 de 53 a3 13 a9 12 e7 Oct 31 15:24:56.250076: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:56.250078: | adding a v2N Payload Oct 31 15:24:56.250080: | ***emit IKEv2 Notify Payload: Oct 31 15:24:56.250083: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.250085: | flags: none (0x0) Oct 31 15:24:56.250088: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.250090: | SPI size: 0 (00) Oct 31 15:24:56.250093: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:56.250096: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:56.250098: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.250101: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:56.250105: | adding a v2N Payload Oct 31 15:24:56.250108: | ***emit IKEv2 Notify Payload: Oct 31 15:24:56.250110: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.250113: | flags: none (0x0) Oct 31 15:24:56.250115: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.250118: | SPI size: 0 (00) Oct 31 15:24:56.250120: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:56.250123: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:56.250125: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.250129: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:56.250132: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:56.250135: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:56.250137: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:56.250140: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:56.250142: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:56.250145: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:56.250148: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:56.250150: | nat: IKE.SPIr is zero Oct 31 15:24:56.250169: | natd_hash: hasher=0x5648fee2df80(20) Oct 31 15:24:56.250173: | natd_hash: icookie= Oct 31 15:24:56.250176: | 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.250178: | natd_hash: rcookie= Oct 31 15:24:56.250180: | 00 00 00 00 00 00 00 00 Oct 31 15:24:56.250182: | natd_hash: ip= Oct 31 15:24:56.250184: | c0 01 03 d1 Oct 31 15:24:56.250187: | natd_hash: port= Oct 31 15:24:56.250189: | 01 f4 Oct 31 15:24:56.250191: | natd_hash: hash= Oct 31 15:24:56.250193: | 6b ca 8a 5d cd 42 0a 06 82 76 9e 54 68 fa e8 44 Oct 31 15:24:56.250195: | ed 66 d8 3a Oct 31 15:24:56.250197: | adding a v2N Payload Oct 31 15:24:56.250206: | ***emit IKEv2 Notify Payload: Oct 31 15:24:56.250209: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.250211: | flags: none (0x0) Oct 31 15:24:56.250214: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.250216: | SPI size: 0 (00) Oct 31 15:24:56.250219: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:56.250222: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:56.250224: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.250227: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:56.250229: | Notify data: Oct 31 15:24:56.250232: | 6b ca 8a 5d cd 42 0a 06 82 76 9e 54 68 fa e8 44 Oct 31 15:24:56.250234: | ed 66 d8 3a Oct 31 15:24:56.250236: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:56.250238: | nat: IKE.SPIr is zero Oct 31 15:24:56.250248: | natd_hash: hasher=0x5648fee2df80(20) Oct 31 15:24:56.250251: | natd_hash: icookie= Oct 31 15:24:56.250253: | 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.250255: | natd_hash: rcookie= Oct 31 15:24:56.250257: | 00 00 00 00 00 00 00 00 Oct 31 15:24:56.250259: | natd_hash: ip= Oct 31 15:24:56.250261: | c0 01 02 17 Oct 31 15:24:56.250263: | natd_hash: port= Oct 31 15:24:56.250265: | 01 f4 Oct 31 15:24:56.250267: | natd_hash: hash= Oct 31 15:24:56.250269: | ea a8 94 c7 98 43 d8 c5 af f3 30 2e d5 9b 6d 66 Oct 31 15:24:56.250271: | 68 ec 48 05 Oct 31 15:24:56.250274: | adding a v2N Payload Oct 31 15:24:56.250276: | ***emit IKEv2 Notify Payload: Oct 31 15:24:56.250279: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.250281: | flags: none (0x0) Oct 31 15:24:56.250283: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.250288: | SPI size: 0 (00) Oct 31 15:24:56.250291: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:56.250293: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:56.250296: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.250299: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:56.250301: | Notify data: Oct 31 15:24:56.250303: | ea a8 94 c7 98 43 d8 c5 af f3 30 2e d5 9b 6d 66 Oct 31 15:24:56.250305: | 68 ec 48 05 Oct 31 15:24:56.250307: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:56.250310: | emitting length of ISAKMP Message: 842 Oct 31 15:24:56.250319: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.250323: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:56.250327: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:56.250329: | Message ID: updating counters for #1 Oct 31 15:24:56.250332: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:56.250339: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744570.679329 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:56.250344: | event_schedule: newref EVENT_RETRANSMIT-pe@0x5648ff23ff38 Oct 31 15:24:56.250346: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #1 Oct 31 15:24:56.250350: | libevent_malloc: newref ptr-libevent@0x5648ff23ec08 size 128 Oct 31 15:24:56.250355: | #1 STATE_PARENT_I0: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 744570.683139 Oct 31 15:24:56.250362: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744570.679329 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:56.250368: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744570.679329 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:56.250372: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:56.250375: | announcing the state transition Oct 31 15:24:56.250379: "road-eastnet" #1: sent IKE_SA_INIT request Oct 31 15:24:56.250405: | sending 842 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:56.250409: | 41 21 01 09 c5 56 e7 2b 00 00 00 00 00 00 00 00 Oct 31 15:24:56.250411: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:56.250413: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:56.250416: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:56.250418: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:56.250420: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:56.250422: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:56.250424: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:56.250426: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:56.250428: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:56.250430: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:56.250433: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:56.250435: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:56.250437: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:56.250441: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:56.250443: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:56.250445: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:56.250447: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:56.250449: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:56.250451: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:56.250454: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:56.250456: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:56.250458: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:56.250460: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:56.250462: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:56.250464: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:56.250466: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:56.250469: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:56.250471: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:56.250473: | 28 00 01 08 00 0e 00 00 7f 6a 2f ff 3a 6e cf f7 Oct 31 15:24:56.250475: | 0b a7 67 5f 1b a2 92 de f1 89 73 b7 7e ed 99 2d Oct 31 15:24:56.250477: | 6f 6b 27 47 e8 8c 4b 1d c4 08 f1 d3 ca 06 45 5b Oct 31 15:24:56.250480: | 62 b4 5d 6c a2 08 9f 72 dd 85 d2 0d c4 b0 d3 37 Oct 31 15:24:56.250482: | 62 40 23 db 3a 2a 69 72 c4 25 af 6d 69 3a 16 2e Oct 31 15:24:56.250484: | 5b 04 16 50 0a 32 6a c7 03 01 c0 c6 dd 8e 30 c7 Oct 31 15:24:56.250486: | 01 65 2d c2 31 9f bf b1 3f 2b c0 25 4d 78 e8 4f Oct 31 15:24:56.250488: | df 72 88 07 21 65 b6 3e d4 ce e2 1b 22 c7 00 6c Oct 31 15:24:56.250490: | 7c 49 56 66 60 e6 c2 5d 9c b5 ea 42 9c 43 c7 9d Oct 31 15:24:56.250492: | d2 68 f5 43 15 30 9a bc 5d fc 84 12 c5 6a 1b f8 Oct 31 15:24:56.250495: | 3d ed 10 3e 00 c9 00 ae 04 30 0b 76 80 f0 f0 fd Oct 31 15:24:56.250497: | 67 20 65 59 d2 56 f4 0b 5e ab 65 cd 2f e1 20 9d Oct 31 15:24:56.250499: | 74 a3 ef 88 82 e4 57 9d ee dd 7d 25 e4 16 cd f9 Oct 31 15:24:56.250501: | 36 3f 84 8f 91 42 a5 8c 94 4f f0 7c ec 92 51 17 Oct 31 15:24:56.250503: | 2b 21 bd 05 b5 17 93 da 2d 28 17 09 95 2c be 7c Oct 31 15:24:56.250505: | c3 14 78 66 d3 de 2e 50 13 10 11 ad 30 88 f0 59 Oct 31 15:24:56.250508: | 36 47 e3 4e 40 2a 7c 3e 29 00 00 24 c4 04 d3 ca Oct 31 15:24:56.250510: | b7 32 2c 71 d9 b4 90 3b 84 db 41 4c 26 51 d7 c7 Oct 31 15:24:56.250512: | d8 7d fb cd 59 de 53 a3 13 a9 12 e7 29 00 00 08 Oct 31 15:24:56.250514: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:56.250516: | 00 04 29 00 00 1c 00 00 40 04 6b ca 8a 5d cd 42 Oct 31 15:24:56.250518: | 0a 06 82 76 9e 54 68 fa e8 44 ed 66 d8 3a 00 00 Oct 31 15:24:56.250520: | 00 1c 00 00 40 05 ea a8 94 c7 98 43 d8 c5 af f3 Oct 31 15:24:56.250522: | 30 2e d5 9b 6d 66 68 ec 48 05 Oct 31 15:24:56.250630: | sent 1 messages Oct 31 15:24:56.250635: | checking that a retransmit timeout_event was already Oct 31 15:24:56.250638: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:56.250643: | libevent_free: delref ptr-libevent@0x5648ff23caf8 Oct 31 15:24:56.250646: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23eb48 Oct 31 15:24:56.250651: | delref logger@0x5648ff22c4d8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:56.250654: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.250657: | delref fd@0x5648ff22c858(3->2) (in free_logger() at log.c:854) Oct 31 15:24:56.250661: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:56.250664: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:56.250671: | #1 spent 1.71 (1.8) milliseconds in resume sending helper answer back to state Oct 31 15:24:56.250677: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:56.250683: | libevent_free: delref ptr-libevent@0x7f5c3c006108 Oct 31 15:24:56.254127: | spent 0.00269 (0.00267) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:56.254150: | newref struct msg_digest@0x5648ff243d48(0->1) (in read_message() at demux.c:103) Oct 31 15:24:56.254155: | newref alloc logger@0x5648ff22c4d8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:56.254162: | *received 451 bytes from 192.1.2.23:500 on eth0 192.1.3.209:500 using UDP Oct 31 15:24:56.254165: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.254167: | 21 20 22 20 00 00 00 00 00 00 01 c3 22 00 00 28 Oct 31 15:24:56.254169: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:56.254171: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:56.254173: | 04 00 00 0e 28 00 01 08 00 0e 00 00 04 75 d5 79 Oct 31 15:24:56.254175: | e2 35 d7 9f 65 01 37 cf 6f 82 62 19 be 7a 64 60 Oct 31 15:24:56.254177: | 00 0f 2e 97 b2 7b b7 97 9f 52 fe b2 57 1c 03 6f Oct 31 15:24:56.254179: | 54 7c 66 e8 10 c7 57 ae 74 b7 5b 7a d7 cd dc 20 Oct 31 15:24:56.254181: | 84 13 40 b0 03 e3 0a bc 82 61 8b bb 41 37 1c 24 Oct 31 15:24:56.254184: | 78 bb 3c 34 6f ee a7 a2 70 c6 ad 78 2f 72 b5 88 Oct 31 15:24:56.254186: | 78 32 e2 99 c9 ba 8f 62 f7 8b 47 be 4b 88 e9 df Oct 31 15:24:56.254188: | 79 78 75 01 a2 ba 55 86 52 20 14 69 8d 52 56 62 Oct 31 15:24:56.254190: | 07 2d dd 84 0e cb 51 a9 d4 8b 83 2f 21 18 51 e9 Oct 31 15:24:56.254192: | da b8 47 41 5f ed 74 76 3c 61 3c 22 91 aa 43 3d Oct 31 15:24:56.254194: | 28 1c 93 e6 a5 86 b7 d7 25 eb b6 02 09 a5 97 49 Oct 31 15:24:56.254196: | 2b b9 07 33 ca 88 75 a7 af 91 00 55 50 20 f8 94 Oct 31 15:24:56.254214: | 86 b0 e5 0a 6c 6b 65 2b fd f3 1f 24 f0 63 0c ba Oct 31 15:24:56.254219: | bd 19 5d 9d 72 e3 4c 3e 89 85 e4 f0 8d e8 80 d9 Oct 31 15:24:56.254222: | 9e 2a 4a bd ca fd 17 a2 b7 43 82 7f 6c 18 d0 73 Oct 31 15:24:56.254224: | f9 56 41 4c fe ea 38 74 91 c4 81 dc 78 78 cf 8e Oct 31 15:24:56.254226: | a7 a6 28 f9 30 81 95 00 fe e5 fc ae 29 00 00 24 Oct 31 15:24:56.254228: | 98 1b b9 6a 58 ad 4e c6 82 2b f1 98 ea f4 0d 88 Oct 31 15:24:56.254230: | 8b bd f2 6b b4 ec 66 fb 73 76 f8 a9 ce 0e f3 6a Oct 31 15:24:56.254232: | 29 00 00 08 00 00 40 2e 29 00 00 0e 00 00 40 2f Oct 31 15:24:56.254234: | 00 02 00 03 00 04 29 00 00 1c 00 00 40 04 d2 68 Oct 31 15:24:56.254236: | 27 db 74 60 4c cc 67 cf 09 98 fa e0 54 7b 09 e2 Oct 31 15:24:56.254238: | a5 e6 26 00 00 1c 00 00 40 05 c2 e6 63 cb 8e 46 Oct 31 15:24:56.254240: | c7 f2 8a 45 0e af 50 3e 74 e6 7a 96 7f dc 00 00 Oct 31 15:24:56.254242: | 00 05 04 Oct 31 15:24:56.254247: | **parse ISAKMP Message: Oct 31 15:24:56.254252: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.254256: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.254259: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:56.254261: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.254264: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:56.254266: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:56.254270: | Message ID: 0 (00 00 00 00) Oct 31 15:24:56.254274: | length: 451 (00 00 01 c3) Oct 31 15:24:56.254277: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:56.254280: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:24:56.254285: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:56.254288: | #1 is idle Oct 31 15:24:56.254290: | #1 idle Oct 31 15:24:56.254292: | unpacking clear payloads Oct 31 15:24:56.254307: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:56.254311: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:56.254314: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:56.254316: | flags: none (0x0) Oct 31 15:24:56.254322: | length: 40 (00 28) Oct 31 15:24:56.254325: | processing payload: ISAKMP_NEXT_v2SA (len=36) Oct 31 15:24:56.254327: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:56.254330: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:56.254332: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:56.254335: | flags: none (0x0) Oct 31 15:24:56.254338: | length: 264 (01 08) Oct 31 15:24:56.254340: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:56.254343: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:56.254345: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:56.254347: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:56.254350: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:56.254352: | flags: none (0x0) Oct 31 15:24:56.254355: | length: 36 (00 24) Oct 31 15:24:56.254357: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:56.254360: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:56.254377: | ***parse IKEv2 Notify Payload: Oct 31 15:24:56.254379: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:56.254382: | flags: none (0x0) Oct 31 15:24:56.254385: | length: 8 (00 08) Oct 31 15:24:56.254387: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.254390: | SPI size: 0 (00) Oct 31 15:24:56.254398: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:56.254401: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:56.254404: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:56.254407: | ***parse IKEv2 Notify Payload: Oct 31 15:24:56.254409: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:56.254411: | flags: none (0x0) Oct 31 15:24:56.254414: | length: 14 (00 0e) Oct 31 15:24:56.254417: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.254420: | SPI size: 0 (00) Oct 31 15:24:56.254422: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:56.254424: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:56.254427: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:56.254429: | ***parse IKEv2 Notify Payload: Oct 31 15:24:56.254432: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:56.254434: | flags: none (0x0) Oct 31 15:24:56.254437: | length: 28 (00 1c) Oct 31 15:24:56.254452: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.254454: | SPI size: 0 (00) Oct 31 15:24:56.254456: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:56.254459: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:56.254476: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:56.254479: | ***parse IKEv2 Notify Payload: Oct 31 15:24:56.254481: | next payload type: ISAKMP_NEXT_v2CERTREQ (0x26) Oct 31 15:24:56.254483: | flags: none (0x0) Oct 31 15:24:56.254486: | length: 28 (00 1c) Oct 31 15:24:56.254489: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:56.254491: | SPI size: 0 (00) Oct 31 15:24:56.254498: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:56.254501: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:56.254503: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ) Oct 31 15:24:56.254506: | ***parse IKEv2 Certificate Request Payload: Oct 31 15:24:56.254509: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.254511: | flags: none (0x0) Oct 31 15:24:56.254514: | length: 5 (00 05) Oct 31 15:24:56.254517: | ikev2 cert encoding: CERT_X509_SIGNATURE (0x4) Oct 31 15:24:56.254519: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0) Oct 31 15:24:56.254522: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:24:56.254524: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:24:56.254527: | message has errors Oct 31 15:24:56.254529: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:24:56.254535: | message has errors Oct 31 15:24:56.254537: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:24:56.254556: | message has errors Oct 31 15:24:56.254559: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:56.254561: | matched unencrypted message Oct 31 15:24:56.254583: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:24:56.254602: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:56.254619: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:56.254622: | hash algorithm identifier (network ordered) Oct 31 15:24:56.254624: | 00 02 Oct 31 15:24:56.254626: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:56.254629: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:56.254631: | hash algorithm identifier (network ordered) Oct 31 15:24:56.254633: | 00 03 Oct 31 15:24:56.254635: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:56.254637: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:56.254639: | hash algorithm identifier (network ordered) Oct 31 15:24:56.254641: | 00 04 Oct 31 15:24:56.254643: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:56.254646: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:24:56.254676: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:56.254680: | comparing remote proposals against IKE initiator (accepting) 4 local proposals Oct 31 15:24:56.254684: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:56.254687: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:56.254689: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:56.254692: | local proposal 1 type DH has 8 transforms Oct 31 15:24:56.254694: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:56.254697: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:56.254700: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:56.254702: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:56.254704: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:56.254707: | local proposal 2 type DH has 8 transforms Oct 31 15:24:56.254709: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:56.254712: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:56.254714: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:56.254716: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:56.254719: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:56.254721: | local proposal 3 type DH has 8 transforms Oct 31 15:24:56.254723: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:56.254726: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:56.254728: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:56.254730: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:56.254733: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:56.254735: | local proposal 4 type DH has 8 transforms Oct 31 15:24:56.254739: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:56.254742: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:56.254745: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.254748: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:56.254751: | length: 36 (00 24) Oct 31 15:24:56.254754: | prop #: 1 (01) Oct 31 15:24:56.254756: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:56.254759: | spi size: 0 (00) Oct 31 15:24:56.254761: | # transforms: 3 (03) Oct 31 15:24:56.254765: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:56.254768: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.254771: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.254773: | length: 12 (00 0c) Oct 31 15:24:56.254776: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.254778: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:56.254781: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.254784: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.254787: | length/value: 256 (01 00) Oct 31 15:24:56.254791: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:56.254794: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.254797: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.254799: | length: 8 (00 08) Oct 31 15:24:56.254802: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:56.254804: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:56.254808: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:56.254810: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.254826: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.254829: | length: 8 (00 08) Oct 31 15:24:56.254831: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:56.254833: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:56.254837: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:56.254840: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:56.254845: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:56.254848: | remote proposal 1 matches local proposal 1 Oct 31 15:24:56.254851: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Oct 31 15:24:56.254854: | converting proposal to internal trans attrs Oct 31 15:24:56.254873: | natd_hash: hasher=0x5648fee2df80(20) Oct 31 15:24:56.254877: | natd_hash: icookie= Oct 31 15:24:56.254879: | 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.254881: | natd_hash: rcookie= Oct 31 15:24:56.254883: | 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.254885: | natd_hash: ip= Oct 31 15:24:56.254888: | c0 01 03 d1 Oct 31 15:24:56.254890: | natd_hash: port= Oct 31 15:24:56.254892: | 01 f4 Oct 31 15:24:56.254894: | natd_hash: hash= Oct 31 15:24:56.254896: | c2 e6 63 cb 8e 46 c7 f2 8a 45 0e af 50 3e 74 e6 Oct 31 15:24:56.254898: | 7a 96 7f dc Oct 31 15:24:56.254906: | natd_hash: hasher=0x5648fee2df80(20) Oct 31 15:24:56.254909: | natd_hash: icookie= Oct 31 15:24:56.254911: | 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.254913: | natd_hash: rcookie= Oct 31 15:24:56.254916: | 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.254918: | natd_hash: ip= Oct 31 15:24:56.254920: | c0 01 02 17 Oct 31 15:24:56.254922: | natd_hash: port= Oct 31 15:24:56.254924: | 01 f4 Oct 31 15:24:56.254926: | natd_hash: hash= Oct 31 15:24:56.254928: | d2 68 27 db 74 60 4c cc 67 cf 09 98 fa e0 54 7b Oct 31 15:24:56.254930: | 09 e2 a5 e6 Oct 31 15:24:56.254933: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:56.254935: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:56.254939: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:56.254943: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Oct 31 15:24:56.254950: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:56.254955: | DH secret MODP2048@0x7f5c3c006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:56.254959: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:56.254962: | addref fd@0x5648ff22c858(2->3) (in clone_logger() at log.c:810) Oct 31 15:24:56.254965: | newref clone logger@0x5648ff23eb48(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:56.254968: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:56.254971: | state #1 has no .st_event to delete Oct 31 15:24:56.254974: | #1 requesting EVENT_RETRANSMIT-pe@0x5648ff23ff38 be deleted Oct 31 15:24:56.254977: | libevent_free: delref ptr-libevent@0x5648ff23ec08 Oct 31 15:24:56.254980: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x5648ff23ff38 Oct 31 15:24:56.254983: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:56.254986: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23ec08 Oct 31 15:24:56.254989: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:56.254992: | libevent_malloc: newref ptr-libevent@0x5648ff23caf8 size 128 Oct 31 15:24:56.255004: | #1 spent 0.395 (0.395) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:24:56.255010: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.255013: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 2 starting job Oct 31 15:24:56.255015: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:56.255029: | suspending state #1 and saving MD 0x5648ff243d48 Oct 31 15:24:56.255033: | addref md@0x5648ff243d48(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:56.255035: | #1 is busy; has suspended MD 0x5648ff243d48 Oct 31 15:24:56.255040: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:24:56.255046: | #1 spent 0.894 (0.929) milliseconds in ikev2_process_packet() Oct 31 15:24:56.255049: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:56.255052: | delref mdp@0x5648ff243d48(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:56.255056: | spent 0.906 (0.94) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:56.255979: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:56.256145: | "road-eastnet" #1: spent 1.11 (1.13) milliseconds in helper 2 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:24:56.256151: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 2 sending result back to state Oct 31 15:24:56.256155: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:56.256158: | libevent_malloc: newref ptr-libevent@0x7f5c3400cc18 size 128 Oct 31 15:24:56.256165: | helper thread 2 has nothing to do Oct 31 15:24:56.256175: | processing resume sending helper answer back to state for #1 Oct 31 15:24:56.256185: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:56.256191: | unsuspending #1 MD 0x5648ff243d48 Oct 31 15:24:56.256194: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 2 Oct 31 15:24:56.256197: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x5648fed3bfe7 Oct 31 15:24:56.256208: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:24:56.256212: | DH secret MODP2048@0x7f5c3c006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:56.256218: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:24:56.256249: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:56.256273: | get_connection_private_key() using CKAID 1a15cce89273439c2bf4202ac1066ef259b0ef45 to find private key for @road->@east of kind RSA Oct 31 15:24:56.256278: | trying secret PKK_RSA:AQPHFfpyJ Oct 31 15:24:56.256280: | matched Oct 31 15:24:56.256283: | secrets entry for ckaid already exists Oct 31 15:24:56.256285: | connection road-eastnet's RSA private key found in NSS DB using CKAID Oct 31 15:24:56.256297: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:56.256300: | addref fd@0x5648ff22c858(3->4) (in clone_logger() at log.c:810) Oct 31 15:24:56.256303: | newref clone logger@0x5648ff23ff38(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:56.256306: | job 3 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:56.256309: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:56.256312: | libevent_free: delref ptr-libevent@0x5648ff23caf8 Oct 31 15:24:56.256315: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23ec08 Oct 31 15:24:56.256318: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:56.256321: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23caf8 Oct 31 15:24:56.256324: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:56.256327: | libevent_malloc: newref ptr-libevent@0x5648ff23a228 size 128 Oct 31 15:24:56.256337: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.256342: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:56.256345: | suspending state #1 and saving MD 0x5648ff243d48 Oct 31 15:24:56.256348: | addref md@0x5648ff243d48(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:56.256352: | #1 is busy; has suspended MD 0x5648ff243d48 Oct 31 15:24:56.256348: | job 3 for #1: computing responder signature (signature): helper 3 starting job Oct 31 15:24:56.256356: | delref logger@0x5648ff23eb48(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:56.256364: | hash to sign Oct 31 15:24:56.256367: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.256372: | delref fd@0x5648ff22c858(4->3) (in free_logger() at log.c:854) Oct 31 15:24:56.256369: | 20 b5 de b7 70 65 15 3d 52 6d c1 b1 e6 36 9a 00 Oct 31 15:24:56.256378: | af 9c ee 7a c1 2e e3 52 da d6 da d7 fe 4e 47 e0 Oct 31 15:24:56.256375: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:56.256387: | delref mdp@0x5648ff243d48(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:56.256381: | 1d 66 09 9e d5 dc 10 ae b0 4c 63 cd d7 76 a7 a5 Oct 31 15:24:56.256393: | b0 e1 ad aa 9d 7d db 80 13 6c 4e e7 a1 14 87 59 Oct 31 15:24:56.256398: | RSA_sign_hash: Started using NSS Oct 31 15:24:56.256394: | #1 spent 0.188 (0.202) milliseconds in resume sending helper answer back to state Oct 31 15:24:56.256408: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:56.256412: | libevent_free: delref ptr-libevent@0x7f5c3400cc18 Oct 31 15:24:56.270927: | RSA_sign_hash: Ended using NSS Oct 31 15:24:56.270959: | "road-eastnet" #1: spent 13.6 (14.6) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:56.270965: | "road-eastnet" #1: spent 13.6 (14.6) milliseconds in v2_auth_signature() Oct 31 15:24:56.270972: | "road-eastnet" #1: spent 13.6 (14.6) milliseconds in helper 3 processing job 3 for state #1: computing responder signature (signature) Oct 31 15:24:56.270975: | job 3 for #1: computing responder signature (signature): helper thread 3 sending result back to state Oct 31 15:24:56.270979: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:56.270984: | libevent_malloc: newref ptr-libevent@0x7f5c38000da8 size 128 Oct 31 15:24:56.271004: | helper thread 3 has nothing to do Oct 31 15:24:56.271016: | processing resume sending helper answer back to state for #1 Oct 31 15:24:56.271030: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:56.271036: | unsuspending #1 MD 0x5648ff243d48 Oct 31 15:24:56.271039: | job 3 for #1: computing responder signature (signature): processing response from helper 3 Oct 31 15:24:56.271042: | job 3 for #1: computing responder signature (signature): calling continuation function 0x5648fec6a77f Oct 31 15:24:56.271052: | newref alloc logger@0x5648ff23eb48(0->1) (in new_state() at state.c:576) Oct 31 15:24:56.271055: | addref fd@0x5648ff22c858(3->4) (in new_state() at state.c:577) Oct 31 15:24:56.271058: | creating state object #2 at 0x5648ff246d58 Oct 31 15:24:56.271061: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:56.271068: | pstats #2 ikev2.child started Oct 31 15:24:56.271071: | duplicating state object #1 "road-eastnet" as #2 for IPSEC SA Oct 31 15:24:56.271077: | #2 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:56.271087: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744570.679329 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:56.271090: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:24:56.271094: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:56.271101: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744570.679329 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:24:56.271107: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744570.679329 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:24:56.271111: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:24:56.271114: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:56.271123: | libevent_free: delref ptr-libevent@0x5648ff23a228 Oct 31 15:24:56.271126: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23caf8 Oct 31 15:24:56.271129: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:56.271133: | event_schedule: newref EVENT_SA_REPLACE-pe@0x5648ff23a228 Oct 31 15:24:56.271135: | inserting event EVENT_SA_REPLACE, timeout in 214 seconds for #1 Oct 31 15:24:56.271138: | libevent_malloc: newref ptr-libevent@0x7f5c3400cc18 size 128 Oct 31 15:24:56.271142: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:24:56.271147: | opening output PBS reply packet Oct 31 15:24:56.271151: | **emit ISAKMP Message: Oct 31 15:24:56.271156: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.271160: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.271163: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:56.271165: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.271168: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:56.271171: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:56.271174: | Message ID: 1 (00 00 00 01) Oct 31 15:24:56.271177: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:56.271181: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:56.271184: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.271186: | flags: none (0x0) Oct 31 15:24:56.271191: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:56.271194: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.271197: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:56.271264: | IKEv2 CERT: send a certificate? Oct 31 15:24:56.271267: | IKEv2 CERT: no certificate to send Oct 31 15:24:56.271269: | IDr payload will be sent Oct 31 15:24:56.271272: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:24:56.271274: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.271277: | flags: none (0x0) Oct 31 15:24:56.271279: | ID type: ID_FQDN (0x2) Oct 31 15:24:56.271282: | reserved: 00 00 00 Oct 31 15:24:56.271285: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:24:56.271287: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.271290: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:24:56.271293: | my identity: 72 6f 61 64 Oct 31 15:24:56.271296: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Oct 31 15:24:56.271299: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:56.271301: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.271304: | flags: none (0x0) Oct 31 15:24:56.271306: | ID type: ID_FQDN (0x2) Oct 31 15:24:56.271309: | reserved: 00 00 00 Oct 31 15:24:56.271311: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:56.271314: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.271316: | emitting 4 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:24:56.271319: | their IDr: 65 61 73 74 Oct 31 15:24:56.271322: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:24:56.271326: | not sending INITIAL_CONTACT Oct 31 15:24:56.271329: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:56.271331: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.271334: | flags: none (0x0) Oct 31 15:24:56.271336: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:56.271339: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:56.271341: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.271343: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:56.271346: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:56.271348: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:56.271351: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:56.271354: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:56.271356: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:56.271358: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:56.271360: | 03 02 01 40 Oct 31 15:24:56.271363: | emitting 388 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:56.271365: | signature: Oct 31 15:24:56.271367: | 7f 61 54 d5 8a cb fc e3 52 28 c2 0b 54 54 f4 a5 Oct 31 15:24:56.271369: | 9d 60 6f b7 8f b5 0d e1 b5 03 a8 70 e7 2b 25 1f Oct 31 15:24:56.271371: | 21 d0 52 85 f7 a0 9e 40 70 23 e4 29 d8 e4 bc f1 Oct 31 15:24:56.271374: | 0c 8b 40 36 e5 ce 3b d1 89 66 d2 2a 9f 3c 4b cc Oct 31 15:24:56.271376: | e2 23 ac f8 fa 0e d2 4e 59 f8 37 e7 9b c0 a8 8e Oct 31 15:24:56.271378: | 3f c8 be 89 56 d2 62 72 90 71 b8 6d d3 4e a3 39 Oct 31 15:24:56.271382: | 0f 00 0b ba 27 2b 69 6f 6d 4d 60 16 87 94 e1 b8 Oct 31 15:24:56.271384: | 25 f6 b6 7f d5 b4 20 c3 96 7e d4 70 97 d9 d5 b5 Oct 31 15:24:56.271386: | 69 67 26 92 de 63 24 ee 9a 67 52 cf 06 21 fd 54 Oct 31 15:24:56.271388: | 5d 73 05 3a 6f 3f 88 57 cc 3c f6 e3 a4 9f b4 cd Oct 31 15:24:56.271390: | 7a f4 b0 f9 2a 67 ff ea 1c 7e 84 07 90 78 b1 01 Oct 31 15:24:56.271392: | 25 f6 bf 7f 07 f7 06 9b 9b 27 e6 14 53 35 ba 90 Oct 31 15:24:56.271394: | 94 b6 9c ff 8f 3a 93 d1 c1 c5 ec d9 6a 01 e4 6e Oct 31 15:24:56.271396: | 84 94 1c 50 cf 22 6d 55 c3 7f ce cb 77 be 4d 59 Oct 31 15:24:56.271398: | c7 a9 32 39 b8 23 8c 63 03 01 2d 3f 58 0e fa 2a Oct 31 15:24:56.271400: | 00 1d 7b 89 ec 38 98 41 bf 55 e1 20 01 93 b5 39 Oct 31 15:24:56.271402: | 59 07 4d a1 a7 c6 a8 dd 2f ca e0 db ed 01 9b e9 Oct 31 15:24:56.271404: | 3f 3c 6f 34 9e 43 ef a2 34 69 1a e4 3e 54 da 84 Oct 31 15:24:56.271406: | 09 36 3b d8 f4 28 d8 79 df e1 4d 6d e3 0b 6e 86 Oct 31 15:24:56.271408: | 9d 72 f0 68 61 7d f4 85 df 45 2b 45 ee 79 20 b1 Oct 31 15:24:56.271410: | ef a7 4f 3a f2 68 aa 75 c9 97 63 ea d0 f5 13 df Oct 31 15:24:56.271412: | 9f 4b 4a 8b aa 6c 3a 4a b1 af 18 41 a0 e5 b2 c9 Oct 31 15:24:56.271414: | e5 15 95 05 7c 8e c2 2a c5 fc 25 5f 52 54 3c 00 Oct 31 15:24:56.271417: | 2e fd 5d a1 42 2e 66 24 7f 1f 5e 55 57 c9 7c c3 Oct 31 15:24:56.271418: | fb 7b d0 43 Oct 31 15:24:56.271421: | emitting length of IKEv2 Authentication Payload: 464 Oct 31 15:24:56.271423: | getting first pending from state #1 Oct 31 15:24:56.271427: | delref fd@0x5648ff22c858(4->3) (in first_pending() at pending.c:318) Oct 31 15:24:56.271430: | addref fd@0x5648ff22c858(3->4) (in first_pending() at pending.c:319) Oct 31 15:24:56.271449: | netlink_get_spi: allocated 0x7ab092a8 for esp.0@192.1.3.209 Oct 31 15:24:56.271453: | constructing ESP/AH proposals with all DH removed for road-eastnet (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:24:56.271461: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:56.271468: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:56.271472: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:56.271476: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:56.271479: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:56.271484: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:56.271487: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:56.271491: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:56.271495: "road-eastnet": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:24:56.271499: "road-eastnet": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:56.271502: "road-eastnet": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:56.271505: "road-eastnet": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:56.271509: "road-eastnet": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:56.271511: | Emitting ikev2_proposals ... Oct 31 15:24:56.271513: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:56.271516: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.271518: | flags: none (0x0) Oct 31 15:24:56.271521: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:56.271523: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.271527: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.271530: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.271534: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.271536: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.271539: | prop #: 1 (01) Oct 31 15:24:56.271542: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:56.271544: | spi size: 4 (04) Oct 31 15:24:56.271547: | # transforms: 2 (02) Oct 31 15:24:56.271549: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.271552: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:56.271555: | our spi: 7a b0 92 a8 Oct 31 15:24:56.271558: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271560: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271563: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.271565: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:56.271567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271570: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.271572: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.271575: | length/value: 256 (01 00) Oct 31 15:24:56.271578: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.271581: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.271584: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.271586: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271588: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.271590: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:56.271593: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:56.271595: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271598: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271600: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271603: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:56.271605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.271607: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.271610: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.271612: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.271614: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.271617: | prop #: 2 (02) Oct 31 15:24:56.271620: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:56.271622: | spi size: 4 (04) Oct 31 15:24:56.271630: | # transforms: 2 (02) Oct 31 15:24:56.271633: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.271635: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.271638: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:56.271641: | our spi: 7a b0 92 a8 Oct 31 15:24:56.271643: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271645: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271648: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.271650: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:56.271652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271655: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.271659: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.271662: | length/value: 128 (00 80) Oct 31 15:24:56.271665: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.271667: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.271670: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.271672: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271675: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.271677: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:56.271679: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:56.271682: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271684: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271687: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271689: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:56.271691: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.271694: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.271697: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.271699: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.271702: | prop #: 3 (03) Oct 31 15:24:56.271704: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:56.271707: | spi size: 4 (04) Oct 31 15:24:56.271710: | # transforms: 4 (04) Oct 31 15:24:56.271712: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.271715: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.271717: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:56.271720: | our spi: 7a b0 92 a8 Oct 31 15:24:56.271723: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271727: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.271729: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:56.271732: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271734: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.271737: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.271740: | length/value: 256 (01 00) Oct 31 15:24:56.271742: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.271744: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271747: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271749: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.271751: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:56.271754: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271756: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271759: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271761: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271763: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271765: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.271768: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:56.271772: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271774: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271776: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271779: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.271781: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271784: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.271786: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:56.271788: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:56.271791: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271793: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271795: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271798: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:56.271800: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.271803: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:56.271805: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.271808: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:56.271810: | prop #: 4 (04) Oct 31 15:24:56.271813: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:56.271815: | spi size: 4 (04) Oct 31 15:24:56.271818: | # transforms: 4 (04) Oct 31 15:24:56.271821: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:56.271823: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:56.271826: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:56.271829: | our spi: 7a b0 92 a8 Oct 31 15:24:56.271831: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271833: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271836: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.271838: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:56.271840: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271843: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.271845: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.271848: | length/value: 128 (00 80) Oct 31 15:24:56.271850: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:56.271853: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271855: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271857: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.271860: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:56.271862: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271865: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271867: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271869: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271875: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:56.271878: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:56.271880: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271882: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271885: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271887: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:56.271890: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:56.271892: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.271894: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:56.271897: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:56.271899: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.271901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:56.271904: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:56.271906: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:56.271908: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:56.271910: | emitting length of IKEv2 Security Association Payload: 164 Oct 31 15:24:56.271913: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:56.271917: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:56.271920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.271922: | flags: none (0x0) Oct 31 15:24:56.271925: | number of TS: 1 (01) Oct 31 15:24:56.271928: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:56.271930: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.271933: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:56.271935: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.271938: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.271941: | start port: 0 (00 00) Oct 31 15:24:56.271944: | end port: 65535 (ff ff) Oct 31 15:24:56.271947: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:56.271950: | IP start: c0 01 03 d1 Oct 31 15:24:56.271953: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:56.271956: | IP end: c0 01 03 d1 Oct 31 15:24:56.271958: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:56.271964: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:56.271967: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:56.271969: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.271972: | flags: none (0x0) Oct 31 15:24:56.271974: | number of TS: 1 (01) Oct 31 15:24:56.271977: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:56.271979: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:56.271982: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:56.271984: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.271987: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.271993: | start port: 0 (00 00) Oct 31 15:24:56.271996: | end port: 65535 (ff ff) Oct 31 15:24:56.271999: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:56.272002: | IP start: c0 00 02 00 Oct 31 15:24:56.272004: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:56.272007: | IP end: c0 00 02 ff Oct 31 15:24:56.272009: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:56.272012: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:56.272014: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:56.272017: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:56.272019: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:56.272022: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:56.272025: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:56.272027: | emitting length of IKEv2 Encryption Payload: 729 Oct 31 15:24:56.272030: | emitting length of ISAKMP Message: 757 Oct 31 15:24:56.272035: | **parse ISAKMP Message: Oct 31 15:24:56.272039: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.272043: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.272045: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:56.272047: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.272050: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:56.272052: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:56.272056: | Message ID: 1 (00 00 00 01) Oct 31 15:24:56.272059: | length: 757 (00 00 02 f5) Oct 31 15:24:56.272061: | **parse IKEv2 Encryption Payload: Oct 31 15:24:56.272064: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:56.272066: | flags: none (0x0) Oct 31 15:24:56.272068: | length: 729 (02 d9) Oct 31 15:24:56.272070: | opening output PBS reply frag packet Oct 31 15:24:56.272072: | **emit ISAKMP Message: Oct 31 15:24:56.272076: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.272079: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.272081: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:56.272083: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.272085: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:56.272087: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:56.272091: | Message ID: 1 (00 00 00 01) Oct 31 15:24:56.272093: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:56.272096: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:56.272098: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:56.272100: | flags: none (0x0) Oct 31 15:24:56.272103: | fragment number: 1 (00 01) Oct 31 15:24:56.272106: | total fragments: 2 (00 02) Oct 31 15:24:56.272108: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi Oct 31 15:24:56.272111: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:56.272113: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:56.272116: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:56.272122: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:56.272124: | cleartext fragment: Oct 31 15:24:56.272126: | 24 00 00 0c 02 00 00 00 72 6f 61 64 27 00 00 0c Oct 31 15:24:56.272128: | 02 00 00 00 65 61 73 74 21 00 01 d0 0e 00 00 00 Oct 31 15:24:56.272130: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:56.272132: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:56.272134: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:56.272136: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:56.272140: | 03 02 01 40 7f 61 54 d5 8a cb fc e3 52 28 c2 0b Oct 31 15:24:56.272142: | 54 54 f4 a5 9d 60 6f b7 8f b5 0d e1 b5 03 a8 70 Oct 31 15:24:56.272145: | e7 2b 25 1f 21 d0 52 85 f7 a0 9e 40 70 23 e4 29 Oct 31 15:24:56.272147: | d8 e4 bc f1 0c 8b 40 36 e5 ce 3b d1 89 66 d2 2a Oct 31 15:24:56.272149: | 9f 3c 4b cc e2 23 ac f8 fa 0e d2 4e 59 f8 37 e7 Oct 31 15:24:56.272151: | 9b c0 a8 8e 3f c8 be 89 56 d2 62 72 90 71 b8 6d Oct 31 15:24:56.272153: | d3 4e a3 39 0f 00 0b ba 27 2b 69 6f 6d 4d 60 16 Oct 31 15:24:56.272155: | 87 94 e1 b8 25 f6 b6 7f d5 b4 20 c3 96 7e d4 70 Oct 31 15:24:56.272157: | 97 d9 d5 b5 69 67 26 92 de 63 24 ee 9a 67 52 cf Oct 31 15:24:56.272159: | 06 21 fd 54 5d 73 05 3a 6f 3f 88 57 cc 3c f6 e3 Oct 31 15:24:56.272161: | a4 9f b4 cd 7a f4 b0 f9 2a 67 ff ea 1c 7e 84 07 Oct 31 15:24:56.272163: | 90 78 b1 01 25 f6 bf 7f 07 f7 06 9b 9b 27 e6 14 Oct 31 15:24:56.272165: | 53 35 ba 90 94 b6 9c ff 8f 3a 93 d1 c1 c5 ec d9 Oct 31 15:24:56.272167: | 6a 01 e4 6e 84 94 1c 50 cf 22 6d 55 c3 7f ce cb Oct 31 15:24:56.272169: | 77 be 4d 59 c7 a9 32 39 b8 23 8c 63 03 01 2d 3f Oct 31 15:24:56.272171: | 58 0e fa 2a 00 1d 7b 89 ec 38 98 41 bf 55 e1 20 Oct 31 15:24:56.272173: | 01 93 b5 39 59 07 4d a1 a7 c6 a8 dd 2f ca e0 db Oct 31 15:24:56.272176: | ed 01 9b e9 3f 3c 6f 34 9e 43 ef a2 34 69 1a e4 Oct 31 15:24:56.272178: | 3e 54 da 84 09 36 3b d8 f4 28 d8 79 df e1 4d 6d Oct 31 15:24:56.272180: | e3 0b 6e 86 9d 72 f0 68 61 7d f4 85 df 45 2b 45 Oct 31 15:24:56.272182: | ee 79 20 b1 ef a7 4f 3a f2 68 aa 75 c9 97 63 ea Oct 31 15:24:56.272184: | d0 f5 13 df 9f 4b 4a 8b aa 6c 3a 4a b1 af 18 41 Oct 31 15:24:56.272186: | a0 e5 b2 c9 e5 15 95 05 7c 8e c2 2a c5 fc 25 5f Oct 31 15:24:56.272188: | 52 54 3c 00 2e fd 5d a1 42 2e 66 24 7f 1f Oct 31 15:24:56.272191: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:56.272193: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:56.272196: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:56.272203: | emitting length of IKEv2 Encrypted Fragment: 511 Oct 31 15:24:56.272209: | emitting length of ISAKMP Message: 539 Oct 31 15:24:56.272226: | recording fragment 1 Oct 31 15:24:56.272229: | opening output PBS reply frag packet Oct 31 15:24:56.272231: | **emit ISAKMP Message: Oct 31 15:24:56.272236: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.272240: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.272242: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:56.272244: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.272247: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:56.272249: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:56.272252: | Message ID: 1 (00 00 00 01) Oct 31 15:24:56.272255: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:56.272257: | ***emit IKEv2 Encrypted Fragment: Oct 31 15:24:56.272260: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.272262: | flags: none (0x0) Oct 31 15:24:56.272264: | fragment number: 2 (00 02) Oct 31 15:24:56.272267: | total fragments: 2 (00 02) Oct 31 15:24:56.272269: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE Oct 31 15:24:56.272271: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF) Oct 31 15:24:56.272273: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet' Oct 31 15:24:56.272276: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment Oct 31 15:24:56.272280: | emitting 222 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment Oct 31 15:24:56.272283: | cleartext fragment: Oct 31 15:24:56.272287: | 5e 55 57 c9 7c c3 fb 7b d0 43 2c 00 00 a4 02 00 Oct 31 15:24:56.272289: | 00 20 01 03 04 02 7a b0 92 a8 03 00 00 0c 01 00 Oct 31 15:24:56.272291: | 00 14 80 0e 01 00 00 00 00 08 05 00 00 00 02 00 Oct 31 15:24:56.272293: | 00 20 02 03 04 02 7a b0 92 a8 03 00 00 0c 01 00 Oct 31 15:24:56.272295: | 00 14 80 0e 00 80 00 00 00 08 05 00 00 00 02 00 Oct 31 15:24:56.272297: | 00 30 03 03 04 04 7a b0 92 a8 03 00 00 0c 01 00 Oct 31 15:24:56.272299: | 00 0c 80 0e 01 00 03 00 00 08 03 00 00 0e 03 00 Oct 31 15:24:56.272302: | 00 08 03 00 00 0c 00 00 00 08 05 00 00 00 00 00 Oct 31 15:24:56.272304: | 00 30 04 03 04 04 7a b0 92 a8 03 00 00 0c 01 00 Oct 31 15:24:56.272306: | 00 0c 80 0e 00 80 03 00 00 08 03 00 00 0e 03 00 Oct 31 15:24:56.272307: | 00 08 03 00 00 0c 00 00 00 08 05 00 00 00 2d 00 Oct 31 15:24:56.272309: | 00 18 01 00 00 00 07 00 00 10 00 00 ff ff c0 01 Oct 31 15:24:56.272311: | 03 d1 c0 01 03 d1 00 00 00 18 01 00 00 00 07 00 Oct 31 15:24:56.272313: | 00 10 00 00 ff ff c0 00 02 00 c0 00 02 ff Oct 31 15:24:56.272315: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:56.272317: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment Oct 31 15:24:56.272319: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment Oct 31 15:24:56.272321: | emitting length of IKEv2 Encrypted Fragment: 255 Oct 31 15:24:56.272323: | emitting length of ISAKMP Message: 283 Oct 31 15:24:56.272329: | recording fragment 2 Oct 31 15:24:56.272334: | delref logger@0x5648ff23ff38(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:56.272336: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.272338: | delref fd@0x5648ff22c858(4->3) (in free_logger() at log.c:854) Oct 31 15:24:56.272341: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:24:56.272346: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.272350: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.272354: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:56.272357: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:24:56.272358: | Message ID: updating counters for #2 Oct 31 15:24:56.272364: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744570.679329 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:56.272371: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744570.679329->744570.705157 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:24:56.272375: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744570.705157 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:24:56.272378: | event_schedule: newref EVENT_RETRANSMIT-pe@0x5648ff23ff38 Oct 31 15:24:56.272380: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #2 Oct 31 15:24:56.272383: | libevent_malloc: newref ptr-libevent@0x5648ff23c6d8 size 128 Oct 31 15:24:56.272387: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 744570.705174 Oct 31 15:24:56.272391: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744570.705157 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:24:56.272398: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744570.705157 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:56.272400: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:24:56.272402: | announcing the state transition Oct 31 15:24:56.272407: "road-eastnet" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:56.272420: | sending 539 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:56.272422: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.272424: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Oct 31 15:24:56.272426: | 00 01 00 02 4f 41 4c 0e 9c b3 64 06 bb 3c fe 09 Oct 31 15:24:56.272427: | 16 70 21 66 3e 77 45 22 4d 0b 2f 96 e1 46 a4 96 Oct 31 15:24:56.272429: | a7 16 55 aa 9d c3 69 75 ed a5 c9 4c 4f 02 81 94 Oct 31 15:24:56.272431: | 0c a3 0f cc 8d de 25 b6 4f e7 fe 53 25 c4 ef 00 Oct 31 15:24:56.272432: | e8 14 d7 24 60 b3 4f 6d e2 2a 4d c6 02 1d 6a 45 Oct 31 15:24:56.272434: | 47 cf 3e 2f 76 01 55 a5 f1 3b c1 99 4d 54 81 55 Oct 31 15:24:56.272435: | 52 38 2d 79 8b a5 58 f5 97 83 2d 19 63 7b 8d e7 Oct 31 15:24:56.272437: | 28 3e c1 47 e3 47 a5 92 76 20 36 c2 d7 b6 88 10 Oct 31 15:24:56.272439: | 7c 86 3f e7 ef 2e 3f 2b a2 87 96 e7 17 8c 0b 9d Oct 31 15:24:56.272441: | 34 96 45 83 96 b9 b7 da 4a b1 4c 97 c5 26 b9 68 Oct 31 15:24:56.272442: | 89 ba 77 81 e1 9b e0 20 e5 af 93 4a e1 a4 0b ba Oct 31 15:24:56.272444: | 3e 0c 12 92 c2 53 be 03 ed f9 8f db fe 90 1a d1 Oct 31 15:24:56.272446: | 74 dd 3a cf b4 97 57 e5 0d 31 ac 1a 05 b2 4c ef Oct 31 15:24:56.272447: | b6 cc d0 bc 63 38 f6 51 c3 58 9d 25 26 c8 6e e1 Oct 31 15:24:56.272449: | 1a b9 e1 0c ec a0 7d ee c0 60 ea 51 f6 c4 43 d8 Oct 31 15:24:56.272451: | 8e 15 e5 e0 ee 7f d8 82 74 8b e8 90 42 a5 17 b6 Oct 31 15:24:56.272453: | 9e ca 56 fe fb f8 22 28 29 74 4b 0d 38 54 2d c4 Oct 31 15:24:56.272454: | 4b 18 0b 99 d3 9c df 9e d6 be 1d 94 31 d7 2b 2c Oct 31 15:24:56.272456: | 49 c0 a6 70 3e 93 85 98 98 c0 94 70 0f de 4e 2d Oct 31 15:24:56.272458: | 99 80 4e 18 af 2e 88 6f 17 ec cc d1 50 49 a9 ea Oct 31 15:24:56.272459: | f5 4d 3b b8 e9 69 42 52 af 60 4b 68 ab c9 11 b6 Oct 31 15:24:56.272461: | f3 ef e7 7b 33 5b 92 2e a8 f6 d8 bc c6 63 82 e8 Oct 31 15:24:56.272463: | 50 55 3e aa 98 63 c1 4b 4e ff fd ea 83 76 69 d2 Oct 31 15:24:56.272465: | 31 85 c4 9e 9d 2d 09 d4 c2 63 31 12 a2 92 00 2c Oct 31 15:24:56.272466: | 00 a9 0c e8 23 64 aa 5a df 24 a5 ca 57 b8 2f 76 Oct 31 15:24:56.272468: | 67 1d 18 2e 04 f3 c6 d0 9b 13 29 ad d8 f5 d6 46 Oct 31 15:24:56.272470: | d8 3e 33 4d 43 8c e0 d7 33 ad 22 4d c7 d2 6a ad Oct 31 15:24:56.272471: | 0a 69 09 83 a6 c0 92 8c 4b 02 8f a3 96 12 83 a0 Oct 31 15:24:56.272473: | 6a 49 df d2 f6 da 72 15 b5 6a 18 d2 d5 f0 44 61 Oct 31 15:24:56.272475: | 5d 77 9f 77 79 46 24 c7 24 39 e1 e7 09 31 ba 13 Oct 31 15:24:56.272477: | f3 88 b8 6f b0 fa a1 6f a5 c2 b0 4f 29 73 33 85 Oct 31 15:24:56.272478: | 9e c2 a5 3a aa c5 c2 8b 92 7f e9 Oct 31 15:24:56.272523: | sending 283 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:56.272526: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.272527: | 35 20 23 08 00 00 00 01 00 00 01 1b 00 00 00 ff Oct 31 15:24:56.272529: | 00 02 00 02 26 93 13 b8 eb 23 77 f8 a3 d5 6d 12 Oct 31 15:24:56.272530: | 3d 5c bb c9 73 6c f5 0a cf 42 7d a6 cd 93 b9 a6 Oct 31 15:24:56.272531: | 1f 51 de 25 ff 93 a8 2b c1 64 d3 33 a9 b6 e3 fb Oct 31 15:24:56.272534: | db d6 5a 28 42 05 20 eb 50 ec 37 64 2a 07 bf 21 Oct 31 15:24:56.272536: | 1d 5b 7a af 0c 52 a8 fa f7 55 67 77 04 1a ba 1d Oct 31 15:24:56.272537: | 54 31 4d 67 f9 76 15 11 27 f7 f1 e1 35 c5 4c d9 Oct 31 15:24:56.272538: | 72 38 ef 98 e8 dd 1b 3d 1f 31 3f 69 4e 37 3e 26 Oct 31 15:24:56.272540: | 57 58 77 10 85 00 f6 8b b9 bc b1 ba ab af c7 da Oct 31 15:24:56.272541: | 42 00 d7 61 8c b1 a7 93 ba 40 3c b1 96 b6 b7 18 Oct 31 15:24:56.272542: | f2 4e 3b 48 5e 0a 04 4a 1b c3 5c 37 94 4f 60 0c Oct 31 15:24:56.272544: | aa 26 cf 7d d8 29 64 4d e3 8c 78 2d 4f b9 3f b2 Oct 31 15:24:56.272545: | 1e 0c c4 e7 91 94 ea 19 5c 3a e1 2b 2c 6a ba dd Oct 31 15:24:56.272546: | 82 ef 40 10 c3 0e 6d bb 54 a8 2a b4 9b d1 fb 62 Oct 31 15:24:56.272548: | b7 5a 6f 6b c0 19 70 a7 25 65 b9 6a 2d 12 5f 0f Oct 31 15:24:56.272549: | e3 1b 35 f0 5b 20 32 8d 0d 4f d3 45 66 6f 1e 6d Oct 31 15:24:56.272550: | 9d 49 ab 21 7d e1 4e 25 6d c9 8e Oct 31 15:24:56.272564: | sent 2 messages Oct 31 15:24:56.272568: | checking that a retransmit timeout_event was already Oct 31 15:24:56.272570: | state #2 has no .st_event to delete Oct 31 15:24:56.272574: | delref mdp@0x5648ff243d48(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:56.272577: | delref logger@0x5648ff22c4d8(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:56.272580: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.272582: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.272591: | #1 spent 1.47 (1.55) milliseconds in resume sending helper answer back to state Oct 31 15:24:56.272597: | stop processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:56.272601: | libevent_free: delref ptr-libevent@0x7f5c38000da8 Oct 31 15:24:56.327406: | spent 0.00264 (0.00268) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:56.327423: | newref struct msg_digest@0x5648ff243d48(0->1) (in read_message() at demux.c:103) Oct 31 15:24:56.327427: | newref alloc logger@0x5648ff23caf8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:56.327435: | *received 503 bytes from 192.1.2.23:500 on eth0 192.1.3.209:500 using UDP Oct 31 15:24:56.327438: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.327440: | 2e 20 23 20 00 00 00 01 00 00 01 f7 24 00 01 db Oct 31 15:24:56.327442: | 4e 5b 04 24 ba d8 49 41 f9 f5 bb 27 6c b8 e0 87 Oct 31 15:24:56.327444: | 2e be f9 0e d4 67 b6 3c f3 32 10 67 7d 4a 21 de Oct 31 15:24:56.327446: | f1 db 28 69 d0 7b 98 ef a9 b7 5d 8a 9c 95 a5 b7 Oct 31 15:24:56.327448: | 39 9b 21 2d 27 3c ee a3 b5 ea 10 52 e7 e1 18 23 Oct 31 15:24:56.327450: | 26 fe 16 7b de 47 e4 fe 8a 74 be 00 84 c3 99 36 Oct 31 15:24:56.327452: | 17 66 8c 51 fd 53 c7 b5 82 3f 85 79 e3 1d cb af Oct 31 15:24:56.327454: | 14 ca c3 e7 68 dd ff ca e5 c0 5a 8a e0 dc b1 23 Oct 31 15:24:56.327457: | 85 02 11 6e ee 56 3d 25 19 f4 76 a8 5c c6 62 12 Oct 31 15:24:56.327459: | 7f 6a 9a ea 82 3c 68 9e 4c 91 55 a9 2c 91 49 88 Oct 31 15:24:56.327461: | af 78 81 d8 e3 59 89 3e ba 4c 6e bf 3f fa cc 8e Oct 31 15:24:56.327463: | a2 c4 82 af 3b 5c 21 2e fa 1e 84 a2 04 73 12 20 Oct 31 15:24:56.327465: | 16 bb fb 85 ba 72 77 83 0a 19 92 7b da 82 8d e9 Oct 31 15:24:56.327468: | 95 8a 00 af 0d 40 46 73 f9 24 09 7b 97 46 6a e2 Oct 31 15:24:56.327470: | 72 83 22 49 c7 73 95 e7 be a0 97 fe e7 5c d9 e9 Oct 31 15:24:56.327473: | 10 c8 71 29 d4 99 8a 67 79 48 eb e1 9d 04 b5 bc Oct 31 15:24:56.327475: | 66 d2 0a d3 c4 5c 33 fd 4e 02 54 b0 82 e8 de 77 Oct 31 15:24:56.327478: | ac 7d d2 49 89 ed ca d8 f6 81 77 9d 6c 19 12 a9 Oct 31 15:24:56.327480: | b6 7c c9 ce 0a 4d 01 fc 12 d5 5b 6f 07 a5 0d 7e Oct 31 15:24:56.327482: | a1 4c bb 7a 43 ea be bc 09 af 39 90 2d 0a 9d ed Oct 31 15:24:56.327485: | 3a 7d a9 bb fc ba 63 09 de 41 4d d7 7f b0 09 b5 Oct 31 15:24:56.327487: | 55 df cc dd 22 82 eb 4e fa fe 77 66 cc 7e 09 1b Oct 31 15:24:56.327491: | 07 45 90 e5 b3 80 0c 71 39 68 3d 88 9a 2b 7c fd Oct 31 15:24:56.327492: | 41 6e 3b 23 cd d4 50 08 df 6e 79 33 3d fe ea 10 Oct 31 15:24:56.327494: | 4d cb 3b 4c 8c 03 7b 66 cc 50 45 5a 35 38 6b 89 Oct 31 15:24:56.327495: | 4c 6a ed 22 1e 36 cf 42 94 07 c3 2c f0 e7 aa 17 Oct 31 15:24:56.327496: | 1c 5c 61 11 53 63 a4 9b a9 76 e7 6d 25 5a 49 6a Oct 31 15:24:56.327498: | d9 a3 39 c1 af 0c 80 86 f2 5f 49 87 96 9c 9c 6a Oct 31 15:24:56.327499: | 66 4d d0 d3 65 3e 81 d4 56 01 82 de 1d bd 66 06 Oct 31 15:24:56.327500: | 1c 40 5b a9 8b 37 b4 f8 39 ed 54 8f 42 81 3a bf Oct 31 15:24:56.327502: | 07 18 20 e1 f4 b9 a2 Oct 31 15:24:56.327505: | **parse ISAKMP Message: Oct 31 15:24:56.327509: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:24:56.327511: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:24:56.327513: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:56.327515: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:56.327517: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:56.327518: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:56.327521: | Message ID: 1 (00 00 00 01) Oct 31 15:24:56.327523: | length: 503 (00 00 01 f7) Oct 31 15:24:56.327525: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:56.327527: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:56.327531: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:56.327536: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:56.327538: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:56.327540: | #2 is idle Oct 31 15:24:56.327542: | #2 idle Oct 31 15:24:56.327546: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:56.327550: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:56.327553: | unpacking clear payload Oct 31 15:24:56.327555: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:56.327559: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:56.327562: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:56.327564: | flags: none (0x0) Oct 