Oct 31 15:24:54.736024: | newref logger@0x55fbf0f9bbb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:54.736072: | delref logger@0x55fbf0f9bbb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:54.736080: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:54.736083: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:54.736089: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:54.736276: Initializing NSS Oct 31 15:24:54.736286: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:54.764853: FIPS Mode: NO Oct 31 15:24:54.764864: NSS crypto library initialized Oct 31 15:24:54.764893: FIPS mode disabled for pluto daemon Oct 31 15:24:54.764896: FIPS HMAC integrity support [disabled] Oct 31 15:24:54.764956: libcap-ng support [enabled] Oct 31 15:24:54.764964: Linux audit support [enabled] Oct 31 15:24:54.764983: Linux audit activated Oct 31 15:24:54.764989: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2153268 Oct 31 15:24:54.764991: core dump dir: /tmp Oct 31 15:24:54.764992: secrets file: /etc/ipsec.secrets Oct 31 15:24:54.764993: leak-detective enabled Oct 31 15:24:54.764995: NSS crypto [enabled] Oct 31 15:24:54.764996: XAUTH PAM support [enabled] Oct 31 15:24:54.765060: | libevent is using pluto's memory allocator Oct 31 15:24:54.765067: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:54.765079: | libevent_malloc: newref ptr-libevent@0x55fbf101f008 size 40 Oct 31 15:24:54.765086: | libevent_malloc: newref ptr-libevent@0x55fbf1013118 size 40 Oct 31 15:24:54.765089: | libevent_malloc: newref ptr-libevent@0x55fbf101f4e8 size 40 Oct 31 15:24:54.765092: | creating event base Oct 31 15:24:54.765094: | libevent_malloc: newref ptr-libevent@0x55fbf101f7e8 size 56 Oct 31 15:24:54.765098: | libevent_malloc: newref ptr-libevent@0x55fbf1015c18 size 664 Oct 31 15:24:54.765109: | libevent_malloc: newref ptr-libevent@0x55fbf104c498 size 24 Oct 31 15:24:54.765112: | libevent_malloc: newref ptr-libevent@0x55fbf104c4e8 size 384 Oct 31 15:24:54.765124: | libevent_malloc: newref ptr-libevent@0x55fbf104c698 size 16 Oct 31 15:24:54.765126: | libevent_malloc: newref ptr-libevent@0x55fbf101f468 size 40 Oct 31 15:24:54.765129: | libevent_malloc: newref ptr-libevent@0x55fbf101ecc8 size 48 Oct 31 15:24:54.765135: | libevent_realloc: newref ptr-libevent@0x55fbf104c6d8 size 256 Oct 31 15:24:54.765137: | libevent_malloc: newref ptr-libevent@0x55fbf104c808 size 16 Oct 31 15:24:54.765142: | libevent_free: delref ptr-libevent@0x55fbf101f7e8 Oct 31 15:24:54.765145: | libevent initialized Oct 31 15:24:54.765150: | libevent_realloc: newref ptr-libevent@0x55fbf101f7e8 size 64 Oct 31 15:24:54.765154: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:54.765161: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:54.765163: NAT-Traversal support [enabled] Oct 31 15:24:54.765166: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:54.765171: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:54.765178: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:54.765193: | checking IKEv1 state table Oct 31 15:24:54.765218: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.765223: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:54.765226: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.765228: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:54.765229: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:54.765230: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:54.765232: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.765233: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.765235: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:54.765241: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:54.765242: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.765244: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:54.765245: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:54.765247: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:54.765248: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:54.765249: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:54.765251: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:54.765252: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:54.765254: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:54.765255: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:54.765256: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:54.765258: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:54.765259: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:54.765261: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:54.765262: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.765264: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:54.765265: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.765267: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:54.765268: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:54.765269: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:54.765271: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:54.765272: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:54.765274: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:54.765275: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:54.765276: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:54.765278: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:54.765279: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:54.765281: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:54.765282: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:54.765284: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:54.765285: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:54.765287: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:54.765288: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:54.765289: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:54.765291: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:54.765292: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:54.765294: | INFO: category: informational; flags: 0: Oct 31 15:24:54.765295: | -> INFO EVENT_NULL (informational) Oct 31 15:24:54.765297: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:54.765298: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:54.765300: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765301: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:54.765303: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:54.765304: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:54.765305: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:54.765307: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:54.765308: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:54.765310: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:54.765311: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:54.765313: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:54.765314: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.765315: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:54.765317: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765318: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:54.765321: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.765323: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:54.765327: | checking IKEv2 state table Oct 31 15:24:54.765329: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765331: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:54.765334: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765335: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:54.765337: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765338: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:54.765340: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:54.765342: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:54.765343: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.765345: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:54.765349: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:54.765350: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:54.765352: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:54.765354: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:54.765355: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:54.765357: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:54.765358: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:54.765359: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:54.765361: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:54.765362: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:54.765364: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.765365: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:54.765367: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:54.765368: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:54.765370: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:54.765371: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:54.765373: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:54.765374: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765376: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:54.765377: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.765379: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:54.765380: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:54.765382: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:54.765383: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765385: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:54.765386: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:54.765389: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:54.765391: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:54.765392: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:54.765393: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:54.765395: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:54.765396: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:54.765398: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:54.765399: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:54.765401: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:54.765402: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:54.765404: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:54.765407: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:54.765409: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:54.765525: Encryption algorithms: Oct 31 15:24:54.765533: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:54.765536: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:54.765539: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:54.765542: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:54.765545: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:54.765547: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:54.765550: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:54.765553: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:54.765556: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:54.765571: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:54.765574: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:54.765577: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:54.765579: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:54.765582: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:54.765583: Hash algorithms: Oct 31 15:24:54.765585: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:54.765588: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:54.765590: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:54.765592: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:54.765594: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:54.765595: PRF algorithms: Oct 31 15:24:54.765597: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:54.765600: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:54.765602: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:54.765622: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:54.765624: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:54.765626: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:54.765628: Integrity algorithms: Oct 31 15:24:54.765630: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:54.765633: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:54.765636: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:54.765638: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:54.765641: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:54.765643: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:54.765646: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:54.765648: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:54.765651: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:54.765652: DH algorithms: Oct 31 15:24:54.765655: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:54.765657: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:54.765659: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:54.765661: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:54.765663: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:54.765665: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:54.765667: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:54.765669: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:54.765672: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:54.765674: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:54.765676: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:54.765678: testing CAMELLIA_CBC: Oct 31 15:24:54.765680: Camellia: 16 bytes with 128-bit key Oct 31 15:24:54.765760: Camellia: 16 bytes with 128-bit key Oct 31 15:24:54.765782: Camellia: 16 bytes with 256-bit key Oct 31 15:24:54.765802: Camellia: 16 bytes with 256-bit key Oct 31 15:24:54.765821: testing AES_GCM_16: Oct 31 15:24:54.765823: empty string Oct 31 15:24:54.765842: one block Oct 31 15:24:54.765859: two blocks Oct 31 15:24:54.765876: two blocks with associated data Oct 31 15:24:54.765894: testing AES_CTR: Oct 31 15:24:54.765896: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:54.765914: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:54.765933: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:54.765954: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:54.765974: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:54.765993: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:54.766012: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:54.766029: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:54.766061: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:54.766081: testing AES_CBC: Oct 31 15:24:54.766083: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:54.766101: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:54.766120: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:54.766140: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:54.766164: testing AES_XCBC: Oct 31 15:24:54.766166: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:54.766267: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:54.766345: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:54.766416: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:54.766494: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:54.766588: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:54.766683: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:54.766879: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:54.766955: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:54.767034: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:54.767164: testing HMAC_MD5: Oct 31 15:24:54.767166: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:54.767306: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:54.767397: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:54.767503: 8 CPU cores online Oct 31 15:24:54.767505: starting up 7 helper threads Oct 31 15:24:54.767544: started thread for helper 0 Oct 31 15:24:54.767557: | starting helper thread 1 Oct 31 15:24:54.767565: seccomp security disabled for crypto helper 1 Oct 31 15:24:54.767574: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:54.767575: started thread for helper 1 Oct 31 15:24:54.767579: | helper thread 1 has nothing to do Oct 31 15:24:54.767607: | starting helper thread 2 Oct 31 15:24:54.767614: seccomp security disabled for crypto helper 2 Oct 31 15:24:54.767611: started thread for helper 2 Oct 31 15:24:54.767618: | starting helper thread 3 Oct 31 15:24:54.767617: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:54.767626: | helper thread 2 has nothing to do Oct 31 15:24:54.767623: seccomp security disabled for crypto helper 3 Oct 31 15:24:54.767631: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:54.767633: | helper thread 3 has nothing to do Oct 31 15:24:54.767635: started thread for helper 3 Oct 31 15:24:54.767640: | starting helper thread 4 Oct 31 15:24:54.767642: seccomp security disabled for crypto helper 4 Oct 31 15:24:54.767645: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:54.767646: | helper thread 4 has nothing to do Oct 31 15:24:54.767650: started thread for helper 4 Oct 31 15:24:54.767655: | starting helper thread 5 Oct 31 15:24:54.767657: seccomp security disabled for crypto helper 5 Oct 31 15:24:54.767659: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:54.767661: | helper thread 5 has nothing to do Oct 31 15:24:54.767668: started thread for helper 5 Oct 31 15:24:54.767684: started thread for helper 6 Oct 31 15:24:54.767693: | starting helper thread 7 Oct 31 15:24:54.767698: seccomp security disabled for crypto helper 7 Oct 31 15:24:54.767702: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:54.767704: | helper thread 7 has nothing to do Oct 31 15:24:54.767705: | starting helper thread 6 Oct 31 15:24:54.767711: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:54.767713: seccomp security disabled for crypto helper 6 Oct 31 15:24:54.767720: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:54.767722: | helper thread 6 has nothing to do Oct 31 15:24:54.767775: | Hard-wiring algorithms Oct 31 15:24:54.767781: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:54.767789: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:54.767791: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:54.767793: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:54.767794: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:54.767795: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:54.767797: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:54.767798: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:54.767800: | adding AES_CTR to kernel algorithm db Oct 31 15:24:54.767801: | adding AES_CBC to kernel algorithm db Oct 31 15:24:54.767802: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:54.767804: | adding NULL to kernel algorithm db Oct 31 15:24:54.767806: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:54.767811: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:54.767812: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:54.767814: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:54.767815: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:54.767816: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:54.767818: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:54.767819: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:54.767821: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:54.767822: | adding NONE to kernel algorithm db Oct 31 15:24:54.767839: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:54.767843: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:54.767845: | setup kernel fd callback Oct 31 15:24:54.767847: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55fbf1055ff8 Oct 31 15:24:54.767849: | libevent_malloc: newref ptr-libevent@0x55fbf101cf78 size 128 Oct 31 15:24:54.767851: | libevent_malloc: newref ptr-libevent@0x55fbf1050608 size 16 Oct 31 15:24:54.767855: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55fbf1059a08 Oct 31 15:24:54.767857: | libevent_malloc: newref ptr-libevent@0x55fbf101d028 size 128 Oct 31 15:24:54.767858: | libevent_malloc: newref ptr-libevent@0x55fbf104ffc8 size 16 Oct 31 15:24:54.767990: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:54.768068: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:54.768196: | unbound context created - setting debug level to 5 Oct 31 15:24:54.768263: | /etc/hosts lookups activated Oct 31 15:24:54.768277: | /etc/resolv.conf usage activated Oct 31 15:24:54.768311: | outgoing-port-avoid set 0-65535 Oct 31 15:24:54.768325: | outgoing-port-permit set 32768-60999 Oct 31 15:24:54.768327: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:54.768329: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:54.768331: | Setting up events, loop start Oct 31 15:24:54.768333: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55fbf105cf68 Oct 31 15:24:54.768335: | libevent_malloc: newref ptr-libevent@0x55fbf1059b28 size 128 Oct 31 15:24:54.768337: | libevent_malloc: newref ptr-libevent@0x55fbf10509e8 size 16 Oct 31 15:24:54.768341: | libevent_realloc: newref ptr-libevent@0x55fbf105cfd8 size 256 Oct 31 15:24:54.768343: | libevent_malloc: newref ptr-libevent@0x55fbf1050648 size 8 Oct 31 15:24:54.768344: | libevent_realloc: newref ptr-libevent@0x55fbf1051048 size 144 Oct 31 15:24:54.768346: | libevent_malloc: newref ptr-libevent@0x55fbf10133d8 size 152 Oct 31 15:24:54.768349: | libevent_malloc: newref ptr-libevent@0x55fbf10507f8 size 16 Oct 31 15:24:54.768351: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:54.768356: | libevent_malloc: newref ptr-libevent@0x55fbf105d108 size 8 Oct 31 15:24:54.768357: | libevent_malloc: newref ptr-libevent@0x55fbf0fafa38 size 152 Oct 31 15:24:54.768359: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:54.768361: | libevent_malloc: newref ptr-libevent@0x55fbf105d148 size 8 Oct 31 15:24:54.768362: | libevent_malloc: newref ptr-libevent@0x55fbf0faf798 size 152 Oct 31 15:24:54.768364: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:54.768365: | libevent_malloc: newref ptr-libevent@0x55fbf105d188 size 8 Oct 31 15:24:54.768367: | libevent_realloc: delref ptr-libevent@0x55fbf1051048 Oct 31 15:24:54.768368: | libevent_realloc: newref ptr-libevent@0x55fbf105d1c8 size 256 Oct 31 15:24:54.768370: | libevent_malloc: newref ptr-libevent@0x55fbf105d2f8 size 152 Oct 31 15:24:54.768372: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:54.768611: | created addconn helper (pid:2153291) using fork+execve Oct 31 15:24:54.768626: | forked child 2153291 Oct 31 15:24:54.768634: seccomp security disabled Oct 31 15:24:54.771114: | newref struct fd@0x55fbf105d458(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.771126: | fd_accept: new fd-fd@0x55fbf105d458 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.771138: | whack: listen Oct 31 15:24:54.771141: listening for IKE messages Oct 31 15:24:54.771503: | Inspecting interface lo Oct 31 15:24:54.771513: | found lo with address 127.0.0.1 Oct 31 15:24:54.771516: | Inspecting interface eth0 Oct 31 15:24:54.771519: | found eth0 with address 192.0.1.254 Oct 31 15:24:54.771521: | Inspecting interface eth1 Oct 31 15:24:54.771524: | found eth1 with address 192.1.2.45 Oct 31 15:24:54.771532: | newref struct iface_dev@0x55fbf105d978(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:54.771551: Kernel supports NIC esp-hw-offload Oct 31 15:24:54.771560: | iface: marking eth1 add Oct 31 15:24:54.771578: | newref struct iface_dev@0x55fbf105daa8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:54.771580: | iface: marking eth0 add Oct 31 15:24:54.771582: | newref struct iface_dev@0x55fbf105db78(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:54.771585: | iface: marking lo add Oct 31 15:24:54.771658: | no interfaces to sort Oct 31 15:24:54.771674: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:54.771686: | addref ifd@0x55fbf105d978(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.771690: adding UDP interface eth1 192.1.2.45:500 Oct 31 15:24:54.771703: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:54.771742: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:54.771746: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:54.771748: | addref ifd@0x55fbf105d978(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.771751: adding UDP interface eth1 192.1.2.45:4500 Oct 31 15:24:54.771776: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:54.771784: | addref ifd@0x55fbf105daa8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.771786: adding UDP interface eth0 192.0.1.254:500 Oct 31 15:24:54.771796: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:54.771801: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:54.771803: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:54.771805: | addref ifd@0x55fbf105daa8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.771807: adding UDP interface eth0 192.0.1.254:4500 Oct 31 15:24:54.771818: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:54.771823: | addref ifd@0x55fbf105db78(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.771826: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:54.771836: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:54.771841: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:54.771843: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:54.771844: | addref ifd@0x55fbf105db78(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:54.771846: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:54.771855: | updating interfaces - listing interfaces that are going down Oct 31 15:24:54.771869: | updating interfaces - checking orientation Oct 31 15:24:54.771871: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:54.771888: | libevent_malloc: newref ptr-libevent@0x55fbf1059a78 size 128 Oct 31 15:24:54.771895: | libevent_malloc: newref ptr-libevent@0x55fbf105deb8 size 16 Oct 31 15:24:54.771903: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP Oct 31 15:24:54.771908: | libevent_malloc: newref ptr-libevent@0x55fbf101d128 size 128 Oct 31 15:24:54.771911: | libevent_malloc: newref ptr-libevent@0x55fbf105e558 size 16 Oct 31 15:24:54.771917: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP Oct 31 15:24:54.771919: | libevent_malloc: newref ptr-libevent@0x55fbf10123e8 size 128 Oct 31 15:24:54.771922: | libevent_malloc: newref ptr-libevent@0x55fbf105e598 size 16 Oct 31 15:24:54.771928: | setup callback for interface eth0 192.0.1.254:4500 fd 21 on UDP Oct 31 15:24:54.771931: | libevent_malloc: newref ptr-libevent@0x55fbf101d228 size 128 Oct 31 15:24:54.771933: | libevent_malloc: newref ptr-libevent@0x55fbf105e5d8 size 16 Oct 31 15:24:54.771940: | setup callback for interface eth0 192.0.1.254:500 fd 20 on UDP Oct 31 15:24:54.771943: | libevent_malloc: newref ptr-libevent@0x55fbf1019c48 size 128 Oct 31 15:24:54.771944: | libevent_malloc: newref ptr-libevent@0x55fbf105e618 size 16 Oct 31 15:24:54.771947: | setup callback for interface eth1 192.1.2.45:4500 fd 19 on UDP Oct 31 15:24:54.771949: | libevent_malloc: newref ptr-libevent@0x55fbf1019b98 size 128 Oct 31 15:24:54.771950: | libevent_malloc: newref ptr-libevent@0x55fbf105e658 size 16 Oct 31 15:24:54.771953: | setup callback for interface eth1 192.1.2.45:500 fd 18 on UDP Oct 31 15:24:54.773613: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:54.773623: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:54.773626: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:54.773646: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:54.773663: | id type added to secret(0x55fbf105ff68) PKK_PSK: @east Oct 31 15:24:54.773686: | id type added to secret(0x55fbf105ff68) PKK_PSK: 192.1.2.45 Oct 31 15:24:54.773693: | processing PSK at line 1: passed Oct 31 15:24:54.773699: | certs and keys locked by 'process_secret' Oct 31 15:24:54.773702: | certs and keys unlocked by 'process_secret' Oct 31 15:24:54.773708: | old food groups: Oct 31 15:24:54.773710: | new food groups: Oct 31 15:24:54.773714: | delref fd@0x55fbf105d458(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.773720: | freeref fd-fd@0x55fbf105d458 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.773726: | spent 0.987 (2.62) milliseconds in whack Oct 31 15:24:54.774070: | processing signal PLUTO_SIGCHLD Oct 31 15:24:54.774080: | waitpid returned pid 2153291 (exited with status 0) Oct 31 15:24:54.774083: | reaped addconn helper child (status 0) Oct 31 15:24:54.774086: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:54.774090: | spent 0.0136 (0.0134) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:54.792941: | newref struct fd@0x55fbf105d498(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.792960: | fd_accept: new fd-fd@0x55fbf105d498 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.792972: | whack: options (impair|debug) Oct 31 15:24:54.792977: | old debugging base+cpu-usage + none Oct 31 15:24:54.792979: | new debugging = base+cpu-usage Oct 31 15:24:54.792986: | delref fd@0x55fbf105d498(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.793011: | freeref fd-fd@0x55fbf105d498 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.793019: | spent 0.0845 (0.0881) milliseconds in whack Oct 31 15:24:54.853494: | newref struct fd@0x55fbf105d4d8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.853510: | fd_accept: new fd-fd@0x55fbf105d4d8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.853523: | whack: delete 'westnet-eastnet-ipv4-psk-ikev2' Oct 31 15:24:54.853532: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:54.853535: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:54.853538: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:54.853540: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:54.853543: | whack: connection 'westnet-eastnet-ipv4-psk-ikev2' Oct 31 15:24:54.853547: | addref fd@0x55fbf105d4d8(1->2) (in string_logger() at log.c:838) Oct 31 15:24:54.853551: | newref string logger@0x55fbf1050da8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:54.853555: | Connection DB: adding connection "westnet-eastnet-ipv4-psk-ikev2" $1 Oct 31 15:24:54.853559: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:54.853567: | added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:24:54.853618: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:54.853620: | from whack: got --esp= Oct 31 15:24:54.853649: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:54.853657: | counting wild cards for 192.1.2.45 is 0 Oct 31 15:24:54.853666: | counting wild cards for @east is 0 Oct 31 15:24:54.853670: | updating connection from left.host_addr Oct 31 15:24:54.853674: | right host_nexthop 192.1.2.45 Oct 31 15:24:54.853677: | left host_port 500 Oct 31 15:24:54.853680: | updating connection from right.host_addr Oct 31 15:24:54.853683: | left host_nexthop 192.1.2.23 Oct 31 15:24:54.853685: | right host_port 500 Oct 31 15:24:54.853690: | orienting westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:24:54.853695: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:54.853699: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:54.853703: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.1.254:4500 at all Oct 31 15:24:54.853707: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.1.254:500 at all Oct 31 15:24:54.853710: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.2.45:4500 at all Oct 31 15:24:54.853713: | oriented westnet-eastnet-ipv4-psk-ikev2's this Oct 31 15:24:54.853718: | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none Oct 31 15:24:54.853725: | newref hp@0x55fbf1060758(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:54.853728: added IKEv2 connection "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:24:54.853738: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:24:54.853748: | 192.0.1.0/24===192.1.2.45<192.1.2.45>...