Oct 31 15:25:01.743855: | newref logger@0x555670463bb8(0->1) (in main() at plutomain.c:1591)
Oct 31 15:25:01.743935: | delref logger@0x555670463bb8(1->0) (in main() at plutomain.c:1592)
Oct 31 15:25:01.743946: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:01.743951: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:01.743960: NSS DB directory: sql:/var/lib/ipsec/nss
Oct 31 15:25:01.744148: Initializing NSS
Oct 31 15:25:01.744156: Opening NSS database "sql:/var/lib/ipsec/nss" read-only
Oct 31 15:25:01.801478: FIPS Mode: NO
Oct 31 15:25:01.801498: NSS crypto library initialized
Oct 31 15:25:01.801535: FIPS mode disabled for pluto daemon
Oct 31 15:25:01.801539: FIPS HMAC integrity support [disabled]
Oct 31 15:25:01.801621: libcap-ng support [enabled]
Oct 31 15:25:01.801636: Linux audit support [enabled]
Oct 31 15:25:01.801659: Linux audit activated
Oct 31 15:25:01.801667: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2157951
Oct 31 15:25:01.801670: core dump dir: /tmp
Oct 31 15:25:01.801672: secrets file: /etc/ipsec.secrets
Oct 31 15:25:01.801674: leak-detective enabled
Oct 31 15:25:01.801676: NSS crypto [enabled]
Oct 31 15:25:01.801678: XAUTH PAM support [enabled]
Oct 31 15:25:01.801741: | libevent is using pluto's memory allocator
Oct 31 15:25:01.801747: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Oct 31 15:25:01.801764: | libevent_malloc: newref ptr-libevent@0x5556704e9128 size 40
Oct 31 15:25:01.801767: | libevent_malloc: newref ptr-libevent@0x555670479a18 size 40
Oct 31 15:25:01.801770: | libevent_malloc: newref ptr-libevent@0x5556704e9628 size 40
Oct 31 15:25:01.801772: | creating event base
Oct 31 15:25:01.801775: | libevent_malloc: newref ptr-libevent@0x5556704e9188 size 56
Oct 31 15:25:01.801778: | libevent_malloc: newref ptr-libevent@0x5556704dfe48 size 664
Oct 31 15:25:01.801789: | libevent_malloc: newref ptr-libevent@0x555670516898 size 24
Oct 31 15:25:01.801792: | libevent_malloc: newref ptr-libevent@0x5556705168e8 size 384
Oct 31 15:25:01.801804: | libevent_malloc: newref ptr-libevent@0x555670516a98 size 16
Oct 31 15:25:01.801806: | libevent_malloc: newref ptr-libevent@0x5556704e8e68 size 40
Oct 31 15:25:01.801809: | libevent_malloc: newref ptr-libevent@0x5556704e8de8 size 48
Oct 31 15:25:01.801814: | libevent_realloc: newref ptr-libevent@0x55567050d068 size 256
Oct 31 15:25:01.801817: | libevent_malloc: newref ptr-libevent@0x555670516ad8 size 16
Oct 31 15:25:01.801823: | libevent_free: delref ptr-libevent@0x5556704e9188
Oct 31 15:25:01.801825: | libevent initialized
Oct 31 15:25:01.801830: | libevent_realloc: newref ptr-libevent@0x5556704e9188 size 64
Oct 31 15:25:01.801834: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
Oct 31 15:25:01.801840: | init_nat_traversal() initialized with keep_alive=0s
Oct 31 15:25:01.801843: NAT-Traversal support  [enabled]
Oct 31 15:25:01.801845: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
Oct 31 15:25:01.801850: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
Oct 31 15:25:01.801853: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
Oct 31 15:25:01.801869: | checking IKEv1 state table
Oct 31 15:25:01.801877: |   MAIN_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:25:01.801880: |     -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1)
Oct 31 15:25:01.801884: |   MAIN_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:25:01.801886: |     -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2)
Oct 31 15:25:01.801889: |   MAIN_R1: category: open IKE SA; flags: 0:
Oct 31 15:25:01.801891: |     -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2)
Oct 31 15:25:01.801894: |     -> MAIN_R1 EVENT_RETRANSMIT (unexpected)
Oct 31 15:25:01.801896: |     -> MAIN_R1 EVENT_RETRANSMIT (unexpected)
Oct 31 15:25:01.801899: |   MAIN_I2: category: open IKE SA; flags: 0:
Oct 31 15:25:01.801907: |     -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3)
Oct 31 15:25:01.801910: |     -> MAIN_I2 EVENT_RETRANSMIT (unexpected)
Oct 31 15:25:01.801912: |     -> MAIN_I2 EVENT_RETRANSMIT (unexpected)
Oct 31 15:25:01.801915: |   MAIN_R2: category: open IKE SA; flags: 0:
Oct 31 15:25:01.801917: |     -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3)
Oct 31 15:25:01.801919: |     -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3)
Oct 31 15:25:01.801921: |     -> MAIN_R2 EVENT_SA_REPLACE (unexpected)
Oct 31 15:25:01.801924: |   MAIN_I3: category: open IKE SA; flags: 0:
Oct 31 15:25:01.801926: |     -> MAIN_I4 EVENT_SA_REPLACE (main_inR3)
Oct 31 15:25:01.801928: |     -> MAIN_I4 EVENT_SA_REPLACE (main_inR3)
Oct 31 15:25:01.801931: |     -> MAIN_I3 EVENT_SA_REPLACE (unexpected)
Oct 31 15:25:01.801933: |   MAIN_R3: category: established IKE SA; flags: 0:
Oct 31 15:25:01.801936: |     -> MAIN_R3 EVENT_NULL (unexpected)
Oct 31 15:25:01.801938: |   MAIN_I4: category: established IKE SA; flags: 0:
Oct 31 15:25:01.801940: |     -> MAIN_I4 EVENT_NULL (unexpected)
Oct 31 15:25:01.801943: |   AGGR_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:25:01.801945: |     -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1)
Oct 31 15:25:01.801948: |   AGGR_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:25:01.801950: |     -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2)
Oct 31 15:25:01.801952: |     -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2)
Oct 31 15:25:01.801955: |   AGGR_R1: category: open IKE SA; flags: 0:
Oct 31 15:25:01.801957: |     -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2)
Oct 31 15:25:01.801959: |     -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2)
Oct 31 15:25:01.801962: |   AGGR_I2: category: established IKE SA; flags: 0:
Oct 31 15:25:01.801964: |     -> AGGR_I2 EVENT_NULL (unexpected)
Oct 31 15:25:01.801967: |   AGGR_R2: category: established IKE SA; flags: 0:
Oct 31 15:25:01.801969: |     -> AGGR_R2 EVENT_NULL (unexpected)
Oct 31 15:25:01.801972: |   QUICK_R0: category: established CHILD SA; flags: 0:
Oct 31 15:25:01.801974: |     -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1)
Oct 31 15:25:01.801977: |   QUICK_I1: category: established CHILD SA; flags: 0:
Oct 31 15:25:01.801979: |     -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2)
Oct 31 15:25:01.801981: |   QUICK_R1: category: established CHILD SA; flags: 0:
Oct 31 15:25:01.801984: |     -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2)
Oct 31 15:25:01.801986: |   QUICK_I2: category: established CHILD SA; flags: 0:
Oct 31 15:25:01.801988: |     -> QUICK_I2 EVENT_NULL (unexpected)
Oct 31 15:25:01.801991: |   QUICK_R2: category: established CHILD SA; flags: 0:
Oct 31 15:25:01.801993: |     -> QUICK_R2 EVENT_NULL (unexpected)
Oct 31 15:25:01.801996: |   INFO: category: informational; flags: 0:
Oct 31 15:25:01.801998: |     -> INFO EVENT_NULL (informational)
Oct 31 15:25:01.802000: |   INFO_PROTECTED: category: informational; flags: 0:
Oct 31 15:25:01.802003: |     -> INFO_PROTECTED EVENT_NULL (informational)
Oct 31 15:25:01.802005: |   XAUTH_R0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802007: |     -> XAUTH_R1 EVENT_NULL (xauth_inR0)
Oct 31 15:25:01.802010: |   XAUTH_R1: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802012: |     -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1)
Oct 31 15:25:01.802015: |   MODE_CFG_R0: category: informational; flags: 0:
Oct 31 15:25:01.802017: |     -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0)
Oct 31 15:25:01.802019: |   MODE_CFG_R1: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802022: |     -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1)
Oct 31 15:25:01.802024: |   MODE_CFG_R2: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802027: |     -> MODE_CFG_R2 EVENT_NULL (unexpected)
Oct 31 15:25:01.802029: |   MODE_CFG_I1: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802031: |     -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1)
Oct 31 15:25:01.802034: |   XAUTH_I0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802036: |     -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0)
Oct 31 15:25:01.802040: |   XAUTH_I1: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802043: |     -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1)
Oct 31 15:25:01.802048: | checking IKEv2 state table
Oct 31 15:25:01.802052: |   V2_REKEY_IKE_I0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802055: |     -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
Oct 31 15:25:01.802059: |   V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802062: |     -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
Oct 31 15:25:01.802065: |   V2_NEW_CHILD_I0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802067: |     -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
Oct 31 15:25:01.802070: |   PARENT_I0: category: ignore; flags: 0:
Oct 31 15:25:01.802072: |     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
Oct 31 15:25:01.802075: |   PARENT_I1: category: half-open IKE SA; flags: 0:
Oct 31 15:25:01.802077: |     -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added)
Oct 31 15:25:01.802080: |     -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload)
Oct 31 15:25:01.802082: |     -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination)
Oct 31 15:25:01.802084: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE)
Oct 31 15:25:01.802087: |   PARENT_I2: category: open IKE SA; flags: 0:
Oct 31 15:25:01.802089: |     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE)
Oct 31 15:25:01.802092: |     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
Oct 31 15:25:01.802094: |     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
Oct 31 15:25:01.802096: |     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
Oct 31 15:25:01.802098: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
Oct 31 15:25:01.802101: |     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
Oct 31 15:25:01.802103: |   PARENT_R0: category: half-open IKE SA; flags: 0:
Oct 31 15:25:01.802106: |     -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT)
Oct 31 15:25:01.802109: |   PARENT_R1: category: half-open IKE SA; flags: 0:
Oct 31 15:25:01.802111: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED))
Oct 31 15:25:01.802113: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED))
Oct 31 15:25:01.802115: |     -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED))
Oct 31 15:25:01.802118: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request)
Oct 31 15:25:01.802120: |   V2_REKEY_IKE_R0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802122: |     -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey)
Oct 31 15:25:01.802125: |   V2_REKEY_IKE_I1: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802127: |     -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
Oct 31 15:25:01.802130: |   V2_NEW_CHILD_I1: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802132: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
Oct 31 15:25:01.802135: |   V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802137: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request)
Oct 31 15:25:01.802140: |   V2_NEW_CHILD_R0: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802145: |     -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request)
Oct 31 15:25:01.802148: |   ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802150: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe))
Oct 31 15:25:01.802152: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe))
Oct 31 15:25:01.802154: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request)
Oct 31 15:25:01.802157: |     -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response)
Oct 31 15:25:01.802159: |   IKESA_DEL: category: established IKE SA; flags: 0:
Oct 31 15:25:01.802161: |     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Oct 31 15:25:01.802163: |   CHILDSA_DEL: category: informational; flags: 0:
Oct 31 15:25:01.802165: |     -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
Oct 31 15:25:01.802169: | global one-shot timer EVENT_REVIVE_CONNS initialized
Oct 31 15:25:01.802172: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
Oct 31 15:25:01.802175: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Oct 31 15:25:01.802311: Encryption algorithms:
Oct 31 15:25:01.802325:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Oct 31 15:25:01.802331:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Oct 31 15:25:01.802335:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Oct 31 15:25:01.802343:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Oct 31 15:25:01.802349:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Oct 31 15:25:01.802354:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Oct 31 15:25:01.802360:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Oct 31 15:25:01.802365:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Oct 31 15:25:01.802371:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Oct 31 15:25:01.802377:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Oct 31 15:25:01.802382:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Oct 31 15:25:01.802390:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Oct 31 15:25:01.802396:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Oct 31 15:25:01.802401:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Oct 31 15:25:01.802404: Hash algorithms:
Oct 31 15:25:01.802408:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Oct 31 15:25:01.802412:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Oct 31 15:25:01.802416:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Oct 31 15:25:01.802420:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Oct 31 15:25:01.802424:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Oct 31 15:25:01.802426: PRF algorithms:
Oct 31 15:25:01.802430:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Oct 31 15:25:01.802434:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Oct 31 15:25:01.802438:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Oct 31 15:25:01.802446:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Oct 31 15:25:01.802450:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Oct 31 15:25:01.802453:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Oct 31 15:25:01.802456: Integrity algorithms:
Oct 31 15:25:01.802460:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Oct 31 15:25:01.802465:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Oct 31 15:25:01.802470:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Oct 31 15:25:01.802491:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Oct 31 15:25:01.802497:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Oct 31 15:25:01.802500:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Oct 31 15:25:01.802504:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Oct 31 15:25:01.802508:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Oct 31 15:25:01.802512:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Oct 31 15:25:01.802514: DH algorithms:
Oct 31 15:25:01.802518:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Oct 31 15:25:01.802521:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Oct 31 15:25:01.802525:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Oct 31 15:25:01.802529:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Oct 31 15:25:01.802532:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Oct 31 15:25:01.802535:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Oct 31 15:25:01.802539:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Oct 31 15:25:01.802543:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Oct 31 15:25:01.802546:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Oct 31 15:25:01.802550:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Oct 31 15:25:01.802553:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Oct 31 15:25:01.802556: testing CAMELLIA_CBC:
Oct 31 15:25:01.802559:   Camellia: 16 bytes with 128-bit key
Oct 31 15:25:01.802644:   Camellia: 16 bytes with 128-bit key
Oct 31 15:25:01.802675:   Camellia: 16 bytes with 256-bit key
Oct 31 15:25:01.802708:   Camellia: 16 bytes with 256-bit key
Oct 31 15:25:01.802738: testing AES_GCM_16:
Oct 31 15:25:01.802742:   empty string
Oct 31 15:25:01.802773:   one block
Oct 31 15:25:01.802808:   two blocks
Oct 31 15:25:01.802840:   two blocks with associated data
Oct 31 15:25:01.802866: testing AES_CTR:
Oct 31 15:25:01.802869:   Encrypting 16 octets using AES-CTR with 128-bit key
Oct 31 15:25:01.802895:   Encrypting 32 octets using AES-CTR with 128-bit key
Oct 31 15:25:01.802922:   Encrypting 36 octets using AES-CTR with 128-bit key
Oct 31 15:25:01.802951:   Encrypting 16 octets using AES-CTR with 192-bit key
Oct 31 15:25:01.802984:   Encrypting 32 octets using AES-CTR with 192-bit key
Oct 31 15:25:01.803017:   Encrypting 36 octets using AES-CTR with 192-bit key
Oct 31 15:25:01.803052:   Encrypting 16 octets using AES-CTR with 256-bit key
Oct 31 15:25:01.803083:   Encrypting 32 octets using AES-CTR with 256-bit key
Oct 31 15:25:01.803116:   Encrypting 36 octets using AES-CTR with 256-bit key
Oct 31 15:25:01.803148: testing AES_CBC:
Oct 31 15:25:01.803152:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Oct 31 15:25:01.803180:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Oct 31 15:25:01.803219:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Oct 31 15:25:01.803260:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Oct 31 15:25:01.803303: testing AES_XCBC:
Oct 31 15:25:01.803307:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Oct 31 15:25:01.803440:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Oct 31 15:25:01.803585:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Oct 31 15:25:01.803718:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Oct 31 15:25:01.803838:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Oct 31 15:25:01.803975:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Oct 31 15:25:01.804123:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Oct 31 15:25:01.804427:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Oct 31 15:25:01.804591:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Oct 31 15:25:01.804743:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Oct 31 15:25:01.805014: testing HMAC_MD5:
Oct 31 15:25:01.805020:   RFC 2104: MD5_HMAC test 1
Oct 31 15:25:01.805218:   RFC 2104: MD5_HMAC test 2
Oct 31 15:25:01.805380:   RFC 2104: MD5_HMAC test 3
Oct 31 15:25:01.805592: 8 CPU cores online
Oct 31 15:25:01.805598: starting up 7 helper threads
Oct 31 15:25:01.805644: started thread for helper 0
Oct 31 15:25:01.805669: started thread for helper 1
Oct 31 15:25:01.805690: started thread for helper 2
Oct 31 15:25:01.805712: started thread for helper 3
Oct 31 15:25:01.805733: started thread for helper 4
Oct 31 15:25:01.805755: started thread for helper 5
Oct 31 15:25:01.805776: started thread for helper 6
Oct 31 15:25:01.805795: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64
Oct 31 15:25:01.805848: | Hard-wiring algorithms
Oct 31 15:25:01.805852: | adding AES_CCM_16 to kernel algorithm db
Oct 31 15:25:01.805857: | adding AES_CCM_12 to kernel algorithm db
Oct 31 15:25:01.805860: | adding AES_CCM_8 to kernel algorithm db
Oct 31 15:25:01.805862: | adding 3DES_CBC to kernel algorithm db
Oct 31 15:25:01.805865: | adding CAMELLIA_CBC to kernel algorithm db
Oct 31 15:25:01.805867: | adding AES_GCM_16 to kernel algorithm db
Oct 31 15:25:01.805869: | adding AES_GCM_12 to kernel algorithm db
Oct 31 15:25:01.805872: | adding AES_GCM_8 to kernel algorithm db
Oct 31 15:25:01.805875: | adding AES_CTR to kernel algorithm db
Oct 31 15:25:01.805877: | adding AES_CBC to kernel algorithm db
Oct 31 15:25:01.805880: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
Oct 31 15:25:01.805883: | adding NULL to kernel algorithm db
Oct 31 15:25:01.805885: | adding CHACHA20_POLY1305 to kernel algorithm db
Oct 31 15:25:01.805887: | adding HMAC_MD5_96 to kernel algorithm db
Oct 31 15:25:01.805890: | adding HMAC_SHA1_96 to kernel algorithm db
Oct 31 15:25:01.805892: | adding HMAC_SHA2_512_256 to kernel algorithm db
Oct 31 15:25:01.805894: | adding HMAC_SHA2_384_192 to kernel algorithm db
Oct 31 15:25:01.805897: | adding HMAC_SHA2_256_128 to kernel algorithm db
Oct 31 15:25:01.805899: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
Oct 31 15:25:01.805900: | adding AES_XCBC_96 to kernel algorithm db
Oct 31 15:25:01.805902: | adding AES_CMAC_96 to kernel algorithm db
Oct 31 15:25:01.805904: | adding NONE to kernel algorithm db
Oct 31 15:25:01.805926: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
Oct 31 15:25:01.805939: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
Oct 31 15:25:01.805942: | setup kernel fd callback
Oct 31 15:25:01.805946: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x555670521b78
Oct 31 15:25:01.805950: | libevent_malloc: newref ptr-libevent@0x5556704e7138 size 128
Oct 31 15:25:01.805953: | libevent_malloc: newref ptr-libevent@0x55567051a838 size 16
Oct 31 15:25:01.805959: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x555670523b98
Oct 31 15:25:01.805963: | libevent_malloc: newref ptr-libevent@0x5556704e7398 size 128
Oct 31 15:25:01.805965: | libevent_malloc: newref ptr-libevent@0x55567051a1f8 size 16
Oct 31 15:25:01.806186: | global one-shot timer EVENT_CHECK_CRLS initialized
Oct 31 15:25:01.806216: SELinux support is enabled in PERMISSIVE mode.