31 15:24:56.327770: | length: 475 (01 db) Oct 31 15:24:56.327777: | processing payload: ISAKMP_NEXT_v2SK (len=471) Oct 31 15:24:56.327781: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:56.327802: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:56.327808: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:56.327811: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:56.327814: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:56.327817: | flags: none (0x0) Oct 31 15:24:56.327821: | length: 12 (00 0c) Oct 31 15:24:56.327824: | ID type: ID_FQDN (0x2) Oct 31 15:24:56.327827: | reserved: 00 00 00 Oct 31 15:24:56.327830: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:24:56.327832: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:56.327836: | **parse IKEv2 Authentication Payload: Oct 31 15:24:56.327838: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:56.327841: | flags: none (0x0) Oct 31 15:24:56.327844: | length: 350 (01 5e) Oct 31 15:24:56.327845: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:56.327847: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:24:56.327848: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:56.327850: | **parse IKEv2 Security Association Payload: Oct 31 15:24:56.327852: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:56.327853: | flags: none (0x0) Oct 31 15:24:56.327855: | length: 36 (00 24) Oct 31 15:24:56.327857: | processing payload: ISAKMP_NEXT_v2SA (len=32) Oct 31 15:24:56.327862: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:56.327864: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:56.327865: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:56.327866: | flags: none (0x0) Oct 31 15:24:56.327868: | length: 24 (00 18) Oct 31 15:24:56.327870: | number of TS: 1 (01) Oct 31 15:24:56.327871: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:56.327873: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:56.327874: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:56.327876: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:56.327877: | flags: none (0x0) Oct 31 15:24:56.327879: | length: 24 (00 18) Oct 31 15:24:56.327881: | number of TS: 1 (01) Oct 31 15:24:56.327882: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:56.327884: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:24:56.327886: | calling processor Initiator: process IKE_AUTH response Oct 31 15:24:56.327889: | no certs to decode Oct 31 15:24:56.327893: | offered CA: '%none' Oct 31 15:24:56.327896: "road-eastnet" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Oct 31 15:24:56.327939: | verifying AUTH payload Oct 31 15:24:56.327945: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:56.327949: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:56.327951: | ASN.1 blob for hash algo Oct 31 15:24:56.327953: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:56.327956: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:56.327958: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:56.327961: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:56.327963: | 03 02 01 40 Oct 31 15:24:56.327980: | required RSA CA is '%any' Oct 31 15:24:56.327985: | trying all remote certificates public keys for RSA key that matches ID: @east Oct 31 15:24:56.327988: | trying all preloaded keys public keys for RSA key that matches ID: @east Oct 31 15:24:56.327994: | trying '@east' issued by CA '%any' Oct 31 15:24:56.327999: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:56.328001: | c5 4a 57 79 ea d7 14 af a4 6b f5 c4 cf 57 6d c9 Oct 31 15:24:56.328003: | 85 1b 47 c1 95 5e fc 6b a7 d6 1a 44 e8 1d bd c3 Oct 31 15:24:56.328004: | e8 26 37 45 a8 0c 3c 9a ec b0 f0 c8 fe 08 26 55 Oct 31 15:24:56.328006: | d0 f3 c4 eb cc 15 48 9f 54 86 8a bf 89 0d 95 3a Oct 31 15:24:56.328080: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:56.328085: | addref pk@0x5648ff23e938(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:56.328088: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys] Oct 31 15:24:56.328094: | #1 spent 0.0933 (0.0934) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:56.328098: "road-eastnet" #1: authenticated using RSA with SHA2_512 Oct 31 15:24:56.328109: | #1 spent 0.141 (0.141) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:56.328113: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:56.328116: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:24:56.328119: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:24:56.328123: | libevent_free: delref ptr-libevent@0x7f5c3400cc18 Oct 31 15:24:56.328126: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x5648ff23a228 Oct 31 15:24:56.328130: | event_schedule: newref EVENT_SA_REKEY-pe@0x5648ff23c2a8 Oct 31 15:24:56.328132: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:24:56.328135: | libevent_malloc: newref ptr-libevent@0x7f5c38000da8 size 128 Oct 31 15:24:56.328344: | pstats #1 ikev2.ike established Oct 31 15:24:56.328354: | TSi: parsing 1 traffic selectors Oct 31 15:24:56.328358: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:56.328361: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.328366: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.328370: | length: 16 (00 10) Oct 31 15:24:56.328373: | start port: 0 (00 00) Oct 31 15:24:56.328377: | end port: 65535 (ff ff) Oct 31 15:24:56.328380: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:56.328382: | TS low Oct 31 15:24:56.328384: | c0 01 03 d1 Oct 31 15:24:56.328387: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:56.328389: | TS high Oct 31 15:24:56.328391: | c0 01 03 d1 Oct 31 15:24:56.328394: | TSi: parsed 1 traffic selectors Oct 31 15:24:56.328397: | TSr: parsing 1 traffic selectors Oct 31 15:24:56.328399: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:56.328402: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:56.328405: | IP Protocol ID: ALL (0x0) Oct 31 15:24:56.328408: | length: 16 (00 10) Oct 31 15:24:56.328411: | start port: 0 (00 00) Oct 31 15:24:56.328415: | end port: 65535 (ff ff) Oct 31 15:24:56.328417: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:56.328420: | TS low Oct 31 15:24:56.328422: | c0 00 02 00 Oct 31 15:24:56.328425: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:56.328427: | TS high Oct 31 15:24:56.328430: | c0 00 02 ff Oct 31 15:24:56.328432: | TSr: parsed 1 traffic selectors Oct 31 15:24:56.328440: | evaluating our conn="road-eastnet" I=192.1.3.209/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:56.328446: | TSi[0] .net=192.1.3.209-192.1.3.209 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.328454: | match address end->client=192.1.3.209/32 == TSi[0]net=192.1.3.209-192.1.3.209: YES fitness 32 Oct 31 15:24:56.328457: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:56.328460: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:56.328463: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:56.328466: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:56.328470: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:56.328477: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:56.328480: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:56.328482: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:56.328485: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:56.328488: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:56.328491: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:56.328493: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:24:56.328495: | printing contents struct traffic_selector Oct 31 15:24:56.328498: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:56.328500: | ipprotoid: 0 Oct 31 15:24:56.328502: | port range: 0-65535 Oct 31 15:24:56.328507: | ip range: 192.1.3.209-192.1.3.209 Oct 31 15:24:56.328509: | printing contents struct traffic_selector Oct 31 15:24:56.328511: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:56.328512: | ipprotoid: 0 Oct 31 15:24:56.328514: | port range: 0-65535 Oct 31 15:24:56.328516: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:56.328526: | using existing local ESP/AH proposals for road-eastnet (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:56.328528: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:24:56.328531: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:56.328533: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:56.328535: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:56.328536: | local proposal 1 type DH has 1 transforms Oct 31 15:24:56.328538: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:56.328543: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:56.328545: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:56.328546: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:56.328548: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:56.328549: | local proposal 2 type DH has 1 transforms Oct 31 15:24:56.328550: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:56.328552: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:56.328553: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:56.328555: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:56.328556: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:56.328558: | local proposal 3 type DH has 1 transforms Oct 31 15:24:56.328559: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:56.328561: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:56.328562: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:56.328564: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:56.328565: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:56.328566: | local proposal 4 type DH has 1 transforms Oct 31 15:24:56.328568: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:56.328569: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:56.328572: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:56.328574: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:56.328576: | length: 32 (00 20) Oct 31 15:24:56.328578: | prop #: 1 (01) Oct 31 15:24:56.328579: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:56.328581: | spi size: 4 (04) Oct 31 15:24:56.328582: | # transforms: 2 (02) Oct 31 15:24:56.328585: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:56.328586: | remote SPI Oct 31 15:24:56.328588: | ed 51 82 2d Oct 31 15:24:56.328590: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:56.328592: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.328593: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:56.328595: | length: 12 (00 0c) Oct 31 15:24:56.328597: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:56.328598: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:56.328600: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:56.328601: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:56.328603: | length/value: 256 (01 00) Oct 31 15:24:56.328606: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:56.328608: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:56.328609: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:56.328611: | length: 8 (00 08) Oct 31 15:24:56.328612: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:56.328614: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:56.328616: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:56.328618: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:56.328621: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:56.328622: | remote proposal 1 matches local proposal 1 Oct 31 15:24:56.328624: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Oct 31 15:24:56.328627: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=ed51822d Oct 31 15:24:56.328629: | converting proposal to internal trans attrs Oct 31 15:24:56.328633: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:56.328680: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:24:56.328683: | could_route called for road-eastnet; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:56.328686: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:56.328688: | conn road-eastnet mark 0/00000000, 0/00000000 vs Oct 31 15:24:56.328689: | conn road-eastnet mark 0/00000000, 0/00000000 Oct 31 15:24:56.328692: | route owner of "road-eastnet" unrouted: NULL; eroute owner: NULL Oct 31 15:24:56.328694: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:56.328696: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:56.328698: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:56.328699: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:56.328702: | setting IPsec SA replay-window to 32 Oct 31 15:24:56.328704: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Oct 31 15:24:56.328706: | netlink: enabling tunnel mode Oct 31 15:24:56.328708: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:56.328709: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:56.328711: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:56.329090: | netlink response for Add SA esp.ed51822d@192.1.2.23 included non-error error Oct 31 15:24:56.329097: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:56.329100: | set up outgoing SA, ref=0/0 Oct 31 15:24:56.329103: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:56.329106: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:56.329109: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:56.329111: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:56.329115: | setting IPsec SA replay-window to 32 Oct 31 15:24:56.329118: | NIC esp-hw-offload not for connection 'road-eastnet' not available on interface eth0 Oct 31 15:24:56.329121: | netlink: enabling tunnel mode Oct 31 15:24:56.329124: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:56.329126: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:56.329129: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:56.329167: | netlink response for Add SA esp.7ab092a8@192.1.3.209 included non-error error Oct 31 15:24:56.329172: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:56.329175: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:56.329177: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:56.329180: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:56.329183: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:56.329186: | priority calculation of connection "road-eastnet" is 2080718 (0x1fbfce) Oct 31 15:24:56.329194: | add inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => tun.10000@192.1.3.209 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:56.329206: | IPsec SA SPD priority set to 2080718 Oct 31 15:24:56.329242: | raw_eroute result=success Oct 31 15:24:56.329247: | set up incoming SA, ref=0/0 Oct 31 15:24:56.329250: | sr for #2: unrouted Oct 31 15:24:56.329252: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:56.329255: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:56.329258: | conn road-eastnet mark 0/00000000, 0/00000000 vs Oct 31 15:24:56.329261: | conn road-eastnet mark 0/00000000, 0/00000000 Oct 31 15:24:56.329264: | route owner of "road-eastnet" unrouted: NULL; eroute owner: NULL Oct 31 15:24:56.329267: | route_and_eroute with c: road-eastnet (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:24:56.329283: | priority calculation of connection "road-eastnet" is 2080718 (0x1fbfce) Oct 31 15:24:56.329304: | eroute_connection add eroute 192.1.3.209/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:56.329308: | IPsec SA SPD priority set to 2080718 Oct 31 15:24:56.329338: | raw_eroute result=success Oct 31 15:24:56.329343: | running updown command "ipsec _updown" for verb up Oct 31 15:24:56.329346: | command executing up-host Oct 31 15:24:56.329351: | get_sa_info esp.ed51822d@192.1.2.23 Oct 31 15:24:56.329361: | get_sa_info esp.7ab092a8@192.1.3.209 Oct 31 15:24:56.329396: | executing up-host: PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'... Oct 31 15:24:56.329401: | popen cmd is 1139 chars long Oct 31 15:24:56.329404: | cmd( 0):PLUTO_VERB='up-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_V: Oct 31 15:24:56.329407: | cmd( 80):IRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP=: Oct 31 15:24:56.329409: | cmd( 160):'192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.: Oct 31 15:24:56.329411: | cmd( 240):3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.25: Oct 31 15:24:56.329414: | cmd( 320):5' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Oct 31 15:24:56.329416: | cmd( 400):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0: Oct 31 15:24:56.329419: | cmd( 480):/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PL: Oct 31 15:24:56.329421: | cmd( 560):UTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PL: Oct 31 15:24:56.329424: | cmd( 640):UTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+I: Oct 31 15:24:56.329426: | cmd( 720):KEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLU: Oct 31 15:24:56.329429: | cmd( 800):TO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_: Oct 31 15:24:56.329431: | cmd( 880):INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUT: Oct 31 15:24:56.329433: | cmd( 960):O_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VT: Oct 31 15:24:56.329435: | cmd(1040):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xed51822d SPI_OUT=0x7ab092a8: Oct 31 15:24:56.329436: | cmd(1120): ipsec _updown 2>&1: Oct 31 15:24:56.339071: | route_and_eroute: firewall_notified: true Oct 31 15:24:56.339088: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:56.339093: | command executing prepare-host Oct 31 15:24:56.339100: | get_sa_info esp.ed51822d@192.1.2.23 Oct 31 15:24:56.339117: | get_sa_info esp.7ab092a8@192.1.3.209 Oct 31 15:24:56.339153: | executing prepare-host: PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONF... Oct 31 15:24:56.339160: | popen cmd is 1144 chars long Oct 31 15:24:56.339163: | cmd( 0):PLUTO_VERB='prepare-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Oct 31 15:24:56.339165: | cmd( 80):UTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT: Oct 31 15:24:56.339167: | cmd( 160):_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='1: Oct 31 15:24:56.339169: | cmd( 240):92.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:24:56.339171: | cmd( 320):55.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:24:56.339173: | cmd( 400):TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.: Oct 31 15:24:56.339175: | cmd( 480):0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:24:56.339177: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:24:56.339179: | cmd( 640):m' PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS: Oct 31 15:24:56.339181: | cmd( 720):+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT: Oct 31 15:24:56.339182: | cmd( 800):' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER: Oct 31 15:24:56.339184: | cmd( 880):_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0': Oct 31 15:24:56.339186: | cmd( 960): PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES=': Oct 31 15:24:56.339188: | cmd(1040):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xed51822d SPI_OUT=0x7ab: Oct 31 15:24:56.339190: | cmd(1120):092a8 ipsec _updown 2>&1: Oct 31 15:24:56.349396: | running updown command "ipsec _updown" for verb route Oct 31 15:24:56.349413: | command executing route-host Oct 31 15:24:56.349421: | get_sa_info esp.ed51822d@192.1.2.23 Oct 31 15:24:56.349439: | get_sa_info esp.7ab092a8@192.1.3.209 Oct 31 15:24:56.349482: | executing route-host: PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGUR... Oct 31 15:24:56.349487: | popen cmd is 1142 chars long Oct 31 15:24:56.349490: | cmd( 0):PLUTO_VERB='route-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUT: Oct 31 15:24:56.349492: | cmd( 80):O_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_H: Oct 31 15:24:56.349495: | cmd( 160):OP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192: Oct 31 15:24:56.349497: | cmd( 240):.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255: Oct 31 15:24:56.349499: | cmd( 320):.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Oct 31 15:24:56.349505: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:24:56.349508: | cmd( 480):2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:24:56.349510: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:24:56.349512: | cmd( 640): PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+U: Oct 31 15:24:56.349514: | cmd( 720):P+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' : Oct 31 15:24:56.349516: | cmd( 800):PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_D: Oct 31 15:24:56.349519: | cmd( 880):NS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' P: Oct 31 15:24:56.349521: | cmd( 960):LUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0': Oct 31 15:24:56.349523: | cmd(1040): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xed51822d SPI_OUT=0x7ab09: Oct 31 15:24:56.349526: | cmd(1120):2a8 ipsec _updown 2>&1: Oct 31 15:24:56.360913: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.360939: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.360947: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.360953: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.360960: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.360971: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.360986: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361001: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361021: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361036: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361045: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361059: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361070: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361079: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361483: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361494: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361502: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361512: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361521: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361530: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361540: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361551: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361564: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.361574: "road-eastnet" #2: route-host output: Error: Peer netns reference is invalid. Oct 31 15:24:56.365118: | route_and_eroute: instance "road-eastnet", setting eroute_owner {spd=0x5648ff23a478,sr=0x5648ff23a478} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:56.365180: | inR2: instance road-eastnet[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:24:56.365193: | #2 spent 2.15 (37.3) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:24:56.365213: | [RE]START processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:56.365222: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:56.365224: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:56.365225: | Message ID: updating counters for #2 Oct 31 15:24:56.365232: | Message ID: CHILD #1.