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:54.853751: | delref logger@0x55fbf1050da8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:54.853753: | delref fd@0x55fbf105d4d8(2->1) (in free_logger() at log.c:853) Oct 31 15:24:54.853756: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:54.853760: | delref fd@0x55fbf105d4d8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.853766: | freeref fd-fd@0x55fbf105d4d8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.853773: | spent 0.289 (0.288) milliseconds in whack Oct 31 15:24:54.914495: | newref struct fd@0x55fbf105e6d8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.914508: | fd_accept: new fd-fd@0x55fbf105e6d8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.914522: | whack: status Oct 31 15:24:54.914756: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:54.914765: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:54.914850: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:54.914863: | delref fd@0x55fbf105e6d8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.914872: | freeref fd-fd@0x55fbf105e6d8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.914878: | spent 0.397 (0.396) milliseconds in whack Oct 31 15:24:54.971197: | newref struct fd@0x55fbf105f2c8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.971215: | fd_accept: new fd-fd@0x55fbf105f2c8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:54.971225: | whack: options (impair|debug) Oct 31 15:24:54.971229: | old debugging base+cpu-usage + none Oct 31 15:24:54.971231: | new debugging = base+cpu-usage Oct 31 15:24:54.971233: | suppress-retransmits:yes Oct 31 15:24:54.971237: | delref fd@0x55fbf105f2c8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.971243: | freeref fd-fd@0x55fbf105f2c8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:54.971251: | spent 0.058 (0.0603) milliseconds in whack Oct 31 15:24:55.138027: | newref struct fd@0x55fbf105e718(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.138042: | fd_accept: new fd-fd@0x55fbf105e718 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:55.138056: | whack: initiate Oct 31 15:24:55.138060: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:55.138064: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Oct 31 15:24:55.138066: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:55.138092: | newref alloc logger@0x55fbf105d608(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.138097: | addref fd@0x55fbf105e718(1->2) (in new_state() at state.c:577) Oct 31 15:24:55.138100: | creating state object #1 at 0x55fbf1060c68 Oct 31 15:24:55.138104: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:55.138116: | pstats #1 ikev2.ike started Oct 31 15:24:55.138120: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:55.138124: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:55.138131: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744569.570923 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744569.570923 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:55.138134: | orienting westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:24:55.138139: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:55.138141: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:55.138143: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.1.254:4500 at all Oct 31 15:24:55.138146: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.1.254:500 at all Oct 31 15:24:55.138148: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.2.45:4500 at all Oct 31 15:24:55.138149: | oriented westnet-eastnet-ipv4-psk-ikev2's this Oct 31 15:24:55.138155: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:55.138158: | addref fd@0x55fbf105e718(2->3) (in add_pending() at pending.c:86) Oct 31 15:24:55.138161: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:24:55.138163: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating IKEv2 connection Oct 31 15:24:55.138174: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Oct 31 15:24:55.138182: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.138190: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138192: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.138217: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138224: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.138229: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138231: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:55.138235: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138237: "westnet-eastnet-ipv4-psk-ikev2": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:24:55.138240: "westnet-eastnet-ipv4-psk-ikev2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138243: "westnet-eastnet-ipv4-psk-ikev2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138246: "westnet-eastnet-ipv4-psk-ikev2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138250: "westnet-eastnet-ipv4-psk-ikev2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.138256: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.138258: | addref fd@0x55fbf105e718(3->4) (in clone_logger() at log.c:810) Oct 31 15:24:55.138260: | newref clone logger@0x55fbf1050a28(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.138262: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:55.138264: | state #1 has no .st_event to delete Oct 31 15:24:55.138266: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:55.138268: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf105e868 Oct 31 15:24:55.138270: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.138273: | libevent_malloc: newref ptr-libevent@0x55fbf105e8d8 size 128 Oct 31 15:24:55.138286: | #1 spent 0.202 (0.218) milliseconds in ikev2_parent_outI1() Oct 31 15:24:55.138289: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:55.138292: | delref fd@0x55fbf105e718(4->3) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:55.138295: | spent 0.267 (0.282) milliseconds in whack Oct 31 15:24:55.138295: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:55.139574: | "westnet-eastnet-ipv4-psk-ikev2" #1: spent 1.26 (1.28) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:24:55.139583: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:55.139586: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.139588: | libevent_malloc: newref ptr-libevent@0x7f27fc006108 size 128 Oct 31 15:24:55.139594: | helper thread 1 has nothing to do Oct 31 15:24:55.139605: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.139615: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.139620: | unsuspending #1 MD (nil) Oct 31 15:24:55.139625: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:55.139630: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55fbef81bfe7 Oct 31 15:24:55.139637: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:24:55.139640: | DH secret MODP2048@0x7f27fc006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:55.139672: | opening output PBS reply packet Oct 31 15:24:55.139676: | **emit ISAKMP Message: Oct 31 15:24:55.139679: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.139682: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:55.139684: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.139686: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.139688: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.139691: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.139696: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.139701: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.139722: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.139726: | Emitting ikev2_proposals ... Oct 31 15:24:55.139729: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:55.139732: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.139735: | flags: none (0x0) Oct 31 15:24:55.139738: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.139741: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.139744: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.139747: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.139748: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.139750: | prop #: 1 (01) Oct 31 15:24:55.139752: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.139754: | spi size: 0 (00) Oct 31 15:24:55.139756: | # transforms: 11 (0b) Oct 31 15:24:55.139757: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.139760: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139761: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139763: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.139764: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.139766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139768: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.139769: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.139771: | length/value: 256 (01 00) Oct 31 15:24:55.139773: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.139775: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139776: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139778: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.139779: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.139781: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139786: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139787: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139789: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139790: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139792: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.139793: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.139795: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139796: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139798: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139800: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.139801: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139803: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139804: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139806: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.139807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139809: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139810: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139812: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139813: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139815: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139816: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.139818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139819: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139821: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139822: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139823: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139825: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139826: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.139828: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139831: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139832: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139834: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139835: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139837: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.139838: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139840: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139841: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139844: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139845: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139847: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139848: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.139850: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139851: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139853: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139854: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139856: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139857: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139858: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.139860: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139864: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139869: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139873: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139875: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139878: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.139881: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139884: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139886: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139889: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139892: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.139894: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139897: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.139900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139903: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139906: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139908: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:55.139911: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.139915: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.139918: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.139920: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.139922: | prop #: 2 (02) Oct 31 15:24:55.139924: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.139926: | spi size: 0 (00) Oct 31 15:24:55.139927: | # transforms: 11 (0b) Oct 31 15:24:55.139929: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.139931: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.139933: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139937: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139938: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.139940: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.139941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139943: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.139944: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.139946: | length/value: 128 (00 80) Oct 31 15:24:55.139948: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.139949: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139952: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.139954: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.139955: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139957: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139958: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139960: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139961: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139963: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.139964: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.139966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139969: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139970: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.139972: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139975: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139976: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.139978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139979: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139981: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139982: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139985: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139986: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.139988: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139989: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.139991: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.139992: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.139994: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.139995: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.139997: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.140001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140003: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140005: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140006: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140008: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140009: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.140011: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140012: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140014: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140015: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140018: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140019: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.140021: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140022: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140024: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140025: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140028: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140030: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.140031: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140033: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140034: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140035: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140037: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140038: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140040: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.140041: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140043: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140044: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140046: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140047: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.140048: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140050: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.140051: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140053: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140055: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140057: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:55.140058: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.140061: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.140062: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.140064: | prop #: 3 (03) Oct 31 15:24:55.140066: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.140067: | spi size: 0 (00) Oct 31 15:24:55.140069: | # transforms: 13 (0d) Oct 31 15:24:55.140071: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.140072: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.140074: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140075: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140077: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.140078: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.140080: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140081: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.140083: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.140085: | length/value: 256 (01 00) Oct 31 15:24:55.140086: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.140088: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140089: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140090: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.140092: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.140093: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140095: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140096: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140098: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140099: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140101: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.140102: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.140104: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140105: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140106: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140108: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140109: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140111: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.140112: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.140114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140115: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140117: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140118: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140124: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.140125: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.140127: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140129: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140131: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140137: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140140: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140143: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140145: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.140148: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140150: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140153: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140156: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140158: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140161: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140164: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.140167: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140172: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140175: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140180: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140181: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.140183: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140184: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140186: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140187: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140189: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140190: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140192: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.140193: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140195: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140196: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140211: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140222: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140224: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.140226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140230: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140233: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140235: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140237: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140240: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140242: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.140244: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140246: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140249: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140251: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140253: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140255: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140258: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.140260: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140265: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140268: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140270: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.140271: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140273: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.140274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140276: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140277: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140279: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:55.140280: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.140283: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.140284: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.140286: | prop #: 4 (04) Oct 31 15:24:55.140288: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.140290: | spi size: 0 (00) Oct 31 15:24:55.140291: | # transforms: 13 (0d) Oct 31 15:24:55.140293: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.140294: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.140296: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140298: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140299: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.140301: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.140302: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140304: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.140307: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.140309: | length/value: 128 (00 80) Oct 31 