Oct 31 15:25:01.806424: | unbound context created - setting debug level to 5
Oct 31 15:25:01.806462: | /etc/hosts lookups activated
Oct 31 15:25:01.806484: | /etc/resolv.conf usage activated
Oct 31 15:25:01.806538: | outgoing-port-avoid set 0-65535
Oct 31 15:25:01.806566: | outgoing-port-permit set 32768-60999
Oct 31 15:25:01.806571: | loading dnssec root key from:/var/lib/unbound/root.key
Oct 31 15:25:01.806575: | no additional dnssec trust anchors defined via dnssec-trusted= option
Oct 31 15:25:01.806578: | Setting up events, loop start
Oct 31 15:25:01.806581: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x555670527178
Oct 31 15:25:01.806585: | libevent_malloc: newref ptr-libevent@0x555670523cb8 size 128
Oct 31 15:25:01.806588: | libevent_malloc: newref ptr-libevent@0x55567051ac18 size 16
Oct 31 15:25:01.806595: | libevent_realloc: newref ptr-libevent@0x5556705271e8 size 256
Oct 31 15:25:01.806598: | libevent_malloc: newref ptr-libevent@0x55567051a878 size 8
Oct 31 15:25:01.806601: | libevent_realloc: newref ptr-libevent@0x555670519eb8 size 144
Oct 31 15:25:01.806604: | libevent_malloc: newref ptr-libevent@0x55567046eed8 size 152
Oct 31 15:25:01.806608: | libevent_malloc: newref ptr-libevent@0x55567051aa28 size 16
Oct 31 15:25:01.806612: | signal event handler PLUTO_SIGCHLD installed
Oct 31 15:25:01.806615: | libevent_malloc: newref ptr-libevent@0x555670527318 size 8
Oct 31 15:25:01.806618: | libevent_malloc: newref ptr-libevent@0x555670479a78 size 152
Oct 31 15:25:01.806621: | signal event handler PLUTO_SIGTERM installed
Oct 31 15:25:01.806623: | libevent_malloc: newref ptr-libevent@0x555670527358 size 8
Oct 31 15:25:01.806626: | libevent_malloc: newref ptr-libevent@0x555670527398 size 152
Oct 31 15:25:01.806628: | signal event handler PLUTO_SIGHUP installed
Oct 31 15:25:01.806631: | libevent_malloc: newref ptr-libevent@0x555670527468 size 8
Oct 31 15:25:01.806634: | libevent_realloc: delref ptr-libevent@0x555670519eb8
Oct 31 15:25:01.806636: | libevent_realloc: newref ptr-libevent@0x5556705274a8 size 256
Oct 31 15:25:01.806639: | libevent_malloc: newref ptr-libevent@0x5556705275d8 size 152
Oct 31 15:25:01.806642: | signal event handler PLUTO_SIGSYS installed
Oct 31 15:25:01.807016: | created addconn helper (pid:2158014) using fork+execve
Oct 31 15:25:01.807035: | forked child 2158014
Oct 31 15:25:01.807048: seccomp security disabled
Oct 31 15:25:01.807131: | starting helper thread 1
Oct 31 15:25:01.807136: seccomp security disabled for crypto helper 1
Oct 31 15:25:01.807141: | status value returned by setting the priority of this helper thread 1: 22
Oct 31 15:25:01.807146: | helper thread 1 has nothing to do
Oct 31 15:25:01.807158: | starting helper thread 2
Oct 31 15:25:01.807161: seccomp security disabled for crypto helper 2
Oct 31 15:25:01.807164: | status value returned by setting the priority of this helper thread 2: 22
Oct 31 15:25:01.807166: | helper thread 2 has nothing to do
Oct 31 15:25:01.807177: | starting helper thread 3
Oct 31 15:25:01.807179: seccomp security disabled for crypto helper 3
Oct 31 15:25:01.807182: | status value returned by setting the priority of this helper thread 3: 22
Oct 31 15:25:01.807184: | helper thread 3 has nothing to do
Oct 31 15:25:01.807195: | starting helper thread 4
Oct 31 15:25:01.807205: seccomp security disabled for crypto helper 4
Oct 31 15:25:01.807211: | status value returned by setting the priority of this helper thread 4: 22
Oct 31 15:25:01.807214: | helper thread 4 has nothing to do
Oct 31 15:25:01.807226: | starting helper thread 5
Oct 31 15:25:01.807229: seccomp security disabled for crypto helper 5
Oct 31 15:25:01.807231: | status value returned by setting the priority of this helper thread 5: 22
Oct 31 15:25:01.807234: | helper thread 5 has nothing to do
Oct 31 15:25:01.807244: | starting helper thread 6
Oct 31 15:25:01.807246: seccomp security disabled for crypto helper 6
Oct 31 15:25:01.807249: | status value returned by setting the priority of this helper thread 6: 22
Oct 31 15:25:01.807252: | helper thread 6 has nothing to do
Oct 31 15:25:01.817581: | newref struct fd@0x555670527738(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.817595: | fd_accept: new fd-fd@0x555670527738 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.820242: | whack: delete 'north-east'
Oct 31 15:25:01.820255: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:25:01.820258: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:25:01.820260: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:25:01.820262: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias
Oct 31 15:25:01.820264: | whack: connection 'north-east'
Oct 31 15:25:01.820270: | addref fd@0x555670527738(1->2) (in string_logger() at log.c:838)
Oct 31 15:25:01.820276: | newref string logger@0x55567051b1d8(0->1) (in add_connection() at connections.c:1998)
Oct 31 15:25:01.820280: | Connection DB: adding connection "north-east" $1
Oct 31 15:25:01.820286: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:25:01.820297: | added new connection north-east with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5
Oct 31 15:25:01.820365: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
Oct 31 15:25:01.820369: | from whack: got --esp=
Oct 31 15:25:01.820408: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
Oct 31 15:25:01.820461: | computed rsa CKAID
Oct 31 15:25:01.820465: |   90 5d fc a1  08 68 74 7c  6f 20 d3 1b  2d 20 4b 8f
Oct 31 15:25:01.820467: |   88 aa 7c 5d
Oct 31 15:25:01.820473: | keyid: *AQPl33O2P
Oct 31 15:25:01.820475: |   size: 274
Oct 31 15:25:01.820477: |   n
Oct 31 15:25:01.820479: |   e5 df 73 b6  3e d5 36 a8  f1 3d 0d d3  02 ab 7f ec
Oct 31 15:25:01.820481: |   4c 9e 8b 0e  0e d2 cf 0f  59 bf 6d 88  21 86 93 9e
Oct 31 15:25:01.820483: |   10 34 af 2d  cf b3 7e eb  e5 b2 24 b2  a5 b0 01 03
Oct 31 15:25:01.820485: |   7d b5 96 ad  66 ee 48 c2  28 d9 9a 76  36 a9 10 84
Oct 31 15:25:01.820488: |   b5 09 8f 17  4f 65 ce d8  2f 8e 78 80  8a 87 f4 6b
Oct 31 15:25:01.820490: |   98 d9 91 94  6b 52 15 5b  9c 47 12 be  d8 6f 25 b4
Oct 31 15:25:01.820492: |   65 38 7e e4  8d c7 f0 58  d3 9f 69 14  cc 3e c8 16
Oct 31 15:25:01.820494: |   1f af bb 5d  93 2b 33 39  0e 94 55 81  f4 b3 cc 92
Oct 31 15:25:01.820496: |   58 6e 4a 5a  4e c3 76 ab  04 2e 11 08  06 55 13 0f
Oct 31 15:25:01.820497: |   02 6c dd d1  bc c0 b8 8d  65 f5 97 ed  fc 18 39 f9
Oct 31 15:25:01.820499: |   55 ab fa 0d  c5 49 99 7f  1b cf c3 de  99 7d 9e ca
Oct 31 15:25:01.820501: |   6f 9e 14 d6  5a ff de d6  4f 57 6a 83  ab 51 ba 64
Oct 31 15:25:01.820503: |   74 e0 22 e9  9a c5 10 71  bb d4 eb a4  99 28 9c 85
Oct 31 15:25:01.820505: |   0e 31 ea cc  ab ef 98 84  3f 59 c1 75  aa b3 61 eb
Oct 31 15:25:01.820507: |   61 8c 58 a5  92 25 84 ad  c7 79 f3 87  d0 c7 83 c2
Oct 31 15:25:01.820509: |   d6 8a fe 26  9d 2a ff b1  dd 9b 89 21  7c ca f5 38
Oct 31 15:25:01.820516: |   2d 3f 64 0c  41 9c 34 e9  b2 55 0f 82  1a b3 c7 5e
Oct 31 15:25:01.820518: |   a5 99
Oct 31 15:25:01.820520: |   e
Oct 31 15:25:01.820522: |   03
Oct 31 15:25:01.820524: |   CKAID
Oct 31 15:25:01.820526: |   90 5d fc a1  08 68 74 7c  6f 20 d3 1b  2d 20 4b 8f
Oct 31 15:25:01.820528: |   88 aa 7c 5d
Oct 31 15:25:01.820534: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key
Oct 31 15:25:01.820766: | loaded private key matching CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d
Oct 31 15:25:01.821110: | copying key using reference slot
Oct 31 15:25:01.823251: | certs and keys locked by 'lsw_add_rsa_secret'
Oct 31 15:25:01.823265: | certs and keys unlocked by 'lsw_add_rsa_secret'
Oct 31 15:25:01.823275: | spent 2.55 (2.73) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID
Oct 31 15:25:01.823284: connection "north-east": loaded private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d
Oct 31 15:25:01.823288: | counting wild cards for @north is 0
Oct 31 15:25:01.823313: | computed rsa CKAID
Oct 31 15:25:01.823316: |   61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Oct 31 15:25:01.823319: |   8a 82 25 f1
Oct 31 15:25:01.823324: | keyid: *AQO9bJbr3
Oct 31 15:25:01.823327: |   size: 274
Oct 31 15:25:01.823329: |   n
Oct 31 15:25:01.823332: |   bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Oct 31 15:25:01.823334: |   c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Oct 31 15:25:01.823337: |   e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Oct 31 15:25:01.823339: |   94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Oct 31 15:25:01.823342: |   f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Oct 31 15:25:01.823344: |   1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Oct 31 15:25:01.823347: |   5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Oct 31 15:25:01.823349: |   af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Oct 31 15:25:01.823352: |   5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Oct 31 15:25:01.823354: |   f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Oct 31 15:25:01.823357: |   2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Oct 31 15:25:01.823359: |   55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Oct 31 15:25:01.823362: |   8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Oct 31 15:25:01.823364: |   5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Oct 31 15:25:01.823366: |   55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Oct 31 15:25:01.823369: |   6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Oct 31 15:25:01.823371: |   69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Oct 31 15:25:01.823374: |   48 ef
Oct 31 15:25:01.823376: |   e
Oct 31 15:25:01.823379: |   03
Oct 31 15:25:01.823381: |   CKAID
Oct 31 15:25:01.823384: |   61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Oct 31 15:25:01.823386: |   8a 82 25 f1
Oct 31 15:25:01.823393: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key
Oct 31 15:25:01.823398: | trying secret PKK_RSA:AQPl33O2P
Oct 31 15:25:01.823448: | spent 0.048 (0.0481) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID
Oct 31 15:25:01.823457: | no private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1: can't find the private key matching the NSS CKAID
Oct 31 15:25:01.823460: | counting wild cards for @east is 0
Oct 31 15:25:01.823464: | updating connection from left.host_addr
Oct 31 15:25:01.823469: | right host_nexthop 192.1.3.33
Oct 31 15:25:01.823472: | left host_port 500
Oct 31 15:25:01.823474: | updating connection from right.host_addr
Oct 31 15:25:01.823478: | left host_nexthop 192.1.2.23
Oct 31 15:25:01.823481: | right host_port 500
Oct 31 15:25:01.823488: | orienting north-east
Oct 31 15:25:01.823493: added IKEv2 connection "north-east"
Oct 31 15:25:01.823504: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5
Oct 31 15:25:01.823521: | 192.0.3.254/32===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24
Oct 31 15:25:01.823525: | delref logger@0x55567051b1d8(1->0) (in add_connection() at connections.c:2026)
Oct 31 15:25:01.823529: | delref fd@0x555670527738(2->1) (in free_logger() at log.c:853)
Oct 31 15:25:01.823532: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:01.823537: | delref fd@0x555670527738(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.823657: | freeref fd-fd@0x555670527738 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.823666: | spent 3.2 (6.1) milliseconds in whack
Oct 31 15:25:01.823745: | newref struct fd@0x55567052bda8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.823750: | fd_accept: new fd-fd@0x55567052bda8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.823765: | whack: key
Oct 31 15:25:01.823770: add keyid @north
Oct 31 15:25:01.823773: |   01 03 e5 df  73 b6 3e d5  36 a8 f1 3d  0d d3 02 ab
Oct 31 15:25:01.823776: |   7f ec 4c 9e  8b 0e 0e d2  cf 0f 59 bf  6d 88 21 86
Oct 31 15:25:01.823780: |   93 9e 10 34  af 2d cf b3  7e eb e5 b2  24 b2 a5 b0
Oct 31 15:25:01.823784: |   01 03 7d b5  96 ad 66 ee  48 c2 28 d9  9a 76 36 a9
Oct 31 15:25:01.823787: |   10 84 b5 09  8f 17 4f 65  ce d8 2f 8e  78 80 8a 87
Oct 31 15:25:01.823790: |   f4 6b 98 d9  91 94 6b 52  15 5b 9c 47  12 be d8 6f
Oct 31 15:25:01.823792: |   25 b4 65 38  7e e4 8d c7  f0 58 d3 9f  69 14 cc 3e
Oct 31 15:25:01.823795: |   c8 16 1f af  bb 5d 93 2b  33 39 0e 94  55 81 f4 b3
Oct 31 15:25:01.823797: |   cc 92 58 6e  4a 5a 4e c3  76 ab 04 2e  11 08 06 55
Oct 31 15:25:01.823800: |   13 0f 02 6c  dd d1 bc c0  b8 8d 65 f5  97 ed fc 18
Oct 31 15:25:01.823802: |   39 f9 55 ab  fa 0d c5 49  99 7f 1b cf  c3 de 99 7d
Oct 31 15:25:01.823805: |   9e ca 6f 9e  14 d6 5a ff  de d6 4f 57  6a 83 ab 51
Oct 31 15:25:01.823808: |   ba 64 74 e0  22 e9 9a c5  10 71 bb d4  eb a4 99 28
Oct 31 15:25:01.823810: |   9c 85 0e 31  ea cc ab ef  98 84 3f 59  c1 75 aa b3
Oct 31 15:25:01.823813: |   61 eb 61 8c  58 a5 92 25  84 ad c7 79  f3 87 d0 c7
Oct 31 15:25:01.823815: |   83 c2 d6 8a  fe 26 9d 2a  ff b1 dd 9b  89 21 7c ca
Oct 31 15:25:01.823818: |   f5 38 2d 3f  64 0c 41 9c  34 e9 b2 55  0f 82 1a b3
Oct 31 15:25:01.823820: |   c7 5e a5 99
Oct 31 15:25:01.823834: | computed rsa CKAID
Oct 31 15:25:01.823837: |   90 5d fc a1  08 68 74 7c  6f 20 d3 1b  2d 20 4b 8f
Oct 31 15:25:01.823839: |   88 aa 7c 5d
Oct 31 15:25:01.823845: | keyid: *AQPl33O2P
Oct 31 15:25:01.823848: |   size: 274
Oct 31 15:25:01.823850: |   n
Oct 31 15:25:01.823852: |   e5 df 73 b6  3e d5 36 a8  f1 3d 0d d3  02 ab 7f ec
Oct 31 15:25:01.823855: |   4c 9e 8b 0e  0e d2 cf 0f  59 bf 6d 88  21 86 93 9e
Oct 31 15:25:01.823857: |   10 34 af 2d  cf b3 7e eb  e5 b2 24 b2  a5 b0 01 03
Oct 31 15:25:01.823860: |   7d b5 96 ad  66 ee 48 c2  28 d9 9a 76  36 a9 10 84
Oct 31 15:25:01.823862: |   b5 09 8f 17  4f 65 ce d8  2f 8e 78 80  8a 87 f4 6b
Oct 31 15:25:01.823865: |   98 d9 91 94  6b 52 15 5b  9c 47 12 be  d8 6f 25 b4
Oct 31 15:25:01.823867: |   65 38 7e e4  8d c7 f0 58  d3 9f 69 14  cc 3e c8 16
Oct 31 15:25:01.823870: |   1f af bb 5d  93 2b 33 39  0e 94 55 81  f4 b3 cc 92
Oct 31 15:25:01.823872: |   58 6e 4a 5a  4e c3 76 ab  04 2e 11 08  06 55 13 0f
Oct 31 15:25:01.823875: |   02 6c dd d1  bc c0 b8 8d  65 f5 97 ed  fc 18 39 f9
Oct 31 15:25:01.823877: |   55 ab fa 0d  c5 49 99 7f  1b cf c3 de  99 7d 9e ca
Oct 31 15:25:01.823880: |   6f 9e 14 d6  5a ff de d6  4f 57 6a 83  ab 51 ba 64
Oct 31 15:25:01.823882: |   74 e0 22 e9  9a c5 10 71  bb d4 eb a4  99 28 9c 85
Oct 31 15:25:01.823884: |   0e 31 ea cc  ab ef 98 84  3f 59 c1 75  aa b3 61 eb
Oct 31 15:25:01.823887: |   61 8c 58 a5  92 25 84 ad  c7 79 f3 87  d0 c7 83 c2
Oct 31 15:25:01.823889: |   d6 8a fe 26  9d 2a ff b1  dd 9b 89 21  7c ca f5 38
Oct 31 15:25:01.823892: |   2d 3f 64 0c  41 9c 34 e9  b2 55 0f 82  1a b3 c7 5e
Oct 31 15:25:01.823894: |   a5 99
Oct 31 15:25:01.823897: |   e
Oct 31 15:25:01.823899: |   03
Oct 31 15:25:01.823905: |   CKAID
Oct 31 15:25:01.823959: |   90 5d fc a1  08 68 74 7c  6f 20 d3 1b  2d 20 4b 8f
Oct 31 15:25:01.823964: |   88 aa 7c 5d
Oct 31 15:25:01.823969: | newref struct pubkey@0x55567052ebb8(0->1) (in add_public_key() at secrets.c:1716)
Oct 31 15:25:01.823973: | addref pk@0x55567052ebb8(1->2) (in add_public_key() at secrets.c:1718)
Oct 31 15:25:01.823977: | delref pkp@0x55567052ebb8(2->1) (in key_add_request() at rcv_whack.c:341)
Oct 31 15:25:01.823981: | trying secret PKK_RSA:AQPl33O2P
Oct 31 15:25:01.823984: | matched
Oct 31 15:25:01.823987: | secrets entry for ckaid already exists
Oct 31 15:25:01.823992: | spent 0.00915 (0.00893) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID
Oct 31 15:25:01.823997: | delref fd@0x55567052bda8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.824003: | freeref fd-fd@0x55567052bda8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.824008: | spent 0.222 (0.269) milliseconds in whack
Oct 31 15:25:01.824055: | newref struct fd@0x555670527fb8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.824059: | fd_accept: new fd-fd@0x555670527fb8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.824073: | whack: key
Oct 31 15:25:01.824077: add keyid @east
Oct 31 15:25:01.824080: |   01 03 bd 6c  96 eb df 78  89 b3 ed 77  0d a1 7f 7b
Oct 31 15:25:01.824083: |   e5 16 c2 c9  e4 7d 92 0a  90 9d 55 43  b4 62 13 03
Oct 31 15:25:01.824085: |   85 7a e0 26  7b 54 1f ca  09 93 cf ff  25 c9 02 4c
Oct 31 15:25:01.824088: |   78 ca 94 e5  3e ac d1 f9  a8 e5 bb 7f  cc 20 84 e0
Oct 31 15:25:01.824090: |   21 c9 f0 0d  c5 44 ba f3  48 64 61 58  f6 0f 63 0d
Oct 31 15:25:01.824093: |   d2 67 1e 59  8b ec f3 50  39 71 fb 39  da 11 64 b6
Oct 31 15:25:01.824096: |   62 cd 5f d3  8d 2e c1 50  ed 9c 6e 22  0c 39 a7 ce
Oct 31 15:25:01.824098: |   62 b5 af 8a  80 0f 2e 4c  05 5c 82 c7  8d 29 02 2e
Oct 31 15:25:01.824101: |   bb 23 5f db  f2 9e b5 7d  e2 20 70 1a  63 f3 8e 5d
Oct 31 15:25:01.824103: |   ac 47 f0 5c  26 4e b1 d0  42 60 52 4a  b0 77 25 ce
Oct 31 15:25:01.824106: |   e0 98 2b 43  f4 c7 59 1a  64 01 83 ea  4e e3 1a 2a
Oct 31 15:25:01.824108: |   92 b8 55 ab  63 dd 4b 70  47 29 dc e9  b4 60 bf 43
Oct 31 15:25:01.824111: |   4d 58 8f 64  73 95 70 ac  35 89 b2 c2  9c d4 62 c0
Oct 31 15:25:01.824114: |   5f 56 5f ad  1b e5 dd 49  93 6a f5 23  82 ed d4 e7
Oct 31 15:25:01.824116: |   d5 f1 55 f2  2d a2 26 a6  36 53 2f 94  fb 99 22 5c
Oct 31 15:25:01.824119: |   47 cc 6d 80  30 88 96 38  0c f5 f2 ed  37 d0 09 d5
Oct 31 15:25:01.824121: |   07 8f 69 ef  a9 99 ce 4d  1a 77 9e 39  c4 38 f3 c5
Oct 31 15:25:01.824124: |   51 51 48 ef
Oct 31 15:25:01.824133: | computed rsa CKAID
Oct 31 15:25:01.824136: |   61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Oct 31 15:25:01.824138: |   8a 82 25 f1
Oct 31 15:25:01.824144: | keyid: *AQO9bJbr3
Oct 31 15:25:01.824147: |   size: 274
Oct 31 15:25:01.824149: |   n
Oct 31 15:25:01.824151: |   bd 6c 96 eb  df 78 89 b3  ed 77 0d a1  7f 7b e5 16
Oct 31 15:25:01.824154: |   c2 c9 e4 7d  92 0a 90 9d  55 43 b4 62  13 03 85 7a
Oct 31 15:25:01.824156: |   e0 26 7b 54  1f ca 09 93  cf ff 25 c9  02 4c 78 ca
Oct 31 15:25:01.824159: |   94 e5 3e ac  d1 f9 a8 e5  bb 7f cc 20  84 e0 21 c9
Oct 31 15:25:01.824161: |   f0 0d c5 44  ba f3 48 64  61 58 f6 0f  63 0d d2 67
Oct 31 15:25:01.824164: |   1e 59 8b ec  f3 50 39 71  fb 39 da 11  64 b6 62 cd
Oct 31 15:25:01.824166: |   5f d3 8d 2e  c1 50 ed 9c  6e 22 0c 39  a7 ce 62 b5
Oct 31 15:25:01.824169: |   af 8a 80 0f  2e 4c 05 5c  82 c7 8d 29  02 2e bb 23
Oct 31 15:25:01.824171: |   5f db f2 9e  b5 7d e2 20  70 1a 63 f3  8e 5d ac 47
Oct 31 15:25:01.824174: |   f0 5c 26 4e  b1 d0 42 60  52 4a b0 77  25 ce e0 98
Oct 31 15:25:01.824176: |   2b 43 f4 c7  59 1a 64 01  83 ea 4e e3  1a 2a 92 b8
Oct 31 15:25:01.824178: |   55 ab 63 dd  4b 70 47 29  dc e9 b4 60  bf 43 4d 58
Oct 31 15:25:01.824181: |   8f 64 73 95  70 ac 35 89  b2 c2 9c d4  62 c0 5f 56
Oct 31 15:25:01.824183: |   5f ad 1b e5  dd 49 93 6a  f5 23 82 ed  d4 e7 d5 f1
Oct 31 15:25:01.824186: |   55 f2 2d a2  26 a6 36 53  2f 94 fb 99  22 5c 47 cc
Oct 31 15:25:01.824191: |   6d 80 30 88  96 38 0c f5  f2 ed 37 d0  09 d5 07 8f
Oct 31 15:25:01.824194: |   69 ef a9 99  ce 4d 1a 77  9e 39 c4 38  f3 c5 51 51
Oct 31 15:25:01.824196: |   48 ef
Oct 31 15:25:01.824202: |   e
Oct 31 15:25:01.824208: |   03
Oct 31 15:25:01.824210: |   CKAID
Oct 31 15:25:01.824212: |   61 55 99 73  d3 ac ef 7d  3a 37 0e 3e  82 ad 92 c1
Oct 31 15:25:01.824215: |   8a 82 25 f1
Oct 31 15:25:01.824219: | newref struct pubkey@0x55567052dc58(0->1) (in add_public_key() at secrets.c:1716)
Oct 31 15:25:01.824222: | addref pk@0x55567052dc58(1->2) (in add_public_key() at secrets.c:1718)
Oct 31 15:25:01.824226: | delref pkp@0x55567052dc58(2->1) (in key_add_request() at rcv_whack.c:341)
Oct 31 15:25:01.824230: | trying secret PKK_RSA:AQPl33O2P
Oct 31 15:25:01.824278: | spent 0.0457 (0.0456) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID
Oct 31 15:25:01.824364: | no private key: can't find the private key matching the NSS CKAID
Oct 31 15:25:01.824369: | delref fd@0x555670527fb8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.824375: | freeref fd-fd@0x555670527fb8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.824381: | spent 0.251 (0.33) milliseconds in whack
Oct 31 15:25:01.824427: | newref struct fd@0x55567051b1d8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.824431: | fd_accept: new fd-fd@0x55567051b1d8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.824445: | whack: listen
Oct 31 15:25:01.824448: listening for IKE messages
Oct 31 15:25:01.824527: | Inspecting interface lo 
Oct 31 15:25:01.824534: | found lo with address 127.0.0.1
Oct 31 15:25:01.824537: | Inspecting interface eth0 
Oct 31 15:25:01.824542: | found eth0 with address 192.0.3.254
Oct 31 15:25:01.824545: | Inspecting interface eth1 
Oct 31 15:25:01.824550: | found eth1 with address 192.1.3.33
Oct 31 15:25:01.824558: | newref struct iface_dev@0x55567052de28(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:25:01.824576: Kernel supports NIC esp-hw-offload
Oct 31 15:25:01.824584: | iface: marking eth1 add
Oct 31 15:25:01.824588: | newref struct iface_dev@0x55567052deb8(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:25:01.824592: | iface: marking eth0 add
Oct 31 15:25:01.824596: | newref struct iface_dev@0x55567052df48(0->1) (in add_iface_dev() at iface.c:67)
Oct 31 15:25:01.824600: | iface: marking lo add
Oct 31 15:25:01.824666: | no interfaces to sort
Oct 31 15:25:01.824684: | MSG_ERRQUEUE enabled on fd 18
Oct 31 15:25:01.824698: | addref ifd@0x55567052de28(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:25:01.824706: adding UDP interface eth1 192.1.3.33:500
Oct 31 15:25:01.824721: | MSG_ERRQUEUE enabled on fd 19