#2 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744570.705157 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:56.365234: | #2 requesting EVENT_RETRANSMIT-pe@0x5648ff23ff38 be deleted Oct 31 15:24:56.365238: | libevent_free: delref ptr-libevent@0x5648ff23c6d8 Oct 31 15:24:56.365241: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x5648ff23ff38 Oct 31 15:24:56.365243: | #2 STATE_PARENT_I2: retransmits: cleared Oct 31 15:24:56.365247: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744570.705157->744570.798023 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:24:56.365251: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:56.365254: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:56.365257: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:56.365260: | pstats #2 ikev2.child established Oct 31 15:24:56.365261: | announcing the state transition Oct 31 15:24:56.365267: "road-eastnet" #2: negotiated connection [192.1.3.209-192.1.3.209:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:24:56.365276: | NAT-T: encaps is 'auto' Oct 31 15:24:56.365280: "road-eastnet" #2: IPsec SA established tunnel mode {ESP=>0xed51822d <0x7ab092a8 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:56.365283: | releasing #2's fd-fd@0x5648ff22c858 because IKEv2 transitions finished Oct 31 15:24:56.365286: | delref fd@0x5648ff22c858(3->2) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:56.365288: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:56.365290: | unpending #2's IKE SA #1 Oct 31 15:24:56.365293: | unpending state #1 connection "road-eastnet" Oct 31 15:24:56.365296: | delete from pending Child SA with 192.1.2.23 "road-eastnet" Oct 31 15:24:56.365302: | delref fd@0x5648ff22c858(2->1) (in delete_pending() at pending.c:218) Oct 31 15:24:56.365305: | removing pending policy for no connection {0x5648ff240d78} Oct 31 15:24:56.365308: | releasing #1's fd-fd@0x5648ff22c858 because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:56.365311: | delref fd@0x5648ff22c858(1->0) (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:56.365318: | freeref fd-fd@0x5648ff22c858 (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:56.365321: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:56.365324: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:24:56.365326: | state #2 has no .st_event to delete Oct 31 15:24:56.365329: | event_schedule: newref EVENT_SA_REKEY-pe@0x5648ff23ff38 Oct 31 15:24:56.365332: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Oct 31 15:24:56.365335: | libevent_malloc: newref ptr-libevent@0x5648ff246358 size 128 Oct 31 15:24:56.365342: | stop processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:56.365349: | #1 spent 2.08 (37.2) milliseconds Oct 31 15:24:56.365353: | #1 spent 2.6 (38) milliseconds in ikev2_process_packet() Oct 31 15:24:56.365356: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:56.365359: | delref mdp@0x5648ff243d48(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:56.365362: | delref logger@0x5648ff23caf8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:56.365364: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:56.365367: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:56.365372: | spent 2.62 (38) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:56.365383: | processing signal PLUTO_SIGCHLD Oct 31 15:24:56.365388: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:56.365393: | spent 0.00447 (0.00444) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:56.365395: | processing signal PLUTO_SIGCHLD Oct 31 15:24:56.365398: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:56.365402: | spent 0.0033 (0.00336) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:56.365404: | processing signal PLUTO_SIGCHLD Oct 31 15:24:56.365407: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:56.365411: | spent 0.00331 (0.00332) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:59.617179: | newref struct fd@0x5648ff246528(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:59.617195: | fd_accept: new fd-fd@0x5648ff246528 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:59.617213: | whack: traffic_status Oct 31 15:24:59.617219: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:24:59.617223: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:59.617232: | get_sa_info esp.7ab092a8@192.1.3.209 Oct 31 15:24:59.617249: | get_sa_info esp.ed51822d@192.1.2.23 Oct 31 15:24:59.617265: | delref fd@0x5648ff246528(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:59.617273: | freeref fd-fd@0x5648ff246528 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:59.617281: | spent 0.108 (0.111) milliseconds in whack Oct 31 15:25:01.320280: | newref struct fd@0x5648ff246528(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:01.320299: | fd_accept: new fd-fd@0x5648ff246528 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:01.320322: | whack: status Oct 31 15:25:01.320666: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:01.320672: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:01.320743: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:01.320747: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:01.320765: | get_sa_info esp.7ab092a8@192.1.3.209 Oct 31 15:25:01.320785: | get_sa_info esp.ed51822d@192.1.2.23 Oct 31 15:25:01.320813: | delref fd@0x5648ff246528(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:01.320824: | freeref fd-fd@0x5648ff246528 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:01.320834: | spent 0.555 (0.563) milliseconds in whack Oct 31 15:25:01.747601: | spent 0.00358 (0.00387) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:01.747619: | newref struct msg_digest@0x5648ff243d48(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.747624: | newref alloc logger@0x5648ff23a228(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.747631: | *received 69 bytes from 192.1.2.23:500 on eth0 192.1.3.209:500 using UDP Oct 31 15:25:01.747634: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.747636: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:01.747638: | fe 5a ac f6 d7 b4 70 e9 b6 3a 0b 6b 5f de 0c cb Oct 31 15:25:01.747641: | 39 e2 29 0c 84 c0 cb 3f 54 b1 a9 8f 9c f0 48 92 Oct 31 15:25:01.747643: | 28 64 27 b0 71 Oct 31 15:25:01.747648: | **parse ISAKMP Message: Oct 31 15:25:01.747653: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:25:01.747660: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.747663: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:01.747666: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.747668: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.747674: | flags: none (0x0) Oct 31 15:25:01.747679: | Message ID: 0 (00 00 00 00) Oct 31 15:25:01.747683: | length: 69 (00 00 00 45) Oct 31 15:25:01.747686: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:01.747690: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:01.747695: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:01.747704: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:01.747707: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Oct 31 15:25:01.747711: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:01.747714: | #1 is idle Oct 31 15:25:01.747720: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.747725: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:01.747728: | unpacking clear payload Oct 31 15:25:01.747731: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:01.747734: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:01.747737: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:01.747740: | flags: none (0x0) Oct 31 15:25:01.747743: | length: 41 (00 29) Oct 31 15:25:01.747746: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:25:01.747748: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:01.747766: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:01.747769: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:01.747773: | **parse IKEv2 Delete Payload: Oct 31 15:25:01.747775: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.747778: | flags: none (0x0) Oct 31 15:25:01.747781: | length: 12 (00 0c) Oct 31 15:25:01.747784: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:01.747786: | SPI size: 4 (04) Oct 31 15:25:01.747789: | number of SPIs: 1 (00 01) Oct 31 15:25:01.747791: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:25:01.747794: | selected state microcode Informational Request Oct 31 15:25:01.747802: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:25:01.747805: | calling processor Informational Request Oct 31 15:25:01.747809: | an informational request should send a response Oct 31 15:25:01.747814: | opening output PBS information exchange reply packet Oct 31 15:25:01.747816: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:01.747819: | **emit ISAKMP Message: Oct 31 15:25:01.747824: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:25:01.747828: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.747831: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.747833: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.747836: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.747839: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:01.747843: | Message ID: 0 (00 00 00 00) Oct 31 15:25:01.747846: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.747849: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:01.747854: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.747857: | flags: none (0x0) Oct 31 15:25:01.747860: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:01.747862: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:01.747866: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:01.747872: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:25:01.747875: | SPI Oct 31 15:25:01.747878: | ed 51 82 2d Oct 31 15:25:01.747881: | delete IKEv2_SEC_PROTO_ESP SA(0xed51822d) Oct 31 15:25:01.747884: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:01.747887: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:25:01.747889: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0xed51822d) Oct 31 15:25:01.747894: "road-eastnet" #1: received Delete SA payload: replace IPsec State #2 now Oct 31 15:25:01.747897: | #2 requesting EVENT_SA_REKEY-pe@0x5648ff23ff38 be deleted Oct 31 15:25:01.747902: | libevent_free: delref ptr-libevent@0x5648ff246358 Oct 31 15:25:01.747905: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5648ff23ff38 Oct 31 15:25:01.747908: | event_schedule: newref EVENT_SA_REPLACE-pe@0x5648ff22c4d8 Oct 31 15:25:01.747911: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Oct 31 15:25:01.747914: | libevent_malloc: newref ptr-libevent@0x5648ff23c6d8 size 128 Oct 31 15:25:01.747918: | ****emit IKEv2 Delete Payload: Oct 31 15:25:01.747920: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.747923: | flags: none (0x0) Oct 31 15:25:01.747925: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:01.747928: | SPI size: 4 (04) Oct 31 15:25:01.747931: | number of SPIs: 1 (00 01) Oct 31 15:25:01.747934: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:01.747937: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:01.747940: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:25:01.747944: | local SPIs: 7a b0 92 a8 Oct 31 15:25:01.747946: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:01.747949: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:01.747952: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:01.747955: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:01.747957: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:25:01.747960: | emitting length of ISAKMP Message: 69 Oct 31 15:25:01.747974: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:01.747978: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.747981: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:01.747983: | 7d e8 25 f9 00 6d b9 f8 60 b8 93 de a7 c2 5d 29 Oct 31 15:25:01.747985: | 28 ae a7 0e dd 3f 04 77 8a 6c 0e 77 7e f1 8e a3 Oct 31 15:25:01.747987: | 4c 38 f4 91 68 Oct 31 15:25:01.748019: | sent 1 messages Oct 31 15:25:01.748026: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:01.748033: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744570.679329 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:01.748044: | #1 spent 0.214 (0.231) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:25:01.748051: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:01.748055: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:25:01.748059: | Message ID: updating counters for #1 Oct 31 15:25:01.748066: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744570.679329->744576.180857 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:25:01.748072: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744576.180857 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.748078: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744576.180857 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.748080: | announcing the state transition Oct 31 15:25:01.748084: "road-eastnet" #1: established IKE SA Oct 31 15:25:01.748090: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:01.748093: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.748095: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:01.748097: | 7d e8 25 f9 00 6d b9 f8 60 b8 93 de a7 c2 5d 29 Oct 31 15:25:01.748099: | 28 ae a7 0e dd 3f 04 77 8a 6c 0e 77 7e f1 8e a3 Oct 31 15:25:01.748101: | 4c 38 f4 91 68 Oct 31 15:25:01.748115: | sent 1 messages Oct 31 15:25:01.748119: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:25:01.748124: | stop processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:01.748130: | #1 spent 0.515 (0.537) milliseconds in ikev2_process_packet() Oct 31 15:25:01.748133: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:01.748136: | delref mdp@0x5648ff243d48(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.748139: | delref logger@0x5648ff23a228(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.748142: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.748144: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.748150: | spent 0.535 (0.558) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:01.748157: | timer_event_cb: processing event@0x5648ff22c4d8 Oct 31 15:25:01.748159: | handling event EVENT_SA_REPLACE for child state #2 Oct 31 15:25:01.748162: | libevent_free: delref ptr-libevent@0x5648ff23c6d8 Oct 31 15:25:01.748165: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x5648ff22c4d8 Oct 31 15:25:01.748170: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:01.748174: | picked newest_ipsec_sa #2 for #2 Oct 31 15:25:01.748176: | replacing stale CHILD SA Oct 31 15:25:01.748180: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:01.748183: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:25:01.748188: | newref alloc logger@0x5648ff23ff38(0->1) (in new_state() at state.c:576) Oct 31 15:25:01.748191: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:01.748193: | creating state object #3 at 0x5648ff243d48 Oct 31 15:25:01.748196: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:25:01.748207: | pstats #3 ikev2.child started Oct 31 15:25:01.748213: | duplicating state object #1 "road-eastnet" as #3 for IPSEC SA Oct 31 15:25:01.748219: | #3 setting local endpoint to 192.1.3.209:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:01.748227: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744576.180857 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:01.748230: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Oct 31 15:25:01.748235: | #3.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:25:01.748239: | suspend processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:01.748244: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:01.748248: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:25:01.748251: | constructing ESP/AH proposals with default DH MODP2048 for road-eastnet (ESP/AH initiator emitting proposals) Oct 31 15:25:01.748257: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:25:01.748263: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:01.748266: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:25:01.748270: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:01.748273: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:01.748277: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.748280: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:01.748284: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.748287: "road-eastnet": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:25:01.748292: "road-eastnet": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:01.748296: "road-eastnet": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:01.748301: "road-eastnet": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.748305: "road-eastnet": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:01.748310: | #3 schedule rekey initiate IPsec SA RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 to replace #2 using IKE# 1 pfs=MODP2048 Oct 31 15:25:01.748313: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x5648ff23caf8 Oct 31 15:25:01.748316: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Oct 31 15:25:01.748319: | libevent_malloc: newref ptr-libevent@0x5648ff246358 size 128 Oct 31 15:25:01.748324: | RESET processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:25:01.748327: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x5648ff22c4d8 Oct 31 15:25:01.748330: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Oct 31 15:25:01.748332: | libevent_malloc: newref ptr-libevent@0x5648ff23ccf8 size 128 Oct 31 15:25:01.748338: | #2 spent 0.176 (0.18) milliseconds in timer_event_cb() EVENT_SA_REPLACE Oct 31 15:25:01.748341: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:01.748346: | timer_event_cb: processing event@0x5648ff23caf8 Oct 31 15:25:01.748348: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Oct 31 15:25:01.748351: | libevent_free: delref ptr-libevent@0x5648ff246358 Oct 31 15:25:01.748354: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x5648ff23caf8 Oct 31 15:25:01.748358: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:01.748369: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:01.748371: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:01.748374: | newref clone logger@0x5648ff246748(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:01.748377: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:25:01.748379: | state #3 has no .st_event to delete Oct 31 15:25:01.748382: | #3 STATE_V2_REKEY_CHILD_I0: retransmits: cleared Oct 31 15:25:01.748384: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23a228 Oct 31 15:25:01.748387: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:01.748389: | libevent_malloc: newref ptr-libevent@0x5648ff246358 size 128 Oct 31 15:25:01.748399: | #3 spent 0.0519 (0.0519) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:25:01.748405: | stop processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:01.748408: | timer_event_cb: processing event@0x5648ff22c4d8 Oct 31 15:25:01.748411: | handling event EVENT_SA_EXPIRE for child state #2 Oct 31 15:25:01.748410: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 4 starting job Oct 31 15:25:01.748414: | libevent_free: delref ptr-libevent@0x5648ff23ccf8 Oct 31 15:25:01.748425: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x5648ff22c4d8 Oct 31 15:25:01.748430: | start processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:01.748433: | picked newest_ipsec_sa #2 for #2 Oct 31 15:25:01.748436: | un-established partial CHILD SA timeout (SA expired) Oct 31 15:25:01.748438: | pstats #2 ikev2.child re-failed exchange-timeout Oct 31 15:25:01.748441: | should_send_delete: no, just because Oct 31 15:25:01.748443: | pstats #2 ikev2.child deleted completed Oct 31 15:25:01.748448: | #2 main thread spent 2.33 (37.5) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:01.748452: | [RE]START processing: state #2 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.748455: | should_send_delete: no, just because Oct 31 15:25:01.748459: "road-eastnet" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 5.477407s and NOT sending notification Oct 31 15:25:01.748462: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:01.748466: | get_sa_info esp.ed51822d@192.1.2.23 Oct 31 15:25:01.748479: | get_sa_info esp.7ab092a8@192.1.3.209 Oct 31 15:25:01.748487: "road-eastnet" #2: ESP traffic information: in=336B out=336B Oct 31 15:25:01.748490: | unsuspending #2 MD (nil) Oct 31 15:25:01.748492: | should_send_delete: no, just because Oct 31 15:25:01.748495: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:25:01.748498: | state #2 has no .st_event to delete Oct 31 15:25:01.748500: | #2 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:01.748669: | running updown command "ipsec _updown" for verb down Oct 31 15:25:01.748677: | command executing down-host Oct 31 15:25:01.748683: | get_sa_info esp.ed51822d@192.1.2.23 Oct 31 15:25:01.748695: | get_sa_info esp.7ab092a8@192.1.3.209 Oct 31 15:25:01.748729: | executing down-host: PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED... Oct 31 15:25:01.748737: | popen cmd is 1145 chars long Oct 31 15:25:01.748740: | cmd( 0):PLUTO_VERB='down-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO: Oct 31 15:25:01.748743: | cmd( 80):_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HO: Oct 31 15:25:01.748745: | cmd( 160):P='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.: Oct 31 15:25:01.748747: | cmd( 240):1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.: Oct 31 15:25:01.748750: | cmd( 320):255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYP: Oct 31 15:25:01.748752: | cmd( 400):E='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2: Oct 31 15:25:01.748755: | cmd( 480):.