15:24:55.140310: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.140312: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140315: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.140316: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.140318: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140319: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140321: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140322: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140324: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140325: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.140326: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:55.140328: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140329: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140331: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140332: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140334: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140335: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.140337: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.140338: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140340: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140341: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140342: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140345: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.140347: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.140348: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140350: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140351: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140353: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140354: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140356: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140357: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.140359: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140360: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140361: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140363: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140367: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140368: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:55.140370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140373: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140374: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140376: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140377: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140378: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:55.140380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140381: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140383: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140384: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140386: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140387: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140389: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:55.140390: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140392: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140393: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140394: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140396: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140397: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140399: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:55.140400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140402: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140403: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140405: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140406: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140408: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140409: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:55.140411: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140412: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140413: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140415: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140416: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140418: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140419: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:55.140421: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140423: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140424: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140426: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.140427: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.140429: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.140430: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:55.140432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.140433: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.140435: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.140436: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:55.140438: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.140439: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:24:55.140441: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.140442: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:55.140444: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.140445: | flags: none (0x0) Oct 31 15:24:55.140447: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.140449: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:55.140450: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.140453: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:55.140454: | ikev2 g^x: Oct 31 15:24:55.140456: | e2 05 ec b9 58 8e ee 2c 9e cb 5d cf 1a 17 d7 d6 Oct 31 15:24:55.140457: | 67 86 6a a7 18 ea 29 5a 18 c1 26 87 7e eb b8 13 Oct 31 15:24:55.140459: | aa 8e d1 d4 51 6d a6 27 ad c8 b9 88 18 97 7f 7c Oct 31 15:24:55.140460: | 33 82 f9 6a b3 74 26 a0 91 3d 25 d2 3b 12 45 bd Oct 31 15:24:55.140461: | 61 93 89 71 0e c8 8e 3b 9e 43 41 50 d4 10 f4 95 Oct 31 15:24:55.140463: | 17 a2 45 1b 63 8b d1 0d 12 fa a6 bc e4 bd 20 30 Oct 31 15:24:55.140464: | 01 b4 f5 dd 89 53 9f 38 fc ff a6 78 d1 b7 d0 4d Oct 31 15:24:55.140465: | dc 47 20 29 2d 5d de e7 5c d8 ca 11 d0 2c 28 97 Oct 31 15:24:55.140467: | 54 f8 10 4d 2f df 4c 79 49 c5 2c d4 ca fe 79 c9 Oct 31 15:24:55.140468: | a2 8e f7 46 ef 2a 4b d1 28 32 7b c1 87 8c 8c 11 Oct 31 15:24:55.140469: | a3 67 02 f8 e5 d2 e4 69 75 10 43 6b 3d b9 97 00 Oct 31 15:24:55.140471: | 86 c9 0e 79 b9 eb 46 b6 d6 7a 4d 88 16 83 95 b7 Oct 31 15:24:55.140472: | bc af 8c ea 11 f2 01 2d 7b 8c 34 b3 32 b1 be cf Oct 31 15:24:55.140473: | bb f2 c1 12 8a 0e f3 5e 23 ea 4d 60 f2 3e 12 d2 Oct 31 15:24:55.140475: | b0 a2 7b ab 6e cd ca 3d 3a 67 8b eb 8c 80 c2 e5 Oct 31 15:24:55.140476: | ca 85 86 02 8f b7 a4 1d 2d 1c 1b 35 1a 1c 9e 20 Oct 31 15:24:55.140477: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:55.140479: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:55.140481: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.140482: | flags: none (0x0) Oct 31 15:24:55.140484: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.140485: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.140487: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:55.140489: | IKEv2 nonce: Oct 31 15:24:55.140491: | 4e 9d 52 84 c2 72 4a 7e bb de 99 31 40 fa 9f 29 Oct 31 15:24:55.140492: | 88 d5 6e 39 fd 3e 65 fe 6e b0 d6 2c 3a da 1a ab Oct 31 15:24:55.140494: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:55.140496: | adding a v2N Payload Oct 31 15:24:55.140497: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.140498: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.140500: | flags: none (0x0) Oct 31 15:24:55.140501: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.140503: | SPI size: 0 (00) Oct 31 15:24:55.140505: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.140506: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.140508: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.140510: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:55.140512: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:55.140513: | nat: IKE.SPIr is zero Oct 31 15:24:55.140524: | natd_hash: hasher=0x55fbef90df80(20) Oct 31 15:24:55.140526: | natd_hash: icookie= Oct 31 15:24:55.140527: | 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.140529: | natd_hash: rcookie= Oct 31 15:24:55.140530: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.140531: | natd_hash: ip= Oct 31 15:24:55.140533: | c0 01 02 2d Oct 31 15:24:55.140534: | natd_hash: port= Oct 31 15:24:55.140535: | 01 f4 Oct 31 15:24:55.140537: | natd_hash: hash= Oct 31 15:24:55.140538: | 17 40 ae 5c 51 8b 1d ab d8 e5 9b a8 4d 93 26 2b Oct 31 15:24:55.140539: | 6c ca ae eb Oct 31 15:24:55.140541: | adding a v2N Payload Oct 31 15:24:55.140542: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.140544: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.140545: | flags: none (0x0) Oct 31 15:24:55.140546: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.140548: | SPI size: 0 (00) Oct 31 15:24:55.140550: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.140551: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.140553: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.140555: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.140556: | Notify data: Oct 31 15:24:55.140558: | 17 40 ae 5c 51 8b 1d ab d8 e5 9b a8 4d 93 26 2b Oct 31 15:24:55.140559: | 6c ca ae eb Oct 31 15:24:55.140560: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.140562: | nat: IKE.SPIr is zero Oct 31 15:24:55.140566: | natd_hash: hasher=0x55fbef90df80(20) Oct 31 15:24:55.140567: | natd_hash: icookie= Oct 31 15:24:55.140568: | 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.140570: | natd_hash: rcookie= Oct 31 15:24:55.140571: | 00 00 00 00 00 00 00 00 Oct 31 15:24:55.140572: | natd_hash: ip= Oct 31 15:24:55.140573: | c0 01 02 17 Oct 31 15:24:55.140575: | natd_hash: port= Oct 31 15:24:55.140576: | 01 f4 Oct 31 15:24:55.140577: | natd_hash: hash= Oct 31 15:24:55.140579: | 58 15 51 3c 60 0d 89 77 ca cd 16 09 a1 3a a2 ba Oct 31 15:24:55.140580: | 81 b1 20 be Oct 31 15:24:55.140581: | adding a v2N Payload Oct 31 15:24:55.140583: | ***emit IKEv2 Notify Payload: Oct 31 15:24:55.140584: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.140586: | flags: none (0x0) Oct 31 15:24:55.140587: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.140589: | SPI size: 0 (00) Oct 31 15:24:55.140590: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.140592: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:55.140594: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.140596: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:55.140598: | Notify data: Oct 31 15:24:55.140601: | 58 15 51 3c 60 0d 89 77 ca cd 16 09 a1 3a a2 ba Oct 31 15:24:55.140605: | 81 b1 20 be Oct 31 15:24:55.140609: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:55.140611: | emitting length of ISAKMP Message: 828 Oct 31 15:24:55.140620: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.140625: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:55.140628: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:55.140630: | Message ID: updating counters for #1 Oct 31 15:24:55.140634: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:24:55.140641: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.570923 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:55.140646: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:55.140660: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55fbf1060ac8 Oct 31 15:24:55.140665: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Oct 31 15:24:55.140669: | libevent_malloc: newref ptr-libevent@0x55fbf1060a18 size 128 Oct 31 15:24:55.140673: | #1 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744569.573455 Oct 31 15:24:55.140681: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.570923 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:55.140688: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.570923 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:55.140693: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:55.140696: | announcing the state transition Oct 31 15:24:55.140699: "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_SA_INIT request Oct 31 15:24:55.140713: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:55.140715: | 56 da 3a 10 de 51 40 20 00 00 00 00 00 00 00 00 Oct 31 15:24:55.140717: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Oct 31 15:24:55.140719: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:55.140721: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:55.140723: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:55.140728: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:55.140732: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:55.140734: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:55.140736: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:55.140739: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:55.140741: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:55.140743: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:55.140745: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:55.140748: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:55.140750: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:55.140753: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:55.140755: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:55.140758: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:55.140762: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:55.140764: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:55.140767: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:55.140769: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:55.140770: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:55.140772: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:55.140773: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:55.140774: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:55.140776: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:55.140777: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:55.140778: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:55.140780: | 28 00 01 08 00 0e 00 00 e2 05 ec b9 58 8e ee 2c Oct 31 15:24:55.140781: | 9e cb 5d cf 1a 17 d7 d6 67 86 6a a7 18 ea 29 5a Oct 31 15:24:55.140782: | 18 c1 26 87 7e eb b8 13 aa 8e d1 d4 51 6d a6 27 Oct 31 15:24:55.140784: | ad c8 b9 88 18 97 7f 7c 33 82 f9 6a b3 74 26 a0 Oct 31 15:24:55.140785: | 91 3d 25 d2 3b 12 45 bd 61 93 89 71 0e c8 8e 3b Oct 31 15:24:55.140786: | 9e 43 41 50 d4 10 f4 95 17 a2 45 1b 63 8b d1 0d Oct 31 15:24:55.140788: | 12 fa a6 bc e4 bd 20 30 01 b4 f5 dd 89 53 9f 38 Oct 31 15:24:55.140789: | fc ff a6 78 d1 b7 d0 4d dc 47 20 29 2d 5d de e7 Oct 31 15:24:55.140790: | 5c d8 ca 11 d0 2c 28 97 54 f8 10 4d 2f df 4c 79 Oct 31 15:24:55.140792: | 49 c5 2c d4 ca fe 79 c9 a2 8e f7 46 ef 2a 4b d1 Oct 31 15:24:55.140793: | 28 32 7b c1 87 8c 8c 11 a3 67 02 f8 e5 d2 e4 69 Oct 31 15:24:55.140794: | 75 10 43 6b 3d b9 97 00 86 c9 0e 79 b9 eb 46 b6 Oct 31 15:24:55.140796: | d6 7a 4d 88 16 83 95 b7 bc af 8c ea 11 f2 01 2d Oct 31 15:24:55.140797: | 7b 8c 34 b3 32 b1 be cf bb f2 c1 12 8a 0e f3 5e Oct 31 15:24:55.140798: | 23 ea 4d 60 f2 3e 12 d2 b0 a2 7b ab 6e cd ca 3d Oct 31 15:24:55.140800: | 3a 67 8b eb 8c 80 c2 e5 ca 85 86 02 8f b7 a4 1d Oct 31 15:24:55.140801: | 2d 1c 1b 35 1a 1c 9e 20 29 00 00 24 4e 9d 52 84 Oct 31 15:24:55.140802: | c2 72 4a 7e bb de 99 31 40 fa 9f 29 88 d5 6e 39 Oct 31 15:24:55.140804: | fd 3e 65 fe 6e b0 d6 2c 3a da 1a ab 29 00 00 08 Oct 31 15:24:55.140805: | 00 00 40 2e 29 00 00 1c 00 00 40 04 17 40 ae 5c Oct 31 15:24:55.140806: | 51 8b 1d ab d8 e5 9b a8 4d 93 26 2b 6c ca ae eb Oct 31 15:24:55.140808: | 00 00 00 1c 00 00 40 05 58 15 51 3c 60 0d 89 77 Oct 31 15:24:55.140809: | ca cd 16 09 a1 3a a2 ba 81 b1 20 be Oct 31 15:24:55.140836: | sent 1 messages Oct 31 15:24:55.140838: | checking that a retransmit timeout_event was already Oct 31 15:24:55.140840: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.140843: | libevent_free: delref ptr-libevent@0x55fbf105e8d8 Oct 31 15:24:55.140845: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf105e868 Oct 31 15:24:55.140847: | delref logger@0x55fbf1050a28(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.140849: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.140851: | delref fd@0x55fbf105e718(3->2) (in free_logger() at log.c:854) Oct 31 15:24:55.140854: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:55.140856: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:55.140860: | #1 spent 1.22 (1.24) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.140864: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.140865: | libevent_free: delref ptr-libevent@0x7f27fc006108 Oct 31 15:24:55.144330: | spent 0.0026 (0.00253) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.144357: | newref struct msg_digest@0x55fbf1063c28(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.144365: | newref alloc logger@0x55fbf1050a28(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.144372: | *received 432 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:24:55.144375: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.144377: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Oct 31 15:24:55.144379: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:55.144381: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:55.144383: | 04 00 00 0e 28 00 01 08 00 0e 00 00 12 7c 16 6c Oct 31 15:24:55.144386: | 7b c8 97 3f e9 f0 36 85 69 75 77 2a cb d8 b4 f7 Oct 31 15:24:55.144388: | ce 1a 22 c5 a5 11 bf 35 eb 0b 96 66 9a 6f d2 57 Oct 31 15:24:55.144390: | af af bb 41 6a ed a6 63 c8 2d 0f a0 ec a3 1e 1d Oct 31 15:24:55.144392: | ac 5e 98 3c 5e 8d 7e ed 3b be 1a 7b 1a ab 9b 49 Oct 31 15:24:55.144394: | 42 b2 7d 59 f0 92 ee e6 d0 71 1f 9d be ed 6c 31 Oct 31 15:24:55.144396: | 58 14 7c c8 ed 86 b3 f9 5f 0a e6 48 27 af 00 e3 Oct 31 15:24:55.144398: | 0f 90 32 c7 b2 fc ce 20 dd 3d 15 de cd c8 a9 00 Oct 31 15:24:55.144400: | 6b 0c ef 59 d1 06 e9 66 79 69 a2 6b 6a 87 6a 40 Oct 31 15:24:55.144402: | 6d 43 c7 6c d5 dc d6 b7 cd 8a 53 da d5 ed 14 7a Oct 31 15:24:55.144405: | a7 fa c5 43 70 ea 3b 39 e0 8e b1 a0 8c 3e 21 fe Oct 31 15:24:55.144407: | 6a 43 9c 47 40 ba d0 b8 37 33 45 c5 d5 18 d6 8f Oct 31 15:24:55.144409: | ea ad a7 a4 8f 17 37 26 00 fc a8 d3 83 b7 73 12 Oct 31 15:24:55.144411: | 8f a9 1e b4 c4 65 c8 53 44 5a e4 64 1f e9 25 5d Oct 31 15:24:55.144413: | 76 36 0e f8 fa 18 35 a1 5e 81 1b b6 d5 85 85 e0 Oct 31 15:24:55.144415: | fe e0 23 48 c4 76 a0 2e 12 60 11 2c 3f 1b 94 32 Oct 31 15:24:55.144417: | 5f 7e 7c 4d 86 4a 87 70 ee 45 78 29 29 00 00 24 Oct 31 15:24:55.144419: | aa f4 9c f6 53 1a 68 0e 1d 71 c3 d8 37 52 a8 30 Oct 31 15:24:55.144422: | 83 b1 d5 7b bb 2e bf 63 c9 b1 f7 3d 2b 1e 2d 95 Oct 31 15:24:55.144424: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Oct 31 15:24:55.144426: | 73 f6 0c bb ec 78 f8 ee 7a 28 9a 90 05 54 67 03 Oct 31 15:24:55.144429: | 9a 5a 9b 23 00 00 00 1c 00 00 40 05 76 3c 7c 13 Oct 31 15:24:55.144431: | e9 ec 97 14 e8 94 f1 cb 5b 44 4c 85 16 ee f7 99 Oct 31 15:24:55.144436: | **parse ISAKMP Message: Oct 31 15:24:55.144440: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.144444: | responder SPI: 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.144447: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:55.144450: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.144453: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:55.144456: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:55.144459: | Message ID: 0 (00 00 00 00) Oct 31 15:24:55.144462: | length: 432 (00 00 01 b0) Oct 31 15:24:55.144465: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:55.144468: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:24:55.144473: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:55.144475: | #1 is idle Oct 31 15:24:55.144478: | #1 idle Oct 31 15:24:55.144480: | unpacking clear payloads Oct 31 15:24:55.144483: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:55.144486: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:55.144489: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:55.144491: | flags: none (0x0) Oct 31 15:24:55.144494: | length: 40 (00 28) Oct 31 15:24:55.144497: | processing payload: ISAKMP_NEXT_v2SA (len=36) Oct 31 15:24:55.144499: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:55.144503: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:55.144505: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:55.144507: | flags: none (0x0) Oct 31 15:24:55.144510: | length: 264 (01 08) Oct 31 15:24:55.144515: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.144517: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:55.144519: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:55.144522: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:55.144524: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.144526: | flags: none (0x0) Oct 31 15:24:55.144529: | length: 36 (00 24) Oct 31 15:24:55.144532: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:55.144534: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.144537: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.144539: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.144542: | flags: none (0x0) Oct 31 15:24:55.144544: | length: 8 (00 08) Oct 31 15:24:55.144547: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.144550: | SPI size: 0 (00) Oct 31 15:24:55.144553: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:55.144555: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:55.144558: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.144561: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.144563: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:55.144565: | flags: none (0x0) Oct 31 15:24:55.144568: | length: 28 (00 1c) Oct 31 15:24:55.144570: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.144573: | SPI size: 0 (00) Oct 31 15:24:55.144576: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:55.144578: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.144580: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:55.144583: | ***parse IKEv2 Notify Payload: Oct 31 15:24:55.144585: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.144587: | flags: none (0x0) Oct 31 15:24:55.144589: | length: 28 (00 1c) Oct 31 15:24:55.144592: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:55.144595: | SPI size: 0 (00) Oct 31 15:24:55.144597: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:55.144599: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:55.144602: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:24:55.144604: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:24:55.144606: | message has errors Oct 31 15:24:55.144608: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:24:55.144611: | message has errors Oct 31 15:24:55.144613: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:24:55.144615: | message has errors Oct 31 15:24:55.144617: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:55.144619: | matched unencrypted message Oct 31 15:24:55.144627: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:24:55.144630: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:24:55.144635: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:24:55.144655: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:55.144661: | comparing remote proposals against IKE initiator (accepting) 4 local proposals Oct 31 15:24:55.144665: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:55.144667: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:55.144670: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:55.144672: | local proposal 1 type DH has 8 transforms Oct 31 15:24:55.144674: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:55.144678: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:55.144680: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:55.144683: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:55.144684: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:55.144685: | local proposal 2 type DH has 8 transforms Oct 31 15:24:55.144687: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:55.144689: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:55.144690: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:55.144692: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:55.144693: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:55.144694: | local proposal 3 type DH has 8 transforms Oct 31 15:24:55.144696: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:55.144698: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:55.144699: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:55.144700: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:55.144702: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:55.144703: | local proposal 4 type DH has 8 transforms Oct 31 15:24:55.144705: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:55.144706: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:55.144708: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.144710: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.144712: | length: 36 (00 24) Oct 31 15:24:55.144714: | prop #: 1 (01) Oct 31 15:24:55.144716: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:55.144717: | spi size: 0 (00) Oct 31 15:24:55.144719: | # transforms: 3 (03) Oct 31 15:24:55.144721: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:55.144723: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.144725: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.144727: | length: 12 (00 0c) Oct 31 15:24:55.144728: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.144730: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.144732: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.144737: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.144741: | length/value: 256 (01 00) Oct 31 15:24:55.144746: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:55.144749: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.144752: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.144755: | length: 8 (00 08) Oct 31 15:24:55.144758: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:55.144760: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:55.144764: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:55.144768: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.144771: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.144774: | length: 8 (00 08) Oct 31 15:24:55.144777: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:55.144779: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:55.144783: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:55.144787: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:55.144791: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:55.144793: | remote proposal 1 matches local proposal 1 Oct 31 15:24:55.144795: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Oct 31 15:24:55.144796: | converting proposal to internal trans attrs Oct 31 15:24:55.144811: | natd_hash: hasher=0x55fbef90df80(20) Oct 31 15:24:55.144813: | natd_hash: icookie= Oct 31 15:24:55.144814: | 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.144816: | natd_hash: rcookie= Oct 31 15:24:55.144817: | 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.144818: | natd_hash: ip= Oct 31 15:24:55.144820: | c0 01 02 2d Oct 31 15:24:55.144821: | natd_hash: port= Oct 31 15:24:55.144822: | 01 f4 Oct 31 15:24:55.144824: | natd_hash: hash= Oct 31 15:24:55.144825: | 76 3c 7c 13 e9 ec 97 14 e8 94 f1 cb 5b 44 4c 85 Oct 31 15:24:55.144827: | 16 ee f7 99 Oct 31 15:24:55.144830: | natd_hash: hasher=0x55fbef90df80(20) Oct 31 15:24:55.144832: | natd_hash: icookie= Oct 31 15:24:55.144833: | 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.144834: | natd_hash: rcookie= Oct 31 15:24:55.144836: | 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.144837: | natd_hash: ip= Oct 31 15:24:55.144838: | c0 01 02 17 Oct 31 15:24:55.144840: | natd_hash: port= Oct 31 15:24:55.144841: | 01 f4 Oct 31 15:24:55.144842: | natd_hash: hash= Oct 31 15:24:55.144848: | 73 f6 0c bb ec 78 f8 ee 7a 28 9a 90 05 54 67 03 Oct 31 15:24:55.144849: | 9a 5a 9b 23 Oct 31 15:24:55.144851: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:55.144852: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:55.144854: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:55.144856: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Oct 31 15:24:55.144860: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:55.144863: | DH secret MODP2048@0x7f27fc006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:55.144866: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:55.144868: | addref fd@0x55fbf105e718(2->3) (in clone_logger() at log.c:810) Oct 31 15:24:55.144870: | newref clone logger@0x55fbf105e868(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:55.144872: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:55.144874: | state #1 has no .st_event to delete Oct 31 15:24:55.144876: | #1 requesting EVENT_RETRANSMIT-pe@0x55fbf1060ac8 be deleted Oct 31 15:24:55.144879: | libevent_free: delref ptr-libevent@0x55fbf1060a18 Oct 31 15:24:55.144881: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55fbf1060ac8 Oct 31 15:24:55.144882: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.144884: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf1060a18 Oct 31 15:24:55.144886: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:55.144888: | libevent_malloc: newref ptr-libevent@0x55fbf10631f8 size 128 Oct 31 15:24:55.144896: | #1 spent 0.257 (0.26) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:24:55.144900: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.144903: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:55.144904: | suspending state #1 and saving MD 0x55fbf1063c28 Oct 31 15:24:55.144906: | addref md@0x55fbf1063c28(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:55.144910: | #1 is busy; has suspended MD 0x55fbf1063c28 Oct 31 15:24:55.144906: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 2 starting job Oct 31 15:24:55.144913: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:24:55.144932: | #1 spent 0.607 (0.613) milliseconds in ikev2_process_packet() Oct 31 15:24:55.144934: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.144936: | delref mdp@0x55fbf1063c28(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.144939: | spent 0.614 (0.621) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.145474: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:55.145586: | "westnet-eastnet-ipv4-psk-ikev2" #1: spent 0.663 (0.68) milliseconds in helper 2 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:24:55.145589: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 2 sending result back to state Oct 31 15:24:55.145591: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:55.145594: | libevent_malloc: newref ptr-libevent@0x7f27f400b578 size 128 Oct 31 15:24:55.145599: | helper thread 2 has nothing to do Oct 31 15:24:55.145608: | processing resume sending helper answer back to state for #1 Oct 31 15:24:55.145620: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:55.145626: | unsuspending #1 MD 0x55fbf1063c28 Oct 31 15:24:55.145629: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 2 Oct 31 15:24:55.145632: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x55fbef81bfe7 Oct 31 15:24:55.145635: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:24:55.145638: | DH secret MODP2048@0x7f27fc006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:55.145642: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:24:55.145679: | newref alloc logger@0x55fbf1060ac8(0->1) (in new_state() at state.c:576) Oct 31 15:24:55.145685: | addref fd@0x55fbf105e718(3->4) (in new_state() at state.c:577) Oct 31 15:24:55.145688: | creating state object #2 at 0x55fbf1066038 Oct 31 15:24:55.145690: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:55.145696: | pstats #2 ikev2.child started Oct 31 15:24:55.145699: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Oct 31 15:24:55.145705: | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:55.145714: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.570923 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:55.145717: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:24:55.145722: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:55.145728: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.570923 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:24:55.145734: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.570923 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:24:55.145739: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:24:55.145742: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:55.145745: | libevent_free: delref ptr-libevent@0x55fbf10631f8 Oct 31 15:24:55.145748: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf1060a18 Oct 31 15:24:55.145751: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:55.145756: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55fbf10633e8 Oct 31 15:24:55.145759: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1 Oct 31 15:24:55.145762: | libevent_malloc: newref ptr-libevent@0x55fbf1063338 size 128 Oct 31 15:24:55.145765: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:24:55.145770: | opening output PBS reply packet Oct 31 15:24:55.145773: | **emit ISAKMP Message: Oct 31 15:24:55.145778: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.145782: | responder SPI: 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.145784: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:55.145787: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.145790: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.145793: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:55.145797: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.145799: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:55.145803: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:55.145806: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.145808: | flags: none (0x0) Oct 31 15:24:55.145810: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:55.145812: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.145816: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:55.145823: | IKEv2 CERT: send a certificate? Oct 31 15:24:55.145826: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Oct 31 15:24:55.145828: | IDr payload will be sent Oct 31 15:24:55.145830: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:24:55.145832: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.145834: | flags: none (0x0) Oct 31 15:24:55.145837: | ID type: ID_IPV4_ADDR (0x1) Oct 31 15:24:55.145841: | reserved: 00 00 00 Oct 31 15:24:55.145843: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:24:55.145846: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.145849: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:24:55.145852: | my identity: c0 01 02 2d Oct 31 15:24:55.145854: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Oct 31 15:24:55.145857: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:55.145859: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.145862: | flags: none (0x0) Oct 31 15:24:55.145864: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.145867: | reserved: 00 00 00 Oct 31 15:24:55.145869: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:55.145871: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.145874: | emitting 4 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:24:55.145877: | their IDr: 65 61 73 74 Oct 31 15:24:55.145880: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:24:55.145882: | not sending INITIAL_CONTACT Oct 31 15:24:55.145884: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:55.145887: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.145889: | flags: none (0x0) Oct 31 15:24:55.145891: | auth method: IKEv2_AUTH_SHARED (0x2) Oct 31 15:24:55.145894: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:55.145900: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.145903: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Oct 31 15:24:55.145909: | lsw_get_secret() using IDs for 192.1.2.45->@east of kind PKK_PSK Oct 31 15:24:55.145913: | line 1: key type PKK_PSK(192.1.2.45) to type PKK_PSK Oct 31 15:24:55.145919: | 1: compared key 192.1.2.45 to 192.1.2.45 / @east -> 010 Oct 31 15:24:55.145923: | 2: compared key @east to 192.1.2.45 / @east -> 014 Oct 31 15:24:55.145925: | line 1: match=014 Oct 31 15:24:55.145928: | match 014 beats previous best_match 000 match=0x55fbf105ff68 (line=1) Oct 31 15:24:55.145931: | concluding with best_match=014 best=0x55fbf105ff68 (lineno=1) Oct 31 15:24:55.145989: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Oct 31 15:24:55.145993: | PSK auth: Oct 31 15:24:55.145996: | 39 a7 13 7b 56 a3 9e 5a 74 d5 67 3a 44 1c a2 31 Oct 31 15:24:55.145998: | 91 45 bf a5 dd b6 80 28 c7 68 59 41 5a 5d c6 2a Oct 31 15:24:55.146001: | 47 ef 54 72 1a 86 b8 c5 ef 5e a0 80 de a1 d3 2e Oct 31 15:24:55.146003: | 5e 65 2f 78 c9 b4 94 7e 8a 90 e2 e7 f6 08 5b 48 Oct 31 15:24:55.146006: | emitting length of IKEv2 Authentication Payload: 72 Oct 31 15:24:55.146008: | getting first pending from state #1 Oct 31 15:24:55.146012: | delref fd@0x55fbf105e718(4->3) (in first_pending() at pending.c:318) Oct 31 15:24:55.146015: | addref fd@0x55fbf105e718(3->4) (in first_pending() at pending.c:319) Oct 31 15:24:55.146041: | netlink_get_spi: allocated 0xc5d3c63 for esp.0@192.1.2.45 Oct 31 15:24:55.146045: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:24:55.146051: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:55.146058: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:55.146062: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:55.146065: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:55.146069: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:55.146073: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.146077: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:55.146081: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.146084: "westnet-eastnet-ipv4-psk-ikev2": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:24:55.146089: "westnet-eastnet-ipv4-psk-ikev2": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:55.146093: "westnet-eastnet-ipv4-psk-ikev2": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:55.146097: "westnet-eastnet-ipv4-psk-ikev2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.146101: "westnet-eastnet-ipv4-psk-ikev2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.146104: | Emitting ikev2_proposals ... Oct 31 15:24:55.146107: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:55.146110: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.146113: | flags: none (0x0) Oct 31 15:24:55.146116: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:55.146119: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.146123: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.146126: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.146129: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.146131: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.146135: | prop #: 1 (01) Oct 31 15:24:55.146142: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.146145: | spi size: 4 (04) Oct 31 15:24:55.146148: | # transforms: 2 (02) Oct 31 15:24:55.146151: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.146155: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.146157: | our spi: 0c 5d 3c 63 Oct 31 15:24:55.146160: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146163: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146165: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.146168: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.146170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146173: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.146177: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.146180: | length/value: 256 (01 00) Oct 31 15:24:55.146183: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.146186: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.146189: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.146192: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146195: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.146197: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.146230: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.146233: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146236: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146239: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146241: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:55.146243: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.146246: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.146249: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.146251: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.146254: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.146257: | prop #: 2 (02) Oct 31 15:24:55.146259: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.146262: | spi size: 4 (04) Oct 31 15:24:55.146265: | # transforms: 2 (02) Oct 31 15:24:55.146268: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.146270: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.146273: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.146277: | our spi: 0c 5d 3c 63 Oct 31 15:24:55.146279: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146284: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.146286: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.146288: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146291: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.146294: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.146297: | length/value: 128 (00 80) Oct 31 15:24:55.146300: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.146304: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.146306: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.146309: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146311: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.146314: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.146316: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.146319: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146322: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146325: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146327: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:55.146329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.146333: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.146335: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.146338: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.146341: | prop #: 3 (03) Oct 31 15:24:55.146343: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.146346: | spi size: 4 (04) Oct 31 15:24:55.146348: | # transforms: 4 (04) Oct 31 15:24:55.146350: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.146353: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.146356: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.146359: | our spi: 0c 5d 3c 63 Oct 31 15:24:55.146362: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146364: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146367: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.146369: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.146371: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146374: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.146376: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.146379: | length/value: 256 (01 00) Oct 31 15:24:55.146381: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.146384: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146386: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146388: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.146390: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.146393: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146395: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146398: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146401: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146403: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146405: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.146408: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.146410: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146414: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146417: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146420: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.146422: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146425: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.146427: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.146430: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.146432: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146435: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146437: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146439: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:55.146441: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.146444: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:55.146447: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.146450: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.146453: | prop #: 4 (04) Oct 31 15:24:55.146455: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.146458: | spi size: 4 (04) Oct 31 15:24:55.146461: | # transforms: 4 (04) Oct 31 15:24:55.146464: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:55.146467: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:55.146469: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:55.146473: | our spi: 0c 5d 3c 63 Oct 31 15:24:55.146476: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146478: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146481: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.146483: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:55.146485: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146488: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.146491: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.146495: | length/value: 128 (00 80) Oct 31 15:24:55.146497: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:55.146500: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146502: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146504: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.146507: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:55.146510: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146515: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146517: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146523: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:55.146525: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:55.146529: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146532: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146535: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146538: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:55.146541: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:55.146543: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.146545: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.146548: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.146551: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.146553: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:55.146556: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:55.146559: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:24:55.146561: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:55.146563: | emitting length of IKEv2 Security Association Payload: 164 Oct 31 15:24:55.146566: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:55.146571: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:55.146574: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.146576: | flags: none (0x0) Oct 31 15:24:55.146579: | number of TS: 1 (01) Oct 31 15:24:55.146582: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:55.146585: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.146588: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.146591: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.146594: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.146597: | start port: 0 (00 00) Oct 31 15:24:55.146600: | end port: 65535 (ff ff) Oct 31 15:24:55.146603: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.146607: | IP start: c0 00 01 00 Oct 31 15:24:55.146610: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.146613: | IP end: c0 00 01 ff Oct 31 15:24:55.146615: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.146618: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:55.146621: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:55.146624: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.146626: | flags: none (0x0) Oct 31 15:24:55.146629: | number of TS: 1 (01) Oct 31 15:24:55.146632: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:55.146634: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:55.146637: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:55.146640: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.146642: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.146645: | start port: 0 (00 00) Oct 31 15:24:55.146648: | end port: 65535 (ff ff) Oct 31 15:24:55.146650: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:55.146655: | IP start: c0 00 02 00 Oct 31 15:24:55.146658: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:55.146661: | IP end: c0 00 02 ff Oct 31 15:24:55.146663: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:55.146665: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:55.146668: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:24:55.146670: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:55.146673: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:55.146676: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:55.146679: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:55.146682: | emitting length of IKEv2 Encryption Payload: 337 Oct 31 15:24:55.146684: | emitting length of ISAKMP Message: 365 Oct 31 15:24:55.146699: | recording outgoing fragment failed Oct 31 15:24:55.146707: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.146712: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.146716: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:55.146719: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:24:55.146722: | Message ID: updating counters for #2 Oct 31 15:24:55.146729: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744569.570923 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.146737: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744569.570923->744569.579521 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:24:55.146743: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.579521 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:24:55.146747: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:55.146759: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55fbf10680e8 Oct 31 15:24:55.146762: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Oct 31 15:24:55.146764: | libevent_malloc: newref ptr-libevent@0x55fbf1066d88 size 128 Oct 31 15:24:55.146767: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744569.579555 Oct 31 15:24:55.146771: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744569.579521 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:24:55.146775: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.579521 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.146777: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:24:55.146779: | announcing the state transition Oct 31 15:24:55.146782: "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:55.146792: | sending 365 bytes for STATE_PARENT_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:55.146794: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.146795: | 2e 20 23 08 00 00 00 01 00 00 01 6d 23 00 01 51 Oct 31 15:24:55.146797: | f1 7e 1e 85 de d2 13 41 44 49 97 ab 1d 70 52 c2 Oct 31 15:24:55.146799: | d0 90 ed ca 45 07 89 1e af e7 2f 60 bf c4 13 69 Oct 31 15:24:55.146802: | 57 df a4 24 4c 67 0e 33 4a 7f a7 ac d5 09 ad b2 Oct 31 15:24:55.146803: | 8e e8 a3 88 7b ec 10 ee 36 27 85 c6 de f8 bf b3 Oct 31 15:24:55.146805: | 5a 22 eb 2e e7 49 a3 1d 78 5c 6b 55 b9 f9 df b3 Oct 31 15:24:55.146806: | c1 e4 6c 50 ef 93 b4 f9 d7 46 60 ff 25 66 d2 ea Oct 31 15:24:55.146807: | bf 56 34 7a 92 36 ec 28 8e 66 3b 18 26 73 94 0d Oct 31 15:24:55.146809: | 26 a8 42 46 99 0d 16 cf b4 a2 fe 91 57 a5 10 27 Oct 31 15:24:55.146810: | 7a f7 c4 94 b7 b6 a5 57 c7 6d 57 66 b1 49 2b c5 Oct 31 15:24:55.146811: | 5f b0 a5 00 02 5a 3a 5d d6 7d e3 20 53 9a dc f5 Oct 31 15:24:55.146813: | a5 90 d1 48 d1 c9 9d a7 bd 97 61 c6 41 9d cd 36 Oct 31 15:24:55.146814: | 84 31 92 5f 30 5b b2 e3 e0 9b bd 63 cc f7 f5 e6 Oct 31 15:24:55.146816: | d0 9f ea b4 4d 1a 20 44 c4 e2 44 0a f1 6f 16 b1 Oct 31 15:24:55.146817: | 87 43 8f 42 1f 79 56 18 2c db d1 2b 91 45 48 76 Oct 31 15:24:55.146818: | fd db 2a 9a 5e ce 55 54 6a 0c fc 67 d4 9e b4 df Oct 31 15:24:55.146820: | e7 ad a4 d6 64 35 ee 44 a4 b6 6f 3c 23 d3 2f 66 Oct 31 15:24:55.146821: | c1 9b b6 74 a3 77 0e 83 b2 1a 63 70 3b ef 71 71 Oct 31 15:24:55.146822: | 20 18 16 20 d5 14 aa c7 00 ce c4 75 15 b0 36 d5 Oct 31 15:24:55.146824: | d4 27 a9 14 98 de 5c ce 9a 40 3d 4e 68 6b 8e 25 Oct 31 15:24:55.146825: | 01 bd 88 4d fd 93 7b d9 be 00 f3 13 48 60 72 a8 Oct 31 15:24:55.146826: | 63 e7 5a ca a0 1d df 39 60 55 14 4c 34 Oct 31 15:24:55.146867: | sent 1 messages Oct 31 15:24:55.146873: | checking that a retransmit timeout_event was already Oct 31 15:24:55.146875: | state #2 has no .st_event to delete Oct 31 15:24:55.146880: | delref logger@0x55fbf105e868(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:55.146883: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.146886: | delref fd@0x55fbf105e718(4->3) (in free_logger() at log.c:854) Oct 31 15:24:55.146890: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition(); MD.ST was switched Oct 31 15:24:55.146894: | delref mdp@0x55fbf1063c28(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.146897: | delref logger@0x55fbf1050a28(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:55.146900: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.146902: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.146908: | #1 spent 1.24 (1.28) milliseconds in resume sending helper answer back to state Oct 31 15:24:55.146912: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:55.146915: | libevent_free: delref ptr-libevent@0x7f27f400b578 Oct 31 15:24:55.180557: | spent 0.00243 (0.0024) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:55.180577: | newref struct msg_digest@0x55fbf1063c28(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.180582: | newref alloc logger@0x55fbf105e868(0->1) (in read_message() at demux.c:103) Oct 31 15:24:55.180591: | *received 225 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:24:55.180594: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.180597: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Oct 31 15:24:55.180599: | bf a6 44 3f bd 11 5c 53 c5 3b 1c 90 5a ed f3 1e Oct 31 15:24:55.180601: | d8 38 2b 0c 88 4f 7b b9 ae 0e 72 f0 30 e3 3c d9 Oct 31 15:24:55.180603: | f2 92 71 02 d3 52 21 64 c2 b5 38 f5 d8 3a 0b fb Oct 31 15:24:55.180608: | 30 fd c9 2d ec 4c 4c 6e ff 73 b9 f7 3d 7c c1 c0 Oct 31 15:24:55.180611: | 23 d4 1c 4c 24 54 2c f8 ff fd 97 b0 80 f7 36 20 Oct 31 15:24:55.180612: | 42 81 30 94 44 3a ed 5f 43 cb a2 e5 29 66 07 fd Oct 31 15:24:55.180614: | c7 50 1b 5a 80 bf e4 04 4d ab a6 70 d9 a2 6e ae Oct 31 15:24:55.180615: | e2 fc 89 3c 3f 60 14 3a 99 0f 9a 6a 90 c5 f7 53 Oct 31 15:24:55.180616: | a2 c9 79 ae d9 e3 d4 c0 ff ed 17 08 9a b2 46 23 Oct 31 15:24:55.180618: | 5b 7e 14 e1 4c 6c dc 22 a2 54 4e 59 14 be 2e 56 Oct 31 15:24:55.180619: | d9 f1 02 e0 f7 fb eb fa 74 9c bb 13 79 c0 03 b2 Oct 31 15:24:55.180620: | f6 b5 3c f5 15 70 a4 91 2b 20 d1 e5 4a fe f1 af Oct 31 15:24:55.180622: | ce Oct 31 15:24:55.180625: | **parse ISAKMP Message: Oct 31 15:24:55.180628: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:55.180631: | responder SPI: 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:55.180633: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:55.180635: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:55.180636: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:55.180638: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:55.180640: | Message ID: 1 (00 00 00 01) Oct 31 15:24:55.180643: | length: 225 (00 00 00 e1) Oct 31 15:24:55.180644: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:55.180647: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:24:55.180651: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:24:55.180656: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:55.180658: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:24:55.180660: | #2 is idle Oct 31 15:24:55.180661: | #2 idle Oct 31 15:24:55.180664: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:55.180666: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:55.180668: | unpacking clear payload Oct 31 15:24:55.180670: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:55.180672: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:55.180674: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:55.180675: | flags: none (0x0) Oct 31 15:24:55.180677: | length: 197 (00 c5) Oct 31 15:24:55.180679: | processing payload: ISAKMP_NEXT_v2SK (len=193) Oct 31 15:24:55.180680: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:24:55.180694: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:55.180696: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:55.180698: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:55.180700: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:55.180701: | flags: none (0x0) Oct 31 15:24:55.180703: | length: 12 (00 0c) Oct 31 15:24:55.180704: | ID type: ID_FQDN (0x2) Oct 31 15:24:55.180706: | reserved: 00 00 00 Oct 31 15:24:55.180708: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:24:55.180709: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:55.180711: | **parse IKEv2 Authentication Payload: Oct 31 15:24:55.180712: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:55.180714: | flags: none (0x0) Oct 31 15:24:55.180716: | length: 72 (00 48) Oct 31 15:24:55.180717: | auth method: IKEv2_AUTH_SHARED (0x2) Oct 31 15:24:55.180719: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Oct 31 15:24:55.180720: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:55.180722: | **parse IKEv2 Security Association Payload: Oct 31 15:24:55.180723: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:55.180725: | flags: none (0x0) Oct 31 15:24:55.180726: | length: 36 (00 24) Oct 31 15:24:55.180729: | processing payload: ISAKMP_NEXT_v2SA (len=32) Oct 31 15:24:55.180730: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:55.180732: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:55.180733: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:55.180735: | flags: none (0x0) Oct 31 15:24:55.180737: | length: 24 (00 18) Oct 31 15:24:55.180738: | number of TS: 1 (01) Oct 31 15:24:55.180740: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:55.180741: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:55.180743: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:55.180744: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:55.180745: | flags: none (0x0) Oct 31 15:24:55.180747: | length: 24 (00 18) Oct 31 15:24:55.180749: | number of TS: 1 (01) Oct 31 15:24:55.180750: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:55.180752: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:24:55.180754: | calling processor Initiator: process IKE_AUTH response Oct 31 15:24:55.180756: | no certs to decode Oct 31 15:24:55.180760: | offered CA: '%none' Oct 31 15:24:55.180763: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Oct 31 15:24:55.180797: | verifying AUTH payload Oct 31 15:24:55.180801: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Oct 31 15:24:55.180804: | lsw_get_secret() using IDs for 192.1.2.45->@east of kind PKK_PSK Oct 31 15:24:55.180807: | line 1: key type PKK_PSK(192.1.2.45) to type PKK_PSK Oct 31 15:24:55.180811: | 1: compared key 192.1.2.45 to 192.1.2.45 / @east -> 010 Oct 31 15:24:55.180813: | 2: compared key @east to 192.1.2.45 / @east -> 014 Oct 31 15:24:55.180815: | line 1: match=014 Oct 31 15:24:55.180817: | match 014 beats previous best_match 000 match=0x55fbf105ff68 (line=1) Oct 31 15:24:55.180818: | concluding with best_match=014 best=0x55fbf105ff68 (lineno=1) Oct 31 15:24:55.180853: "westnet-eastnet-ipv4-psk-ikev2" #1: authenticated using authby=secret Oct 31 15:24:55.180861: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:55.180866: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:24:55.180868: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:24:55.180871: | libevent_free: delref ptr-libevent@0x55fbf1063338 Oct 31 15:24:55.180873: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55fbf10633e8 Oct 31 15:24:55.180875: | event_schedule: newref EVENT_SA_REKEY-pe@0x55fbf1063338 Oct 31 15:24:55.180877: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:24:55.180879: | libevent_malloc: newref ptr-libevent@0x7f27f400b578 size 128 Oct 31 15:24:55.181029: | pstats #1 ikev2.ike established Oct 31 15:24:55.181036: | TSi: parsing 1 traffic selectors Oct 31 15:24:55.181040: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:55.181043: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.181045: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.181049: | length: 16 (00 10) Oct 31 15:24:55.181052: | start port: 0 (00 00) Oct 31 15:24:55.181055: | end port: 65535 (ff ff) Oct 31 15:24:55.181058: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:55.181060: | TS low Oct 31 15:24:55.181062: | c0 00 01 00 Oct 31 15:24:55.181064: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:55.181067: | TS high Oct 31 15:24:55.181069: | c0 00 01 ff Oct 31 15:24:55.181071: | TSi: parsed 1 traffic selectors Oct 31 15:24:55.181073: | TSr: parsing 1 traffic selectors Oct 31 15:24:55.181076: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:55.181079: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:55.181082: | IP Protocol ID: ALL (0x0) Oct 31 15:24:55.181085: | length: 16 (00 10) Oct 31 15:24:55.181088: | start port: 0 (00 00) Oct 31 15:24:55.181091: | end port: 65535 (ff ff) Oct 31 15:24:55.181096: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:55.181101: | TS low Oct 31 15:24:55.181104: | c0 00 02 00 Oct 31 15:24:55.181107: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:55.181109: | TS high Oct 31 15:24:55.181111: | c0 00 02 ff Oct 31 15:24:55.181114: | TSr: parsed 1 traffic selectors Oct 31 15:24:55.181121: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:55.181126: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.181135: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Oct 31 15:24:55.181139: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:55.181141: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:55.181145: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:55.181148: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.181153: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:55.181158: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:55.181159: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:55.181161: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:55.181163: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:55.181164: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:55.181166: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:55.181167: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:24:55.181169: | printing contents struct traffic_selector Oct 31 15:24:55.181170: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:55.181172: | ipprotoid: 0 Oct 31 15:24:55.181173: | port range: 0-65535 Oct 31 15:24:55.181176: | ip range: 192.0.1.0-192.0.1.255 Oct 31 15:24:55.181177: | printing contents struct traffic_selector Oct 31 15:24:55.181178: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:55.181180: | ipprotoid: 0 Oct 31 15:24:55.181181: | port range: 0-65535 Oct 31 15:24:55.181183: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:55.181192: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:55.181195: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:24:55.181204: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:55.181208: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:55.181210: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:55.181211: | local proposal 1 type DH has 1 transforms Oct 31 15:24:55.181213: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:55.181215: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:55.181217: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:55.181218: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:55.181219: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:55.181221: | local proposal 2 type DH has 1 transforms Oct 31 15:24:55.181222: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:55.181224: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:55.181225: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:55.181227: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:55.181228: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:55.181230: | local proposal 3 type DH has 1 transforms Oct 31 15:24:55.181231: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:55.181233: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:55.181236: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:55.181237: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:55.181239: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:55.181240: | local proposal 4 type DH has 1 transforms Oct 31 15:24:55.181242: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:55.181243: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:55.181246: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:55.181247: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:55.181250: | length: 32 (00 20) Oct 31 15:24:55.181251: | prop #: 1 (01) Oct 31 15:24:55.181253: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:55.181255: | spi size: 4 (04) Oct 31 15:24:55.181256: | # transforms: 2 (02) Oct 31 15:24:55.181258: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:55.181260: | remote SPI Oct 31 15:24:55.181261: | 6f 46 0d 9e Oct 31 15:24:55.181263: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:24:55.181265: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.181267: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:55.181269: | length: 12 (00 0c) Oct 31 15:24:55.181270: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:55.181272: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:55.181273: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:55.181275: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:55.181277: | length/value: 256 (01 00) Oct 31 15:24:55.181280: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:55.181282: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:55.181283: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:55.181285: | length: 8 (00 08) Oct 31 15:24:55.181286: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:55.181288: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:55.181290: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:55.181292: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:55.181295: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:55.181296: | remote proposal 1 matches local proposal 1 Oct 31 15:24:55.181298: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Oct 31 15:24:55.181301: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=6f460d9e Oct 31 15:24:55.181303: | converting proposal to internal trans attrs Oct 31 15:24:55.181307: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:55.181367: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:24:55.181373: | could_route called for westnet-eastnet-ipv4-psk-ikev2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:55.181375: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:55.181378: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:55.181380: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:24:55.181383: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:55.181387: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:55.181390: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:55.181393: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:55.181395: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:55.181399: | setting IPsec SA replay-window to 32 Oct 31 15:24:55.181402: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Oct 31 15:24:55.181407: | netlink: enabling tunnel mode Oct 31 15:24:55.181409: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:55.181411: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:55.181414: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:55.181475: | netlink response for Add SA esp.6f460d9e@192.1.2.23 included non-error error Oct 31 15:24:55.181479: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:55.181482: | set up outgoing SA, ref=0/0 Oct 31 15:24:55.181484: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:55.181487: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:55.181489: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:55.181491: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:55.181495: | setting IPsec SA replay-window to 32 Oct 31 15:24:55.181497: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth1 Oct 31 15:24:55.181500: | netlink: enabling tunnel mode Oct 31 15:24:55.181502: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:55.181504: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:55.181506: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:55.181541: | netlink response for Add SA esp.c5d3c63@192.1.2.45 included non-error error Oct 31 15:24:55.181546: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:55.181548: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:55.181551: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:55.181553: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:55.181555: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:55.181558: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:55.181565: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.2.45 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:55.181568: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:55.181589: | raw_eroute result=success Oct 31 15:24:55.181591: | set up incoming SA, ref=0/0 Oct 31 15:24:55.181592: | sr for #2: unrouted Oct 31 15:24:55.181594: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:55.181596: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:55.181597: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:55.181599: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:24:55.181601: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:24:55.181603: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:24:55.181605: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:55.181610: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:55.181612: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:55.181621: | raw_eroute result=success Oct 31 15:24:55.181623: | running updown command "ipsec _updown" for verb up Oct 31 15:24:55.181624: | command executing up-client Oct 31 15:24:55.181627: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:55.181633: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:55.181653: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' P... Oct 31 15:24:55.181657: | popen cmd is 1134 chars long Oct 31 15:24:55.181659: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Oct 31 15:24:55.181661: | cmd( 80):4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUT: Oct 31 15:24:55.181662: | cmd( 160):E='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' : Oct 31 15:24:55.181664: | cmd( 240):PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_M: Oct 31 15:24:55.181665: | cmd( 320):ASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1638: Oct 31 15:24:55.181666: | cmd( 400):8' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_: Oct 31 15:24:55.181668: | cmd( 480):CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK=': Oct 31 15:24:55.181669: | cmd( 560):255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUT: Oct 31 15:24:55.181670: | cmd( 640):O_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: Oct 31 15:24:55.181672: | cmd( 720):PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_C: Oct 31 15:24:55.181673: | cmd( 800):ONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO: Oct 31 15:24:55.181674: | cmd( 880):='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CF: Oct 31 15:24:55.181676: | cmd( 960):G_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IF: Oct 31 15:24:55.181678: | cmd(1040):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6f460d9e SPI_OUT=0xc5d3c63 ipse: Oct 31 15:24:55.181680: | cmd(1120):c _updown 2>&1: Oct 31 15:24:55.189999: | route_and_eroute: firewall_notified: true Oct 31 15:24:55.190010: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:55.190013: | command executing prepare-client Oct 31 15:24:55.190018: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:55.190031: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:55.190054: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG... Oct 31 15:24:55.190057: | popen cmd is 1139 chars long Oct 31 15:24:55.190059: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:24:55.190060: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI: Oct 31 15:24:55.190062: | cmd( 160):_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2: Oct 31 15:24:55.190065: | cmd( 240):.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Oct 31 15:24:55.190067: | cmd( 320):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Oct 31 15:24:55.190068: | cmd( 400):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Oct 31 15:24:55.190069: | cmd( 480):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Oct 31 15:24:55.190071: | cmd( 560):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Oct 31 15:24:55.190072: | cmd( 640): PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TU: Oct 31 15:24:55.190073: | cmd( 720):NNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Oct 31 15:24:55.190075: | cmd( 800):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Oct 31 15:24:55.190076: | cmd( 880):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Oct 31 15:24:55.190077: | cmd( 960):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' V: Oct 31 15:24:55.190079: | cmd(1040):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6f460d9e SPI_OUT=0xc5d3c63: Oct 31 15:24:55.190080: | cmd(1120): ipsec _updown 2>&1: Oct 31 15:24:55.197792: | running updown command "ipsec _updown" for verb route Oct 31 15:24:55.197804: | command executing route-client Oct 31 15:24:55.197810: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:55.197822: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:55.197845: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED... Oct 31 15:24:55.197847: | popen cmd is 1137 chars long Oct 31 15:24:55.197849: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Oct 31 15:24:55.197850: | cmd( 80):ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_R: Oct 31 15:24:55.197852: | cmd( 160):OUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.4: Oct 31 15:24:55.197853: | cmd( 240):5' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Oct 31 15:24:55.197855: | cmd( 320):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Oct 31 15:24:55.197856: | cmd( 400):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Oct 31 15:24:55.197857: | cmd( 480):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Oct 31 15:24:55.197859: | cmd( 560):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Oct 31 15:24:55.197860: | cmd( 640):LUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNN: Oct 31 15:24:55.197861: | cmd( 720):EL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUT: Oct 31 15:24:55.197863: | cmd( 800):O_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_I: Oct 31 15:24:55.197864: | cmd( 880):NFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO: Oct 31 15:24:55.197868: | cmd( 960):_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI: Oct 31 15:24:55.197870: | cmd(1040):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6f460d9e SPI_OUT=0xc5d3c63 i: Oct 31 15:24:55.197871: | cmd(1120):psec _updown 2>&1: Oct 31 15:24:55.207764: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207791: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207800: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207806: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207813: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207820: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207825: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207830: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207836: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207841: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207847: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207947: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207959: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207966: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.207972: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208312: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208324: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208330: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208339: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208352: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208360: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208367: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208379: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208386: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.208396: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:55.218189: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55fbf105eca8,sr=0x55fbf105eca8} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:55.218270: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:24:55.218288: | #2 spent 1.61 (37.5) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:24:55.218297: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:55.218302: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:55.218308: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:55.218311: | Message ID: updating counters for #2 Oct 31 15:24:55.218318: | Message ID: CHILD #1.#2 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744569.579521 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.218322: | #2 requesting EVENT_RETRANSMIT-pe@0x55fbf10680e8 be deleted Oct 31 15:24:55.218328: | libevent_free: delref ptr-libevent@0x55fbf1066d88 Oct 31 15:24:55.218332: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55fbf10680e8 Oct 31 15:24:55.218335: | #2 STATE_PARENT_I2: retransmits: cleared Oct 31 15:24:55.218342: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744569.579521->744569.65111 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:24:55.218347: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:55.218353: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:55.218357: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:55.218361: | pstats #2 ikev2.child established Oct 31 15:24:55.218364: | announcing the state transition Oct 31 15:24:55.218373: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:24:55.218385: | NAT-T: encaps is 'auto' Oct 31 15:24:55.218391: "westnet-eastnet-ipv4-psk-ikev2" #2: IPsec SA established tunnel mode {ESP=>0x6f460d9e <0x0c5d3c63 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:55.218396: | releasing #2's fd-fd@0x55fbf105e718 because IKEv2 transitions finished Oct 31 15:24:55.218399: | delref fd@0x55fbf105e718(3->2) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:55.218402: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:55.218404: | unpending #2's IKE SA #1 Oct 31 15:24:55.218407: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:24:55.218411: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:24:55.218414: | delref fd@0x55fbf105e718(2->1) (in delete_pending() at pending.c:218) Oct 31 15:24:55.218416: | removing pending policy for no connection {0x55fbf105e758} Oct 31 15:24:55.218419: | releasing #1's fd-fd@0x55fbf105e718 because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:55.218421: | delref fd@0x55fbf105e718(1->0) (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.218429: | freeref fd-fd@0x55fbf105e718 (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.218432: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:55.218437: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:24:55.218440: | state #2 has no .st_event to delete Oct 31 15:24:55.218443: | event_schedule: newref EVENT_SA_REKEY-pe@0x55fbf10680e8 Oct 31 15:24:55.218445: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Oct 31 15:24:55.218447: | libevent_malloc: newref ptr-libevent@0x55fbf1065508 size 128 Oct 31 15:24:55.218452: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:55.218460: | #1 spent 2 (37.9) milliseconds in ikev2_process_packet() Oct 31 15:24:55.218462: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:55.218464: | delref mdp@0x55fbf1063c28(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.218466: | delref logger@0x55fbf105e868(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:55.218468: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:55.218469: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:55.218474: | spent 2.01 (37.9) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:55.218484: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.218487: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.218491: | spent 0.00371 (0.00364) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:55.218492: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.218494: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.218497: | spent 0.00264 (0.00271) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:55.218503: | processing signal PLUTO_SIGCHLD Oct 31 15:24:55.218508: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:55.218512: | spent 0.00389 (0.0038) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:56.389846: | newref struct fd@0x55fbf105e718(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.389860: | fd_accept: new fd-fd@0x55fbf105e718 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:56.389870: | whack: traffic_status Oct 31 15:24:56.389873: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:24:56.389875: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:56.389882: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:56.389897: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:56.389908: | delref fd@0x55fbf105e718(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.389914: | freeref fd-fd@0x55fbf105e718 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:56.389921: | spent 0.0831 (0.0827) milliseconds in whack Oct 31 15:24:57.031462: | newref struct fd@0x55fbf105e718(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:57.031538: | fd_accept: new fd-fd@0x55fbf105e718 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:57.031554: | whack: traffic_status Oct 31 15:24:57.031558: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:24:57.031562: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:57.031573: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:57.031590: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:57.031606: | delref fd@0x55fbf105e718(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:57.031614: | freeref fd-fd@0x55fbf105e718 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:57.031622: | spent 0.123 (0.17) milliseconds in whack Oct 31 15:24:57.148048: | newref struct fd@0x55fbf105e718(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:57.148065: | fd_accept: new fd-fd@0x55fbf105e718 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:57.148080: | whack: status Oct 31 15:24:57.148386: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:57.148447: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:24:57.148524: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:24:57.148530: | FOR_EACH_STATE_... in sort_states Oct 31 15:24:57.148547: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:57.148567: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:57.148592: | delref fd@0x55fbf105e718(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:57.148601: | freeref fd-fd@0x55fbf105e718 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:57.148609: | spent 0.435 (0.571) milliseconds in whack Oct 31 15:24:57.727752: | spent 0.00241 (0.00235) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:57.727769: | newref struct msg_digest@0x55fbf1063c28(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.727777: | newref alloc