Oct 31 15:25:01.824767: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:25:01.824771: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:25:01.824775: | addref ifd@0x55567052de28(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:25:01.824779: adding UDP interface eth1 192.1.3.33:4500
Oct 31 15:25:01.824793: | MSG_ERRQUEUE enabled on fd 20
Oct 31 15:25:01.824802: | addref ifd@0x55567052deb8(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:25:01.824806: adding UDP interface eth0 192.0.3.254:500
Oct 31 15:25:01.824819: | MSG_ERRQUEUE enabled on fd 21
Oct 31 15:25:01.824826: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:25:01.824830: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:25:01.824833: | addref ifd@0x55567052deb8(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:25:01.824837: adding UDP interface eth0 192.0.3.254:4500
Oct 31 15:25:01.824850: | MSG_ERRQUEUE enabled on fd 22
Oct 31 15:25:01.824859: | addref ifd@0x55567052df48(1->2) (in bind_iface_port() at iface.c:237)
Oct 31 15:25:01.824863: adding UDP interface lo 127.0.0.1:500
Oct 31 15:25:01.824876: | MSG_ERRQUEUE enabled on fd 23
Oct 31 15:25:01.824883: | NAT-Traversal: Trying sockopt style NAT-T
Oct 31 15:25:01.824886: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
Oct 31 15:25:01.824893: | addref ifd@0x55567052df48(2->3) (in bind_iface_port() at iface.c:237)
Oct 31 15:25:01.824898: adding UDP interface lo 127.0.0.1:4500
Oct 31 15:25:01.824902: | updating interfaces - listing interfaces that are going down
Oct 31 15:25:01.824905: | updating interfaces - checking orientation
Oct 31 15:25:01.824907: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Oct 31 15:25:01.824910: | orienting north-east
Oct 31 15:25:01.824914: | north-east doesn't match 127.0.0.1:4500 at all
Oct 31 15:25:01.824919: | north-east doesn't match 127.0.0.1:500 at all
Oct 31 15:25:01.824923: | north-east doesn't match 192.0.3.254:4500 at all
Oct 31 15:25:01.824927: | north-east doesn't match 192.0.3.254:500 at all
Oct 31 15:25:01.824931: | north-east doesn't match 192.1.3.33:4500 at all
Oct 31 15:25:01.824982: | oriented north-east's this
Oct 31 15:25:01.824992: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none
Oct 31 15:25:01.824999: | newref hp@0x55567052b3a8(0->1) (in connect_to_host_pair() at hostpair.c:290)
Oct 31 15:25:01.825022: | libevent_malloc: newref ptr-libevent@0x555670529d38 size 128
Oct 31 15:25:01.825027: | libevent_malloc: newref ptr-libevent@0x55567052b458 size 16
Oct 31 15:25:01.825036: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP
Oct 31 15:25:01.825039: | libevent_malloc: newref ptr-libevent@0x555670523c08 size 128
Oct 31 15:25:01.825042: | libevent_malloc: newref ptr-libevent@0x55567052b498 size 16
Oct 31 15:25:01.825047: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP
Oct 31 15:25:01.825050: | libevent_malloc: newref ptr-libevent@0x5556704e3d98 size 128
Oct 31 15:25:01.825053: | libevent_malloc: newref ptr-libevent@0x55567052b4d8 size 16
Oct 31 15:25:01.825058: | setup callback for interface eth0 192.0.3.254:4500 fd 21 on UDP
Oct 31 15:25:01.825061: | libevent_malloc: newref ptr-libevent@0x5556704dc548 size 128
Oct 31 15:25:01.825063: | libevent_malloc: newref ptr-libevent@0x55567052b518 size 16
Oct 31 15:25:01.825068: | setup callback for interface eth0 192.0.3.254:500 fd 20 on UDP
Oct 31 15:25:01.825071: | libevent_malloc: newref ptr-libevent@0x5556704e3e98 size 128
Oct 31 15:25:01.825074: | libevent_malloc: newref ptr-libevent@0x55567052b558 size 16
Oct 31 15:25:01.825079: | setup callback for interface eth1 192.1.3.33:4500 fd 19 on UDP
Oct 31 15:25:01.825082: | libevent_malloc: newref ptr-libevent@0x5556704e7298 size 128
Oct 31 15:25:01.825085: | libevent_malloc: newref ptr-libevent@0x55567052b598 size 16
Oct 31 15:25:01.825090: | setup callback for interface eth1 192.1.3.33:500 fd 18 on UDP
Oct 31 15:25:01.827669: | no stale xfrmi interface 'ipsec1' found
Oct 31 15:25:01.827684: | certs and keys locked by 'free_preshared_secrets'
Oct 31 15:25:01.827687: forgetting secrets
Oct 31 15:25:01.827708: | certs and keys unlocked by 'free_preshared_secrets'
Oct 31 15:25:01.827736: loading secrets from "/etc/ipsec.secrets"
Oct 31 15:25:01.827762: no secrets filename matched "/etc/ipsec.d/*.secrets"
Oct 31 15:25:01.827770: | old food groups:
Oct 31 15:25:01.827772: | new food groups:
Oct 31 15:25:01.827778: | delref fd@0x55567051b1d8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.827784: | freeref fd-fd@0x55567051b1d8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.827791: | spent 0.872 (3.37) milliseconds in whack
Oct 31 15:25:01.827851: | newref struct fd@0x555670527fb8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.827855: | fd_accept: new fd-fd@0x555670527fb8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.827870: | whack: route
Oct 31 15:25:01.827874: | FOR_EACH_CONNECTION_... in conn_by_name
Oct 31 15:25:01.827884: | could_route called for north-east; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500
Oct 31 15:25:01.827887: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:25:01.827890: |  conn north-east mark 0/00000000, 0/00000000 vs
Oct 31 15:25:01.827893: |  conn north-east mark 0/00000000, 0/00000000
Oct 31 15:25:01.827901: | route owner of "north-east" unrouted: NULL; eroute owner: NULL
Oct 31 15:25:01.827905: | route_and_eroute() for proto 0, and source port 0 dest port 0
Oct 31 15:25:01.827907: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:25:01.827910: |  conn north-east mark 0/00000000, 0/00000000 vs
Oct 31 15:25:01.827913: |  conn north-east mark 0/00000000, 0/00000000
Oct 31 15:25:01.827915: | route owner of "north-east" unrouted: NULL; eroute owner: NULL
Oct 31 15:25:01.827919: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0
Oct 31 15:25:01.827925: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0
Oct 31 15:25:01.827931: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0
Oct 31 15:25:01.827934: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:01.827942: | IPsec SA SPD priority set to 2080718
Oct 31 15:25:01.827984: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:01.827988: | route_and_eroute: firewall_notified: true
Oct 31 15:25:01.827991: | running updown command "ipsec _updown" for verb prepare 
Oct 31 15:25:01.827994: | command executing prepare-client
Oct 31 15:25:01.828025: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'...
Oct 31 15:25:01.828030: | popen cmd is 1081 chars long
Oct 31 15:25:01.828033: | cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL:
Oct 31 15:25:01.828035: | cmd(  80):UTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT:
Oct 31 15:25:01.828038: | cmd( 160):_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='19:
Oct 31 15:25:01.828040: | cmd( 240):2.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.25:
Oct 31 15:25:01.828043: | cmd( 320):5.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_T:
Oct 31 15:25:01.828045: | cmd( 400):YPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.:
Oct 31 15:25:01.828047: | cmd( 480):0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.:
Oct 31 15:25:01.828049: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr:
Oct 31 15:25:01.828051: | cmd( 640):m' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_AL:
Oct 31 15:25:01.828054: | cmd( 720):LOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN:
Oct 31 15:25:01.828056: | cmd( 800):_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='':
Oct 31 15:25:01.828058: | cmd( 880): PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_C:
Oct 31 15:25:01.828060: | cmd( 960):LIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' :
Oct 31 15:25:01.828062: | cmd(1040):SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
Oct 31 15:25:01.832272: | starting helper thread 7
Oct 31 15:25:01.832287: seccomp security disabled for crypto helper 7
Oct 31 15:25:01.832293: | status value returned by setting the priority of this helper thread 7: 22
Oct 31 15:25:01.832296: | helper thread 7 has nothing to do
Oct 31 15:25:01.854167: | running updown command "ipsec _updown" for verb route 
Oct 31 15:25:01.854187: | command executing route-client
Oct 31 15:25:01.854222: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI...
Oct 31 15:25:01.854228: | popen cmd is 1079 chars long
Oct 31 15:25:01.854230: | cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT:
Oct 31 15:25:01.854233: | cmd(  80):O_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_H:
Oct 31 15:25:01.854235: | cmd( 160):OP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.:
Oct 31 15:25:01.854237: | cmd( 240):0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.:
Oct 31 15:25:01.854239: | cmd( 320):255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYP:
Oct 31 15:25:01.854241: | cmd( 400):E='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.:
Oct 31 15:25:01.854243: | cmd( 480):2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0':
Oct 31 15:25:01.854245: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm':
Oct 31 15:25:01.854247: | cmd( 640): PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLO:
Oct 31 15:25:01.854250: | cmd( 720):W+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A:
Oct 31 15:25:01.854252: | cmd( 800):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P:
Oct 31 15:25:01.854254: | cmd( 880):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI:
Oct 31 15:25:01.854256: | cmd( 960):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP:
Oct 31 15:25:01.854258: | cmd(1040):I_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
Oct 31 15:25:01.905382: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905445: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905483: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905521: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905559: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905595: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905634: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905671: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905708: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905744: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905780: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905819: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905860: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905896: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905932: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.905968: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906479: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906521: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906560: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906597: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906636: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906672: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906708: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906746: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906782: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.906822: route-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:01.954449: | delref fd@0x555670527fb8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.954470: | freeref fd-fd@0x555670527fb8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.954482: | spent 0.963 (127) milliseconds in whack
Oct 31 15:25:01.954504: | newref struct fd@0x55567052c108(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.954508: | fd_accept: new fd-fd@0x55567052c108 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:01.954521: | whack: options (impair|debug)
Oct 31 15:25:01.954526: | old debugging base+cpu-usage + none
Oct 31 15:25:01.954529: | new debugging = base+cpu-usage
Oct 31 15:25:01.954535: | delref fd@0x55567052c108(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.954541: | freeref fd-fd@0x55567052c108 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:01.954546: | spent 0.0512 (0.0512) milliseconds in whack
Oct 31 15:25:01.954553: | processing signal PLUTO_SIGCHLD
Oct 31 15:25:01.954558: | waitpid returned nothing left to do (all child processes are busy)
Oct 31 15:25:01.954563: | spent 0.00521 (0.00519) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:25:01.954565: | processing signal PLUTO_SIGCHLD
Oct 31 15:25:01.954569: | waitpid returned nothing left to do (all child processes are busy)
Oct 31 15:25:01.954574: | spent 0.00402 (0.00398) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:25:01.956810: | processing signal PLUTO_SIGCHLD
Oct 31 15:25:01.956832: | waitpid returned pid 2158014 (exited with status 0)
Oct 31 15:25:01.956838: | reaped addconn helper child (status 0)
Oct 31 15:25:01.956845: | waitpid returned ECHILD (no child processes left)
Oct 31 15:25:01.956851: | spent 0.0245 (0.0244) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:25:02.334505: |  kernel_process_msg_cb process netlink message
Oct 31 15:25:02.334527: | netlink_get: XFRM_MSG_ACQUIRE message
Oct 31 15:25:02.334532: | xfrm netlink msg len 376
Oct 31 15:25:02.334538: | xfrm acquire rtattribute type 5 ...
Oct 31 15:25:02.334540: | ... xfrm template attribute with reqid:0, spi:0, proto:50
Oct 31 15:25:02.334542: | xfrm acquire rtattribute type 16 ...
Oct 31 15:25:02.334545: | ... xfrm policy type ignored
Oct 31 15:25:02.334559: | add bare shunt 0x555670467038 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0    %acquire-netlink
Oct 31 15:25:02.334565: | stripping address 192.0.3.254 of is_endpoint=0 hport=8 ipproto=1 (in subnet_prefix() at ip_subnet.c:114)
Oct 31 15:25:02.334570: | stripping address 192.0.2.254 of is_endpoint=0 hport=0 ipproto=1 (in subnet_prefix() at ip_subnet.c:114)
Oct 31 15:25:02.334577: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire
Oct 31 15:25:02.334584: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0
Oct 31 15:25:02.334587: | FOR_EACH_CONNECTION_... in find_connection_for_clients
Oct 31 15:25:02.334600: | find_connection: conn "north-east" has compatible peers: 192.0.3.254/32:0 -> 192.0.2.0/24:0 [pri: 33603594]
Oct 31 15:25:02.334604: | find_connection: first OK "north-east" [pri:33603594]{0x5556705284d8} (child none)
Oct 31 15:25:02.334607: | find_connection: concluding with "north-east" [pri:33603594]{0x5556705284d8} kind=CK_PERMANENT
Oct 31 15:25:02.334610: | assign hold, routing was prospective erouted, needs to be erouted HOLD
Oct 31 15:25:02.334612: | assign_holdpass() need broad(er) shunt
Oct 31 15:25:02.334615: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:02.334622: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => %hold>%hold using reqid 0 (raw_eroute) proto=50
Oct 31 15:25:02.334625: | netlink_raw_eroute: SPI_HOLD implemented as no-op
Oct 31 15:25:02.334627: | raw_eroute result=success
Oct 31 15:25:02.334630: | assign_holdpass() eroute_connection() done
Oct 31 15:25:02.334633: | fiddle_bare_shunt called
Oct 31 15:25:02.334637: | subnet from endpoint 192.0.3.254:8 (in fiddle_bare_shunt() at kernel.c:1338)
Oct 31 15:25:02.334642: | subnet from address 192.0.2.254 (in fiddle_bare_shunt() at kernel.c:1339)
Oct 31 15:25:02.334644: | fiddle_bare_shunt with transport_proto 1
Oct 31 15:25:02.334647: | removing specific host-to-host bare shunt
Oct 31 15:25:02.334652: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold using reqid 0 (raw_eroute) proto=50
Oct 31 15:25:02.334655: | netlink_raw_eroute: SPI_PASS
Oct 31 15:25:02.334659: | stripping address 192.0.3.254 of is_endpoint=1 hport=8 ipproto=0 (in selector_prefix() at ip_selector.c:153)
Oct 31 15:25:02.334678: | raw_eroute result=success
Oct 31 15:25:02.334682: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded
Oct 31 15:25:02.334688: | delete bare shunt 0x555670467038 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0    %acquire-netlink
Oct 31 15:25:02.334692: assign_holdpass() delete_bare_shunt() failed
Oct 31 15:25:02.334694: initiate_ondemand_body() failed to install negotiation_shunt,
Oct 31 15:25:02.334697: | FOR_EACH_STATE_... in find_phase1_state
Oct 31 15:25:02.334719: | newref alloc logger@0x555670527d08(0->1) (in new_state() at state.c:576)
Oct 31 15:25:02.334723: | addref fd@NULL (in new_state() at state.c:577)
Oct 31 15:25:02.334726: | creating state object #1 at 0x55567052f128
Oct 31 15:25:02.334729: | State DB: adding IKEv2 state #1 in UNDEFINED
Oct 31 15:25:02.334741: | pstats #1 ikev2.ike started
Oct 31 15:25:02.334745: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore)
Oct 31 15:25:02.334750: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620)
Oct 31 15:25:02.334759: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744576.767549 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744576.767549 ike.wip.initiator=0->-1 ike.wip.responder=0->-1
Oct 31 15:25:02.334763: | orienting north-east
Oct 31 15:25:02.334768: | north-east doesn't match 127.0.0.1:4500 at all
Oct 31 15:25:02.334772: | north-east doesn't match 127.0.0.1:500 at all
Oct 31 15:25:02.334776: | north-east doesn't match 192.0.3.254:4500 at all
Oct 31 15:25:02.334780: | north-east doesn't match 192.0.3.254:500 at all
Oct 31 15:25:02.334783: | north-east doesn't match 192.1.3.33:4500 at all
Oct 31 15:25:02.334786: | oriented north-east's this
Oct 31 15:25:02.334794: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544)
Oct 31 15:25:02.334798: | addref fd@NULL (in add_pending() at pending.c:86)
Oct 31 15:25:02.334803: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "north-east"
Oct 31 15:25:02.334807: "north-east" #1: initiating IKEv2 connection
Oct 31 15:25:02.334810: | constructing local IKE proposals for north-east (IKE SA initiator selecting KE)
Oct 31 15:25:02.334820: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:25:02.334834: | ...  ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334839: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:25:02.334845: | ...  ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334850: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:25:02.334856: | ...  ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334860: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ...
Oct 31 15:25:02.334866: | ...  ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334869: "north-east": local IKE proposals (IKE SA initiator selecting KE): 
Oct 31 15:25:02.334874: "north-east":   1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334881: "north-east":   2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334886: "north-east":   3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334892: "north-east":   4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.334900: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:25:02.334903: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:25:02.334907: | newref clone logger@0x55567051b168(0->1) (in clone_logger() at log.c:817)
Oct 31 15:25:02.334910: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue
Oct 31 15:25:02.334913: | state #1 has no .st_event to delete
Oct 31 15:25:02.334916: | #1 STATE_PARENT_I0: retransmits: cleared
Oct 31 15:25:02.334919: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55567052ee98
Oct 31 15:25:02.334922: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:25:02.334926: | libevent_malloc: newref ptr-libevent@0x55567052bcf8 size 128
Oct 31 15:25:02.334941: | #1 spent 0.365 (0.365) milliseconds in ikev2_parent_outI1()
Oct 31 15:25:02.334947: | RESET processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640)
Oct 31 15:25:02.334952: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254
Oct 31 15:25:02.334959: | spent 0.435 (0.435) milliseconds in kernel message
Oct 31 15:25:02.334971: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job
Oct 31 15:25:02.336905: | "north-east" #1: spent 1.81 (1.93) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr)
Oct 31 15:25:02.336918: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state
Oct 31 15:25:02.336922: | scheduling resume sending helper answer back to state for #1
Oct 31 15:25:02.336926: | libevent_malloc: newref ptr-libevent@0x7f374c006108 size 128
Oct 31 15:25:02.336935: | helper thread 1 has nothing to do
Oct 31 15:25:02.336949: | processing resume sending helper answer back to state for #1
Oct 31 15:25:02.336957: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:25:02.336965: | unsuspending #1 MD (nil)
Oct 31 15:25:02.336968: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1
Oct 31 15:25:02.336971: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55566f3fefe7
Oct 31 15:25:02.336974: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0
Oct 31 15:25:02.336978: | DH secret MODP2048@0x7f374c006ba8: transferring ownership from helper KE to state #1
Oct 31 15:25:02.337009: | opening output PBS reply packet
Oct 31 15:25:02.337015: | **emit ISAKMP Message:
Oct 31 15:25:02.337020: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.337025: |    responder SPI: 00 00 00 00  00 00 00 00
Oct 31 15:25:02.337027: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:25:02.337030: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:02.337033: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Oct 31 15:25:02.337037: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:25:02.337041: |    Message ID: 0 (00 00 00 00)
Oct 31 15:25:02.337044: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:25:02.337062: | using existing local IKE proposals for connection north-east (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.337066: | Emitting ikev2_proposals ...