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' : Oct 31 15:25:01.748757: | cmd( 560):PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' : Oct 31 15:25:01.748759: | cmd( 640):PLUTO_ADDTIME='1604157896' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP: Oct 31 15:25:01.748761: | cmd( 720):+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' P: Oct 31 15:25:01.748764: | cmd( 800):LUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Oct 31 15:25:01.748766: | cmd( 880):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Oct 31 15:25:01.748768: | cmd( 960):UTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='336' PLUTO_OUTBYTES='3: Oct 31 15:25:01.748770: | cmd(1040):36' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xed51822d SPI_OUT=0x7a: Oct 31 15:25:01.748773: | cmd(1120):b092a8 ipsec _updown 2>&1: Oct 31 15:25:01.753061: | "road-eastnet" #3: spent 2.29 (4.65) milliseconds in helper 4 processing job 4 for state #3: Child Rekey Initiator KE and nonce ni (pcr) Oct 31 15:25:01.753078: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 4 sending result back to state Oct 31 15:25:01.753126: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:01.753177: | libevent_malloc: newref ptr-libevent@0x7f5c2c006108 size 128 Oct 31 15:25:01.753185: | helper thread 4 has nothing to do Oct 31 15:25:01.783541: | shunt_eroute() called for connection 'road-eastnet' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:01.783557: | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 Oct 31 15:25:01.783561: | priority calculation of connection "road-eastnet" is 2080718 (0x1fbfce) Oct 31 15:25:01.783566: | IPsec SA SPD priority set to 2080718 Oct 31 15:25:01.783594: | delete esp.ed51822d@192.1.2.23 Oct 31 15:25:01.783597: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:01.783611: | netlink response for Del SA esp.ed51822d@192.1.2.23 included non-error error Oct 31 15:25:01.783615: | priority calculation of connection "road-eastnet" is 2080718 (0x1fbfce) Oct 31 15:25:01.783622: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk.10000@192.1.3.209 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:01.783646: | raw_eroute result=success Oct 31 15:25:01.783650: | delete esp.7ab092a8@192.1.3.209 Oct 31 15:25:01.783653: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:01.783664: | netlink response for Del SA esp.7ab092a8@192.1.3.209 included non-error error Oct 31 15:25:01.783669: | in connection_discard for connection road-eastnet Oct 31 15:25:01.783672: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Oct 31 15:25:01.783676: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:01.783679: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:01.783684: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.783687: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.783689: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:01.783695: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.783702: | delref logger@0x5648ff23eb48(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.783704: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.783707: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.783711: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Oct 31 15:25:01.783713: | can't expire unused IKE SA #1; it has the child #3 Oct 31 15:25:01.783716: | in statetime_stop() and could not find #2 Oct 31 15:25:01.783719: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:01.783741: | spent 0.00194 (0.00193) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:01.783753: | newref struct msg_digest@0x5648ff24bb78(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.783757: | newref alloc logger@0x5648ff23caf8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:01.783762: | *received 65 bytes from 192.1.2.23:500 on eth0 192.1.3.209:500 using UDP Oct 31 15:25:01.783765: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.783767: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Oct 31 15:25:01.783769: | 5c cb 3e a4 56 3f e8 7a 7b f3 d9 b6 b6 6f 1d b4 Oct 31 15:25:01.783771: | 9a 3f 1a 70 39 03 e1 d6 d3 68 ee 7f b4 1a e0 48 Oct 31 15:25:01.783773: | fb Oct 31 15:25:01.783777: | **parse ISAKMP Message: Oct 31 15:25:01.783782: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:25:01.783786: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.783788: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:01.783791: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.783793: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.783796: | flags: none (0x0) Oct 31 15:25:01.783799: | Message ID: 1 (00 00 00 01) Oct 31 15:25:01.783803: | length: 65 (00 00 00 41) Oct 31 15:25:01.783806: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:01.783809: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:01.783812: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:01.783819: | start processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:01.783822: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:25:01.783825: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:01.783827: | #1 is idle Oct 31 15:25:01.783834: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744576.180857 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:01.783838: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:01.783841: | unpacking clear payload Oct 31 15:25:01.783844: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:01.783847: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:01.783850: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:01.783852: | flags: none (0x0) Oct 31 15:25:01.783855: | length: 37 (00 25) Oct 31 15:25:01.783858: | processing payload: ISAKMP_NEXT_v2SK (len=33) Oct 31 15:25:01.783860: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:01.783876: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:01.783879: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:01.783886: | **parse IKEv2 Delete Payload: Oct 31 15:25:01.783888: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.783891: | flags: none (0x0) Oct 31 15:25:01.783894: | length: 8 (00 08) Oct 31 15:25:01.783896: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.783899: | SPI size: 0 (00) Oct 31 15:25:01.783902: | number of SPIs: 0 (00 00) Oct 31 15:25:01.783904: | processing payload: ISAKMP_NEXT_v2D (len=0) Oct 31 15:25:01.783907: | selected state microcode Informational Request Oct 31 15:25:01.783913: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744576.180857 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:25:01.783915: | calling processor Informational Request Oct 31 15:25:01.783919: | an informational request should send a response Oct 31 15:25:01.783924: | opening output PBS information exchange reply packet Oct 31 15:25:01.783926: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:01.783928: | **emit ISAKMP Message: Oct 31 15:25:01.783932: | initiator SPI: 41 21 01 09 c5 56 e7 2b Oct 31 15:25:01.783936: | responder SPI: 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.783939: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.783941: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.783944: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:01.783946: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:01.783949: | Message ID: 1 (00 00 00 01) Oct 31 15:25:01.783952: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.783955: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:01.783958: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.783960: | flags: none (0x0) Oct 31 15:25:01.783963: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:01.783965: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:01.783969: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:01.783979: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:01.783982: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:01.783985: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:01.783987: | emitting length of IKEv2 Encryption Payload: 29 Oct 31 15:25:01.783989: | emitting length of ISAKMP Message: 57 Oct 31 15:25:01.784004: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:01.784008: | 41 21 01 09 c5 56 e7 2b 29 f1 bd 7b 2b c3 98 0a Oct 31 15:25:01.784010: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Oct 31 15:25:01.784013: | c3 38 27 cd 20 43 23 d8 07 68 2d 93 6c ee 97 59 Oct 31 15:25:01.784015: | 62 79 0b cf da 76 77 ca 61 Oct 31 15:25:01.784044: | sent 1 messages Oct 31 15:25:01.784053: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744576.180857 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:01.784060: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744570.798023 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744576.180857 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:01.784064: | pstats #3 ikev2.child deleted other Oct 31 15:25:01.784071: | #3 main thread spent 0.0519 (0.0519) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:01.784077: | suspend processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.784082: | start processing: state #3 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.784085: | should_send_delete: no, just because Oct 31 15:25:01.784090: "road-eastnet" #3: deleting other state #3 (STATE_V2_REKEY_CHILD_I0) aged 0.0359s and NOT sending notification Oct 31 15:25:01.784093: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => delete Oct 31 15:25:01.784096: | unsuspending #3 MD (nil) Oct 31 15:25:01.784098: | should_send_delete: no, just because Oct 31 15:25:01.784101: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Oct 31 15:25:01.784104: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:01.784107: | libevent_free: delref ptr-libevent@0x5648ff246358 Oct 31 15:25:01.784111: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff23a228 Oct 31 15:25:01.784114: | #3 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:01.784117: | priority calculation of connection "road-eastnet" is 2080718 (0x1fbfce) Oct 31 15:25:01.784124: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.1.3.209/32:0 => unk.10000@192.1.3.209 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:01.784138: | raw_eroute result=success Oct 31 15:25:01.784141: | in connection_discard for connection road-eastnet Oct 31 15:25:01.784144: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Oct 31 15:25:01.784148: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:01.784150: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:01.784153: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.784155: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.784157: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:01.784162: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.784166: | resume processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.784170: | delref logger@0x5648ff23ff38(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.784173: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.784175: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.784179: | State DB: IKEv2 state not found (delete_ike_family) Oct 31 15:25:01.784181: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:01.784186: | #1 main thread spent 7.61 (43.2) milliseconds helper thread spent 16.7 (17.8) milliseconds in total Oct 31 15:25:01.784191: | [RE]START processing: state #1 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:01.784193: | should_send_delete: no, just because Oct 31 15:25:01.784197: "road-eastnet" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 5.537694s and NOT sending notification Oct 31 15:25:01.784207: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:01.784318: | unsuspending #1 MD (nil) Oct 31 15:25:01.784323: | should_send_delete: no, just because Oct 31 15:25:01.784326: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:01.784330: | libevent_free: delref ptr-libevent@0x7f5c38000da8 Oct 31 15:25:01.784333: | free_event_entry: delref EVENT_SA_REKEY-pe@0x5648ff23c2a8 Oct 31 15:25:01.784336: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:01.784339: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:01.784341: | picked newest_isakmp_sa #0 for #1 Oct 31 15:25:01.784345: "road-eastnet" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:01.784349: | add revival: connection 'road-eastnet' added to the list and scheduled for 0 seconds Oct 31 15:25:01.784353: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Oct 31 15:25:01.784360: | in connection_discard for connection road-eastnet Oct 31 15:25:01.784363: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:01.784366: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:01.784369: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:01.784372: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.784374: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:01.784378: | delref pkp@0x5648ff23e938(2->1) (in delete_state() at state.c:1202) Oct 31 15:25:01.784393: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:01.784468: | delref logger@0x5648ff2390d8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:01.784474: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.784477: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.784481: | in statetime_stop() and could not find #1 Oct 31 15:25:01.784483: | XXX: processor 'Informational Request' for #1 deleted state MD.ST Oct 31 15:25:01.784486: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:01.784488: | in statetime_stop() and could not find #1 Oct 31 15:25:01.784491: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:01.784494: | delref mdp@0x5648ff24bb78(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.784496: | delref logger@0x5648ff23caf8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:01.784498: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.784501: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.784507: | spent 0.637 (0.77) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:01.784510: | processing resume sending helper answer back to state for #3 Oct 31 15:25:01.784514: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 4 Oct 31 15:25:01.784517: | job 4 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): was cancelled; ignoring respose Oct 31 15:25:01.784528: | delref logger@0x5648ff246748(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:01.784530: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.784533: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.784538: | (#3) spent 0.0229 (0.0229) milliseconds in resume sending helper answer back to state Oct 31 15:25:01.784541: | libevent_free: delref ptr-libevent@0x7f5c2c006108 Oct 31 15:25:01.784545: | processing signal PLUTO_SIGCHLD Oct 31 15:25:01.784549: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:01.784554: | spent 0.0051 (0.00508) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:01.784561: | processing global timer EVENT_REVIVE_CONNS Oct 31 15:25:01.784565: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:01.784568: "road-eastnet": initiating connection which received a Delete/Notify but must remain up per local policy Oct 31 15:25:01.784572: | connection 'road-eastnet' +POLICY_UP Oct 31 15:25:01.784575: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:01.784584: | newref alloc logger@0x5648ff23a228(0->1) (in new_state() at state.c:576) Oct 31 15:25:01.784587: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:01.784589: | creating state object #4 at 0x5648ff242088 Oct 31 15:25:01.784592: | State DB: adding IKEv2 state #4 in UNDEFINED Oct 31 15:25:01.784598: | pstats #4 ikev2.ike started Oct 31 15:25:01.784602: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:25:01.784606: | #4.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:25:01.784616: | Message ID: IKE #4 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744576.217406 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744576.217406 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:25:01.784622: | orienting road-eastnet Oct 31 15:25:01.784628: | road-eastnet doesn't match 127.0.0.1:4500 at all Oct 31 15:25:01.784632: | road-eastnet doesn't match 127.0.0.1:500 at all Oct 31 15:25:01.784636: | road-eastnet doesn't match 192.1.3.209:4500 at all Oct 31 15:25:01.784638: | oriented road-eastnet's this Oct 31 15:25:01.784645: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:25:01.784649: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:25:01.784654: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #4 "road-eastnet" Oct 31 15:25:01.784657: "road-eastnet" #4: initiating IKEv2 connection Oct 31 15:25:01.784675: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator selecting KE): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:01.784682: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:01.784685: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:01.784688: | newref clone logger@0x5648ff23ec08(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:01.784691: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:25:01.784694: | state #4 has no .st_event to delete Oct 31 15:25:01.784697: | #4 STATE_PARENT_I0: retransmits: cleared Oct 31 15:25:01.784700: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff22c858 Oct 31 15:25:01.784703: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Oct 31 15:25:01.784707: | libevent_malloc: newref ptr-libevent@0x5648ff23c6d8 size 128 Oct 31 15:25:01.784720: | #4 spent 0.147 (0.147) milliseconds in ikev2_parent_outI1() Oct 31 15:25:01.784726: | RESET processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:25:01.784731: | spent 0.166 (0.166) milliseconds in global timer EVENT_REVIVE_CONNS Oct 31 15:25:01.784746: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): helper 5 starting job Oct 31 15:25:01.786683: | "road-eastnet" #4: spent 1.83 (1.93) milliseconds in helper 5 processing job 5 for state #4: ikev2_outI1 KE (pcr) Oct 31 15:25:01.786703: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): helper thread 5 sending result back to state Oct 31 15:25:01.786707: | scheduling resume sending helper answer back to state for #4 Oct 31 15:25:01.786710: | libevent_malloc: newref ptr-libevent@0x7f5c30006108 size 128 Oct 31 15:25:01.786720: | helper thread 5 has nothing to do Oct 31 15:25:01.786733: | processing resume sending helper answer back to state for #4 Oct 31 15:25:01.786745: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:01.786750: | unsuspending #4 MD (nil) Oct 31 15:25:01.786754: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): processing response from helper 5 Oct 31 15:25:01.786757: | job 5 for #4: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x5648fed3bfe7 Oct 31 15:25:01.786761: | ikev2_parent_outI1_continue() for #4 STATE_PARENT_I0 Oct 31 15:25:01.786764: | DH secret MODP2048@0x7f5c30006ba8: transferring ownership from helper KE to state #4 Oct 31 15:25:01.786770: | opening output PBS reply packet Oct 31 15:25:01.786774: | **emit ISAKMP Message: Oct 31 15:25:01.786879: | initiator SPI: fb 98 88 f3 a1 57 d8 75 Oct 31 15:25:01.786989: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:25:01.786996: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:01.787106: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:01.787112: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:01.787394: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:01.787405: | Message ID: 0 (00 00 00 00) Oct 31 15:25:01.787409: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:01.787427: | using existing local IKE proposals for connection road-eastnet (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:01.787431: | Emitting ikev2_proposals ... Oct 31 15:25:01.787433: | ***emit IKEv2 Security Association Payload: Oct 31 15:25:01.787436: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.787438: | flags: none (0x0) Oct 31 15:25:01.787441: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:01.787444: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.787448: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:01.787451: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.787454: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.787456: | prop #: 1 (01) Oct 31 15:25:01.787459: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.787461: | spi size: 0 (00) Oct 31 15:25:01.787464: | # transforms: 11 (0b) Oct 31 15:25:01.787467: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.787470: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787475: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.787478: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:01.787480: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787483: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.787485: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.787488: | length/value: 256 (01 00) Oct 31 15:25:01.787491: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.787493: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787556: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.787559: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.787562: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787564: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787567: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787570: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787572: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787575: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.787577: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.787579: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787587: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787590: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:01.787593: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787595: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787597: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787600: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.787602: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787605: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787608: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787611: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787613: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787615: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787617: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.787620: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787623: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787625: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787627: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787630: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787632: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787634: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.787636: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787638: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787640: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787642: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787644: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787646: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787648: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.787650: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787652: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787655: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787656: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787659: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787660: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787662: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.787664: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787666: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787670: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787672: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787674: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787677: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787679: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.787681: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787683: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787685: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787688: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787690: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787691: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787693: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.787696: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787697: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787699: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787702: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787704: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.787706: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787707: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.787710: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787711: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787714: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787716: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:01.787718: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.787721: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:01.787724: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.787726: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.787729: | prop #: 2 (02) Oct 31 15:25:01.787731: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.787734: | spi size: 0 (00) Oct 31 15:25:01.787737: | # transforms: 11 (0b) Oct 31 15:25:01.787740: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.787742: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.787745: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787748: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787750: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.787752: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:01.787754: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787756: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.787759: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.787761: | length/value: 128 (00 80) Oct 31 15:25:01.787765: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.787767: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787771: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.787773: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.787775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787777: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787780: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787781: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787783: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787785: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.787787: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.787789: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787791: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.787793: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.787796: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:01.787798: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.787801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.787803: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.787805: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.788023: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788029: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788254: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788263: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788266: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788268: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788270: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.788273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788277: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788279: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788283: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788285: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.788288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788459: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788462: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788465: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788469: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788472: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.788474: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788479: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788481: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788483: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788486: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788488: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.788491: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788493: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788496: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788498: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788502: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788504: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.788507: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788509: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788512: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788514: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788516: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788518: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788520: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.788523: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788586: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788592: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788595: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788598: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.788600: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788603: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.788606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788608: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788611: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788614: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:01.788616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.788621: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.788624: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.788627: | prop #: 3 (03) Oct 31 15:25:01.788630: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.788635: | spi size: 0 (00) Oct 31 15:25:01.788638: | # transforms: 13 (0d) Oct 31 15:25:01.788641: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.788644: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.788647: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788649: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788652: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.788654: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:01.788656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788658: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.788661: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.788664: | length/value: 256 (01 00) Oct 31 15:25:01.788666: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.788669: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788671: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788673: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.788675: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.788678: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788682: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788684: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788689: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.788691: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.788693: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788695: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788698: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788700: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788702: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788704: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.788706: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:01.788709: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788711: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788714: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788716: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788720: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.788722: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:01.788725: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788727: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788731: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788733: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788735: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788737: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788740: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.788742: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788746: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788749: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788755: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.788757: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788759: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788761: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788763: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788766: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788768: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788770: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.788773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788776: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788778: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788781: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788783: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788786: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788788: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.788791: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788793: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788796: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788799: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788801: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788806: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.788809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788811: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788814: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788816: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788819: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788821: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788824: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.788827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.788832: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.788834: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.788836: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.788838: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.788840: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.789059: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789063: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789121: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789296: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789299: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.789301: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789303: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.789306: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789308: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789311: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789313: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:01.789315: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.789319: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:01.789321: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:01.789486: | prop #: 4 (04) Oct 31 15:25:01.789492: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:01.789495: | spi size: 0 (00) Oct 31 15:25:01.789498: | # transforms: 13 (0d) Oct 31 15:25:01.789501: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:01.789503: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:01.789506: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789509: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789511: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:01.789513: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:01.789515: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789518: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:01.789520: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:01.789523: | length/value: 128 (00 80) Oct 31 15:25:01.789526: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:01.789528: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789531: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789533: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.789535: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:01.789537: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789543: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789545: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789548: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789550: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789553: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:01.789555: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:01.789616: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789621: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789624: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789627: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789629: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789632: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.789634: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:01.789637: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789639: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789641: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789644: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789646: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789649: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:01.789651: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:01.789654: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789656: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789659: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789662: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789664: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789666: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789668: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.789671: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789673: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789676: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789678: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789681: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789683: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789685: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:01.789688: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789690: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789692: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789697: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789700: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789702: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789704: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:01.789707: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789709: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789712: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789714: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789716: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789719: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789721: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:01.789724: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789726: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789729: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789731: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789734: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789736: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789738: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:01.789741: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789744: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789747: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789749: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789754: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789756: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:01.789759: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789761: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789764: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789766: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789769: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789771: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789774: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:01.789776: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789779: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789782: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789785: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:01.789787: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:01.789790: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:01.789792: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:01.789797: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:01.789799: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:01.789802: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:01.789805: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:01.789807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:01.789810: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:25:01.789812: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:01.789815: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:25:01.789818: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.789821: | flags: none (0x0) Oct 31 15:25:01.789824: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:01.789827: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:01.789830: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.789833: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:01.789836: | ikev2 g^x: Oct 31 15:25:01.789839: | c1 6d 49 36 73 a3 15 4e cd 95 ff 9a 97 4c e8 ae Oct 31 15:25:01.789841: | 24 06 44 8d 06 7e 06 4a 33 79 17 fd e5 07 2f 4a Oct 31 15:25:01.789843: | 51 f6 23 f2 a9 99 98 d3 9c ca ba 78 9c eb a1 0d Oct 31 15:25:01.789846: | 3a f2 d5 59 d2 15 d8 80 e2 75 e8 33 b8 90 19 42 Oct 31 15:25:01.789848: | 82 31 f3 4a e9 51 4c b5 17 e2 75 b9 9b 36 11 9b Oct 31 15:25:01.789850: | 5e d6 a8 e4 ca 15 90 0c fd 58 5a df ac 0e 4a 65 Oct 31 15:25:01.789852: | b9 60 7d 76 c8 4c 2a 76 8a 83 21 e4 4f 06 e8 54 Oct 31 15:25:01.789854: | e8 6a b8 3a d2 9e 4f fb 68 05 bf 20 c5 27 3e 48 Oct 31 15:25:01.789857: | d4 55 aa 54 a7 85 46 9d d3 64 ac ad dc 67 ea 45 Oct 31 15:25:01.789859: | 10 a6 63 ce 63 70 23 6f 71 c2 5b 58 3a 46 04 f6 Oct 31 15:25:01.789862: | a5 39 31 30 d1 e3 70 24 e8 c3 36 3a d7 3c 3f b2 Oct 31 15:25:01.789864: | 31 95 84 37 f2 29 92 d4 91 db d5 61 6f 1c a6 b9 Oct 31 15:25:01.789866: | e9 9a 77 2c 65 3c 76 0b 39 33 b2 c3 71 9d 04 e2 Oct 31 15:25:01.789868: | 8f 69 dd 52 95 b2 4f a1 d8 0f e4 cf ce 09 05 19 Oct 31 15:25:01.789870: | b5 cb 56 01 ae 53 24 9a 90 ef ee 61 82 2e 4a 4f Oct 31 15:25:01.790347: | fe 87 3b 32 ec 58 2c 5c fa d1 6b 4a 03 a9 de de Oct 31 15:25:01.790352: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:25:01.790355: | ***emit IKEv2 Nonce Payload: Oct 31 15:25:01.790530: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.790534: | flags: none (0x0) Oct 31 15:25:01.790537: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:01.790540: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.790544: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:01.790546: | IKEv2 nonce: Oct 31 15:25:01.790548: | 55 36 65 d6 02 3c 34 2a e6 7e ad 93 34 96 b5 f5 Oct 31 15:25:01.790551: | 76 73 c0 c8 a1 bb 4f 94 3f 92 31 2d a1 5a 12 7a Oct 31 15:25:01.790554: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:01.790557: | adding a v2N Payload Oct 31 15:25:01.790559: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.790562: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.790564: | flags: none (0x0) Oct 31 15:25:01.790567: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.790570: | SPI size: 0 (00) Oct 31 15:25:01.790576: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:01.790579: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.790581: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.790584: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:25:01.790587: | adding a v2N Payload Oct 31 15:25:01.790648: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.790654: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.790657: | flags: none (0x0) Oct 31 15:25:01.790659: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.790662: | SPI size: 0 (00) Oct 31 15:25:01.790665: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:25:01.790668: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.790670: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.790674: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:25:01.790678: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:25:01.790681: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:25:01.790684: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:25:01.790686: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:25:01.790689: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:25:01.790692: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:25:01.790695: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:25:01.790697: | nat: IKE.SPIr is zero Oct 31 15:25:01.790722: | natd_hash: hasher=0x5648fee2df80(20) Oct 31 15:25:01.790726: | natd_hash: icookie= Oct 31 15:25:01.790728: | fb 98 88 f3 a1 57 d8 75 Oct 31 15:25:01.790730: | natd_hash: rcookie= Oct 31 15:25:01.790732: | 00 00 00 00 00 00 00 00 Oct 31 15:25:01.790734: | natd_hash: ip= Oct 31 15:25:01.790736: | c0 01 03 d1 Oct 31 15:25:01.790738: | natd_hash: port= Oct 31 15:25:01.790740: | 01 f4 Oct 31 15:25:01.790742: | natd_hash: hash= Oct 31 15:25:01.790744: | fa e9 cf f4 03 9c 6b 66 41 80 ff b3 90 c8 c6 b6 Oct 31 15:25:01.790747: | 0b ca 65 85 Oct 31 15:25:01.790749: | adding a v2N Payload Oct 31 15:25:01.790752: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.790754: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.790757: | flags: none (0x0) Oct 31 15:25:01.790759: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.790762: | SPI size: 0 (00) Oct 31 15:25:01.790765: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:01.790768: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.790770: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.790773: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:01.790776: | Notify data: Oct 31 15:25:01.790778: | fa e9 cf f4 03 9c 6b 66 41 80 ff b3 90 