logger@0x55fbf10633e8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.727785: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:24:57.727788: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.727791: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:57.727793: | 0a d5 2b 3c 35 21 23 45 a8 a9 e4 0d 5d 6c f6 33 Oct 31 15:24:57.727795: | 05 8f 04 56 10 0b 2b 14 4e d9 32 45 be 75 95 27 Oct 31 15:24:57.727798: | eb b6 81 2f 46 Oct 31 15:24:57.727803: | **parse ISAKMP Message: Oct 31 15:24:57.727807: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:57.727812: | responder SPI: 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.727815: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:57.727818: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.727820: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:57.727823: | flags: none (0x0) Oct 31 15:24:57.727827: | Message ID: 0 (00 00 00 00) Oct 31 15:24:57.727831: | length: 69 (00 00 00 45) Oct 31 15:24:57.727834: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:24:57.727838: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:24:57.727843: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:57.727851: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:57.727855: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Oct 31 15:24:57.727858: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:57.727861: | #1 is idle Oct 31 15:24:57.727868: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.727874: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:57.727877: | unpacking clear payload Oct 31 15:24:57.727880: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:57.727883: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:57.727886: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:24:57.727889: | flags: none (0x0) Oct 31 15:24:57.727892: | length: 41 (00 29) Oct 31 15:24:57.727895: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:24:57.727898: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:57.727915: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:24:57.727919: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:24:57.727922: | **parse IKEv2 Delete Payload: Oct 31 15:24:57.727925: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.727928: | flags: none (0x0) Oct 31 15:24:57.727932: | length: 12 (00 0c) Oct 31 15:24:57.727934: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:57.727937: | SPI size: 4 (04) Oct 31 15:24:57.727941: | number of SPIs: 1 (00 01) Oct 31 15:24:57.727943: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:24:57.727946: | selected state microcode Informational Request Oct 31 15:24:57.727953: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:57.727956: | calling processor Informational Request Oct 31 15:24:57.727960: | an informational request should send a response Oct 31 15:24:57.727965: | opening output PBS information exchange reply packet Oct 31 15:24:57.727968: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:24:57.727973: | **emit ISAKMP Message: Oct 31 15:24:57.727977: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:57.727981: | responder SPI: 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.727984: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:57.727986: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.727989: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:57.727992: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:24:57.727996: | Message ID: 0 (00 00 00 00) Oct 31 15:24:57.727998: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:57.728002: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:57.728005: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.728007: | flags: none (0x0) Oct 31 15:24:57.728010: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:57.728013: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:57.728016: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:57.728304: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:24:57.728311: | SPI Oct 31 15:24:57.728314: | 6f 46 0d 9e Oct 31 15:24:57.728317: | delete IKEv2_SEC_PROTO_ESP SA(0x6f460d9e) Oct 31 15:24:57.728321: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:57.728324: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:24:57.728326: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x6f460d9e) Oct 31 15:24:57.728330: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Oct 31 15:24:57.728333: | #2 requesting EVENT_SA_REKEY-pe@0x55fbf10680e8 be deleted Oct 31 15:24:57.728337: | libevent_free: delref ptr-libevent@0x55fbf1065508 Oct 31 15:24:57.728340: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55fbf10680e8 Oct 31 15:24:57.728344: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55fbf105e868 Oct 31 15:24:57.728346: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Oct 31 15:24:57.728349: | libevent_malloc: newref ptr-libevent@0x55fbf1066d88 size 128 Oct 31 15:24:57.728353: | ****emit IKEv2 Delete Payload: Oct 31 15:24:57.728356: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.728359: | flags: none (0x0) Oct 31 15:24:57.728361: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:57.728364: | SPI size: 4 (04) Oct 31 15:24:57.728367: | number of SPIs: 1 (00 01) Oct 31 15:24:57.728370: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:24:57.728373: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:57.728376: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:24:57.728380: | local SPIs: 0c 5d 3c 63 Oct 31 15:24:57.728382: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:24:57.728384: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:57.728387: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.728390: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:57.728393: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:24:57.728395: | emitting length of ISAKMP Message: 69 Oct 31 15:24:57.728410: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:57.728414: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.728416: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:57.728418: | 24 5c f9 ed 79 a6 90 0b d7 53 11 26 68 c4 96 61 Oct 31 15:24:57.728423: | bf 9c 95 a0 a8 d0 81 09 06 c6 21 23 31 db c5 2b Oct 31 15:24:57.728425: | ac f5 9f 37 e4 Oct 31 15:24:57.728445: | sent 1 messages Oct 31 15:24:57.728453: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:24:57.728460: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744569.570923 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:24:57.728468: | #1 spent 0.224 (0.506) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:24:57.728473: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.728478: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:24:57.728481: | Message ID: updating counters for #1 Oct 31 15:24:57.728488: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744569.570923->744572.16128 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:57.728494: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744572.16128 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.728500: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744572.16128 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.728503: | announcing the state transition Oct 31 15:24:57.728506: "westnet-eastnet-ipv4-psk-ikev2" #1: established IKE SA Oct 31 15:24:57.728512: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:57.728515: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.728517: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:24:57.728519: | 24 5c f9 ed 79 a6 90 0b d7 53 11 26 68 c4 96 61 Oct 31 15:24:57.728522: | bf 9c 95 a0 a8 d0 81 09 06 c6 21 23 31 db c5 2b Oct 31 15:24:57.728524: | ac f5 9f 37 e4 Oct 31 15:24:57.728536: | sent 1 messages Oct 31 15:24:57.728540: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:24:57.728545: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:57.728551: | #1 spent 0.522 (0.807) milliseconds in ikev2_process_packet() Oct 31 15:24:57.728554: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:57.728557: | delref mdp@0x55fbf1063c28(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.728560: | delref logger@0x55fbf10633e8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.728563: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.728565: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.728571: | spent 0.543 (0.827) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:57.728578: | timer_event_cb: processing event@0x55fbf105e868 Oct 31 15:24:57.728581: | handling event EVENT_SA_REPLACE for child state #2 Oct 31 15:24:57.728584: | libevent_free: delref ptr-libevent@0x55fbf1066d88 Oct 31 15:24:57.728589: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55fbf105e868 Oct 31 15:24:57.728594: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.728598: | picked newest_ipsec_sa #2 for #2 Oct 31 15:24:57.728600: | replacing stale CHILD SA Oct 31 15:24:57.728604: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:57.728608: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:24:57.728613: | newref alloc logger@0x55fbf10680e8(0->1) (in new_state() at state.c:576) Oct 31 15:24:57.728616: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:57.728618: | creating state object #3 at 0x55fbf1063c28 Oct 31 15:24:57.728621: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:24:57.728625: | pstats #3 ikev2.child started Oct 31 15:24:57.728628: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Oct 31 15:24:57.728634: | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:57.728643: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744572.16128 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:57.728647: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Oct 31 15:24:57.728652: | #3.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:24:57.728657: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:57.728661: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:24:57.728665: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:24:57.728668: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Oct 31 15:24:57.728674: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:57.728681: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:57.728684: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:57.728688: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:57.728691: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:57.728695: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:57.728698: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:57.728702: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:57.728705: "westnet-eastnet-ipv4-psk-ikev2": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:24:57.728710: "westnet-eastnet-ipv4-psk-ikev2": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:24:57.728714: "westnet-eastnet-ipv4-psk-ikev2": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:24:57.728718: "westnet-eastnet-ipv4-psk-ikev2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:57.728722: "westnet-eastnet-ipv4-psk-ikev2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:24:57.728728: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Oct 31 15:24:57.728731: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x55fbf105e868 Oct 31 15:24:57.728734: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Oct 31 15:24:57.728737: | libevent_malloc: newref ptr-libevent@0x55fbf1065508 size 128 Oct 31 15:24:57.728742: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:24:57.728748: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x55fbf0fac0a8 Oct 31 15:24:57.728750: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Oct 31 15:24:57.728753: | libevent_malloc: newref ptr-libevent@0x55fbf1063148 size 128 Oct 31 15:24:57.728759: | #2 spent 0.179 (0.179) milliseconds in timer_event_cb() EVENT_SA_REPLACE Oct 31 15:24:57.728761: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.728766: | timer_event_cb: processing event@0x55fbf105e868 Oct 31 15:24:57.728769: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Oct 31 15:24:57.728771: | libevent_free: delref ptr-libevent@0x55fbf1065508 Oct 31 15:24:57.728774: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x55fbf105e868 Oct 31 15:24:57.728779: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.728788: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:57.728791: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:57.728794: | newref clone logger@0x55fbf105e868(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:57.728797: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:24:57.728800: | state #3 has no .st_event to delete Oct 31 15:24:57.728802: | #3 STATE_V2_REKEY_CHILD_I0: retransmits: cleared Oct 31 15:24:57.728805: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf1066d88 Oct 31 15:24:57.728808: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:24:57.728811: | libevent_malloc: newref ptr-libevent@0x55fbf1065508 size 128 Oct 31 15:24:57.728821: | #3 spent 0.0535 (0.0535) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:24:57.728827: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.728831: | timer_event_cb: processing event@0x55fbf0fac0a8 Oct 31 15:24:57.728833: | handling event EVENT_SA_EXPIRE for child state #2 Oct 31 15:24:57.728836: | libevent_free: delref ptr-libevent@0x55fbf1063148 Oct 31 15:24:57.728838: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x55fbf0fac0a8 Oct 31 15:24:57.728843: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:24:57.728846: | picked newest_ipsec_sa #2 for #2 Oct 31 15:24:57.728849: | un-established partial CHILD SA timeout (SA expired) Oct 31 15:24:57.728851: | pstats #2 ikev2.child re-failed exchange-timeout Oct 31 15:24:57.728854: | should_send_delete: no, just because Oct 31 15:24:57.728857: | pstats #2 ikev2.child deleted completed Oct 31 15:24:57.728861: | #2 main thread spent 1.79 (37.7) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:24:57.728866: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:57.728868: | should_send_delete: no, just because Oct 31 15:24:57.728872: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 2.583193s and NOT sending notification Oct 31 15:24:57.728875: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:24:57.728880: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:57.728894: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:57.728903: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=168B out=168B Oct 31 15:24:57.728906: | unsuspending #2 MD (nil) Oct 31 15:24:57.728908: | should_send_delete: no, just because Oct 31 15:24:57.728911: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:24:57.728914: | state #2 has no .st_event to delete Oct 31 15:24:57.728916: | #2 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:24:57.728953: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 3 starting job Oct 31 15:24:57.730468: | running updown command "ipsec _updown" for verb down Oct 31 15:24:57.730477: | command executing down-client Oct 31 15:24:57.730483: | get_sa_info esp.6f460d9e@192.1.2.23 Oct 31 15:24:57.730493: | get_sa_info esp.c5d3c63@192.1.2.45 Oct 31 15:24:57.730526: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:24:57.730531: | popen cmd is 1140 chars long Oct 31 15:24:57.730534: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Oct 31 15:24:57.730537: | cmd( 80):pv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_RO: Oct 31 15:24:57.730540: | cmd( 160):UTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45: Oct 31 15:24:57.730542: | cmd( 240):' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT: Oct 31 15:24:57.730544: | cmd( 320):_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16: Oct 31 15:24:57.730547: | cmd( 400):388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEE: Oct 31 15:24:57.730549: | cmd( 480):R_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK: Oct 31 15:24:57.730552: | cmd( 560):='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PL: Oct 31 15:24:57.730554: | cmd( 640):UTO_STACK='xfrm' PLUTO_ADDTIME='1604157895' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNE: Oct 31 15:24:57.730556: | cmd( 720):L+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: Oct 31 15:24:57.730559: | cmd( 800):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: Oct 31 15:24:57.730561: | cmd( 880):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: Oct 31 15:24:57.730563: | cmd( 960):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='168' PLUTO_OUTBYTES='168' : Oct 31 15:24:57.730566: | cmd(1040):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6f460d9e SPI_OUT=0xc5d3c6: Oct 31 15:24:57.730568: | cmd(1120):3 ipsec _updown 2>&1: Oct 31 15:24:57.731382: | "westnet-eastnet-ipv4-psk-ikev2" #3: spent 1.8 (2.43) milliseconds in helper 3 processing job 3 for state #3: Child Rekey Initiator KE and nonce ni (pcr) Oct 31 15:24:57.731391: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 3 sending result back to state Oct 31 15:24:57.731396: | scheduling resume sending helper answer back to state for #3 Oct 31 15:24:57.731399: | libevent_malloc: newref ptr-libevent@0x7f27f8006108 size 128 Oct 31 15:24:57.731404: | helper thread 3 has nothing to do Oct 31 15:24:57.765982: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:24:57.765995: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:24:57.766000: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:57.766006: | IPsec SA SPD priority set to 2084814 Oct 31 15:24:57.766155: | delete esp.6f460d9e@192.1.2.23 Oct 31 15:24:57.766161: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:57.766299: | netlink response for Del SA esp.6f460d9e@192.1.2.23 included non-error error Oct 31 15:24:57.766309: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:57.766317: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk.10000@192.1.2.45 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:57.766613: | raw_eroute result=success Oct 31 15:24:57.766622: | delete esp.c5d3c63@192.1.2.45 Oct 31 15:24:57.766626: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:24:57.766749: | netlink response for Del SA esp.c5d3c63@192.1.2.45 included non-error error Oct 31 15:24:57.766757: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:24:57.766761: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Oct 31 15:24:57.766765: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:24:57.766769: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:24:57.766771: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:57.766774: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:57.766776: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:57.766783: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:57.766789: | delref logger@0x55fbf1060ac8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:57.766793: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.766795: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.766800: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Oct 31 15:24:57.766803: | can't expire unused IKE SA #1; it has the child #3 Oct 31 15:24:57.766806: | in statetime_stop() and could not find #2 Oct 31 15:24:57.766809: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:24:57.766834: | spent 0.00208 (0.00205) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:57.766844: | newref struct msg_digest@0x55fbf106b428(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.766848: | newref alloc logger@0x55fbf0fac0a8(0->1) (in read_message() at demux.c:103) Oct 31 15:24:57.766855: | *received 65 bytes from 192.1.2.23:500 on eth1 192.1.2.45:500 using UDP Oct 31 15:24:57.766858: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.766860: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Oct 31 15:24:57.766863: | 69 83 3c e2 69 f6 6c ce 1a 76 79 85 42 a4 4f 3d Oct 31 15:24:57.766865: | 7a 82 5f 84 3b ae 46 6c 95 fc 33 94 c1 fc c6 c7 Oct 31 15:24:57.766868: | 98 Oct 31 15:24:57.766872: | **parse ISAKMP Message: Oct 31 15:24:57.766877: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:57.766881: | responder SPI: 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.766884: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:24:57.766887: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.766890: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:57.766892: | flags: none (0x0) Oct 31 15:24:57.766896: | Message ID: 1 (00 00 00 01) Oct 31 15:24:57.766901: | length: 65 (00 00 00 41) Oct 31 15:24:57.766904: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:24:57.766908: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:24:57.766911: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:24:57.766919: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:57.766922: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:57.766925: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:57.766930: | #1 is idle Oct 31 15:24:57.766938: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744572.16128 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:57.766944: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:57.766946: | unpacking clear payload Oct 31 15:24:57.766949: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:24:57.766953: | ***parse IKEv2 Encryption Payload: Oct 31 15:24:57.766955: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:24:57.766958: | flags: none (0x0) Oct 31 15:24:57.766962: | length: 37 (00 25) Oct 31 15:24:57.766964: | processing payload: ISAKMP_NEXT_v2SK (len=33) Oct 31 15:24:57.766967: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:24:57.766987: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:24:57.766991: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:24:57.766994: | **parse IKEv2 Delete Payload: Oct 31 15:24:57.766997: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.767000: | flags: none (0x0) Oct 31 15:24:57.767003: | length: 8 (00 08) Oct 31 15:24:57.767006: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:57.767009: | SPI size: 0 (00) Oct 31 15:24:57.767013: | number of SPIs: 0 (00 00) Oct 31 15:24:57.767015: | processing payload: ISAKMP_NEXT_v2D (len=0) Oct 31 15:24:57.767018: | selected state microcode Informational Request Oct 31 15:24:57.767025: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744572.16128 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:24:57.767028: | calling processor Informational Request Oct 31 15:24:57.767033: | an informational request should send a response Oct 31 15:24:57.767038: | opening output PBS information exchange reply packet Oct 31 15:24:57.767040: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:24:57.767043: | **emit ISAKMP Message: Oct 31 15:24:57.767048: | initiator SPI: 56 da 3a 10 de 51 40 20 Oct 31 15:24:57.767052: | responder SPI: 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.767055: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:57.767057: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.767060: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:24:57.767062: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:24:57.767066: | Message ID: 1 (00 00 00 01) Oct 31 15:24:57.767069: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:57.767072: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:57.767075: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.767077: | flags: none (0x0) Oct 31 15:24:57.767081: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:57.767084: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:24:57.767087: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:57.767097: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:57.767101: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:57.767104: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:57.767106: | emitting length of IKEv2 Encryption Payload: 29 Oct 31 15:24:57.767109: | emitting length of ISAKMP Message: 57 Oct 31 15:24:57.767124: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:24:57.767131: | 56 da 3a 10 de 51 40 20 3c 7b ee d5 b8 ac 7d 01 Oct 31 15:24:57.767133: | 2e 20 25 28 00 00 00 01 00 00 00 39 00 00 00 1d Oct 31 15:24:57.767135: | 6a 99 ee 73 44 8b ad b7 1a ff 6e 46 36 9c f2 8d Oct 31 15:24:57.767138: | 4b ba 02 79 de d0 1c 7d 5f Oct 31 15:24:57.767158: | sent 1 messages Oct 31 15:24:57.767166: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744572.16128 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:24:57.767173: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744569.65111 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744572.16128 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:24:57.767177: | pstats #3 ikev2.child deleted other Oct 31 15:24:57.767182: | #3 main thread spent 0.0535 (0.0535) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:24:57.767187: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:57.767192: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:57.767195: | should_send_delete: no, just because Oct 31 15:24:57.767203: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_V2_REKEY_CHILD_I0) aged 0.038585s and NOT sending notification Oct 31 15:24:57.767209: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => delete Oct 31 15:24:57.767213: | unsuspending #3 MD (nil) Oct 31 15:24:57.767215: | should_send_delete: no, just because Oct 31 15:24:57.767218: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Oct 31 15:24:57.767221: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:57.767224: | libevent_free: delref ptr-libevent@0x55fbf1065508 Oct 31 15:24:57.767228: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf1066d88 Oct 31 15:24:57.767231: | #3 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:24:57.767235: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:57.767243: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk.10000@192.1.2.45 using reqid 0 (raw_eroute) proto=50 Oct 31 15:24:57.767256: | raw_eroute result=success Oct 31 15:24:57.767260: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:24:57.767263: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Oct 31 15:24:57.767266: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:24:57.767269: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:24:57.767272: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:57.767275: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:57.767277: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:57.767282: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:57.767287: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:57.767292: | delref logger@0x55fbf10680e8(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:57.767294: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.767296: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.767300: | State DB: IKEv2 state not found (delete_ike_family) Oct 31 15:24:57.767302: | pstats #1 ikev2.ike deleted completed Oct 31 15:24:57.767307: | #1 main thread spent 5.78 (42.1) milliseconds helper thread spent 1.92 (1.96) milliseconds in total Oct 31 15:24:57.767314: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:57.767317: | should_send_delete: no, just because Oct 31 15:24:57.767321: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.62923s and NOT sending notification Oct 31 15:24:57.767323: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:24:57.769058: | unsuspending #1 MD (nil) Oct 31 15:24:57.769068: | should_send_delete: no, just because Oct 31 15:24:57.769072: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:24:57.769077: | libevent_free: delref ptr-libevent@0x7f27f400b578 Oct 31 15:24:57.769081: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55fbf1063338 Oct 31 15:24:57.769084: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:24:57.769088: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:24:57.769091: | picked newest_isakmp_sa #0 for #1 Oct 31 15:24:57.769096: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:24:57.769100: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Oct 31 15:24:57.769103: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Oct 31 15:24:57.769108: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:24:57.769111: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:24:57.769115: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:24:57.769118: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:24:57.769121: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:57.769123: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:57.769126: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:57.769149: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:57.769166: | delref logger@0x55fbf105d608(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:57.769170: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.769172: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.769176: | in statetime_stop() and could not find #1 Oct 31 15:24:57.769179: | XXX: processor 'Informational Request' for #1 deleted state MD.ST Oct 31 15:24:57.769181: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:57.769184: | in statetime_stop() and could not find #1 Oct 31 15:24:57.769187: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:57.769190: | delref mdp@0x55fbf106b428(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.769193: | delref logger@0x55fbf0fac0a8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:57.769195: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.769217: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.769229: | spent 0.687 (2.4) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:57.769238: | processing resume sending helper answer back to state for #3 Oct 31 15:24:57.769243: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 3 Oct 31 15:24:57.769245: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): was cancelled; ignoring respose Oct 31 15:24:57.769256: | delref logger@0x55fbf105e868(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:57.769259: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.769261: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.769267: | (#3) spent 0.0238 (0.0238) milliseconds in resume sending helper answer back to state Oct 31 15:24:57.769270: | libevent_free: delref ptr-libevent@0x7f27f8006108 Oct 31 15:24:57.769274: | processing signal PLUTO_SIGCHLD Oct 31 15:24:57.769279: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:57.769287: | spent 0.00776 (0.00777) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:57.769294: | processing global timer EVENT_REVIVE_CONNS Oct 31 15:24:57.769297: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:57.769301: "westnet-eastnet-ipv4-psk-ikev2": initiating connection which received a Delete/Notify but must remain up per local policy Oct 31 15:24:57.769305: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Oct 31 15:24:57.769308: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:24:57.769317: | newref alloc logger@0x55fbf1066d88(0->1) (in new_state() at state.c:576) Oct 31 15:24:57.769320: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:57.769323: | creating state object #4 at 0x55fbf1063c28 Oct 31 15:24:57.769325: | State DB: adding IKEv2 state #4 in UNDEFINED Oct 31 15:24:57.769331: | pstats #4 ikev2.ike started Oct 31 15:24:57.769335: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:24:57.769339: | #4.