Oct 31 15:25:02.337069: | ***emit IKEv2 Security Association Payload:
Oct 31 15:25:02.337072: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.337074: |    flags: none (0x0)
Oct 31 15:25:02.337078: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:25:02.337080: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.337085: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.337089: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.337092: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.337095: |    prop #: 1 (01)
Oct 31 15:25:02.337098: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:25:02.337101: |    spi size: 0 (00)
Oct 31 15:25:02.337103: |    # transforms: 11 (0b)
Oct 31 15:25:02.337106: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.337110: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337112: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337114: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.337117: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:25:02.337119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337122: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.337125: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.337129: |    length/value: 256 (01 00)
Oct 31 15:25:02.337132: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.337135: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337137: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337139: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337142: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:25:02.337146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337152: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337154: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337157: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337159: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337162: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:25:02.337165: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337167: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337170: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337173: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.337175: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337177: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337180: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337182: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:25:02.337185: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337187: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337190: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337192: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337195: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337197: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337238: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:25:02.337241: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337244: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337246: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337249: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337251: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337253: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337256: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:25:02.337258: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337261: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337263: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337266: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337269: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337271: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337274: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:25:02.337276: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337280: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337283: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337286: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337288: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337290: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337293: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:25:02.337295: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337298: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337300: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337303: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337306: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337308: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337310: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:25:02.337313: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337315: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337318: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337320: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337322: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337325: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337327: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:25:02.337329: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337332: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337334: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337337: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337340: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.337342: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337344: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:25:02.337347: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337352: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337354: | emitting length of IKEv2 Proposal Substructure Payload: 100
Oct 31 15:25:02.337357: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.337360: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.337363: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.337366: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.337369: |    prop #: 2 (02)
Oct 31 15:25:02.337371: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:25:02.337374: |    spi size: 0 (00)
Oct 31 15:25:02.337377: |    # transforms: 11 (0b)
Oct 31 15:25:02.337380: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.337384: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.337387: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337390: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337392: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.337394: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:25:02.337397: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337399: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.337402: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.337405: |    length/value: 128 (00 80)
Oct 31 15:25:02.337408: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.337411: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337413: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337416: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337418: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:25:02.337421: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337423: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337426: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337428: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337430: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337433: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337435: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:25:02.337437: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337440: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337442: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337445: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.337448: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337451: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337453: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337455: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:25:02.337458: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337463: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337465: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337467: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337470: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337472: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:25:02.337474: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337477: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337479: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337482: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337488: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337491: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337493: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:25:02.337496: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337498: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337501: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337503: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337506: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337508: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337510: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:25:02.337513: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337515: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337518: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337521: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337523: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337525: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337528: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:25:02.337530: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337533: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337535: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337538: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337540: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337542: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337544: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:25:02.337547: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337549: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337552: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337554: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337557: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337559: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337562: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:25:02.337564: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337567: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337569: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337572: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337574: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.337576: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337578: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:25:02.337581: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337585: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337588: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337590: | emitting length of IKEv2 Proposal Substructure Payload: 100
Oct 31 15:25:02.337593: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.337597: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.337600: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.337602: |    prop #: 3 (03)
Oct 31 15:25:02.337605: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:25:02.337607: |    spi size: 0 (00)
Oct 31 15:25:02.337610: |    # transforms: 13 (0d)
Oct 31 15:25:02.337613: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.337615: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.337618: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337620: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337623: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.337625: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:25:02.337627: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337630: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.337633: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.337636: |    length/value: 256 (01 00)
Oct 31 15:25:02.337639: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.337641: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337644: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337646: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337648: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:25:02.337651: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337653: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337656: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337658: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337661: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337663: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337665: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:25:02.337668: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337673: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337676: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337678: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337680: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.337683: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:25:02.337685: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337688: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337692: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337694: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337697: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337699: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.337701: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:25:02.337704: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337707: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337709: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337712: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337714: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337717: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337719: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:25:02.337721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337724: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337726: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337729: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337731: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337733: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337735: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:25:02.337738: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337741: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337744: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337746: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337748: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337751: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337753: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:25:02.337756: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337758: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337761: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337763: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337765: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337768: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337770: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:25:02.337773: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337775: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337778: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337781: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337783: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337787: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337790: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:25:02.337792: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337794: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337797: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337799: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337802: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337804: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337806: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:25:02.337809: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337812: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337815: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337817: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337819: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337822: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337824: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:25:02.337827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337831: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337834: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337836: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.337838: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337841: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:25:02.337843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337849: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337851: | emitting length of IKEv2 Proposal Substructure Payload: 116
Oct 31 15:25:02.337854: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.337858: | ****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.337860: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:25:02.337863: |    prop #: 4 (04)
Oct 31 15:25:02.337865: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:25:02.337868: |    spi size: 0 (00)
Oct 31 15:25:02.337870: |    # transforms: 13 (0d)
Oct 31 15:25:02.337873: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.337876: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.337878: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337881: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337883: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.337886: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:25:02.337890: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337893: | ******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.337895: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.337898: |    length/value: 128 (00 80)
Oct 31 15:25:02.337901: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.337903: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337906: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337908: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337910: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:25:02.337913: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337915: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337918: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337921: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337923: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337926: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.337928: |    IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
Oct 31 15:25:02.337930: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337933: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337935: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337938: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337940: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337943: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.337945: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:25:02.337947: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337950: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337952: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337955: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337958: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337960: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.337963: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:25:02.337965: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337970: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337973: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337975: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337977: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337979: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:25:02.337982: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337984: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.337989: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.337992: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.337994: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.337996: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.337999: |    IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf)
Oct 31 15:25:02.338001: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338003: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.338006: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.338008: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.338011: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338013: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.338015: |    IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10)
Oct 31 15:25:02.338018: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.338023: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.338025: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.338028: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338031: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.338033: |    IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12)
Oct 31 15:25:02.338035: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338038: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.338040: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.338043: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.338045: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338047: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.338050: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
Oct 31 15:25:02.338052: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338055: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.338057: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.338060: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.338062: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338064: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.338067: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
Oct 31 15:25:02.338070: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338072: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.338075: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.338077: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.338079: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338082: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.338086: |    IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15)
Oct 31 15:25:02.338088: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338091: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.338093: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.338096: | *****emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.338098: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.338101: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.338103: |    IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f)
Oct 31 15:25:02.338106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.338108: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.338111: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.338113: | emitting length of IKEv2 Proposal Substructure Payload: 116
Oct 31 15:25:02.338116: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.338118: | emitting length of IKEv2 Security Association Payload: 436
Oct 31 15:25:02.338120: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:25:02.338123: | ***emit IKEv2 Key Exchange Payload:
Oct 31 15:25:02.338125: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.338128: |    flags: none (0x0)
Oct 31 15:25:02.338130: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:25:02.338133: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
Oct 31 15:25:02.338135: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.338140: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
Oct 31 15:25:02.338142: | ikev2 g^x:
Oct 31 15:25:02.338145: |   ec 67 0f 08  92 41 2b 01  11 c7 13 35  ee c2 a9 3e
Oct 31 15:25:02.338147: |   a4 8b 27 bd  82 78 c8 7b  fb 31 b6 27  ec 5b 87 4e
Oct 31 15:25:02.338150: |   02 3d d9 40  1d 19 8f 64  5b 71 d7 08  f8 e7 bf d5
Oct 31 15:25:02.338152: |   ce 90 32 4d  e3 86 e8 df  0f 57 25 12  06 1e 21 63
Oct 31 15:25:02.338154: |   1c bc 0b 18  e4 c0 3f ac  f6 b2 01 e0  ea e9 1c 6b
Oct 31 15:25:02.338156: |   b5 80 a4 00  0c 49 be cb  34 c4 6c db  a5 15 a5 ff
Oct 31 15:25:02.338158: |   bb 8a 9c 0e  34 bd 16 c8  a3 bb 70 0e  b9 1d 6e 98
Oct 31 15:25:02.338160: |   9f 05 6b 2d  db cb a4 ef  59 0e 3a 7e  71 6a 4a 26
Oct 31 15:25:02.338163: |   36 98 b0 f0  bd be e8 94  aa d6 86 6f  88 02 93 8a
Oct 31 15:25:02.338165: |   cc ee b7 b3  28 e9 f9 12  e5 c1 34 67  5a 28 c1 6c
Oct 31 15:25:02.338167: |   27 43 4a 29  3e cc dd 8c  d8 f8 b6 65  66 15 e8 ee
Oct 31 15:25:02.338169: |   e8 1f 7e 2e  36 87 2d 1f  2e bf ce e9  bc db 16 14
Oct 31 15:25:02.338171: |   7b 2e 0a 51  16 c4 58 77  7b 87 31 65  a1 72 c2 7a
Oct 31 15:25:02.338174: |   81 38 91 b1  eb 8d d3 f6  f9 94 17 68  e8 0d 07 43
Oct 31 15:25:02.338176: |   db 01 90 80  fe 8a 7b 6e  19 4a 81 46  34 c0 46 b5
Oct 31 15:25:02.338178: |   e8 43 52 af  b7 8a 6d 16  f4 d6 e7 a5  58 9d 12 29
Oct 31 15:25:02.338181: | emitting length of IKEv2 Key Exchange Payload: 264
Oct 31 15:25:02.338183: | ***emit IKEv2 Nonce Payload:
Oct 31 15:25:02.338186: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.338188: |    flags: none (0x0)
Oct 31 15:25:02.338191: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
Oct 31 15:25:02.338195: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.338201: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
Oct 31 15:25:02.338206: | IKEv2 nonce:
Oct 31 15:25:02.338209: |   80 ae 7c 69  0b e0 e4 92  1f 1c f4 0a  c4 cd 43 7f
Oct 31 15:25:02.338211: |   5e 85 53 8e  85 db 21 ad  6c 38 b3 44  d0 d0 07 8b
Oct 31 15:25:02.338214: | emitting length of IKEv2 Nonce Payload: 36
Oct 31 15:25:02.338216: | adding a v2N Payload
Oct 31 15:25:02.338218: | ***emit IKEv2 Notify Payload:
Oct 31 15:25:02.338220: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.338222: |    flags: none (0x0)
Oct 31 15:25:02.338224: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.338227: |    SPI size: 0 (00)
Oct 31 15:25:02.338229: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Oct 31 15:25:02.338232: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:25:02.338234: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.338237: | emitting length of IKEv2 Notify Payload: 8
Oct 31 15:25:02.338239: | adding a v2N Payload
Oct 31 15:25:02.338241: | ***emit IKEv2 Notify Payload:
Oct 31 15:25:02.338244: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.338246: |    flags: none (0x0)
Oct 31 15:25:02.338248: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.338250: |    SPI size: 0 (00)
Oct 31 15:25:02.338252: |    Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
Oct 31 15:25:02.338255: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:25:02.338257: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.338259: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload
Oct 31 15:25:02.338262: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02
Oct 31 15:25:02.338264: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload
Oct 31 15:25:02.338266: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03
Oct 31 15:25:02.338269: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload
Oct 31 15:25:02.338271: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04
Oct 31 15:25:02.338273: | emitting length of IKEv2 Notify Payload: 14
Oct 31 15:25:02.338276: |  NAT-Traversal support  [enabled] add v2N payloads.
Oct 31 15:25:02.338278: | nat: IKE.SPIr is zero
Oct 31 15:25:02.338292: | natd_hash: hasher=0x55566f4f0f80(20)
Oct 31 15:25:02.338295: | natd_hash: icookie=
Oct 31 15:25:02.338297: |   c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.338299: | natd_hash: rcookie=
Oct 31 15:25:02.338301: |   00 00 00 00  00 00 00 00
Oct 31 15:25:02.338303: | natd_hash: ip=
Oct 31 15:25:02.338305: |   c0 01 03 21
Oct 31 15:25:02.338307: | natd_hash: port=
Oct 31 15:25:02.338309: |   01 f4
Oct 31 15:25:02.338311: | natd_hash: hash=
Oct 31 15:25:02.338313: |   1c 33 38 d0  d5 76 6c 9a  50 a8 87 df  e8 f6 7f e0
Oct 31 15:25:02.338315: |   50 1c fe 69
Oct 31 15:25:02.338317: | adding a v2N Payload
Oct 31 15:25:02.338319: | ***emit IKEv2 Notify Payload:
Oct 31 15:25:02.338321: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.338323: |    flags: none (0x0)
Oct 31 15:25:02.338325: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.338328: |    SPI size: 0 (00)
Oct 31 15:25:02.338330: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Oct 31 15:25:02.338333: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:25:02.338335: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.338340: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:25:02.338343: | Notify data:
Oct 31 15:25:02.338345: |   1c 33 38 d0  d5 76 6c 9a  50 a8 87 df  e8 f6 7f e0
Oct 31 15:25:02.338347: |   50 1c fe 69
Oct 31 15:25:02.338349: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:25:02.338352: | nat: IKE.SPIr is zero
Oct 31 15:25:02.338360: | natd_hash: hasher=0x55566f4f0f80(20)
Oct 31 15:25:02.338363: | natd_hash: icookie=
Oct 31 15:25:02.338365: |   c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.338367: | natd_hash: rcookie=
Oct 31 15:25:02.338369: |   00 00 00 00  00 00 00 00
Oct 31 15:25:02.338371: | natd_hash: ip=
Oct 31 15:25:02.338373: |   c0 01 02 17
Oct 31 15:25:02.338376: | natd_hash: port=
Oct 31 15:25:02.338378: |   01 f4
Oct 31 15:25:02.338380: | natd_hash: hash=
Oct 31 15:25:02.338382: |   72 74 c0 0f  f3 d6 9e 02  d0 4c 15 ef  5c 22 de 58
Oct 31 15:25:02.338384: |   ce 33 c5 be
Oct 31 15:25:02.338386: | adding a v2N Payload
Oct 31 15:25:02.338389: | ***emit IKEv2 Notify Payload:
Oct 31 15:25:02.338391: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.338394: |    flags: none (0x0)
Oct 31 15:25:02.338396: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.338399: |    SPI size: 0 (00)
Oct 31 15:25:02.338401: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Oct 31 15:25:02.338404: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
Oct 31 15:25:02.338406: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.338409: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
Oct 31 15:25:02.338412: | Notify data:
Oct 31 15:25:02.338415: |   72 74 c0 0f  f3 d6 9e 02  d0 4c 15 ef  5c 22 de 58
Oct 31 15:25:02.338417: |   ce 33 c5 be
Oct 31 15:25:02.338419: | emitting length of IKEv2 Notify Payload: 28
Oct 31 15:25:02.338422: | emitting length of ISAKMP Message: 842
Oct 31 15:25:02.338430: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:25:02.338435: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK
Oct 31 15:25:02.338438: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1
Oct 31 15:25:02.338440: | Message ID: updating counters for #1
Oct 31 15:25:02.338443: | Message ID: IKE #1 skipping update_recv as MD is fake
Oct 31 15:25:02.338450: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.767549 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=0 ike.wip.responder=-1
Oct 31 15:25:02.338455: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55567052d7e8
Oct 31 15:25:02.338458: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1