c8 c6 b6 Oct 31 15:25:01.790780: | 0b ca 65 85 Oct 31 15:25:01.790783: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:01.790785: | nat: IKE.SPIr is zero Oct 31 15:25:01.790794: | natd_hash: hasher=0x5648fee2df80(20) Oct 31 15:25:01.790797: | natd_hash: icookie= Oct 31 15:25:01.790799: | fb 98 88 f3 a1 57 d8 75 Oct 31 15:25:01.790801: | natd_hash: rcookie= Oct 31 15:25:01.790803: | 00 00 00 00 00 00 00 00 Oct 31 15:25:01.790805: | natd_hash: ip= Oct 31 15:25:01.790807: | c0 01 02 17 Oct 31 15:25:01.790809: | natd_hash: port= Oct 31 15:25:01.790811: | 01 f4 Oct 31 15:25:01.790815: | natd_hash: hash= Oct 31 15:25:01.790818: | 7e 04 ab 39 0d e9 a5 2c 06 b1 2c 1a 17 00 62 ab Oct 31 15:25:01.790820: | de ce 68 ec Oct 31 15:25:01.790822: | adding a v2N Payload Oct 31 15:25:01.790824: | ***emit IKEv2 Notify Payload: Oct 31 15:25:01.790827: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:01.790830: | flags: none (0x0) Oct 31 15:25:01.790832: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:01.790835: | SPI size: 0 (00) Oct 31 15:25:01.790837: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:01.790840: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:01.790842: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:01.790845: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:01.790847: | Notify data: Oct 31 15:25:01.790850: | 7e 04 ab 39 0d e9 a5 2c 06 b1 2c 1a 17 00 62 ab Oct 31 15:25:01.790852: | de ce 68 ec Oct 31 15:25:01.790854: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:01.790856: | emitting length of ISAKMP Message: 842 Oct 31 15:25:01.790866: | [RE]START processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:01.790871: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:25:01.790874: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:25:01.790877: | Message ID: updating counters for #4 Oct 31 15:25:01.790880: | Message ID: IKE #4 skipping update_recv as MD is fake Oct 31 15:25:01.790887: | Message ID: IKE #4 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.217406 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.217406 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:01.790892: | event_schedule: newref EVENT_RETRANSMIT-pe@0x5648ff23caf8 Oct 31 15:25:01.790895: | inserting event EVENT_RETRANSMIT, timeout in 25 seconds for #4 Oct 31 15:25:01.790899: | libevent_malloc: newref ptr-libevent@0x5648ff246358 size 128 Oct 31 15:25:01.790905: | #4 STATE_PARENT_I0: retransmits: first event in 25 seconds; timeout in 107 seconds; limit of 12 retransmits; current time is 744576.223686 Oct 31 15:25:01.790967: | Message ID: IKE #4 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.217406 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.217406 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:01.791132: | Message ID: IKE #4 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.217406 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.217406 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:01.791191: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:25:01.791305: | announcing the state transition Oct 31 15:25:01.791365: "road-eastnet" #4: sent IKE_SA_INIT request Oct 31 15:25:01.791377: | sending 842 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #4) Oct 31 15:25:01.791381: | fb 98 88 f3 a1 57 d8 75 00 00 00 00 00 00 00 00 Oct 31 15:25:01.791383: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:25:01.791386: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:01.791388: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:01.791390: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:01.791493: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:01.791549: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:01.791555: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:01.791558: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:01.791563: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:01.791565: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:01.791567: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:01.791569: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:01.791571: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:01.791573: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:01.791576: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:01.791579: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:01.791581: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:01.791583: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:01.791585: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:01.791587: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:01.791589: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:01.791592: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:01.791594: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:01.791596: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:01.791598: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:01.791601: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:01.791603: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:01.791606: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:01.791608: | 28 00 01 08 00 0e 00 00 c1 6d 49 36 73 a3 15 4e Oct 31 15:25:01.791610: | cd 95 ff 9a 97 4c e8 ae 24 06 44 8d 06 7e 06 4a Oct 31 15:25:01.791612: | 33 79 17 fd e5 07 2f 4a 51 f6 23 f2 a9 99 98 d3 Oct 31 15:25:01.791614: | 9c ca ba 78 9c eb a1 0d 3a f2 d5 59 d2 15 d8 80 Oct 31 15:25:01.791617: | e2 75 e8 33 b8 90 19 42 82 31 f3 4a e9 51 4c b5 Oct 31 15:25:01.791619: | 17 e2 75 b9 9b 36 11 9b 5e d6 a8 e4 ca 15 90 0c Oct 31 15:25:01.791621: | fd 58 5a df ac 0e 4a 65 b9 60 7d 76 c8 4c 2a 76 Oct 31 15:25:01.791680: | 8a 83 21 e4 4f 06 e8 54 e8 6a b8 3a d2 9e 4f fb Oct 31 15:25:01.791682: | 68 05 bf 20 c5 27 3e 48 d4 55 aa 54 a7 85 46 9d Oct 31 15:25:01.791684: | d3 64 ac ad dc 67 ea 45 10 a6 63 ce 63 70 23 6f Oct 31 15:25:01.791687: | 71 c2 5b 58 3a 46 04 f6 a5 39 31 30 d1 e3 70 24 Oct 31 15:25:01.791689: | e8 c3 36 3a d7 3c 3f b2 31 95 84 37 f2 29 92 d4 Oct 31 15:25:01.791692: | 91 db d5 61 6f 1c a6 b9 e9 9a 77 2c 65 3c 76 0b Oct 31 15:25:01.791694: | 39 33 b2 c3 71 9d 04 e2 8f 69 dd 52 95 b2 4f a1 Oct 31 15:25:01.791696: | d8 0f e4 cf ce 09 05 19 b5 cb 56 01 ae 53 24 9a Oct 31 15:25:01.791698: | 90 ef ee 61 82 2e 4a 4f fe 87 3b 32 ec 58 2c 5c Oct 31 15:25:01.791700: | fa d1 6b 4a 03 a9 de de 29 00 00 24 55 36 65 d6 Oct 31 15:25:01.791703: | 02 3c 34 2a e6 7e ad 93 34 96 b5 f5 76 73 c0 c8 Oct 31 15:25:01.791705: | a1 bb 4f 94 3f 92 31 2d a1 5a 12 7a 29 00 00 08 Oct 31 15:25:01.791707: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:25:01.791709: | 00 04 29 00 00 1c 00 00 40 04 fa e9 cf f4 03 9c Oct 31 15:25:01.791712: | 6b 66 41 80 ff b3 90 c8 c6 b6 0b ca 65 85 00 00 Oct 31 15:25:01.791714: | 00 1c 00 00 40 05 7e 04 ab 39 0d e9 a5 2c 06 b1 Oct 31 15:25:01.791716: | 2c 1a 17 00 62 ab de ce 68 ec Oct 31 15:25:01.791752: | sent 1 messages Oct 31 15:25:01.791756: | checking that a retransmit timeout_event was already Oct 31 15:25:01.791760: | state #4 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:01.791764: | libevent_free: delref ptr-libevent@0x5648ff23c6d8 Oct 31 15:25:01.791768: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5648ff22c858 Oct 31 15:25:01.791773: | delref logger@0x5648ff23ec08(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:01.791776: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:01.791778: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:01.791784: | resume sending helper answer back to state for #4 suppresed complete_v2_state_transition() Oct 31 15:25:01.791787: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:01.791796: | #4 spent 2.04 (5.04) milliseconds in resume sending helper answer back to state Oct 31 15:25:01.791802: | stop processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:01.791806: | libevent_free: delref ptr-libevent@0x7f5c30006108 Oct 31 15:25:02.689283: | newref struct fd@0x5648ff2467b8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.689303: | fd_accept: new fd-fd@0x5648ff2467b8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.689321: shutting down Oct 31 15:25:02.689331: | leaking fd-fd@0x5648ff2467b8's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:02.689336: | delref fd@0x5648ff2467b8(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:02.689340: | freeref fd-fd@0x5648ff2467b8 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:02.689359: | shutting down helper thread 7 Oct 31 15:25:02.689441: | helper thread 7 exited Oct 31 15:25:02.689457: | shutting down helper thread 6 Oct 31 15:25:02.689484: | helper thread 6 exited Oct 31 15:25:02.689495: | shutting down helper thread 1 Oct 31 15:25:02.689533: | helper thread 1 exited Oct 31 15:25:02.689544: | shutting down helper thread 2 Oct 31 15:25:02.689569: | helper thread 2 exited Oct 31 15:25:02.689583: | shutting down helper thread 3 Oct 31 15:25:02.689606: | helper thread 3 exited Oct 31 15:25:02.689634: | shutting down helper thread 4 Oct 31 15:25:02.689648: | helper thread 4 exited Oct 31 15:25:02.689665: | shutting down helper thread 5 Oct 31 15:25:02.689675: | helper thread 5 exited Oct 31 15:25:02.689679: 7 helper threads shutdown Oct 31 15:25:02.689683: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:02.689686: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:02.689689: forgetting secrets Oct 31 15:25:02.689705: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:02.689709: | delref pkp@0x5648ff23e938(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:02.689774: | delref pkp@0x5648ff240c28(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:02.689780: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:25:02.689783: | removing pending policy for no connection {0x5648ff246498} Oct 31 15:25:02.689786: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:02.689789: | pass 0 Oct 31 15:25:02.689791: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:02.689794: | state #4 Oct 31 15:25:02.689802: | start processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:02.689805: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:02.689807: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:02.689810: | pstats #4 ikev2.ike deleted other Oct 31 15:25:02.689816: | #4 main thread spent 2.19 (5.19) milliseconds helper thread spent 1.83 (1.93) milliseconds in total Oct 31 15:25:02.689821: | [RE]START processing: state #4 connection "road-eastnet" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:02.689825: | should_send_delete: no, not established Oct 31 15:25:02.689829: "road-eastnet" #4: deleting state (STATE_PARENT_I1) aged 0.905245s and NOT sending notification Oct 31 15:25:02.689899: | parent state #4: PARENT_I1(half-open IKE SA) => delete Oct 31 15:25:02.689904: | unsuspending #4 MD (nil) Oct 31 15:25:02.689907: | should_send_delete: no, not established Oct 31 15:25:02.689910: | state #4 has no .st_event to delete Oct 31 15:25:02.689913: | #4 requesting EVENT_RETRANSMIT-pe@0x5648ff23caf8 be deleted Oct 31 15:25:02.689918: | libevent_free: delref ptr-libevent@0x5648ff246358 Oct 31 15:25:02.689925: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x5648ff23caf8 Oct 31 15:25:02.689927: | #4 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:02.689931: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:02.689934: | picked newest_isakmp_sa #0 for #4 Oct 31 15:25:02.689938: "road-eastnet" #4: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:02.689941: | add revival: connection 'road-eastnet' added to the list and scheduled for 5 seconds Oct 31 15:25:02.689945: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Oct 31 15:25:02.689951: | in connection_discard for connection road-eastnet Oct 31 15:25:02.689954: | State DB: deleting IKEv2 state #4 in PARENT_I1 Oct 31 15:25:02.689958: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Oct 31 15:25:02.689962: | releasing #4's fd-fd@(nil) because deleting state Oct 31 15:25:02.689964: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:02.689967: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:02.689970: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:02.689985: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:02.689991: | delref logger@0x5648ff23a228(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:02.689993: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:02.689996: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:02.689999: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:02.690001: | pass 1 Oct 31 15:25:02.690003: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:02.690010: | shunt_eroute() called for connection 'road-eastnet' to 'delete' for rt_kind 'unrouted' using protoports 192.1.3.209/32:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:02.690016: | netlink_shunt_eroute for proto 0, and source 192.1.3.209/32:0 dest 192.0.2.0/24:0 Oct 31 15:25:02.690020: | priority calculation of connection "road-eastnet" is 2080718 (0x1fbfce) Oct 31 15:25:02.690261: | priority calculation of connection "road-eastnet" is 2080718 (0x1fbfce) Oct 31 15:25:02.690281: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:02.690286: | conn road-eastnet mark 0/00000000, 0/00000000 vs Oct 31 15:25:02.690289: | conn road-eastnet mark 0/00000000, 0/00000000 Oct 31 15:25:02.690292: | route owner of "road-eastnet" unrouted: NULL Oct 31 15:25:02.690295: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:02.690298: | command executing unroute-host Oct 31 15:25:02.690327: | executing unroute-host: PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='192.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:25:02.690331: | popen cmd is 1085 chars long Oct 31 15:25:02.690334: | cmd( 0):PLUTO_VERB='unroute-host' PLUTO_VERSION='2.0' PLUTO_CONNECTION='road-eastnet' PL: Oct 31 15:25:02.690336: | cmd( 80):UTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT: Oct 31 15:25:02.690338: | cmd( 160):_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='@road' PLUTO_MY_CLIENT='1: Oct 31 15:25:02.690343: | cmd( 240):92.1.3.209/32' PLUTO_MY_CLIENT_NET='192.1.3.209' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:25:02.690345: | cmd( 320):55.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:25:02.690347: | cmd( 400):TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192: Oct 31 15:25:02.690350: | cmd( 480):.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255: Oct 31 15:25:02.690352: | cmd( 560):.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xf: Oct 31 15:25:02.690354: | cmd( 640):rm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+UP+IKEV: Oct 31 15:25:02.690356: | cmd( 720):2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Oct 31 15:25:02.690358: | cmd( 800):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Oct 31 15:25:02.690361: | cmd( 880):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Oct 31 15:25:02.690363: | cmd( 960):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=': Oct 31 15:25:02.690365: | cmd(1040):no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:02.706558: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706579: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706583: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706608: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706645: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706676: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706708: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706746: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706783: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706819: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706855: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706894: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706928: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706963: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.706997: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707032: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707070: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707106: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707141: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707630: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707673: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707709: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707743: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707777: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707813: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707850: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707891: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707926: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.707962: unroute-host output: Error: Peer netns reference is invalid. Oct 31 15:25:02.715535: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:02.715554: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:02.715559: | newref clone logger@0x5648ff246748(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:02.715565: | delref hp@0x5648ff2409b8(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:02.715573: | flush revival: connection 'road-eastnet' revival flushed Oct 31 15:25:02.715577: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:02.715579: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:02.715593: | Connection DB: deleting connection $1 Oct 31 15:25:02.715597: | delref logger@0x5648ff246748(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:02.715600: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:02.715603: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:02.715606: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:02.715608: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:02.715613: | iface: marking eth0 dead Oct 31 15:25:02.715615: | iface: marking lo dead Oct 31 15:25:02.715617: | updating interfaces - listing interfaces that are going down Oct 31 15:25:02.715624: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:02.715628: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:02.715631: shutting down interface eth0 192.1.3.209:4500 Oct 31 15:25:02.715635: shutting down interface eth0 192.1.3.209:500 Oct 31 15:25:02.715637: | updating interfaces - deleting the dead Oct 31 15:25:02.715642: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:02.715650: | libevent_free: delref ptr-libevent@0x5648ff235478 Oct 31 15:25:02.715654: | delref id@0x5648ff239538(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.715664: | libevent_free: delref ptr-libevent@0x5648ff20a518 Oct 31 15:25:02.715667: | delref id@0x5648ff239538(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.715674: | libevent_free: delref ptr-libevent@0x5648ff204638 Oct 31 15:25:02.715676: | delref id@0x5648ff239408(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.715682: | libevent_free: delref ptr-libevent@0x5648ff204168 Oct 31 15:25:02.715685: | delref id@0x5648ff239408(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.715690: | delref id@0x5648ff239408(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.715693: | delref id@0x5648ff239538(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:02.715695: | updating interfaces - checking orientation Oct 31 15:25:02.715698: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:02.719757: | libevent_free: delref ptr-libevent@0x5648ff235528 Oct 31 15:25:02.719773: | free_event_entry: delref EVENT_NULL-pe@0x5648ff2389a8 Oct 31 15:25:02.719780: | libevent_free: delref ptr-libevent@0x5648ff20a418 Oct 31 15:25:02.719783: | free_event_entry: delref EVENT_NULL-pe@0x5648ff2332e8 Oct 31 15:25:02.719787: | libevent_free: delref ptr-libevent@0x5648ff208ff8 Oct 31 15:25:02.719789: | free_event_entry: delref EVENT_NULL-pe@0x5648ff233278 Oct 31 15:25:02.719793: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:02.719795: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:02.719797: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:02.719800: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:02.719802: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:02.719805: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:02.719807: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:02.719809: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:02.719811: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:02.719815: | libevent_free: delref ptr-libevent@0x5648ff1aa8a8 Oct 31 15:25:02.719818: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:02.719821: | libevent_free: delref ptr-libevent@0x5648ff1aa6d8 Oct 31 15:25:02.719824: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:02.719827: | libevent_free: delref ptr-libevent@0x5648ff238bc8 Oct 31 15:25:02.719829: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:02.719832: | libevent_free: delref ptr-libevent@0x5648ff238e08 Oct 31 15:25:02.719834: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:02.719842: | releasing event base Oct 31 15:25:02.719856: | libevent_free: delref ptr-libevent@0x5648ff238cd8 Oct 31 15:25:02.719859: | libevent_free: delref ptr-libevent@0x5648ff227f98 Oct 31 15:25:02.719864: | libevent_free: delref ptr-libevent@0x5648ff227f48 Oct 31 15:25:02.719866: | libevent_free: delref ptr-libevent@0x5648ff204908 Oct 31 15:25:02.719868: | libevent_free: delref ptr-libevent@0x5648ff228148 Oct 31 15:25:02.719871: | libevent_free: delref ptr-libevent@0x5648ff22c498 Oct 31 15:25:02.719874: | libevent_free: delref ptr-libevent@0x5648ff22c2a8 Oct 31 15:25:02.719876: | libevent_free: delref ptr-libevent@0x5648ff2282b8 Oct 31 15:25:02.719879: | libevent_free: delref ptr-libevent@0x5648ff22c0b8 Oct 31 15:25:02.719881: | libevent_free: delref ptr-libevent@0x5648ff22ba78 Oct 31 15:25:02.719883: | libevent_free: delref ptr-libevent@0x5648ff239e28 Oct 31 15:25:02.719885: | libevent_free: delref ptr-libevent@0x5648ff239de8 Oct 31 15:25:02.719888: | libevent_free: delref ptr-libevent@0x5648ff239da8 Oct 31 15:25:02.719890: | libevent_free: delref ptr-libevent@0x5648ff239d68 Oct 31 15:25:02.719892: | libevent_free: delref ptr-libevent@0x5648ff228188 Oct 31 15:25:02.719894: | libevent_free: delref ptr-libevent@0x5648ff238b88 Oct 31 15:25:02.719897: | libevent_free: delref ptr-libevent@0x5648ff238b48 Oct 31 15:25:02.719899: | libevent_free: delref ptr-libevent@0x5648ff22c0f8 Oct 31 15:25:02.719901: | libevent_free: delref ptr-libevent@0x5648ff238c98 Oct 31 15:25:02.719903: | libevent_free: delref ptr-libevent@0x5648ff238a18 Oct 31 15:25:02.719906: | libevent_free: delref ptr-libevent@0x5648ff203f68 Oct 31 15:25:02.719909: | libevent_free: delref ptr-libevent@0x5648ff203ee8 Oct 31 15:25:02.719911: | libevent_free: delref ptr-libevent@0x5648ff220fc8 Oct 31 15:25:02.719913: | releasing global libevent data Oct 31 15:25:02.719916: | libevent_free: delref ptr-libevent@0x5648ff1aa5b8 Oct 31 15:25:02.719919: | libevent_free: delref ptr-libevent@0x5648ff209f68 Oct 31 15:25:02.719921: | libevent_free: delref ptr-libevent@0x5648ff203fe8 Oct 31 15:25:02.719963: leak detective found no leaks