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:57.769348: | Message ID: IKE #4 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744572.202138 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744572.202138 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:57.769352: | orienting westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:24:57.769357: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:24:57.769361: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:24:57.769365: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.1.254:4500 at all Oct 31 15:24:57.769368: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.0.1.254:500 at all Oct 31 15:24:57.769372: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.2.45:4500 at all Oct 31 15:24:57.769375: | oriented westnet-eastnet-ipv4-psk-ikev2's this Oct 31 15:24:57.769382: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:24:57.769386: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:24:57.769391: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:24:57.769394: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating IKEv2 connection Oct 31 15:24:57.769412: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:57.769419: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:57.769422: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:57.769425: | newref clone logger@0x55fbf1060a18(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:57.769428: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:24:57.769431: | state #4 has no .st_event to delete Oct 31 15:24:57.769433: | #4 STATE_PARENT_I0: retransmits: cleared Oct 31 15:24:57.769436: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf1060ac8 Oct 31 15:24:57.769439: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Oct 31 15:24:57.769442: | libevent_malloc: newref ptr-libevent@0x55fbf10633a8 size 128 Oct 31 15:24:57.769454: | #4 spent 0.148 (0.148) milliseconds in ikev2_parent_outI1() Oct 31 15:24:57.769459: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:24:57.769467: | spent 0.169 (0.169) milliseconds in global timer EVENT_REVIVE_CONNS Oct 31 15:24:57.769482: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): helper 4 starting job Oct 31 15:24:57.772841: | "westnet-eastnet-ipv4-psk-ikev2" #4: spent 1.8 (3.36) milliseconds in helper 4 processing job 4 for state #4: ikev2_outI1 KE (pcr) Oct 31 15:24:57.772854: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): helper thread 4 sending result back to state Oct 31 15:24:57.772859: | scheduling resume sending helper answer back to state for #4 Oct 31 15:24:57.772862: | libevent_malloc: newref ptr-libevent@0x7f27ec006108 size 128 Oct 31 15:24:57.772872: | helper thread 4 has nothing to do Oct 31 15:24:57.772884: | processing resume sending helper answer back to state for #4 Oct 31 15:24:57.772892: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:24:57.772897: | unsuspending #4 MD (nil) Oct 31 15:24:57.772900: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): processing response from helper 4 Oct 31 15:24:57.772903: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55fbef81bfe7 Oct 31 15:24:57.772906: | ikev2_parent_outI1_continue() for #4 STATE_PARENT_I0 Oct 31 15:24:57.772909: | DH secret MODP2048@0x7f27ec006ba8: transferring ownership from helper KE to state #4 Oct 31 15:24:57.772914: | opening output PBS reply packet Oct 31 15:24:57.772918: | **emit ISAKMP Message: Oct 31 15:24:57.772923: | initiator SPI: 7b b7 48 9f 70 68 b6 9f Oct 31 15:24:57.772928: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:57.772931: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:57.772933: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:57.772936: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:57.772939: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:57.772943: | Message ID: 0 (00 00 00 00) Oct 31 15:24:57.772946: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:57.772965: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:57.772969: | Emitting ikev2_proposals ... Oct 31 15:24:57.772971: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:57.772974: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.772977: | flags: none (0x0) Oct 31 15:24:57.772980: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:57.772982: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.772987: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:57.772991: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.772994: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:57.772997: | prop #: 1 (01) Oct 31 15:24:57.772999: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:57.773002: | spi size: 0 (00) Oct 31 15:24:57.773005: | # transforms: 11 (0b) Oct 31 15:24:57.773008: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:57.773011: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773017: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773019: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.773022: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:57.773025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773028: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.773030: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.773033: | length/value: 256 (01 00) Oct 31 15:24:57.773037: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:57.773039: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773042: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773044: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.773046: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:57.773049: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773052: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773054: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773057: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773062: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.773064: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:57.773067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773069: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773072: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773074: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:57.773077: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773079: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773082: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773084: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:57.773086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773091: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773094: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773097: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773099: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773101: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.773104: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773106: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773109: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773111: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773116: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773118: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:57.773121: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773125: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773127: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773130: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773133: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773135: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773137: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:57.773140: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773142: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773145: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773147: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773152: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773154: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:57.773157: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773159: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773162: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773164: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773166: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773169: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773171: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:57.773174: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773176: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773179: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773181: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773186: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773188: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:57.773191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773195: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773201: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773206: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.773209: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773212: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:57.773214: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773217: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773221: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773223: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:57.773226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:57.773229: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:24:57.773232: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.773235: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:57.773237: | prop #: 2 (02) Oct 31 15:24:57.773240: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:57.773243: | spi size: 0 (00) Oct 31 15:24:57.773245: | # transforms: 11 (0b) Oct 31 15:24:57.773249: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:57.773252: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:57.773255: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773257: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773259: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.773262: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:57.773264: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773266: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.773269: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.773272: | length/value: 128 (00 80) Oct 31 15:24:57.773275: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:57.773277: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773280: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773282: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.773285: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:57.773288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773290: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773292: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773295: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773297: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773300: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.773302: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:57.773304: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773307: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773309: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773312: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:24:57.773314: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773317: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773319: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773322: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:57.773324: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773327: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773332: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773335: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773337: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773339: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773342: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.773344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773347: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773349: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773352: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773354: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773356: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773359: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:57.773362: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773366: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773368: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773371: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773373: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773375: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773378: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:57.773380: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773383: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773385: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773388: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773390: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773392: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773395: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:57.773397: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773400: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773403: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773405: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773408: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773410: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773412: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:57.773415: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773417: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773420: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773422: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773424: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773427: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773431: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:57.773433: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773436: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773439: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773441: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773444: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.773446: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773448: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:57.773451: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773453: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773456: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773458: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:24:57.773460: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:57.773464: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.773467: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:57.773469: | prop #: 3 (03) Oct 31 15:24:57.773472: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:57.773475: | spi size: 0 (00) Oct 31 15:24:57.773478: | # transforms: 13 (0d) Oct 31 15:24:57.773481: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:57.773484: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:57.773487: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773489: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773491: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.773493: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:57.773496: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773498: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.773501: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.773504: | length/value: 256 (01 00) Oct 31 15:24:57.773506: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:57.773510: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773514: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.773517: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:57.773519: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773522: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773524: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773526: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773529: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773531: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.773533: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:57.773536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773540: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773542: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773545: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773548: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773550: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.773553: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:57.773555: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773557: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773560: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773562: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773565: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773567: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.773569: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:57.773572: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773574: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773577: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773579: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773582: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773585: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773587: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:57.773590: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773592: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773594: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773597: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773601: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773604: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.773606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773611: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773614: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773616: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773619: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773621: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:57.773624: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773626: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773629: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773633: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773635: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773637: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773640: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:57.773642: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773645: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773647: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773650: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773652: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773654: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773657: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:57.773660: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773662: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773665: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773667: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773670: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773672: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773674: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:57.773677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773682: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773684: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773686: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773689: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773691: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:57.773694: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773696: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773699: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773701: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773754: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.773757: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.773760: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:57.773763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773768: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.773771: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:57.773773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:57.773778: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:57.773783: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:57.773787: | prop #: 4 (04) Oct 31 15:24:57.773790: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:57.773793: | spi size: 0 (00) Oct 31 15:24:57.773796: | # transforms: 13 (0d) Oct 31 15:24:57.773799: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:57.773801: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:57.773804: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773807: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.773810: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:57.773812: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:57.773815: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.773818: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:57.773821: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:57.773824: | length/value: 128 (00 80) Oct 31 15:24:57.773827: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:57.773830: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.773832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774048: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.774053: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:57.774057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774059: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774062: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774066: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774068: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774071: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:57.774073: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:57.774076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774079: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774081: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774084: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774089: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.774091: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:57.774094: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774099: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774103: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774105: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774108: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:57.774110: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:57.774113: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774117: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774120: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774123: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774130: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:57.774132: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774135: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774137: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774140: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774143: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774145: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774147: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:57.774150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774154: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774157: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774159: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774162: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774164: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:57.774167: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774169: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774172: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774174: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774179: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774181: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:57.774184: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774186: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774189: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774191: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774193: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774196: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774201: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:57.774207: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774209: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774212: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774216: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774219: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774221: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774224: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:57.774226: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774229: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774231: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774234: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774236: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774238: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774240: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:57.774243: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774248: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774250: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:57.774253: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:57.774255: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:57.774257: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:57.774260: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:57.774263: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:57.774265: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:57.774267: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:24:57.774269: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:57.774272: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:24:57.774274: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:57.774277: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:57.774279: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.774282: | flags: none (0x0) Oct 31 15:24:57.774284: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:57.774287: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:57.774290: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.774293: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:57.774296: | ikev2 g^x: Oct 31 15:24:57.774299: | 0d 29 5f dd 87 22 35 a1 d9 d2 18 73 10 d3 10 af Oct 31 15:24:57.774301: | c4 d4 6c 65 a7 5c 3d a4 c1 b3 93 d7 c5 1d 9b d5 Oct 31 15:24:57.774303: | 6b 57 3e 75 94 f8 00 60 66 e5 9c df 09 6b b8 5a Oct 31 15:24:57.774305: | ab d2 8c 37 06 c6 7b 5e 6a e0 68 a6 1b bc 72 87 Oct 31 15:24:57.774307: | 1b 94 29 37 a1 06 e3 69 59 5a 81 2f 57 12 37 66 Oct 31 15:24:57.774309: | 3a 15 bb 6a 6b 8b 66 f3 be 62 e4 61 03 7c 42 f2 Oct 31 15:24:57.774311: | 1c a1 e4 92 c3 5c 7f 5b 08 77 7f 2e 12 6f 05 c9 Oct 31 15:24:57.774313: | b5 38 89 ba db 19 e5 9a c4 ee 47 6f da f1 96 4e Oct 31 15:24:57.774315: | 06 ec e2 ad 0b 5f b5 24 3a 63 3f c8 47 17 ac ae Oct 31 15:24:57.774319: | 26 6a d4 47 53 1d 80 f0 7e 58 10 b8 f9 bf 66 0e Oct 31 15:24:57.774321: | 74 57 07 af 3d b5 d9 60 d4 e8 17 1e 02 15 64 d8 Oct 31 15:24:57.774323: | 0c b5 18 82 46 96 c5 77 39 4c fd 27 84 21 1a c9 Oct 31 15:24:57.774326: | 85 6f 4a 1a 45 46 66 44 3e 7e b2 79 60 13 dc df Oct 31 15:24:57.774328: | 41 42 18 b5 e5 b1 be 5d 4d 61 a5 44 bb e4 75 75 Oct 31 15:24:57.774330: | 7a 43 c3 76 c7 b6 c9 50 2f 20 a2 24 08 37 9d d9 Oct 31 15:24:57.774332: | f6 d8 16 27 02 c5 08 bb b9 89 3f 89 15 3c f7 4f Oct 31 15:24:57.774335: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:57.774337: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:57.774340: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.774342: | flags: none (0x0) Oct 31 15:24:57.774345: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:57.774348: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.774350: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:57.774353: | IKEv2 nonce: Oct 31 15:24:57.774355: | d5 9b bd 8b 47 0d 36 52 00 cc 50 b2 59 ff 27 9a Oct 31 15:24:57.774357: | 2a 77 8b f3 6e e4 59 28 52 de ca d4 67 02 35 cd Oct 31 15:24:57.774359: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:57.774362: | adding a v2N Payload Oct 31 15:24:57.774365: | ***emit IKEv2 Notify Payload: Oct 31 15:24:57.774367: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.774370: | flags: none (0x0) Oct 31 15:24:57.774372: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:57.774376: | SPI size: 0 (00) Oct 31 15:24:57.774378: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:57.774381: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:57.774384: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.774386: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:57.774389: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:57.774392: | nat: IKE.SPIr is zero Oct 31 15:24:57.774406: | natd_hash: hasher=0x55fbef90df80(20) Oct 31 15:24:57.774409: | natd_hash: icookie= Oct 31 15:24:57.774411: | 7b b7 48 9f 70 68 b6 9f Oct 31 15:24:57.774413: | natd_hash: rcookie= Oct 31 15:24:57.774415: | 00 00 00 00 00 00 00 00 Oct 31 15:24:57.774417: | natd_hash: ip= Oct 31 15:24:57.774419: | c0 01 02 2d Oct 31 15:24:57.774421: | natd_hash: port= Oct 31 15:24:57.774423: | 01 f4 Oct 31 15:24:57.774425: | natd_hash: hash= Oct 31 15:24:57.774427: | 12 d4 81 c5 51 da fd b6 f9 43 7d 1a eb 5a 67 4e Oct 31 15:24:57.774430: | 91 31 77 d1 Oct 31 15:24:57.774432: | adding a v2N Payload Oct 31 15:24:57.774434: | ***emit IKEv2 Notify Payload: Oct 31 15:24:57.774437: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.774439: | flags: none (0x0) Oct 31 15:24:57.774442: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:57.774445: | SPI size: 0 (00) Oct 31 15:24:57.774447: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:57.774450: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:57.774452: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.774455: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:57.774458: | Notify data: Oct 31 15:24:57.774460: | 12 d4 81 c5 51 da fd b6 f9 43 7d 1a eb 5a 67 4e Oct 31 15:24:57.774462: | 91 31 77 d1 Oct 31 15:24:57.774464: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:57.774467: | nat: IKE.SPIr is zero Oct 31 15:24:57.774475: | natd_hash: hasher=0x55fbef90df80(20) Oct 31 15:24:57.774480: | natd_hash: icookie= Oct 31 15:24:57.774482: | 7b b7 48 9f 70 68 b6 9f Oct 31 15:24:57.774484: | natd_hash: rcookie= Oct 31 15:24:57.774486: | 00 00 00 00 00 00 00 00 Oct 31 15:24:57.774488: | natd_hash: ip= Oct 31 15:24:57.774490: | c0 01 02 17 Oct 31 15:24:57.774492: | natd_hash: port= Oct 31 15:24:57.774494: | 01 f4 Oct 31 15:24:57.774496: | natd_hash: hash= Oct 31 15:24:57.774498: | 96 19 6b 4d 1b 78 3b af 80 03 d2 c7 fd 76 7c 10 Oct 31 15:24:57.774500: | be 13 99 ad Oct 31 15:24:57.774503: | adding a v2N Payload Oct 31 15:24:57.774505: | ***emit IKEv2 Notify Payload: Oct 31 15:24:57.774507: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:57.774510: | flags: none (0x0) Oct 31 15:24:57.774513: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:57.774515: | SPI size: 0 (00) Oct 31 15:24:57.774518: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:57.774520: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:57.774523: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:57.774526: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:57.774528: | Notify data: Oct 31 15:24:57.774530: | 96 19 6b 4d 1b 78 3b af 80 03 d2 c7 fd 76 7c 10 Oct 31 15:24:57.774532: | be 13 99 ad Oct 31 15:24:57.774535: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:57.774537: | emitting length of ISAKMP Message: 828 Oct 31 15:24:57.774545: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:57.774550: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:24:57.774553: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:24:57.774555: | Message ID: updating counters for #4 Oct 31 15:24:57.774558: | Message ID: IKE #4 skipping update_recv as MD is fake Oct 31 15:24:57.774565: | Message ID: IKE #4 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744572.202138 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744572.202138 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:57.774569: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:24:57.774573: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55fbf10680e8 Oct 31 15:24:57.774576: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Oct 31 15:24:57.774580: | libevent_malloc: newref ptr-libevent@0x55fbf10632f8 size 128 Oct 31 15:24:57.774585: | #4 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744572.207369 Oct 31 15:24:57.774591: | Message ID: IKE #4 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744572.202138 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744572.202138 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:24:57.774597: | Message ID: IKE #4 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744572.202138 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744572.202138 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:24:57.774601: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:24:57.774604: | announcing the state transition Oct 31 15:24:57.774608: "westnet-eastnet-ipv4-psk-ikev2" #4: sent IKE_SA_INIT request Oct 31 15:24:57.774615: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 using UDP (for #4) Oct 31 15:24:57.774618: | 7b b7 48 9f 70 68 b6 9f 00 00 00 00 00 00 00 00 Oct 31 15:24:57.774620: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Oct 31 15:24:57.774624: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:57.774626: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:57.774628: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:57.774631: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:57.774633: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:57.774635: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:57.774637: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:57.774639: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:57.774641: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:57.774643: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:57.774645: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:57.774647: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:57.774650: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:57.774652: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:57.774654: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:57.774656: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:57.774659: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:57.774661: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:57.774663: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:57.774665: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:57.774667: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:57.774669: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:57.774671: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:57.774673: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:57.774675: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:57.774678: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:57.774680: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:57.774682: | 28 00 01 08 00 0e 00 00 0d 29 5f dd 87 22 35 a1 Oct 31 15:24:57.774684: | d9 d2 18 73 10 d3 10 af c4 d4 6c 65 a7 5c 3d a4 Oct 31 15:24:57.774687: | c1 b3 93 d7 c5 1d 9b d5 6b 57 3e 75 94 f8 00 60 Oct 31 15:24:57.774689: | 66 e5 9c df 09 6b b8 5a ab d2 8c 37 06 c6 7b 5e Oct 31 15:24:57.774691: | 6a e0 68 a6 1b bc 72 87 1b 94 29 37 a1 06 e3 69 Oct 31 15:24:57.774693: | 59 5a 81 2f 57 12 37 66 3a 15 bb 6a 6b 8b 66 f3 Oct 31 15:24:57.774695: | be 62 e4 61 03 7c 42 f2 1c a1 e4 92 c3 5c 7f 5b Oct 31 15:24:57.774697: | 08 77 7f 2e 12 6f 05 c9 b5 38 89 ba db 19 e5 9a Oct 31 15:24:57.774700: | c4 ee 47 6f da f1 96 4e 06 ec e2 ad 0b 5f b5 24 Oct 31 15:24:57.774702: | 3a 63 3f c8 47 17 ac ae 26 6a d4 47 53 1d 80 f0 Oct 31 15:24:57.774704: | 7e 58 10 b8 f9 bf 66 0e 74 57 07 af 3d b5 d9 60 Oct 31 15:24:57.774706: | d4 e8 17 1e 02 15 64 d8 0c b5 18 82 46 96 c5 77 Oct 31 15:24:57.774708: | 39 4c fd 27 84 21 1a c9 85 6f 4a 1a 45 46 66 44 Oct 31 15:24:57.774710: | 3e 7e b2 79 60 13 dc df 41 42 18 b5 e5 b1 be 5d Oct 31 15:24:57.774712: | 4d 61 a5 44 bb e4 75 75 7a 43 c3 76 c7 b6 c9 50 Oct 31 15:24:57.774714: | 2f 20 a2 24 08 37 9d d9 f6 d8 16 27 02 c5 08 bb Oct 31 15:24:57.774716: | b9 89 3f 89 15 3c f7 4f 29 00 00 24 d5 9b bd 8b Oct 31 15:24:57.774718: | 47 0d 36 52 00 cc 50 b2 59 ff 27 9a 2a 77 8b f3 Oct 31 15:24:57.774721: | 6e e4 59 28 52 de ca d4 67 02 35 cd 29 00 00 08 Oct 31 15:24:57.774723: | 00 00 40 2e 29 00 00 1c 00 00 40 04 12 d4 81 c5 Oct 31 15:24:57.774809: | 51 da fd b6 f9 43 7d 1a eb 5a 67 4e 91 31 77 d1 Oct 31 15:24:57.774812: | 00 00 00 1c 00 00 40 05 96 19 6b 4d 1b 78 3b af Oct 31 15:24:57.774814: | 80 03 d2 c7 fd 76 7c 10 be 13 99 ad Oct 31 15:24:57.774842: | sent 1 messages Oct 31 15:24:57.774846: | checking that a retransmit timeout_event was already Oct 31 15:24:57.774849: | state #4 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:57.774855: | libevent_free: delref ptr-libevent@0x55fbf10633a8 Oct 31 15:24:57.774859: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55fbf1060ac8 Oct 31 15:24:57.774863: | delref logger@0x55fbf1060a18(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:57.774866: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:57.774868: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:57.774872: | resume sending helper answer back to state for #4 suppresed complete_v2_state_transition() Oct 31 15:24:57.774875: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:24:57.774882: | #4 spent 1.65 (1.98) milliseconds in resume sending helper answer back to state Oct 31 15:24:57.774888: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:24:57.774891: | libevent_free: delref ptr-libevent@0x7f27ec006108 Oct 31 15:24:58.650735: | newref struct fd@0x55fbf1066df8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.650753: | fd_accept: new fd-fd@0x55fbf1066df8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.650770: shutting down Oct 31 15:24:58.650780: | leaking fd-fd@0x55fbf1066df8's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:24:58.650787: | delref fd@0x55fbf1066df8(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:58.650792: | freeref fd-fd@0x55fbf1066df8 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:24:58.650824: | shutting down helper thread 5 Oct 31 15:24:58.650859: | helper thread 5 exited Oct 31 15:24:58.650875: | shutting down helper thread 7 Oct 31 15:24:58.650899: | helper thread 7 exited Oct 31 15:24:58.650916: | shutting down helper thread 6 Oct 31 15:24:58.650947: | helper thread 6 exited Oct 31 15:24:58.650962: | shutting down helper thread 1 Oct 31 15:24:58.651048: | helper thread 1 exited Oct 31 15:24:58.651174: | shutting down helper thread 2 Oct 31 15:24:58.651260: | helper thread 2 exited Oct 31 15:24:58.651278: | shutting down helper thread 3 Oct 31 15:24:58.651306: | helper thread 3 exited Oct 31 15:24:58.651318: | shutting down helper thread 4 Oct 31 15:24:58.651348: | helper thread 4 exited Oct 31 15:24:58.651354: 7 helper threads shutdown Oct 31 15:24:58.651358: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:24:58.651362: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:58.651365: forgetting secrets Oct 31 15:24:58.651370: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:58.651378: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:24:58.651384: | removing pending policy for no connection {0x55fbf0fac0a8} Oct 31 15:24:58.651391: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:24:58.651394: | pass 0 Oct 31 15:24:58.651397: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:58.651399: | state #4 Oct 31 15:24:58.651406: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:24:58.651408: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:24:58.651409: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:24:58.651411: | pstats #4 ikev2.ike deleted other Oct 31 15:24:58.651418: | #4 main thread spent 1.8 (2.13) milliseconds helper thread spent 1.8 (3.36) milliseconds in total Oct 31 15:24:58.651424: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:24:58.651427: | should_send_delete: no, not established Oct 31 15:24:58.651431: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.882113s and NOT sending notification Oct 31 15:24:58.651433: | parent state #4: PARENT_I1(half-open IKE SA) => delete Oct 31 15:24:58.651436: | unsuspending #4 MD (nil) Oct 31 15:24:58.651440: | should_send_delete: no, not established Oct 31 15:24:58.651442: | state #4 has no .st_event to delete Oct 31 15:24:58.651445: | #4 requesting EVENT_RETRANSMIT-pe@0x55fbf10680e8 be deleted Oct 31 15:24:58.651450: | libevent_free: delref ptr-libevent@0x55fbf10632f8 Oct 31 15:24:58.651454: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55fbf10680e8 Oct 31 15:24:58.651457: | #4 STATE_PARENT_I1: retransmits: cleared Oct 31 15:24:58.651461: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:24:58.651464: | picked newest_isakmp_sa #0 for #4 Oct 31 15:24:58.651468: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:24:58.651472: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Oct 31 15:24:58.651477: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Oct 31 15:24:58.651485: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:24:58.651489: | State DB: deleting IKEv2 state #4 in PARENT_I1 Oct 31 15:24:58.651494: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Oct 31 15:24:58.651497: | releasing #4's fd-fd@(nil) because deleting state Oct 31 15:24:58.651500: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:58.651503: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:24:58.651506: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:24:58.651528: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:24:58.651536: | delref logger@0x55fbf1066d88(1->0) (in delete_state() at state.c:1306) Oct 31 15:24:58.651539: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:58.651543: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:58.651546: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:24:58.651549: | pass 1 Oct 31 15:24:58.651552: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:24:58.651562: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:24:58.651571: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:24:58.651575: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:58.651878: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:24:58.651895: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:58.651901: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:24:58.651907: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:24:58.651910: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Oct 31 15:24:58.651913: | running updown command "ipsec _updown" for verb unroute Oct 31 15:24:58.651916: | command executing unroute-client Oct 31 15:24:58.651945: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'... Oct 31 15:24:58.651952: | popen cmd is 1081 chars long Oct 31 15:24:58.651955: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:24:58.651958: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI: Oct 31 15:24:58.651961: | cmd( 160):_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='192.1.2: Oct 31 15:24:58.651964: | cmd( 240):.45' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Oct 31 15:24:58.651966: | cmd( 320):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Oct 31 15:24:58.651969: | cmd( 400):'16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: Oct 31 15:24:58.651971: | cmd( 480):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: Oct 31 15:24:58.651973: | cmd( 560):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': Oct 31 15:24:58.651976: | cmd( 640):' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS: Oct 31 15:24:58.651978: | cmd( 720):+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN: Oct 31 15:24:58.651981: | cmd( 800):_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='': Oct 31 15:24:58.651983: | cmd( 880): PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_C: Oct 31 15:24:58.651986: | cmd( 960):LIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' : Oct 31 15:24:58.651988: | cmd(1040):SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:58.698725: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698746: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698749: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698752: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698754: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698756: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698759: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698761: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698763: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698766: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698768: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698771: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698773: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698775: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698777: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698780: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698782: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698784: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698787: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698789: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698791: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698793: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698796: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698798: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698800: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698803: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698805: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698811: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.698814: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.757321: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:58.757335: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:58.757339: | newref clone logger@0x55fbf105d608(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:58.757343: | delref hp@0x55fbf1060758(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:24:58.757345: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Oct 31 15:24:58.757348: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:24:58.757349: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:24:58.757358: | Connection DB: deleting connection $1 Oct 31 15:24:58.757360: | delref logger@0x55fbf105d608(1->0) (in delete_connection() at connections.c:214) Oct 31 15:24:58.757362: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:58.757363: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:58.757365: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:24:58.757367: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:24:58.757372: | iface: marking eth1 dead Oct 31 15:24:58.757374: | iface: marking eth0 dead Oct 31 15:24:58.757375: | iface: marking lo dead Oct 31 15:24:58.757376: | updating interfaces - listing interfaces that are going down Oct 31 15:24:58.757381: shutting down interface lo 127.0.0.1:4500 Oct 31 15:24:58.757384: shutting down interface lo 127.0.0.1:500 Oct 31 15:24:58.757386: shutting down interface eth0 192.0.1.254:4500 Oct 31 15:24:58.757388: shutting down interface eth0 192.0.1.254:500 Oct 31 15:24:58.757390: shutting down interface eth1 192.1.2.45:4500 Oct 31 15:24:58.757392: shutting down interface eth1 192.1.2.45:500 Oct 31 15:24:58.757393: | updating interfaces - deleting the dead Oct 31 15:24:58.757397: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:24:58.757404: | libevent_free: delref ptr-libevent@0x55fbf1059a78 Oct 31 15:24:58.757406: | delref id@0x55fbf105db78(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757413: | libevent_free: delref ptr-libevent@0x55fbf101d128 Oct 31 15:24:58.757415: | delref id@0x55fbf105db78(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757419: | libevent_free: delref ptr-libevent@0x55fbf10123e8 Oct 31 15:24:58.757421: | delref id@0x55fbf105daa8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757426: | libevent_free: delref ptr-libevent@0x55fbf101d228 Oct 31 15:24:58.757427: | delref id@0x55fbf105daa8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757432: | libevent_free: delref ptr-libevent@0x55fbf1019c48 Oct 31 15:24:58.757434: | delref id@0x55fbf105d978(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757438: | libevent_free: delref ptr-libevent@0x55fbf1019b98 Oct 31 15:24:58.757439: | delref id@0x55fbf105d978(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757443: | delref id@0x55fbf105d978(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757445: | delref id@0x55fbf105daa8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757446: | delref id@0x55fbf105db78(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:24:58.757454: | updating interfaces - checking orientation Oct 31 15:24:58.757458: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:58.761101: | libevent_free: delref ptr-libevent@0x55fbf1059b28 Oct 31 15:24:58.761117: | free_event_entry: delref EVENT_NULL-pe@0x55fbf105cf68 Oct 31 15:24:58.761124: | libevent_free: delref ptr-libevent@0x55fbf101d028 Oct 31 15:24:58.761128: | free_event_entry: delref EVENT_NULL-pe@0x55fbf1059a08 Oct 31 15:24:58.761132: | libevent_free: delref ptr-libevent@0x55fbf101cf78 Oct 31 15:24:58.761136: | free_event_entry: delref EVENT_NULL-pe@0x55fbf1055ff8 Oct 31 15:24:58.761140: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:24:58.761145: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:24:58.761148: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:24:58.761152: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:24:58.761157: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:24:58.761159: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:24:58.761162: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:24:58.761164: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:24:58.761167: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:24:58.761171: | libevent_free: delref ptr-libevent@0x55fbf10133d8 Oct 31 15:24:58.761174: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:24:58.761178: | libevent_free: delref ptr-libevent@0x55fbf0fafa38 Oct 31 15:24:58.761180: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:24:58.761184: | libevent_free: delref ptr-libevent@0x55fbf0faf798 Oct 31 15:24:58.761187: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:24:58.761190: | libevent_free: delref ptr-libevent@0x55fbf105d2f8 Oct 31 15:24:58.761193: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:24:58.761195: | releasing event base Oct 31 15:24:58.761222: | libevent_free: delref ptr-libevent@0x55fbf105d1c8 Oct 31 15:24:58.761230: | libevent_free: delref ptr-libevent@0x55fbf104c4e8 Oct 31 15:24:58.761234: | libevent_free: delref ptr-libevent@0x55fbf104c498 Oct 31 15:24:58.761237: | libevent_free: delref ptr-libevent@0x55fbf101f7e8 Oct 31 15:24:58.761239: | libevent_free: delref ptr-libevent@0x55fbf104c698 Oct 31 15:24:58.761243: | libevent_free: delref ptr-libevent@0x55fbf10509e8 Oct 31 15:24:58.761245: | libevent_free: delref ptr-libevent@0x55fbf10507f8 Oct 31 15:24:58.761478: | libevent_free: delref ptr-libevent@0x55fbf104c808 Oct 31 15:24:58.761482: | libevent_free: delref ptr-libevent@0x55fbf1050608 Oct 31 15:24:58.761484: | libevent_free: delref ptr-libevent@0x55fbf104ffc8 Oct 31 15:24:58.761487: | libevent_free: delref ptr-libevent@0x55fbf105e658 Oct 31 15:24:58.761490: | libevent_free: delref ptr-libevent@0x55fbf105e618 Oct 31 15:24:58.761493: | libevent_free: delref ptr-libevent@0x55fbf105e5d8 Oct 31 15:24:58.761496: | libevent_free: delref ptr-libevent@0x55fbf105e598 Oct 31 15:24:58.761498: | libevent_free: delref ptr-libevent@0x55fbf105e558 Oct 31 15:24:58.761501: | libevent_free: delref ptr-libevent@0x55fbf105deb8 Oct 31 15:24:58.761503: | libevent_free: delref ptr-libevent@0x55fbf104c6d8 Oct 31 15:24:58.761506: | libevent_free: delref ptr-libevent@0x55fbf105d148 Oct 31 15:24:58.761508: | libevent_free: delref ptr-libevent@0x55fbf105d108 Oct 31 15:24:58.761511: | libevent_free: delref ptr-libevent@0x55fbf1050648 Oct 31 15:24:58.761514: | libevent_free: delref ptr-libevent@0x55fbf105d188 Oct 31 15:24:58.761516: | libevent_free: delref ptr-libevent@0x55fbf105cfd8 Oct 31 15:24:58.761519: | libevent_free: delref ptr-libevent@0x55fbf101f468 Oct 31 15:24:58.761522: | libevent_free: delref ptr-libevent@0x55fbf101ecc8 Oct 31 15:24:58.761524: | libevent_free: delref ptr-libevent@0x55fbf1015c18 Oct 31 15:24:58.761527: | releasing global libevent data Oct 31 15:24:58.761531: | libevent_free: delref ptr-libevent@0x55fbf101f008 Oct 31 15:24:58.761534: | libevent_free: delref ptr-libevent@0x55fbf1013118 Oct 31 15:24:58.761537: | libevent_free: delref ptr-libevent@0x55fbf101f4e8 Oct 31 15:24:58.761582: leak detective found no leaks