Oct 31 15:25:02.338461: | libevent_malloc: newref ptr-libevent@0x55567052b738 size 128
Oct 31 15:25:02.338466: | #1 STATE_PARENT_I0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744576.77125
Oct 31 15:25:02.338473: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.767549 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=-1->0 ike.wip.responder=-1
Oct 31 15:25:02.338479: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.767549 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=0 ike.wip.responder=-1
Oct 31 15:25:02.338483: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA)
Oct 31 15:25:02.338486: | announcing the state transition
Oct 31 15:25:02.338490: "north-east" #1: sent IKE_SA_INIT request
Oct 31 15:25:02.338505: | sending 842 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:25:02.338509: |   c0 ab 5f b0  46 3d 51 5a  00 00 00 00  00 00 00 00
Oct 31 15:25:02.338511: |   21 20 22 08  00 00 00 00  00 00 03 4a  22 00 01 b4
Oct 31 15:25:02.338513: |   02 00 00 64  01 01 00 0b  03 00 00 0c  01 00 00 14
Oct 31 15:25:02.338515: |   80 0e 01 00  03 00 00 08  02 00 00 07  03 00 00 08
Oct 31 15:25:02.338518: |   02 00 00 05  03 00 00 08  04 00 00 0e  03 00 00 08
Oct 31 15:25:02.338520: |   04 00 00 0f  03 00 00 08  04 00 00 10  03 00 00 08
Oct 31 15:25:02.338522: |   04 00 00 12  03 00 00 08  04 00 00 13  03 00 00 08
Oct 31 15:25:02.338525: |   04 00 00 14  03 00 00 08  04 00 00 15  00 00 00 08
Oct 31 15:25:02.338527: |   04 00 00 1f  02 00 00 64  02 01 00 0b  03 00 00 0c
Oct 31 15:25:02.338529: |   01 00 00 14  80 0e 00 80  03 00 00 08  02 00 00 07
Oct 31 15:25:02.338531: |   03 00 00 08  02 00 00 05  03 00 00 08  04 00 00 0e
Oct 31 15:25:02.338533: |   03 00 00 08  04 00 00 0f  03 00 00 08  04 00 00 10
Oct 31 15:25:02.338535: |   03 00 00 08  04 00 00 12  03 00 00 08  04 00 00 13
Oct 31 15:25:02.338537: |   03 00 00 08  04 00 00 14  03 00 00 08  04 00 00 15
Oct 31 15:25:02.338539: |   00 00 00 08  04 00 00 1f  02 00 00 74  03 01 00 0d
Oct 31 15:25:02.338542: |   03 00 00 0c  01 00 00 0c  80 0e 01 00  03 00 00 08
Oct 31 15:25:02.338544: |   02 00 00 07  03 00 00 08  02 00 00 05  03 00 00 08
Oct 31 15:25:02.338546: |   03 00 00 0e  03 00 00 08  03 00 00 0c  03 00 00 08
Oct 31 15:25:02.338548: |   04 00 00 0e  03 00 00 08  04 00 00 0f  03 00 00 08
Oct 31 15:25:02.338550: |   04 00 00 10  03 00 00 08  04 00 00 12  03 00 00 08
Oct 31 15:25:02.338552: |   04 00 00 13  03 00 00 08  04 00 00 14  03 00 00 08
Oct 31 15:25:02.338555: |   04 00 00 15  00 00 00 08  04 00 00 1f  00 00 00 74
Oct 31 15:25:02.338557: |   04 01 00 0d  03 00 00 0c  01 00 00 0c  80 0e 00 80
Oct 31 15:25:02.338560: |   03 00 00 08  02 00 00 07  03 00 00 08  02 00 00 05
Oct 31 15:25:02.338562: |   03 00 00 08  03 00 00 0e  03 00 00 08  03 00 00 0c
Oct 31 15:25:02.338564: |   03 00 00 08  04 00 00 0e  03 00 00 08  04 00 00 0f
Oct 31 15:25:02.338566: |   03 00 00 08  04 00 00 10  03 00 00 08  04 00 00 12
Oct 31 15:25:02.338568: |   03 00 00 08  04 00 00 13  03 00 00 08  04 00 00 14
Oct 31 15:25:02.338570: |   03 00 00 08  04 00 00 15  00 00 00 08  04 00 00 1f
Oct 31 15:25:02.338572: |   28 00 01 08  00 0e 00 00  ec 67 0f 08  92 41 2b 01
Oct 31 15:25:02.338575: |   11 c7 13 35  ee c2 a9 3e  a4 8b 27 bd  82 78 c8 7b
Oct 31 15:25:02.338577: |   fb 31 b6 27  ec 5b 87 4e  02 3d d9 40  1d 19 8f 64
Oct 31 15:25:02.338579: |   5b 71 d7 08  f8 e7 bf d5  ce 90 32 4d  e3 86 e8 df
Oct 31 15:25:02.338581: |   0f 57 25 12  06 1e 21 63  1c bc 0b 18  e4 c0 3f ac
Oct 31 15:25:02.338584: |   f6 b2 01 e0  ea e9 1c 6b  b5 80 a4 00  0c 49 be cb
Oct 31 15:25:02.338586: |   34 c4 6c db  a5 15 a5 ff  bb 8a 9c 0e  34 bd 16 c8
Oct 31 15:25:02.338588: |   a3 bb 70 0e  b9 1d 6e 98  9f 05 6b 2d  db cb a4 ef
Oct 31 15:25:02.338590: |   59 0e 3a 7e  71 6a 4a 26  36 98 b0 f0  bd be e8 94
Oct 31 15:25:02.338593: |   aa d6 86 6f  88 02 93 8a  cc ee b7 b3  28 e9 f9 12
Oct 31 15:25:02.338595: |   e5 c1 34 67  5a 28 c1 6c  27 43 4a 29  3e cc dd 8c
Oct 31 15:25:02.338597: |   d8 f8 b6 65  66 15 e8 ee  e8 1f 7e 2e  36 87 2d 1f
Oct 31 15:25:02.338599: |   2e bf ce e9  bc db 16 14  7b 2e 0a 51  16 c4 58 77
Oct 31 15:25:02.338601: |   7b 87 31 65  a1 72 c2 7a  81 38 91 b1  eb 8d d3 f6
Oct 31 15:25:02.338603: |   f9 94 17 68  e8 0d 07 43  db 01 90 80  fe 8a 7b 6e
Oct 31 15:25:02.338606: |   19 4a 81 46  34 c0 46 b5  e8 43 52 af  b7 8a 6d 16
Oct 31 15:25:02.338608: |   f4 d6 e7 a5  58 9d 12 29  29 00 00 24  80 ae 7c 69
Oct 31 15:25:02.338610: |   0b e0 e4 92  1f 1c f4 0a  c4 cd 43 7f  5e 85 53 8e
Oct 31 15:25:02.338612: |   85 db 21 ad  6c 38 b3 44  d0 d0 07 8b  29 00 00 08
Oct 31 15:25:02.338614: |   00 00 40 2e  29 00 00 0e  00 00 40 2f  00 02 00 03
Oct 31 15:25:02.338617: |   00 04 29 00  00 1c 00 00  40 04 1c 33  38 d0 d5 76
Oct 31 15:25:02.338622: |   6c 9a 50 a8  87 df e8 f6  7f e0 50 1c  fe 69 00 00
Oct 31 15:25:02.338625: |   00 1c 00 00  40 05 72 74  c0 0f f3 d6  9e 02 d0 4c
Oct 31 15:25:02.338628: |   15 ef 5c 22  de 58 ce 33  c5 be
Oct 31 15:25:02.338721: | sent 1 messages
Oct 31 15:25:02.338727: | checking that a retransmit timeout_event was already
Oct 31 15:25:02.338731: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:25:02.338735: | libevent_free: delref ptr-libevent@0x55567052bcf8
Oct 31 15:25:02.338738: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55567052ee98
Oct 31 15:25:02.338742: | delref logger@0x55567051b168(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:25:02.338745: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:02.338748: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:02.338752: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition()
Oct 31 15:25:02.338755: | delref mdp@NULL (in resume_handler() at server.c:743)
Oct 31 15:25:02.338763: | #1 spent 1.69 (1.8) milliseconds in resume sending helper answer back to state
Oct 31 15:25:02.338768: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:25:02.338772: | libevent_free: delref ptr-libevent@0x7f374c006108
Oct 31 15:25:02.343585: | spent 0.00266 (0.00262) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:25:02.343606: | newref struct msg_digest@0x555670530de8(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:02.343611: | newref alloc logger@0x55567051b168(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:02.343619: | *received 451 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:25:02.343622: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.343625: |   21 20 22 20  00 00 00 00  00 00 01 c3  22 00 00 28
Oct 31 15:25:02.343627: |   00 00 00 24  01 01 00 03  03 00 00 0c  01 00 00 14
Oct 31 15:25:02.343629: |   80 0e 01 00  03 00 00 08  02 00 00 07  00 00 00 08
Oct 31 15:25:02.343631: |   04 00 00 0e  28 00 01 08  00 0e 00 00  f9 00 57 0c
Oct 31 15:25:02.343633: |   ea 32 e6 98  d4 1a e5 28  a1 4e a7 65  bc c1 48 39
Oct 31 15:25:02.343635: |   8f f3 35 e1  eb ac a0 3f  59 aa f2 31  19 60 0c 74
Oct 31 15:25:02.343637: |   5d 11 18 ce  74 1d 95 c7  90 9d 4e 73  88 49 6e 59
Oct 31 15:25:02.343640: |   c5 49 43 49  5e 57 a0 13  07 34 7c e7  01 d9 62 ea
Oct 31 15:25:02.343642: |   d6 e3 6a 22  68 62 f5 c4  0b 2e 23 7b  f3 7b d2 df
Oct 31 15:25:02.343644: |   8f 64 b5 b6  03 5f cd 70  91 72 73 84  4b 0e 83 6c
Oct 31 15:25:02.343646: |   1b ad 81 3c  58 0a fa 6f  7a 4a 0f 8d  c9 43 ca 83
Oct 31 15:25:02.343648: |   c8 df 98 1c  72 4d 18 94  3c a9 5a 18  13 d1 8a 6e
Oct 31 15:25:02.343651: |   03 18 d4 0a  78 80 b2 39  30 54 89 bd  94 89 af 0e
Oct 31 15:25:02.343653: |   cb af 4d 1b  ca 9a 2c 4f  73 81 71 35  37 ae 45 a6
Oct 31 15:25:02.343655: |   f4 96 c0 9f  d5 e0 4a 76  28 f1 67 7d  21 d1 3c 01
Oct 31 15:25:02.343658: |   93 f1 23 f2  6b 14 af ce  93 2d 85 f7  29 9f 8e 16
Oct 31 15:25:02.343660: |   b8 08 a2 24  b7 6d f7 6d  ae 30 37 b8  e7 2b b5 fd
Oct 31 15:25:02.343662: |   83 58 7e 7c  df 9f d7 e9  58 c2 08 86  7e c7 41 92
Oct 31 15:25:02.343664: |   12 7b 4a 66  f3 a9 1b 85  5c c3 09 cf  f1 b5 73 4f
Oct 31 15:25:02.343666: |   a1 f4 d9 7b  89 8f 87 d3  32 1f 26 73  29 00 00 24
Oct 31 15:25:02.343668: |   de f4 74 6a  c3 b8 40 0e  78 65 b4 77  f6 1a 40 f4
Oct 31 15:25:02.343671: |   5c fe 1d fd  3d 2e 5f 97  17 a2 a7 12  3b a0 23 4c
Oct 31 15:25:02.343673: |   29 00 00 08  00 00 40 2e  29 00 00 0e  00 00 40 2f
Oct 31 15:25:02.343675: |   00 02 00 03  00 04 29 00  00 1c 00 00  40 04 5b 3f
Oct 31 15:25:02.343677: |   2b 43 3c 86  62 73 1c 6b  ac e6 47 7f  82 6d b8 86
Oct 31 15:25:02.343679: |   01 86 26 00  00 1c 00 00  40 05 6b 69  72 f7 c3 1e
Oct 31 15:25:02.343682: |   dd 70 c5 3c  39 f2 d1 2a  6d 55 57 29  6d c0 00 00
Oct 31 15:25:02.343684: |   00 05 04
Oct 31 15:25:02.343689: | **parse ISAKMP Message:
Oct 31 15:25:02.343696: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.343700: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.343703: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Oct 31 15:25:02.343706: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:02.343708: |    exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
Oct 31 15:25:02.343711: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:25:02.343715: |    Message ID: 0 (00 00 00 00)
Oct 31 15:25:02.343718: |    length: 451 (00 00 01 c3)
Oct 31 15:25:02.343721: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
Oct 31 15:25:02.343726: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response 
Oct 31 15:25:02.343730: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi)
Oct 31 15:25:02.343733: | #1 is idle
Oct 31 15:25:02.343735: | #1 idle
Oct 31 15:25:02.343737: | unpacking clear payloads
Oct 31 15:25:02.343740: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Oct 31 15:25:02.343743: | ***parse IKEv2 Security Association Payload:
Oct 31 15:25:02.343746: |    next payload type: ISAKMP_NEXT_v2KE (0x22)
Oct 31 15:25:02.343748: |    flags: none (0x0)
Oct 31 15:25:02.343752: |    length: 40 (00 28)
Oct 31 15:25:02.343754: | processing payload: ISAKMP_NEXT_v2SA (len=36)
Oct 31 15:25:02.343757: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
Oct 31 15:25:02.343760: | ***parse IKEv2 Key Exchange Payload:
Oct 31 15:25:02.343763: |    next payload type: ISAKMP_NEXT_v2Ni (0x28)
Oct 31 15:25:02.343765: |    flags: none (0x0)
Oct 31 15:25:02.343768: |    length: 264 (01 08)
Oct 31 15:25:02.343771: |    DH group: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:25:02.343773: | processing payload: ISAKMP_NEXT_v2KE (len=256)
Oct 31 15:25:02.343775: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
Oct 31 15:25:02.343778: | ***parse IKEv2 Nonce Payload:
Oct 31 15:25:02.343780: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:25:02.343783: |    flags: none (0x0)
Oct 31 15:25:02.343785: |    length: 36 (00 24)
Oct 31 15:25:02.343788: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
Oct 31 15:25:02.343790: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:25:02.343793: | ***parse IKEv2 Notify Payload:
Oct 31 15:25:02.343796: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:25:02.343799: |    flags: none (0x0)
Oct 31 15:25:02.343802: |    length: 8 (00 08)
Oct 31 15:25:02.343804: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.343807: |    SPI size: 0 (00)
Oct 31 15:25:02.343809: |    Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e)
Oct 31 15:25:02.343812: | processing payload: ISAKMP_NEXT_v2N (len=0)
Oct 31 15:25:02.343814: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:25:02.343817: | ***parse IKEv2 Notify Payload:
Oct 31 15:25:02.343819: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:25:02.343822: |    flags: none (0x0)
Oct 31 15:25:02.343825: |    length: 14 (00 0e)
Oct 31 15:25:02.343827: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.343830: |    SPI size: 0 (00)
Oct 31 15:25:02.343832: |    Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
Oct 31 15:25:02.343835: | processing payload: ISAKMP_NEXT_v2N (len=6)
Oct 31 15:25:02.343837: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:25:02.343840: | ***parse IKEv2 Notify Payload:
Oct 31 15:25:02.343842: |    next payload type: ISAKMP_NEXT_v2N (0x29)
Oct 31 15:25:02.343845: |    flags: none (0x0)
Oct 31 15:25:02.343848: |    length: 28 (00 1c)
Oct 31 15:25:02.343850: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.343852: |    SPI size: 0 (00)
Oct 31 15:25:02.343855: |    Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
Oct 31 15:25:02.343857: | processing payload: ISAKMP_NEXT_v2N (len=20)
Oct 31 15:25:02.343859: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
Oct 31 15:25:02.343862: | ***parse IKEv2 Notify Payload:
Oct 31 15:25:02.343864: |    next payload type: ISAKMP_NEXT_v2CERTREQ (0x26)
Oct 31 15:25:02.343869: |    flags: none (0x0)
Oct 31 15:25:02.343872: |    length: 28 (00 1c)
Oct 31 15:25:02.343875: |    Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
Oct 31 15:25:02.343877: |    SPI size: 0 (00)
Oct 31 15:25:02.343880: |    Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
Oct 31 15:25:02.343882: | processing payload: ISAKMP_NEXT_v2N (len=20)
Oct 31 15:25:02.343884: | Now let's proceed with payload (ISAKMP_NEXT_v2CERTREQ)
Oct 31 15:25:02.343887: | ***parse IKEv2 Certificate Request Payload:
Oct 31 15:25:02.343889: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.343892: |    flags: none (0x0)
Oct 31 15:25:02.343895: |    length: 5 (00 05)
Oct 31 15:25:02.343897: |    ikev2 cert encoding: CERT_X509_SIGNATURE (0x4)
Oct 31 15:25:02.343899: | processing payload: ISAKMP_NEXT_v2CERTREQ (len=0)
Oct 31 15:25:02.343902: | looking for message matching transition from STATE_PARENT_I1
Oct 31 15:25:02.343904: |   trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added
Oct 31 15:25:02.343907: |     message has errors
Oct 31 15:25:02.343910: |   trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload
Oct 31 15:25:02.343912: |     message has errors
Oct 31 15:25:02.343914: |   trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination
Oct 31 15:25:02.343917: |     message has errors
Oct 31 15:25:02.343919: |   trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE
Oct 31 15:25:02.343921: |     matched unencrypted message
Oct 31 15:25:02.343929: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848)
Oct 31 15:25:02.343931: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE
Oct 31 15:25:02.343936: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
Oct 31 15:25:02.343938: | hash algorithm identifier (network ordered)
Oct 31 15:25:02.343940: |   00 02
Oct 31 15:25:02.343943: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy
Oct 31 15:25:02.343946: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
Oct 31 15:25:02.343948: | hash algorithm identifier (network ordered)
Oct 31 15:25:02.343950: |   00 03
Oct 31 15:25:02.343952: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy
Oct 31 15:25:02.343955: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
Oct 31 15:25:02.343957: | hash algorithm identifier (network ordered)
Oct 31 15:25:02.343959: |   00 04
Oct 31 15:25:02.343961: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy
Oct 31 15:25:02.343963: | ikev2 parent inR1: calculating g^{xy} in order to send I2
Oct 31 15:25:02.343982: | using existing local IKE proposals for connection north-east (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Oct 31 15:25:02.343986: | comparing remote proposals against IKE initiator (accepting) 4 local proposals
Oct 31 15:25:02.343990: | local proposal 1 type ENCR has 1 transforms
Oct 31 15:25:02.343993: | local proposal 1 type PRF has 2 transforms
Oct 31 15:25:02.343995: | local proposal 1 type INTEG has 1 transforms
Oct 31 15:25:02.343998: | local proposal 1 type DH has 8 transforms
Oct 31 15:25:02.344000: | local proposal 1 type ESN has 0 transforms
Oct 31 15:25:02.344004: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
Oct 31 15:25:02.344008: | local proposal 2 type ENCR has 1 transforms
Oct 31 15:25:02.344011: | local proposal 2 type PRF has 2 transforms
Oct 31 15:25:02.344013: | local proposal 2 type INTEG has 1 transforms
Oct 31 15:25:02.344016: | local proposal 2 type DH has 8 transforms
Oct 31 15:25:02.344018: | local proposal 2 type ESN has 0 transforms
Oct 31 15:25:02.344021: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
Oct 31 15:25:02.344024: | local proposal 3 type ENCR has 1 transforms
Oct 31 15:25:02.344026: | local proposal 3 type PRF has 2 transforms
Oct 31 15:25:02.344029: | local proposal 3 type INTEG has 2 transforms
Oct 31 15:25:02.344031: | local proposal 3 type DH has 8 transforms
Oct 31 15:25:02.344033: | local proposal 3 type ESN has 0 transforms
Oct 31 15:25:02.344036: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Oct 31 15:25:02.344038: | local proposal 4 type ENCR has 1 transforms
Oct 31 15:25:02.344041: | local proposal 4 type PRF has 2 transforms
Oct 31 15:25:02.344043: | local proposal 4 type INTEG has 2 transforms
Oct 31 15:25:02.344045: | local proposal 4 type DH has 8 transforms
Oct 31 15:25:02.344048: | local proposal 4 type ESN has 0 transforms
Oct 31 15:25:02.344051: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
Oct 31 15:25:02.344054: | ****parse IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.344057: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:25:02.344060: |    length: 36 (00 24)
Oct 31 15:25:02.344063: |    prop #: 1 (01)
Oct 31 15:25:02.344065: |    proto ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:25:02.344068: |    spi size: 0 (00)
Oct 31 15:25:02.344070: |    # transforms: 3 (03)
Oct 31 15:25:02.344074: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals
Oct 31 15:25:02.344078: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.344080: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.344083: |    length: 12 (00 0c)
Oct 31 15:25:02.344086: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.344088: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:25:02.344091: | ******parse IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.344094: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.344097: |    length/value: 256 (01 00)
Oct 31 15:25:02.344101: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Oct 31 15:25:02.344104: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.344106: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.344109: |    length: 8 (00 08)
Oct 31 15:25:02.344112: |    IKEv2 transform type: TRANS_TYPE_PRF (0x2)
Oct 31 15:25:02.344114: |    IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
Oct 31 15:25:02.344118: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
Oct 31 15:25:02.344121: | *****parse IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.344124: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.344126: |    length: 8 (00 08)
Oct 31 15:25:02.344129: |    IKEv2 transform type: TRANS_TYPE_DH (0x4)
Oct 31 15:25:02.344131: |    IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
Oct 31 15:25:02.344135: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0
Oct 31 15:25:02.344138: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
Oct 31 15:25:02.344143: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
Oct 31 15:25:02.344145: | remote proposal 1 matches local proposal 1
Oct 31 15:25:02.344149: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match]
Oct 31 15:25:02.344151: | converting proposal to internal trans attrs
Oct 31 15:25:02.344171: | natd_hash: hasher=0x55566f4f0f80(20)
Oct 31 15:25:02.344177: | natd_hash: icookie=
Oct 31 15:25:02.344179: |   c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.344182: | natd_hash: rcookie=
Oct 31 15:25:02.344184: |   b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.344186: | natd_hash: ip=
Oct 31 15:25:02.344188: |   c0 01 03 21
Oct 31 15:25:02.344191: | natd_hash: port=
Oct 31 15:25:02.344193: |   01 f4
Oct 31 15:25:02.344195: | natd_hash: hash=
Oct 31 15:25:02.344197: |   6b 69 72 f7  c3 1e dd 70  c5 3c 39 f2  d1 2a 6d 55
Oct 31 15:25:02.344213: |   57 29 6d c0
Oct 31 15:25:02.344223: | natd_hash: hasher=0x55566f4f0f80(20)
Oct 31 15:25:02.344226: | natd_hash: icookie=
Oct 31 15:25:02.344228: |   c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.344231: | natd_hash: rcookie=
Oct 31 15:25:02.344233: |   b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.344235: | natd_hash: ip=
Oct 31 15:25:02.344237: |   c0 01 02 17
Oct 31 15:25:02.344239: | natd_hash: port=
Oct 31 15:25:02.344241: |   01 f4
Oct 31 15:25:02.344243: | natd_hash: hash=
Oct 31 15:25:02.344251: |   5b 3f 2b 43  3c 86 62 73  1c 6b ac e6  47 7f 82 6d
Oct 31 15:25:02.344253: |   b8 86 01 86
Oct 31 15:25:02.344256: | NAT_TRAVERSAL encaps using auto-detect
Oct 31 15:25:02.344258: | NAT_TRAVERSAL this end is NOT behind NAT
Oct 31 15:25:02.344260: | NAT_TRAVERSAL that end is NOT behind NAT
Oct 31 15:25:02.344264: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23
Oct 31 15:25:02.344272: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16
Oct 31 15:25:02.344276: | DH secret MODP2048@0x7f374c006ba8: transferring ownership from state #1 to helper IKEv2 DH
Oct 31 15:25:02.344281: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:25:02.344283: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:25:02.344287: | newref clone logger@0x55567051b0f8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:25:02.344290: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue
Oct 31 15:25:02.344292: | state #1 has no .st_event to delete
Oct 31 15:25:02.344295: | #1 requesting EVENT_RETRANSMIT-pe@0x55567052d7e8 be deleted
Oct 31 15:25:02.344299: | libevent_free: delref ptr-libevent@0x55567052b738
Oct 31 15:25:02.344302: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55567052d7e8
Oct 31 15:25:02.344305: | #1 STATE_PARENT_I1: retransmits: cleared
Oct 31 15:25:02.344308: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x5556704671e8
Oct 31 15:25:02.344311: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:25:02.344314: | libevent_malloc: newref ptr-libevent@0x7f374c006108 size 128
Oct 31 15:25:02.344326: |   #1 spent 0.378 (0.389) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch()
Oct 31 15:25:02.344332: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:25:02.344338: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1
Oct 31 15:25:02.344341: | suspending state #1 and saving MD 0x555670530de8
Oct 31 15:25:02.344344: | addref md@0x555670530de8(1->2) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:25:02.344346: | #1 is busy; has suspended MD 0x555670530de8
Oct 31 15:25:02.344351: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1850)
Oct 31 15:25:02.344356: | #1 spent 0.772 (0.783) milliseconds in ikev2_process_packet()
Oct 31 15:25:02.344359: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:25:02.344362: | delref mdp@0x555670530de8(2->1) (in handle_packet_cb() at demux.c:318)
Oct 31 15:25:02.344367: | spent 0.783 (0.793) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:25:02.344379: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 2 starting job
Oct 31 15:25:02.345275: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4
Oct 31 15:25:02.345435: | "north-east" #1: spent 1.04 (1.05) milliseconds in helper 2 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr)
Oct 31 15:25:02.345443: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 2 sending result back to state
Oct 31 15:25:02.345447: | scheduling resume sending helper answer back to state for #1
Oct 31 15:25:02.345450: | libevent_malloc: newref ptr-libevent@0x7f374400b578 size 128
Oct 31 15:25:02.345458: | helper thread 2 has nothing to do
Oct 31 15:25:02.345471: | processing resume sending helper answer back to state for #1
Oct 31 15:25:02.345479: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:25:02.345483: | unsuspending #1 MD 0x555670530de8
Oct 31 15:25:02.345486: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 2
Oct 31 15:25:02.345489: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x55566f3fefe7
Oct 31 15:25:02.345492: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2
Oct 31 15:25:02.345495: | DH secret MODP2048@0x7f374c006ba8: transferring ownership from helper IKEv2 DH to state #1
Oct 31 15:25:02.345498: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir]
Oct 31 15:25:02.345525: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512
Oct 31 15:25:02.345548: | get_connection_private_key() using CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d to find private key for @north->@east of kind RSA
Oct 31 15:25:02.345679: | loaded private key matching CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d
Oct 31 15:25:02.345962: | copying key using reference slot
Oct 31 15:25:02.348092: | certs and keys locked by 'lsw_add_rsa_secret'
Oct 31 15:25:02.348104: | certs and keys unlocked by 'lsw_add_rsa_secret'
Oct 31 15:25:02.348115: "north-east" #1: reloaded private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d
Oct 31 15:25:02.348119: | connection north-east's RSA private key found in NSS DB using CKAID
Oct 31 15:25:02.348125: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:25:02.348128: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:25:02.348131: | newref clone logger@0x55567052d7e8(0->1) (in clone_logger() at log.c:817)
Oct 31 15:25:02.348134: | job 3 for #1: computing responder signature (signature): adding job to queue
Oct 31 15:25:02.348138: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:25:02.348144: | libevent_free: delref ptr-libevent@0x7f374c006108
Oct 31 15:25:02.348147: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x5556704671e8
Oct 31 15:25:02.348151: | #1 STATE_PARENT_I1: retransmits: cleared
Oct 31 15:25:02.348154: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55567052b738
Oct 31 15:25:02.348157: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
Oct 31 15:25:02.348160: | libevent_malloc: newref ptr-libevent@0x55567052db88 size 128
Oct 31 15:25:02.348182: | job 3 for #1: computing responder signature (signature): helper 3 starting job
Oct 31 15:25:02.348187: | hash to sign
Oct 31 15:25:02.348190: |   50 9b e3 8e  88 0a 55 ec  14 ab d4 20  83 5f 57 c6
Oct 31 15:25:02.348192: |   d2 56 c5 e4  40 0c 39 de  11 48 37 19  40 98 1c 3f
Oct 31 15:25:02.348194: |   ce c2 36 33  88 5c ff 54  9b 6d 71 0c  3b a1 56 84
Oct 31 15:25:02.348196: |   8a 14 1f 59  58 38 f1 37  00 5b f9 31  7d 75 67 2e
Oct 31 15:25:02.348331: | RSA_sign_hash: Started using NSS
Oct 31 15:25:02.356222: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:25:02.356246: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1
Oct 31 15:25:02.356251: | suspending state #1 and saving MD 0x555670530de8
Oct 31 15:25:02.356254: | addref md@0x555670530de8(1->2) (in complete_v2_state_transition() at ikev2.c:3485)
Oct 31 15:25:02.356257: | #1 is busy; has suspended MD 0x555670530de8
Oct 31 15:25:02.356261: | delref logger@0x55567051b0f8(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:25:02.356268: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:02.356271: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:02.356275: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition()
Oct 31 15:25:02.356278: | delref mdp@0x555670530de8(2->1) (in resume_handler() at server.c:743)
Oct 31 15:25:02.356289: | #1 spent 2.76 (10.8) milliseconds in resume sending helper answer back to state
Oct 31 15:25:02.356295: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:25:02.356300: | libevent_free: delref ptr-libevent@0x7f374400b578
Oct 31 15:25:02.356484: | RSA_sign_hash: Ended using NSS
Oct 31 15:25:02.356493: |     "north-east" #1: spent 7.77 (8.16) milliseconds in v2_auth_signature() calling sign_hash()
Oct 31 15:25:02.356498: |   "north-east" #1: spent 7.79 (8.31) milliseconds in v2_auth_signature()
Oct 31 15:25:02.356503: | "north-east" #1: spent 7.8 (8.32) milliseconds in helper 3 processing job 3 for state #1: computing responder signature (signature)
Oct 31 15:25:02.356506: | job 3 for #1: computing responder signature (signature): helper thread 3 sending result back to state
Oct 31 15:25:02.356510: | scheduling resume sending helper answer back to state for #1
Oct 31 15:25:02.356513: | libevent_malloc: newref ptr-libevent@0x7f3748000d38 size 128
Oct 31 15:25:02.356523: | helper thread 3 has nothing to do
Oct 31 15:25:02.356535: | processing resume sending helper answer back to state for #1
Oct 31 15:25:02.356541: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:641)
Oct 31 15:25:02.356545: | unsuspending #1 MD 0x555670530de8
Oct 31 15:25:02.356548: | job 3 for #1: computing responder signature (signature): processing response from helper 3
Oct 31 15:25:02.356551: | job 3 for #1: computing responder signature (signature): calling continuation function 0x55566f32d77f
Oct 31 15:25:02.356557: | newref alloc logger@0x55567051b0f8(0->1) (in new_state() at state.c:576)
Oct 31 15:25:02.356560: | addref fd@NULL (in new_state() at state.c:577)
Oct 31 15:25:02.356563: | creating state object #2 at 0x5556705325f8
Oct 31 15:25:02.356566: | State DB: adding IKEv2 state #2 in UNDEFINED
Oct 31 15:25:02.356575: | pstats #2 ikev2.child started
Oct 31 15:25:02.356578: | duplicating state object #1 "north-east" as #2 for IPSEC SA
Oct 31 15:25:02.356584: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581)
Oct 31 15:25:02.356595: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.767549 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=0->-1 child.wip.responder=0->-1
Oct 31 15:25:02.356600: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore)
Oct 31 15:25:02.356604: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666)
Oct 31 15:25:02.356610: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.767549 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=0->-1 ike.wip.responder=-1
Oct 31 15:25:02.356616: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.767549 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=-1->0 child.wip.responder=-1
Oct 31 15:25:02.356620: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155)
Oct 31 15:25:02.356623: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT
Oct 31 15:25:02.356627: | libevent_free: delref ptr-libevent@0x55567052db88
Oct 31 15:25:02.356632: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55567052b738
Oct 31 15:25:02.356636: | #1 STATE_PARENT_I1: retransmits: cleared
Oct 31 15:25:02.356639: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55567052db88
Oct 31 15:25:02.356642: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1
Oct 31 15:25:02.356645: | libevent_malloc: newref ptr-libevent@0x7f374400b578 size 128
Oct 31 15:25:02.356648: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA)
Oct 31 15:25:02.356654: | opening output PBS reply packet
Oct 31 15:25:02.356658: | **emit ISAKMP Message:
Oct 31 15:25:02.356663: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.356667: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.356670: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:25:02.356672: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:02.356675: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:25:02.356677: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:25:02.356681: |    Message ID: 1 (00 00 00 01)
Oct 31 15:25:02.356685: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:25:02.356688: | ***emit IKEv2 Encryption Payload:
Oct 31 15:25:02.356691: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.356693: |    flags: none (0x0)
Oct 31 15:25:02.356696: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:25:02.356699: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.356703: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:25:02.356715: | IKEv2 CERT: send a certificate?
Oct 31 15:25:02.356719: | IKEv2 CERT: no certificate to send
Oct 31 15:25:02.356721: | IDr payload will be sent
Oct 31 15:25:02.356724: | ****emit IKEv2 Identification - Initiator - Payload:
Oct 31 15:25:02.356726: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.356728: |    flags: none (0x0)
Oct 31 15:25:02.356731: |    ID type: ID_FQDN (0x2)
Oct 31 15:25:02.356735: |    reserved: 00 00 00
Oct 31 15:25:02.356738: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi)
Oct 31 15:25:02.356740: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.356743: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload
Oct 31 15:25:02.356747: | my identity: 6e 6f 72 74  68
Oct 31 15:25:02.356749: | emitting length of IKEv2 Identification - Initiator - Payload: 13
Oct 31 15:25:02.356752: | ****emit IKEv2 Identification - Responder - Payload:
Oct 31 15:25:02.356755: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.356757: |    flags: none (0x0)
Oct 31 15:25:02.356759: |    ID type: ID_FQDN (0x2)
Oct 31 15:25:02.356762: |    reserved: 00 00 00
Oct 31 15:25:02.356765: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr)
Oct 31 15:25:02.356768: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.356771: | emitting 4 raw bytes of their IDr into IKEv2 Identification - Responder - Payload
Oct 31 15:25:02.356774: | their IDr: 65 61 73 74
Oct 31 15:25:02.356777: | emitting length of IKEv2 Identification - Responder - Payload: 12
Oct 31 15:25:02.356779: | not sending INITIAL_CONTACT
Oct 31 15:25:02.356782: | ****emit IKEv2 Authentication Payload:
Oct 31 15:25:02.356784: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.356786: |    flags: none (0x0)
Oct 31 15:25:02.356789: |    auth method: IKEv2_AUTH_DIGSIG (0xe)
Oct 31 15:25:02.356791: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH)
Oct 31 15:25:02.356796: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.356799: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512
Oct 31 15:25:02.356802: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload
Oct 31 15:25:02.356804: | OID of ASN.1 Algorithm Identifier:
Oct 31 15:25:02.356807: |   43 30 41 06  09 2a 86 48  86 f7 0d 01  01 0a 30 34
Oct 31 15:25:02.356810: |   a0 0f 30 0d  06 09 60 86  48 01 65 03  04 02 03 05
Oct 31 15:25:02.356812: |   00 a1 1c 30  1a 06 09 2a  86 48 86 f7  0d 01 01 08
Oct 31 15:25:02.356814: |   30 0d 06 09  60 86 48 01  65 03 04 02  03 05 00 a2
Oct 31 15:25:02.356816: |   03 02 01 40
Oct 31 15:25:02.356819: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload
Oct 31 15:25:02.356821: | signature:
Oct 31 15:25:02.356823: |   9b 17 f9 66  ad 03 49 e6  cd 39 4a 86  99 61 92 8d
Oct 31 15:25:02.356826: |   4f fb d8 78  ae 4e a7 27  48 3e 93 3a  e4 f4 69 67
Oct 31 15:25:02.356828: |   12 85 d7 d6  50 8f 10 a6  46 cd c4 74  b5 e9 a1 5b
Oct 31 15:25:02.356830: |   1c bc ee 77  35 80 92 e1  c2 de 95 63  47 2b 63 34
Oct 31 15:25:02.356832: |   ef 34 7d 6a  2e e7 ad 6d  33 ff 77 28  81 a8 fd 30
Oct 31 15:25:02.356834: |   9d a1 5e 8f  9d 7c 0d db  99 e0 b6 b6  64 1a a7 03
Oct 31 15:25:02.356837: |   86 1a f7 76  a7 32 8f 99  a7 ec 22 b9  99 e8 f7 83
Oct 31 15:25:02.356839: |   6d 2b cc 4d  07 70 7c f4  f0 11 ee eb  4c 88 72 6b
Oct 31 15:25:02.356842: |   91 75 12 63  43 27 d9 25  15 59 f8 32  fa bf 9e 8b
Oct 31 15:25:02.356844: |   e2 42 52 f7  da 8c ed 29  ed f6 be d7  3e 56 3b 5a
Oct 31 15:25:02.356846: |   c9 30 49 34  ba ae a5 ac  22 f8 8d 7b  41 06 06 45
Oct 31 15:25:02.356848: |   96 49 16 31  fb 07 d1 57  0c 14 96 1b  75 bf 96 b3
Oct 31 15:25:02.356850: |   8c 0a bd 1f  92 00 34 d3  d0 73 df 2e  be b5 14 96
Oct 31 15:25:02.356853: |   5e db a3 51  7c fb 14 e9  0b 81 15 29  70 aa e5 e8
Oct 31 15:25:02.356855: |   61 91 ea f5  4f d0 fe 0c  d7 bf ee 4c  c7 bf 53 ec
Oct 31 15:25:02.356857: |   a2 01 31 2c  08 5e 55 f6  0f c7 1b 72  f7 43 d8 6c
Oct 31 15:25:02.356859: |   1a 48 d4 27  ee ac da a5  1d 42 6e 51  03 a5 43 25
Oct 31 15:25:02.356861: |   e5 51
Oct 31 15:25:02.356864: | emitting length of IKEv2 Authentication Payload: 350
Oct 31 15:25:02.356867: | getting first pending from state #1
Oct 31 15:25:02.356869: | delref fd@NULL (in first_pending() at pending.c:318)
Oct 31 15:25:02.356872: | addref fd@NULL (in first_pending() at pending.c:319)
Oct 31 15:25:02.356893: | netlink_get_spi: allocated 0x7b6df899 for esp.0@192.1.3.33
Oct 31 15:25:02.356898: | constructing ESP/AH proposals with all DH removed  for north-east (IKE SA initiator emitting ESP/AH proposals)
Oct 31 15:25:02.356907: | converting proposal AES_GCM_16_256-NONE to ikev2 ...
Oct 31 15:25:02.356915: | ...  ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED
Oct 31 15:25:02.356918: | converting proposal AES_GCM_16_128-NONE to ikev2 ...
Oct 31 15:25:02.356922: | ...  ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED
Oct 31 15:25:02.356926: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:25:02.356930: | ...  ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:25:02.356933: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ...
Oct 31 15:25:02.356937: | ...  ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:25:02.356941: "north-east": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): 
Oct 31 15:25:02.356946: "north-east":   1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED
Oct 31 15:25:02.356950: "north-east":   2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED
Oct 31 15:25:02.356953: "north-east":   3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:25:02.356957: "north-east":   4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:25:02.356964: | Emitting ikev2_proposals ...
Oct 31 15:25:02.356967: | ****emit IKEv2 Security Association Payload:
Oct 31 15:25:02.356970: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.356972: |    flags: none (0x0)
Oct 31 15:25:02.356975: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
Oct 31 15:25:02.356977: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.356982: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.356985: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.356988: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.356990: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.356993: |    prop #: 1 (01)
Oct 31 15:25:02.356996: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:25:02.356998: |    spi size: 4 (04)
Oct 31 15:25:02.357001: |    # transforms: 2 (02)
Oct 31 15:25:02.357004: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.357008: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:25:02.357011: | our spi: 7b 6d f8 99
Oct 31 15:25:02.357014: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357017: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357019: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.357022: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:25:02.357024: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357027: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.357030: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.357033: |    length/value: 256 (01 00)
Oct 31 15:25:02.357036: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.357039: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.357041: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.357044: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357046: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.357049: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:25:02.357051: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:25:02.357054: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357057: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357060: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357062: | emitting length of IKEv2 Proposal Substructure Payload: 32
Oct 31 15:25:02.357065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.357067: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.357070: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.357073: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.357075: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.357078: |    prop #: 2 (02)
Oct 31 15:25:02.357080: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:25:02.357083: |    spi size: 4 (04)
Oct 31 15:25:02.357086: |    # transforms: 2 (02)
Oct 31 15:25:02.357089: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.357093: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.357096: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:25:02.357100: | our spi: 7b 6d f8 99
Oct 31 15:25:02.357102: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357105: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357107: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.357109: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:25:02.357112: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357115: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.357117: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.357120: |    length/value: 128 (00 80)
Oct 31 15:25:02.357123: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.357126: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.357129: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.357131: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357134: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.357136: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:25:02.357138: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:25:02.357141: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357143: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357146: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357148: | emitting length of IKEv2 Proposal Substructure Payload: 32
Oct 31 15:25:02.357151: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.357154: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.357157: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.357159: |    last proposal: v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.357162: |    prop #: 3 (03)
Oct 31 15:25:02.357165: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:25:02.357167: |    spi size: 4 (04)
Oct 31 15:25:02.357170: |    # transforms: 4 (04)
Oct 31 15:25:02.357173: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.357175: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.357178: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:25:02.357181: | our spi: 7b 6d f8 99
Oct 31 15:25:02.357184: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357186: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357188: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.357190: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:25:02.357193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357196: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.357202: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.357208: |    length/value: 256 (01 00)
Oct 31 15:25:02.357211: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.357214: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357216: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357218: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.357222: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:25:02.357225: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357228: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357230: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357233: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357236: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357238: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.357240: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:25:02.357243: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357245: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357248: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357251: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.357253: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357256: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.357258: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:25:02.357260: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:25:02.357263: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357265: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357268: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357271: | emitting length of IKEv2 Proposal Substructure Payload: 48
Oct 31 15:25:02.357273: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.357276: | discard DH=NONE when counting transforms (multiple 0; allow single 0)
Oct 31 15:25:02.357279: | *****emit IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.357281: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:25:02.357284: |    prop #: 4 (04)
Oct 31 15:25:02.357286: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:25:02.357289: |    spi size: 4 (04)
Oct 31 15:25:02.357292: |    # transforms: 4 (04)
Oct 31 15:25:02.357295: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2)
Oct 31 15:25:02.357297: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
Oct 31 15:25:02.357300: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload
Oct 31 15:25:02.357303: | our spi: 7b 6d f8 99
Oct 31 15:25:02.357307: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357309: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357311: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.357314: |    IKEv2 transform ID: AES_CBC (0xc)
Oct 31 15:25:02.357316: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357319: | *******emit IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.357321: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.357324: |    length/value: 128 (00 80)
Oct 31 15:25:02.357327: | emitting length of IKEv2 Transform Substructure Payload: 12
Oct 31 15:25:02.357329: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357333: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357336: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.357338: |    IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
Oct 31 15:25:02.357341: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357343: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357346: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357348: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357351: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357353: |    IKEv2 transform type: TRANS_TYPE_INTEG (0x3)
Oct 31 15:25:02.357355: |    IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
Oct 31 15:25:02.357358: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357360: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357363: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357366: | discard DH=NONE when emitting proposal (multiple 0; allow single 0)
Oct 31 15:25:02.357368: | ******emit IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.357371: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.357373: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:25:02.357375: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:25:02.357378: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.357381: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
Oct 31 15:25:02.357383: | emitting length of IKEv2 Transform Substructure Payload: 8
Oct 31 15:25:02.357385: | emitting length of IKEv2 Proposal Substructure Payload: 48
Oct 31 15:25:02.357388: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
Oct 31 15:25:02.357390: | emitting length of IKEv2 Security Association Payload: 164
Oct 31 15:25:02.357392: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
Oct 31 15:25:02.357397: | ****emit IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:25:02.357399: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.357402: |    flags: none (0x0)
Oct 31 15:25:02.357405: |    number of TS: 1 (01)
Oct 31 15:25:02.357408: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi)
Oct 31 15:25:02.357410: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.357413: | *****emit IKEv2 Traffic Selector:
Oct 31 15:25:02.357416: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:25:02.357418: |    IP Protocol ID: ALL (0x0)
Oct 31 15:25:02.357422: |    start port: 0 (00 00)
Oct 31 15:25:02.357424: |    end port: 65535 (ff ff)
Oct 31 15:25:02.357428: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:25:02.357431: | IP start: c0 00 03 fe
Oct 31 15:25:02.357433: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:25:02.357437: | IP end: c0 00 03 fe
Oct 31 15:25:02.357439: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:25:02.357441: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24
Oct 31 15:25:02.357445: | ****emit IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:25:02.357448: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.357451: |    flags: none (0x0)
Oct 31 15:25:02.357453: |    number of TS: 1 (01)
Oct 31 15:25:02.357456: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr)
Oct 31 15:25:02.357459: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet'
Oct 31 15:25:02.357461: | *****emit IKEv2 Traffic Selector:
Oct 31 15:25:02.357464: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:25:02.357466: |    IP Protocol ID: ALL (0x0)
Oct 31 15:25:02.357469: |    start port: 0 (00 00)
Oct 31 15:25:02.357472: |    end port: 65535 (ff ff)
Oct 31 15:25:02.357474: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector
Oct 31 15:25:02.357478: | IP start: c0 00 02 00
Oct 31 15:25:02.357480: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector
Oct 31 15:25:02.357483: | IP end: c0 00 02 ff
Oct 31 15:25:02.357486: | emitting length of IKEv2 Traffic Selector: 16
Oct 31 15:25:02.357488: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24
Oct 31 15:25:02.357491: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE
Oct 31 15:25:02.357493: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED
Oct 31 15:25:02.357496: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:25:02.357499: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:25:02.357501: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:25:02.357504: | emitting length of IKEv2 Encryption Payload: 616
Oct 31 15:25:02.357506: | emitting length of ISAKMP Message: 644
Oct 31 15:25:02.357511: | **parse ISAKMP Message:
Oct 31 15:25:02.357515: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.357520: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.357523: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:25:02.357525: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:02.357528: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:25:02.357530: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:25:02.357534: |    Message ID: 1 (00 00 00 01)
Oct 31 15:25:02.357537: |    length: 644 (00 00 02 84)
Oct 31 15:25:02.357540: | **parse IKEv2 Encryption Payload:
Oct 31 15:25:02.357542: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Oct 31 15:25:02.357545: |    flags: none (0x0)
Oct 31 15:25:02.357548: |    length: 616 (02 68)
Oct 31 15:25:02.357551: | opening output PBS reply frag packet
Oct 31 15:25:02.357553: | **emit ISAKMP Message:
Oct 31 15:25:02.357557: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.357561: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.357564: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:25:02.357566: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:02.357568: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:25:02.357571: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:25:02.357574: |    Message ID: 1 (00 00 00 01)
Oct 31 15:25:02.357577: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:25:02.357579: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:25:02.357582: |    next payload type: ISAKMP_NEXT_v2IDi (0x23)
Oct 31 15:25:02.357584: |    flags: none (0x0)
Oct 31 15:25:02.357587: |    fragment number: 1 (00 01)
Oct 31 15:25:02.357590: |    total fragments: 2 (00 02)
Oct 31 15:25:02.357594: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 35:ISAKMP_NEXT_v2IDi
Oct 31 15:25:02.357596: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:25:02.357600: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:25:02.357603: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357608: | emitting 478 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357611: | cleartext fragment:
Oct 31 15:25:02.357613: |   24 00 00 0d  02 00 00 00  6e 6f 72 74  68 27 00 00
Oct 31 15:25:02.357615: |   0c 02 00 00  00 65 61 73  74 21 00 01  5e 0e 00 00
Oct 31 15:25:02.357618: |   00 43 30 41  06 09 2a 86  48 86 f7 0d  01 01 0a 30
Oct 31 15:25:02.357620: |   34 a0 0f 30  0d 06 09 60  86 48 01 65  03 04 02 03
Oct 31 15:25:02.357622: |   05 00 a1 1c  30 1a 06 09  2a 86 48 86  f7 0d 01 01
Oct 31 15:25:02.357624: |   08 30 0d 06  09 60 86 48  01 65 03 04  02 03 05 00
Oct 31 15:25:02.357627: |   a2 03 02 01  40 9b 17 f9  66 ad 03 49  e6 cd 39 4a
Oct 31 15:25:02.357629: |   86 99 61 92  8d 4f fb d8  78 ae 4e a7  27 48 3e 93
Oct 31 15:25:02.357631: |   3a e4 f4 69  67 12 85 d7  d6 50 8f 10  a6 46 cd c4
Oct 31 15:25:02.357633: |   74 b5 e9 a1  5b 1c bc ee  77 35 80 92  e1 c2 de 95
Oct 31 15:25:02.357636: |   63 47 2b 63  34 ef 34 7d  6a 2e e7 ad  6d 33 ff 77
Oct 31 15:25:02.357638: |   28 81 a8 fd  30 9d a1 5e  8f 9d 7c 0d  db 99 e0 b6
Oct 31 15:25:02.357640: |   b6 64 1a a7  03 86 1a f7  76 a7 32 8f  99 a7 ec 22
Oct 31 15:25:02.357642: |   b9 99 e8 f7  83 6d 2b cc  4d 07 70 7c  f4 f0 11 ee
Oct 31 15:25:02.357644: |   eb 4c 88 72  6b 91 75 12  63 43 27 d9  25 15 59 f8
Oct 31 15:25:02.357646: |   32 fa bf 9e  8b e2 42 52  f7 da 8c ed  29 ed f6 be
Oct 31 15:25:02.357648: |   d7 3e 56 3b  5a c9 30 49  34 ba ae a5  ac 22 f8 8d
Oct 31 15:25:02.357651: |   7b 41 06 06  45 96 49 16  31 fb 07 d1  57 0c 14 96
Oct 31 15:25:02.357653: |   1b 75 bf 96  b3 8c 0a bd  1f 92 00 34  d3 d0 73 df
Oct 31 15:25:02.357655: |   2e be b5 14  96 5e db a3  51 7c fb 14  e9 0b 81 15
Oct 31 15:25:02.357657: |   29 70 aa e5  e8 61 91 ea  f5 4f d0 fe  0c d7 bf ee
Oct 31 15:25:02.357659: |   4c c7 bf 53  ec a2 01 31  2c 08 5e 55  f6 0f c7 1b
Oct 31 15:25:02.357662: |   72 f7 43 d8  6c 1a 48 d4  27 ee ac da  a5 1d 42 6e
Oct 31 15:25:02.357664: |   51 03 a5 43  25 e5 51 2c  00 00 a4 02  00 00 20 01
Oct 31 15:25:02.357666: |   03 04 02 7b  6d f8 99 03  00 00 0c 01  00 00 14 80
Oct 31 15:25:02.357669: |   0e 01 00 00  00 00 08 05  00 00 00 02  00 00 20 02
Oct 31 15:25:02.357671: |   03 04 02 7b  6d f8 99 03  00 00 0c 01  00 00 14 80
Oct 31 15:25:02.357673: |   0e 00 80 00  00 00 08 05  00 00 00 02  00 00 30 03
Oct 31 15:25:02.357675: |   03 04 04 7b  6d f8 99 03  00 00 0c 01  00 00 0c 80
Oct 31 15:25:02.357677: |   0e 01 00 03  00 00 08 03  00 00 0e 03  00 00
Oct 31 15:25:02.357680: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:25:02.357682: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357685: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357687: | emitting length of IKEv2 Encrypted Fragment: 511
Oct 31 15:25:02.357690: | emitting length of ISAKMP Message: 539
Oct 31 15:25:02.357706: | recording fragment 1
Oct 31 15:25:02.357711: | opening output PBS reply frag packet
Oct 31 15:25:02.357713: | **emit ISAKMP Message:
Oct 31 15:25:02.357717: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.357721: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.357723: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:25:02.357726: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:02.357728: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:25:02.357731: |    flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
Oct 31 15:25:02.357734: |    Message ID: 1 (00 00 00 01)
Oct 31 15:25:02.357737: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:25:02.357740: | ***emit IKEv2 Encrypted Fragment:
Oct 31 15:25:02.357742: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.357746: |    flags: none (0x0)
Oct 31 15:25:02.357749: |    fragment number: 2 (00 02)
Oct 31 15:25:02.357752: |    total fragments: 2 (00 02)
Oct 31 15:25:02.357755: | next payload chain: using supplied v2SKF 'IKEv2 Encrypted Fragment'.'next payload type' value 0:ISAKMP_NEXT_v2NONE
Oct 31 15:25:02.357757: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encrypted Fragment (53:ISAKMP_NEXT_v2SKF)
Oct 31 15:25:02.357760: | next payload chain: saving location 'IKEv2 Encrypted Fragment'.'next payload type' in 'reply frag packet'
Oct 31 15:25:02.357763: | emitting 8 zero bytes of IV into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357767: | emitting 109 raw bytes of cleartext fragment into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357769: | cleartext fragment:
Oct 31 15:25:02.357771: |   08 03 00 00  0c 00 00 00  08 05 00 00  00 00 00 00
Oct 31 15:25:02.357774: |   30 04 03 04  04 7b 6d f8  99 03 00 00  0c 01 00 00
Oct 31 15:25:02.357776: |   0c 80 0e 00  80 03 00 00  08 03 00 00  0e 03 00 00
Oct 31 15:25:02.357778: |   08 03 00 00  0c 00 00 00  08 05 00 00  00 2d 00 00
Oct 31 15:25:02.357780: |   18 01 00 00  00 07 00 00  10 00 00 ff  ff c0 00 03
Oct 31 15:25:02.357782: |   fe c0 00 03  fe 00 00 00  18 01 00 00  00 07 00 00
Oct 31 15:25:02.357784: |   10 00 00 ff  ff c0 00 02  00 c0 00 02  ff
Oct 31 15:25:02.357787: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:25:02.357789: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357792: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encrypted Fragment
Oct 31 15:25:02.357794: | emitting length of IKEv2 Encrypted Fragment: 142
Oct 31 15:25:02.357796: | emitting length of ISAKMP Message: 170
Oct 31 15:25:02.357804: | recording fragment 2
Oct 31 15:25:02.357809: | delref logger@0x55567052d7e8(1->0) (in handle_helper_answer() at pluto_crypt.c:658)
Oct 31 15:25:02.357812: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:02.357814: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:02.357817: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2
Oct 31 15:25:02.357822: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:25:02.357827: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:25:02.357831: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL
Oct 31 15:25:02.357834: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2
Oct 31 15:25:02.357837: | Message ID: updating counters for #2
Oct 31 15:25:02.357845: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744576.767549 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:25:02.357853: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744576.767549->744576.790636 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=0->-1 child.wip.responder=-1
Oct 31 15:25:02.357858: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744576.790636 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=1 child.wip.responder=-1
Oct 31 15:25:02.357862: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55567052a798
Oct 31 15:25:02.357865: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2
Oct 31 15:25:02.357868: | libevent_malloc: newref ptr-libevent@0x55567052a6e8 size 128
Oct 31 15:25:02.357873: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744576.790658
Oct 31 15:25:02.357885: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744576.790636 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=-1->1 child.wip.responder=-1
Oct 31 15:25:02.357891: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744576.790636 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:25:02.357895: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA)
Oct 31 15:25:02.357897: | announcing the state transition
Oct 31 15:25:02.357902: "north-east" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048}
Oct 31 15:25:02.357911: | sending 539 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:25:02.357914: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.357916: |   35 20 23 08  00 00 00 01  00 00 02 1b  23 00 01 ff
Oct 31 15:25:02.357918: |   00 01 00 02  70 61 74 a0  5f 35 5c 11  84 94 8a de
Oct 31 15:25:02.357920: |   98 0c de 2b  7d fa 47 c4  84 1c 46 0b  62 99 98 29
Oct 31 15:25:02.357922: |   06 40 fd 10  51 35 ad 4f  6c 29 fb 82  2d 76 7a a8
Oct 31 15:25:02.357925: |   f7 a2 9d 6d  36 2c 78 a2  4c 65 0e 95  5b ff c8 56
Oct 31 15:25:02.357927: |   b7 83 7d e0  79 b4 97 3b  06 3b 7a b5  d7 38 e9 ee
Oct 31 15:25:02.357929: |   6f 44 6e fb  7f 2a 52 58  41 3d c6 59  c8 01 59 a5
Oct 31 15:25:02.357931: |   39 b5 24 ca  bf 0b 00 0c  93 79 88 77  d6 9f d3 95
Oct 31 15:25:02.357933: |   b6 e3 63 97  7a 46 15 bd  53 20 3a 3f  3c 92 e4 41
Oct 31 15:25:02.357935: |   08 18 7d cc  35 12 be 8e  c1 52 04 94  7e 2a 5b cf
Oct 31 15:25:02.357938: |   eb 10 9b cd  5b 17 bc e1  c8 7b 6a 4a  bd 06 2c aa
Oct 31 15:25:02.357940: |   ec dd 56 80  d7 ea 0c c1  bb f1 cc f3  e8 80 68 af
Oct 31 15:25:02.357942: |   45 7f 19 33  99 ef 60 7f  79 9b b8 b5  c9 dd 18 ba
Oct 31 15:25:02.357944: |   8b fd c9 b5  dd c7 92 0b  80 2f a0 85  d7 8f 40 4d
Oct 31 15:25:02.357947: |   75 af d3 67  9f ad 42 cd  cd e0 91 d6  16 38 b0 31
Oct 31 15:25:02.357949: |   a9 8c 08 68  b2 80 f5 a7  c0 24 35 68  58 dd fb 70
Oct 31 15:25:02.357951: |   6c 3b de 1c  e8 0f 94 e8  5d cc 08 44  1f 84 3b 65
Oct 31 15:25:02.357953: |   de f7 65 d1  19 dd f1 0b  18 9d ff bb  88 ac f9 6f
Oct 31 15:25:02.357955: |   dd 35 0f 63  2a a3 69 eb  da 5d 60 bc  7a 8a 85 85
Oct 31 15:25:02.357957: |   4d 51 53 14  79 6e 84 ed  6f e1 68 ed  73 e4 08 2e
Oct 31 15:25:02.357960: |   65 47 1a 96  6b 40 e2 2e  b8 8a b0 96  9b b7 6c 19
Oct 31 15:25:02.357962: |   4b e0 c2 87  1e f9 98 c0  8c 6b 81 8c  c3 cf 33 d3
Oct 31 15:25:02.357964: |   cd 26 51 8a  c6 ea 5a 69  19 dd 84 87  fa 68 49 20
Oct 31 15:25:02.357966: |   8f ed 7e 49  58 a7 fc e5  d3 06 f6 f9  fd 94 fe 48
Oct 31 15:25:02.357968: |   53 44 df 57  9d 8c 8e 95  f9 8f 44 ad  76 71 bf ca
Oct 31 15:25:02.357970: |   ed bf e8 16  7b 68 97 48  c8 42 7a 51  a8 0f 52 c8
Oct 31 15:25:02.357972: |   d5 39 db c5  9b 0b 4b eb  d2 c2 7f 02  c2 a5 5c 24
Oct 31 15:25:02.357975: |   43 7f 74 28  50 eb 2a 99  a5 2e 23 8f  0a 01 e9 24
Oct 31 15:25:02.357977: |   f2 c4 21 b7  9f 13 c8 fb  14 32 f5 9d  35 53 dd 65
Oct 31 15:25:02.357979: |   83 98 28 05  bc bc 96 28  a5 a4 bc 8f  26 9a fc 82
Oct 31 15:25:02.357981: |   46 f8 3b 71  0e 24 7b 81  3e 11 9a 63  f9 e9 61 a6
Oct 31 15:25:02.357984: |   5b 02 d6 33  e2 5a c6 6e  77 b7 f3 8b  8d 54 11 6e
Oct 31 15:25:02.357986: |   51 4f f2 ff  7e f5 e7 c9  65 fd 18
Oct 31 15:25:02.358315: | sending 170 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:25:02.358321: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.358324: |   35 20 23 08  00 00 00 01  00 00 00 aa  00 00 00 8e
Oct 31 15:25:02.358328: |   00 02 00 02  a6 42 92 cf  7d 20 7e 9e  c4 2c 6b 0a
Oct 31 15:25:02.358331: |   26 92 50 a0  83 2d 96 9a  14 bc 02 13  0c b4 d6 cf
Oct 31 15:25:02.358333: |   41 74 64 fe  3a 52 7c be  3b 40 23 ac  82 b1 6d 10
Oct 31 15:25:02.358335: |   ec fe 73 ba  5e ae d4 4e  0b 5e e2 1c  80 bf 1a 44
Oct 31 15:25:02.358338: |   2f bd f6 e4  29 e9 eb 9d  3d c9 c2 cb  17 28 aa 40
Oct 31 15:25:02.358340: |   ee 62 5e d7  5b 05 28 17  af 52 fb bb  29 3e 20 c4
Oct 31 15:25:02.358342: |   1b 19 1c 01  34 bb ee c1  34 cb 1a fd  45 3c 71 13
Oct 31 15:25:02.358344: |   6a 6f 04 8b  45 0a 90 01  20 29 69 da  ba 89 90 1e
Oct 31 15:25:02.358346: |   76 f6 d2 2c  2a a6 31 02  c3 bd
Oct 31 15:25:02.358628: | sent 2 messages
Oct 31 15:25:02.358633: | checking that a retransmit timeout_event was already
Oct 31 15:25:02.358635: | state #2 has no .st_event to delete
Oct 31 15:25:02.358638: | delref mdp@0x555670530de8(1->0) (in resume_handler() at server.c:743)
Oct 31 15:25:02.358641: | delref logger@0x55567051b168(1->0) (in resume_handler() at server.c:743)
Oct 31 15:25:02.358644: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:02.358646: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:02.358653: | #1 spent 1.56 (2.11) milliseconds in resume sending helper answer back to state
Oct 31 15:25:02.358659: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in resume_handler() at server.c:745)
Oct 31 15:25:02.358663: | libevent_free: delref ptr-libevent@0x7f3748000d38
Oct 31 15:25:02.482071: | spent 0.00245 (0.00244) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:25:02.482088: | newref struct msg_digest@0x555670530de8(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:02.482093: | newref alloc logger@0x55567052d7e8(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:02.482100: | *received 503 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:25:02.482103: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.482106: |   2e 20 23 20  00 00 00 01  00 00 01 f7  24 00 01 db
Oct 31 15:25:02.482108: |   eb 0a 50 34  49 c2 34 22  bf 08 05 2c  29 56 5c 66
Oct 31 15:25:02.482110: |   e2 07 44 0e  34 bd 89 9c  d2 75 27 39  8d 6a f1 f9
Oct 31 15:25:02.482112: |   c6 42 7a 59  f5 db 28 04  e7 a8 d0 09  65 aa 43 85
Oct 31 15:25:02.482114: |   9c 96 e9 1f  45 56 c6 08  10 2c 8d a0  c0 fd 60 e4
Oct 31 15:25:02.482117: |   ee 2e a3 de  90 57 5d b5  61 d8 99 35  32 67 d1 3c
Oct 31 15:25:02.482119: |   0c 60 31 bd  8e 1f 8c 14  70 5f 70 75  8e 12 f2 73
Oct 31 15:25:02.482121: |   3d 72 16 c4  6d b7 69 45  9f 3c 9b 96  bd 4f 2a b2
Oct 31 15:25:02.482123: |   b9 99 00 4d  35 25 4a 70  c5 69 89 f9  47 32 70 57
Oct 31 15:25:02.482126: |   b9 fb ff 5d  35 86 bb 91  e5 fc 24 37  0c 38 4a 24
Oct 31 15:25:02.482128: |   ab d4 45 11  f8 76 03 5b  f8 2f 7b 4a  40 d3 70 47
Oct 31 15:25:02.482130: |   ae d4 b3 0c  2b 7d c2 44  02 a0 8e ba  56 bf 38 35
Oct 31 15:25:02.482132: |   f8 00 89 16  37 64 ca 13  74 db 58 32  00 00 a3 a7
Oct 31 15:25:02.482134: |   94 d9 29 0f  21 0c 74 c5  ef 55 61 a7  44 fd de 07
Oct 31 15:25:02.482137: |   4d db 15 e6  33 7f df 25  23 23 bd cc  cc 64 92 7c
Oct 31 15:25:02.482139: |   0a 01 53 ec  b4 da f7 cd  ca d5 98 a2  4a 0b 19 d6
Oct 31 15:25:02.482141: |   4d e0 b2 4f  c8 25 d6 51  00 f0 2c 58  4f cc b8 d1
Oct 31 15:25:02.482143: |   54 75 95 35  8b 4a 29 7e  0b d0 51 fe  7c ed c0 77
Oct 31 15:25:02.482145: |   33 20 50 d7  c0 3f 88 8d  c2 90 75 5a  b7 58 dd 74
Oct 31 15:25:02.482147: |   5e 0e fe 1d  b9 26 48 32  69 72 58 6c  7d 79 e6 3e
Oct 31 15:25:02.482150: |   b9 80 0d 69  4f 3f 97 3d  82 96 e9 c9  57 ed e6 d4
Oct 31 15:25:02.482152: |   3c 92 90 97  74 4e 66 85  67 8d a7 2a  3d b5 9d 87
Oct 31 15:25:02.482154: |   9d e2 31 b0  6e 41 22 ef  7b 93 44 0a  6d 62 37 c9
Oct 31 15:25:02.482156: |   03 46 f0 bc  14 de f1 89  1a 0e 40 14  00 18 72 75
Oct 31 15:25:02.482158: |   2c 6e cc e0  6d 66 10 87  5f b4 19 9c  68 a1 af 7f
Oct 31 15:25:02.482161: |   a2 63 05 76  f2 e8 d7 1e  0e 8c a7 98  7f 8f f6 0f
Oct 31 15:25:02.482166: |   cf 76 29 41  e3 a4 8c 74  68 86 95 2d  e0 1c 9b 4f
Oct 31 15:25:02.482168: |   2d 0b af e7  80 8f e6 c1  78 0f ab 28  46 fc 9f 1d
Oct 31 15:25:02.482170: |   21 75 30 e8  a7 70 9c 5d  ba da ea 20  c5 31 df 07
Oct 31 15:25:02.482172: |   bb 1a 60 ca  67 48 68 3b  9f 0b f9 d5  f7 91 a9 e2
Oct 31 15:25:02.482175: |   5f ba 49 2b  ae d4 d2
Oct 31 15:25:02.482180: | **parse ISAKMP Message:
Oct 31 15:25:02.482185: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:02.482189: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:02.482192: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:25:02.482195: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:02.482202: |    exchange type: ISAKMP_v2_IKE_AUTH (0x23)
Oct 31 15:25:02.482207: |    flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
Oct 31 15:25:02.482211: |    Message ID: 1 (00 00 00 01)
Oct 31 15:25:02.482214: |    length: 503 (00 00 01 f7)
Oct 31 15:25:02.482217: |  processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35)
Oct 31 15:25:02.482221: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response 
Oct 31 15:25:02.482225: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa)
Oct 31 15:25:02.482233: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:25:02.482237: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip)
Oct 31 15:25:02.482240: | #2 is idle
Oct 31 15:25:02.482243: | #2 idle
Oct 31 15:25:02.482247: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:25:02.482252: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:25:02.482254: | unpacking clear payload
Oct 31 15:25:02.482257: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:25:02.482260: | ***parse IKEv2 Encryption Payload:
Oct 31 15:25:02.482263: |    next payload type: ISAKMP_NEXT_v2IDr (0x24)
Oct 31 15:25:02.482266: |    flags: none (0x0)
Oct 31 15:25:02.482269: |    length: 475 (01 db)
Oct 31 15:25:02.482272: | processing payload: ISAKMP_NEXT_v2SK (len=471)
Oct 31 15:25:02.482275: | #2 in state PARENT_I2: sent IKE_AUTH request
Oct 31 15:25:02.482291: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success
Oct 31 15:25:02.482295: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr)
Oct 31 15:25:02.482298: | **parse IKEv2 Identification - Responder - Payload:
Oct 31 15:25:02.482301: |    next payload type: ISAKMP_NEXT_v2AUTH (0x27)
Oct 31 15:25:02.482304: |    flags: none (0x0)
Oct 31 15:25:02.482307: |    length: 12 (00 0c)
Oct 31 15:25:02.482310: |    ID type: ID_FQDN (0x2)
Oct 31 15:25:02.482312: |    reserved: 00 00 00
Oct 31 15:25:02.482315: | processing payload: ISAKMP_NEXT_v2IDr (len=4)
Oct 31 15:25:02.482317: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH)
Oct 31 15:25:02.482320: | **parse IKEv2 Authentication Payload:
Oct 31 15:25:02.482323: |    next payload type: ISAKMP_NEXT_v2SA (0x21)
Oct 31 15:25:02.482325: |    flags: none (0x0)
Oct 31 15:25:02.482328: |    length: 350 (01 5e)
Oct 31 15:25:02.482330: |    auth method: IKEv2_AUTH_DIGSIG (0xe)
Oct 31 15:25:02.482333: | processing payload: ISAKMP_NEXT_v2AUTH (len=342)
Oct 31 15:25:02.482335: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
Oct 31 15:25:02.482338: | **parse IKEv2 Security Association Payload:
Oct 31 15:25:02.482341: |    next payload type: ISAKMP_NEXT_v2TSi (0x2c)
Oct 31 15:25:02.482343: |    flags: none (0x0)
Oct 31 15:25:02.482346: |    length: 36 (00 24)
Oct 31 15:25:02.482348: | processing payload: ISAKMP_NEXT_v2SA (len=32)
Oct 31 15:25:02.482350: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi)
Oct 31 15:25:02.482353: | **parse IKEv2 Traffic Selector - Initiator - Payload:
Oct 31 15:25:02.482355: |    next payload type: ISAKMP_NEXT_v2TSr (0x2d)
Oct 31 15:25:02.482357: |    flags: none (0x0)
Oct 31 15:25:02.482360: |    length: 24 (00 18)
Oct 31 15:25:02.482365: |    number of TS: 1 (01)
Oct 31 15:25:02.482368: | processing payload: ISAKMP_NEXT_v2TSi (len=16)
Oct 31 15:25:02.482370: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr)
Oct 31 15:25:02.482372: | **parse IKEv2 Traffic Selector - Responder - Payload:
Oct 31 15:25:02.482375: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:02.482378: |    flags: none (0x0)
Oct 31 15:25:02.482380: |    length: 24 (00 18)
Oct 31 15:25:02.482383: |    number of TS: 1 (01)
Oct 31 15:25:02.482385: | processing payload: ISAKMP_NEXT_v2TSr (len=16)
Oct 31 15:25:02.482388: | selected state microcode Initiator: process IKE_AUTH response
Oct 31 15:25:02.482391: | calling processor Initiator: process IKE_AUTH response
Oct 31 15:25:02.482395: | no certs to decode
Oct 31 15:25:02.482400: | offered CA: '%none'
Oct 31 15:25:02.482405: "north-east" #2: IKEv2 mode peer ID is ID_FQDN: '@east'
Oct 31 15:25:02.482441: | verifying AUTH payload
Oct 31 15:25:02.482446: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512
Oct 31 15:25:02.482449: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo
Oct 31 15:25:02.482452: | ASN.1 blob for hash algo
Oct 31 15:25:02.482454: |   43 30 41 06  09 2a 86 48  86 f7 0d 01  01 0a 30 34
Oct 31 15:25:02.482456: |   a0 0f 30 0d  06 09 60 86  48 01 65 03  04 02 03 05
Oct 31 15:25:02.482458: |   00 a1 1c 30  1a 06 09 2a  86 48 86 f7  0d 01 01 08
Oct 31 15:25:02.482461: |   30 0d 06 09  60 86 48 01  65 03 04 02  03 05 00 a2
Oct 31 15:25:02.482463: |   03 02 01 40
Oct 31 15:25:02.482480: | required RSA CA is '%any'
Oct 31 15:25:02.482485: | trying all remote certificates public keys for RSA key that matches ID: @east
Oct 31 15:25:02.482488: | trying all preloaded keys public keys for RSA key that matches ID: @east
Oct 31 15:25:02.482491: |   trying '@east' issued by CA '%any'
Oct 31 15:25:02.482495: | NSS RSA: verifying that decrypted signature matches hash: 
Oct 31 15:25:02.482498: |   9e 03 8a 9e  f7 ad ac ea  cf 45 0d 60  86 23 3b 52
Oct 31 15:25:02.482500: |   b6 48 9b c5  c1 08 e8 54  22 3c f1 6f  e7 2b 3c 86
Oct 31 15:25:02.482502: |   97 52 da 17  24 0f 24 f1  0b c8 dd c0  82 83 fc 5e
Oct 31 15:25:02.482504: |   1a a9 91 db  df 54 80 2d  32 20 b3 22  14 03 be 44
Oct 31 15:25:02.482582: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170)
Oct 31 15:25:02.482587: | addref pk@0x55567052dc58(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171)
Oct 31 15:25:02.482590: | an RSA Sig check passed with *AQO9bJbr3 [preloaded keys]
Oct 31 15:25:02.482596: |     #1 spent 0.0993 (0.0993) milliseconds in try_all_keys() trying a pubkey
Oct 31 15:25:02.482600: "north-east" #1: authenticated using RSA with SHA2_512
Oct 31 15:25:02.482606: |   #1 spent 0.138 (0.138) milliseconds in ikev2_verify_rsa_hash()
Oct 31 15:25:02.482610: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA)
Oct 31 15:25:02.482615: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key)
Oct 31 15:25:02.482618: | state #1 deleting .st_event EVENT_SA_REPLACE
Oct 31 15:25:02.482622: | libevent_free: delref ptr-libevent@0x7f374400b578
Oct 31 15:25:02.482625: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55567052db88
Oct 31 15:25:02.482628: | event_schedule: newref EVENT_SA_REKEY-pe@0x55567051b168
Oct 31 15:25:02.482631: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1
Oct 31 15:25:02.482634: | libevent_malloc: newref ptr-libevent@0x7f3748000d38 size 128
Oct 31 15:25:02.482916: | pstats #1 ikev2.ike established
Oct 31 15:25:02.482924: | TSi: parsing 1 traffic selectors
Oct 31 15:25:02.482928: | ***parse IKEv2 Traffic Selector:
Oct 31 15:25:02.482931: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:25:02.482934: |    IP Protocol ID: ALL (0x0)
Oct 31 15:25:02.482938: |    length: 16 (00 10)
Oct 31 15:25:02.482942: |    start port: 0 (00 00)
Oct 31 15:25:02.482945: |    end port: 65535 (ff ff)
Oct 31 15:25:02.482948: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:25:02.482950: | TS low
Oct 31 15:25:02.482955: |   c0 00 03 fe
Oct 31 15:25:02.482958: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:25:02.482960: | TS high
Oct 31 15:25:02.482962: |   c0 00 03 fe
Oct 31 15:25:02.482965: | TSi: parsed 1 traffic selectors
Oct 31 15:25:02.482968: | TSr: parsing 1 traffic selectors
Oct 31 15:25:02.482971: | ***parse IKEv2 Traffic Selector:
Oct 31 15:25:02.482974: |    TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7)
Oct 31 15:25:02.482976: |    IP Protocol ID: ALL (0x0)
Oct 31 15:25:02.482980: |    length: 16 (00 10)
Oct 31 15:25:02.482983: |    start port: 0 (00 00)
Oct 31 15:25:02.482986: |    end port: 65535 (ff ff)
Oct 31 15:25:02.482988: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low
Oct 31 15:25:02.482991: | TS low
Oct 31 15:25:02.482993: |   c0 00 02 00
Oct 31 15:25:02.482996: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high
Oct 31 15:25:02.482998: | TS high
Oct 31 15:25:02.483000: |   c0 00 02 ff
Oct 31 15:25:02.483003: | TSr: parsed 1 traffic selectors
Oct 31 15:25:02.483010: | evaluating our conn="north-east" I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their:
Oct 31 15:25:02.483017: |     TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:25:02.483025: |         match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32
Oct 31 15:25:02.483029: |         narrow port end=0..65535 == TSi[0]=0..65535: 0
Oct 31 15:25:02.483032: |           TSi[0] port match: YES fitness 65536
Oct 31 15:25:02.483035: |         narrow protocol end=*0 == TSi[0]=*0: 0
Oct 31 15:25:02.483038: |         match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255
Oct 31 15:25:02.483043: |     TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535
Oct 31 15:25:02.483051: |         match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32
Oct 31 15:25:02.483054: |         narrow port end=0..65535 == TSr[0]=0..65535: 0
Oct 31 15:25:02.483057: |           TSr[0] port match: YES fitness 65536
Oct 31 15:25:02.483060: |         narrow protocol end=*0 == TSr[0]=*0: 0
Oct 31 15:25:02.483063: |         match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255
Oct 31 15:25:02.483065: | best fit so far: TSi[0] TSr[0]
Oct 31 15:25:02.483068: | found an acceptable TSi/TSr Traffic Selector
Oct 31 15:25:02.483070: | printing contents struct traffic_selector
Oct 31 15:25:02.483072: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:25:02.483075: |   ipprotoid: 0
Oct 31 15:25:02.483077: |   port range: 0-65535
Oct 31 15:25:02.483081: |   ip range: 192.0.3.254-192.0.3.254
Oct 31 15:25:02.483084: | printing contents struct traffic_selector
Oct 31 15:25:02.483087: |   ts_type: IKEv2_TS_IPV4_ADDR_RANGE
Oct 31 15:25:02.483089: |   ipprotoid: 0
Oct 31 15:25:02.483091: |   port range: 0-65535
Oct 31 15:25:02.483096: |   ip range: 192.0.2.0-192.0.2.255
Oct 31 15:25:02.483109: | using existing local ESP/AH proposals for north-east (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED
Oct 31 15:25:02.483113: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals
Oct 31 15:25:02.483119: | local proposal 1 type ENCR has 1 transforms
Oct 31 15:25:02.483122: | local proposal 1 type PRF has 0 transforms
Oct 31 15:25:02.483125: | local proposal 1 type INTEG has 1 transforms
Oct 31 15:25:02.483127: | local proposal 1 type DH has 1 transforms
Oct 31 15:25:02.483129: | local proposal 1 type ESN has 1 transforms
Oct 31 15:25:02.483133: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH
Oct 31 15:25:02.483136: | local proposal 2 type ENCR has 1 transforms
Oct 31 15:25:02.483139: | local proposal 2 type PRF has 0 transforms
Oct 31 15:25:02.483141: | local proposal 2 type INTEG has 1 transforms
Oct 31 15:25:02.483143: | local proposal 2 type DH has 1 transforms
Oct 31 15:25:02.483148: | local proposal 2 type ESN has 1 transforms
Oct 31 15:25:02.483151: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH
Oct 31 15:25:02.483155: | local proposal 3 type ENCR has 1 transforms
Oct 31 15:25:02.483157: | local proposal 3 type PRF has 0 transforms
Oct 31 15:25:02.483160: | local proposal 3 type INTEG has 2 transforms
Oct 31 15:25:02.483162: | local proposal 3 type DH has 1 transforms
Oct 31 15:25:02.483165: | local proposal 3 type ESN has 1 transforms
Oct 31 15:25:02.483168: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH
Oct 31 15:25:02.483170: | local proposal 4 type ENCR has 1 transforms
Oct 31 15:25:02.483172: | local proposal 4 type PRF has 0 transforms
Oct 31 15:25:02.483175: | local proposal 4 type INTEG has 2 transforms
Oct 31 15:25:02.483177: | local proposal 4 type DH has 1 transforms
Oct 31 15:25:02.483180: | local proposal 4 type ESN has 1 transforms
Oct 31 15:25:02.483183: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH
Oct 31 15:25:02.483186: | ***parse IKEv2 Proposal Substructure Payload:
Oct 31 15:25:02.483189: |    last proposal: v2_PROPOSAL_LAST (0x0)
Oct 31 15:25:02.483193: |    length: 32 (00 20)
Oct 31 15:25:02.483196: |    prop #: 1 (01)
Oct 31 15:25:02.483203: |    proto ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:25:02.483208: |    spi size: 4 (04)
Oct 31 15:25:02.483211: |    # transforms: 2 (02)
Oct 31 15:25:02.483215: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI
Oct 31 15:25:02.483217: | remote SPI
Oct 31 15:25:02.483220: |   f1 38 d2 2c
Oct 31 15:25:02.483223: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals
Oct 31 15:25:02.483226: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.483228: |    last transform: v2_TRANSFORM_NON_LAST (0x3)
Oct 31 15:25:02.483232: |    length: 12 (00 0c)
Oct 31 15:25:02.483235: |    IKEv2 transform type: TRANS_TYPE_ENCR (0x1)
Oct 31 15:25:02.483237: |    IKEv2 transform ID: AES_GCM_C (0x14)
Oct 31 15:25:02.483240: | *****parse IKEv2 Attribute Substructure Payload:
Oct 31 15:25:02.483243: |    af+type: AF+IKEv2_KEY_LENGTH (0x800e)
Oct 31 15:25:02.483246: |    length/value: 256 (01 00)
Oct 31 15:25:02.483251: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
Oct 31 15:25:02.483254: | ****parse IKEv2 Transform Substructure Payload:
Oct 31 15:25:02.483256: |    last transform: v2_TRANSFORM_LAST (0x0)
Oct 31 15:25:02.483259: |    length: 8 (00 08)
Oct 31 15:25:02.483262: |    IKEv2 transform type: TRANS_TYPE_ESN (0x5)
Oct 31 15:25:02.483264: |    IKEv2 transform ID: ESN_DISABLED (0x0)
Oct 31 15:25:02.483268: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0
Oct 31 15:25:02.483272: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none
Oct 31 15:25:02.483277: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN
Oct 31 15:25:02.483280: | remote proposal 1 matches local proposal 1
Oct 31 15:25:02.483283: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match]
Oct 31 15:25:02.483288: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=f138d22c
Oct 31 15:25:02.483291: | converting proposal to internal trans attrs
Oct 31 15:25:02.483297: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36
Oct 31 15:25:02.483365: | install_ipsec_sa() for #2: inbound and outbound
Oct 31 15:25:02.483371: | could_route called for north-east; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500
Oct 31 15:25:02.483374: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:25:02.483378: |  conn north-east mark 0/00000000, 0/00000000 vs
Oct 31 15:25:02.483380: |  conn north-east mark 0/00000000, 0/00000000
Oct 31 15:25:02.483384: | route owner of "north-east" prospective erouted: self; eroute owner: self
Oct 31 15:25:02.483390: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:25:02.483393: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:25:02.483395: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:25:02.483398: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:25:02.483402: | setting IPsec SA replay-window to 32
Oct 31 15:25:02.483405: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1
Oct 31 15:25:02.483409: | netlink: enabling tunnel mode
Oct 31 15:25:02.483411: | XFRM: adding IPsec SA with reqid 16389
Oct 31 15:25:02.483414: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:25:02.483417: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:25:02.483614: | netlink response for Add SA esp.f138d22c@192.1.2.23 included non-error error
Oct 31 15:25:02.483620: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1
Oct 31 15:25:02.483624: | set up outgoing SA, ref=0/0
Oct 31 15:25:02.483627: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE
Oct 31 15:25:02.483630: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20
Oct 31 15:25:02.483632: | AES_GCM_16 requires 4 salt bytes
Oct 31 15:25:02.483635: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0
Oct 31 15:25:02.483640: | setting IPsec SA replay-window to 32
Oct 31 15:25:02.483643: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1
Oct 31 15:25:02.483645: | netlink: enabling tunnel mode
Oct 31 15:25:02.483648: | XFRM: adding IPsec SA with reqid 16389
Oct 31 15:25:02.483650: | netlink: setting IPsec SA replay-window to 32 using old-style req
Oct 31 15:25:02.483653: | netlink: esp-hw-offload not set for IPsec SA
Oct 31 15:25:02.483795: | netlink response for Add SA esp.7b6df899@192.1.3.33 included non-error error
Oct 31 15:25:02.483801: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1
Oct 31 15:25:02.483804: | setup_half_ipsec_sa() is installing inbound eroute
Oct 31 15:25:02.483807: | setup_half_ipsec_sa() before proto 50
Oct 31 15:25:02.483809: | setup_half_ipsec_sa() after proto 50
Oct 31 15:25:02.483812: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound)
Oct 31 15:25:02.483815: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:02.483823: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.10000@192.1.3.33 using reqid 16389 (raw_eroute) proto=50
Oct 31 15:25:02.483827: | IPsec SA SPD priority set to 2080718
Oct 31 15:25:02.484074: | raw_eroute result=success
Oct 31 15:25:02.484080: | set up incoming SA, ref=0/0
Oct 31 15:25:02.484083: | sr for #2: prospective erouted
Oct 31 15:25:02.484086: | route_and_eroute() for proto 0, and source port 0 dest port 0
Oct 31 15:25:02.484089: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:25:02.484092: |  conn north-east mark 0/00000000, 0/00000000 vs
Oct 31 15:25:02.484094: |  conn north-east mark 0/00000000, 0/00000000
Oct 31 15:25:02.484098: | route owner of "north-east" prospective erouted: self; eroute owner: self
Oct 31 15:25:02.484101: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2
Oct 31 15:25:02.484104: | we are replacing an eroute
Oct 31 15:25:02.484107: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:02.484117: | eroute_connection replace eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50
Oct 31 15:25:02.484121: | IPsec SA SPD priority set to 2080718
Oct 31 15:25:02.484253: | raw_eroute result=success
Oct 31 15:25:02.484262: | running updown command "ipsec _updown" for verb up 
Oct 31 15:25:02.484266: | command executing up-client
Oct 31 15:25:02.484271: | get_sa_info esp.f138d22c@192.1.2.23
Oct 31 15:25:02.484285: | get_sa_info esp.7b6df899@192.1.3.33
Oct 31 15:25:02.484320: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157902' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' P...
Oct 31 15:25:02.484325: | popen cmd is 1135 chars long
Oct 31 15:25:02.484328: | cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_V:
Oct 31 15:25:02.484330: | cmd(  80):IRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP=:
Oct 31 15:25:02.484333: | cmd( 160):'192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3:
Oct 31 15:25:02.484335: | cmd( 240):.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255:
Oct 31 15:25:02.484338: | cmd( 320):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=':
Oct 31 15:25:02.484340: | cmd( 400):ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/:
Oct 31 15:25:02.484343: | cmd( 480):24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLU:
Oct 31 15:25:02.484345: | cmd( 560):TO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLU:
Oct 31 15:25:02.484348: | cmd( 640):TO_ADDTIME='1604157902' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2:
Oct 31 15:25:02.484350: | cmd( 720):_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_C:
Oct 31 15:25:02.484353: | cmd( 800):ONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO:
Oct 31 15:25:02.484355: | cmd( 880):='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CF:
Oct 31 15:25:02.484357: | cmd( 960):G_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IF:
Oct 31 15:25:02.484360: | cmd(1040):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf138d22c SPI_OUT=0x7b6df899 ips:
Oct 31 15:25:02.484362: | cmd(1120):ec _updown 2>&1:
Oct 31 15:25:02.532603: | route_and_eroute: firewall_notified: true
Oct 31 15:25:02.532620: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x555670528648,sr=0x555670528648} to #2 (was #0) (newest_ipsec_sa=#0)
Oct 31 15:25:02.532880: | inR2: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
Oct 31 15:25:02.532894: | #2 spent 1.37 (50.5) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch()
Oct 31 15:25:02.532903: | [RE]START processing: state #2 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:25:02.532908: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL
Oct 31 15:25:02.532912: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:25:02.532914: | Message ID: updating counters for #2
Oct 31 15:25:02.532922: | Message ID: CHILD #1.#2 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744576.790636 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:25:02.532929: | #2 requesting EVENT_RETRANSMIT-pe@0x55567052a798 be deleted
Oct 31 15:25:02.532933: | libevent_free: delref ptr-libevent@0x55567052a6e8
Oct 31 15:25:02.532937: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55567052a798
Oct 31 15:25:02.532940: | #2 STATE_PARENT_I2: retransmits: cleared
Oct 31 15:25:02.532948: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744576.790636->744576.965713 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=1->-1 child.wip.responder=-1
Oct 31 15:25:02.532955: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 child.wip.initiator=-1 child.wip.responder=-1
Oct 31 15:25:02.532962: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:25:02.532966: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA)
Oct 31 15:25:02.532970: | pstats #2 ikev2.child established
Oct 31 15:25:02.532973: | announcing the state transition
Oct 31 15:25:02.532982: "north-east" #2: negotiated connection [192.0.3.254-192.0.3.254:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0]
Oct 31 15:25:02.532987: | NAT-T: encaps is 'auto'
Oct 31 15:25:02.533052: "north-east" #2: IPsec SA established tunnel mode {ESP=>0xf138d22c <0x7b6df899 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive}
Oct 31 15:25:02.533059: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished
Oct 31 15:25:02.533062: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:25:02.533065: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189)
Oct 31 15:25:02.533067: | unpending #2's IKE SA #1
Oct 31 15:25:02.533070: | unpending state #1 connection "north-east"
Oct 31 15:25:02.533074: | delete from pending Child SA with 192.1.2.23 "north-east"
Oct 31 15:25:02.533076: | delref fd@NULL (in delete_pending() at pending.c:218)
Oct 31 15:25:02.533078: | removing pending policy for no connection {0x55567052e8e8}
Oct 31 15:25:02.533081: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA
Oct 31 15:25:02.533084: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:25:02.533086: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222)
Oct 31 15:25:02.533090: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key)
Oct 31 15:25:02.533092: | state #2 has no .st_event to delete
Oct 31 15:25:02.533095: | event_schedule: newref EVENT_SA_REKEY-pe@0x55567052a798
Oct 31 15:25:02.533098: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2
Oct 31 15:25:02.533101: | libevent_malloc: newref ptr-libevent@0x555670535458 size 128
Oct 31 15:25:02.533107: | stop processing: state #2 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:25:02.533114: | #1 spent 1.33 (50.5) milliseconds
Oct 31 15:25:02.533117: | #1 spent 1.87 (51.1) milliseconds in ikev2_process_packet()
Oct 31 15:25:02.533120: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:25:02.533124: | delref mdp@0x555670530de8(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:25:02.533126: | delref logger@0x55567052d7e8(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:25:02.533129: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:02.533131: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:02.533137: | spent 1.89 (51.1) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:25:02.533148: | processing signal PLUTO_SIGCHLD
Oct 31 15:25:02.533156: | waitpid returned ECHILD (no child processes left)
Oct 31 15:25:02.533161: | spent 0.00531 (0.00529) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:25:03.392696: | newref struct fd@0x555670524ab8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:03.392712: | fd_accept: new fd-fd@0x555670524ab8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:03.392722: | whack: traffic_status
Oct 31 15:25:03.392726: | FOR_EACH_STATE_... in show_traffic_status (sort_states)
Oct 31 15:25:03.392728: | FOR_EACH_STATE_... in sort_states
Oct 31 15:25:03.392735: | get_sa_info esp.7b6df899@192.1.3.33
Oct 31 15:25:03.392749: | get_sa_info esp.f138d22c@192.1.2.23
Oct 31 15:25:03.392761: | delref fd@0x555670524ab8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:03.392766: | freeref fd-fd@0x555670524ab8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:03.392772: | spent 0.0857 (0.0853) milliseconds in whack
Oct 31 15:25:03.556828: | newref struct fd@0x555670527af8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:03.556843: | fd_accept: new fd-fd@0x555670527af8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:03.556858: | whack: traffic_status
Oct 31 15:25:03.556862: | FOR_EACH_STATE_... in show_traffic_status (sort_states)
Oct 31 15:25:03.556866: | FOR_EACH_STATE_... in sort_states
Oct 31 15:25:03.556876: | get_sa_info esp.7b6df899@192.1.3.33
Oct 31 15:25:03.556894: | get_sa_info esp.f138d22c@192.1.2.23
Oct 31 15:25:03.556914: | delref fd@0x555670527af8(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:03.556921: | freeref fd-fd@0x555670527af8 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:03.556930: | spent 0.112 (0.112) milliseconds in whack
Oct 31 15:25:04.769090: | newref struct fd@0x55567052a808(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:04.769132: | fd_accept: new fd-fd@0x55567052a808 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:04.769176: | whack: status
Oct 31 15:25:04.770279: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:25:04.770314: | FOR_EACH_CONNECTION_... in show_connections_status
Oct 31 15:25:04.770547: | FOR_EACH_STATE_... in show_states (sort_states)
Oct 31 15:25:04.770559: | FOR_EACH_STATE_... in sort_states
Oct 31 15:25:04.770605: | get_sa_info esp.7b6df899@192.1.3.33
Oct 31 15:25:04.770685: | get_sa_info esp.f138d22c@192.1.2.23
Oct 31 15:25:04.770809: | delref fd@0x55567052a808(1->0) (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:04.770844: | freeref fd-fd@0x55567052a808 (in whack_handle_cb() at rcv_whack.c:903)
Oct 31 15:25:04.770868: | spent 1.6 (1.81) milliseconds in whack
Oct 31 15:25:05.146098: | spent 0.00228 (0.00227) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:25:05.146118: | newref struct msg_digest@0x555670530de8(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:05.146124: | newref alloc logger@0x55567052db88(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:05.146129: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:25:05.146131: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.146132: |   2e 20 25 00  00 00 00 00  00 00 00 45  2a 00 00 29
Oct 31 15:25:05.146134: |   4a 26 a0 11  e1 3c db a9  41 76 ff 95  fd 47 26 18
Oct 31 15:25:05.146135: |   5a 97 2d 4d  b2 bf f9 ee  e0 4f 62 26  93 12 fa a6
Oct 31 15:25:05.146137: |   20 7f 0f 5d  1e
Oct 31 15:25:05.146140: | **parse ISAKMP Message:
Oct 31 15:25:05.146143: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:05.146145: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.146147: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:25:05.146149: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:05.146150: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:25:05.146152: |    flags: none (0x0)
Oct 31 15:25:05.146154: |    Message ID: 0 (00 00 00 00)
Oct 31 15:25:05.146157: |    length: 69 (00 00 00 45)
Oct 31 15:25:05.146159: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Oct 31 15:25:05.146164: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request 
Oct 31 15:25:05.146169: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa)
Oct 31 15:25:05.146176: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:25:05.146179: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000
Oct 31 15:25:05.146182: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Oct 31 15:25:05.146184: | #1 is idle
Oct 31 15:25:05.146189: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:25:05.146192: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:25:05.146193: | unpacking clear payload
Oct 31 15:25:05.146195: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:25:05.146202: | ***parse IKEv2 Encryption Payload:
Oct 31 15:25:05.146206: |    next payload type: ISAKMP_NEXT_v2D (0x2a)
Oct 31 15:25:05.146208: |    flags: none (0x0)
Oct 31 15:25:05.146210: |    length: 41 (00 29)
Oct 31 15:25:05.146211: | processing payload: ISAKMP_NEXT_v2SK (len=37)
Oct 31 15:25:05.146213: | #1 in state ESTABLISHED_IKE_SA: established IKE SA
Oct 31 15:25:05.146227: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Oct 31 15:25:05.146229: | Now let's proceed with payload (ISAKMP_NEXT_v2D)
Oct 31 15:25:05.146231: | **parse IKEv2 Delete Payload:
Oct 31 15:25:05.146232: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:05.146234: |    flags: none (0x0)
Oct 31 15:25:05.146236: |    length: 12 (00 0c)
Oct 31 15:25:05.146237: |    protocol ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:25:05.146239: |    SPI size: 4 (04)
Oct 31 15:25:05.146241: |    number of SPIs: 1 (00 01)
Oct 31 15:25:05.146246: | processing payload: ISAKMP_NEXT_v2D (len=4)
Oct 31 15:25:05.146251: | selected state microcode Informational Request
Oct 31 15:25:05.146258: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=-1 ike.wip.responder=-1->0
Oct 31 15:25:05.146262: | calling processor Informational Request
Oct 31 15:25:05.146266: | an informational request should send a response 
Oct 31 15:25:05.146272: | opening output PBS information exchange reply packet
Oct 31 15:25:05.146275: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Oct 31 15:25:05.146278: | **emit ISAKMP Message:
Oct 31 15:25:05.146283: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:05.146286: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.146289: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:25:05.146292: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:05.146294: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:25:05.146297: |    flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28)
Oct 31 15:25:05.146300: |    Message ID: 0 (00 00 00 00)
Oct 31 15:25:05.146303: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:25:05.146306: | ***emit IKEv2 Encryption Payload:
Oct 31 15:25:05.146309: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:05.146312: |    flags: none (0x0)
Oct 31 15:25:05.146315: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:25:05.146318: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:25:05.146321: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:25:05.146330: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI
Oct 31 15:25:05.146333: | SPI
Oct 31 15:25:05.146335: |   f1 38 d2 2c
Oct 31 15:25:05.146338: | delete IKEv2_SEC_PROTO_ESP SA(0xf138d22c)
Oct 31 15:25:05.146341: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA
Oct 31 15:25:05.146344: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi)
Oct 31 15:25:05.146347: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0xf138d22c)
Oct 31 15:25:05.146350: "north-east" #1: received Delete SA payload: delete IPsec State #2 now
Oct 31 15:25:05.146353: | pstats #2 ikev2.child deleted completed
Oct 31 15:25:05.146359: | #2 main thread spent 1.37 (50.5) milliseconds helper thread spent 0 (0) milliseconds in total
Oct 31 15:25:05.146366: | suspend processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:25:05.146371: | start processing: state #2 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:25:05.146375: | should_send_delete: no, just because
Oct 31 15:25:05.146379: "north-east" #2: deleting other state #2 (STATE_V2_ESTABLISHED_CHILD_SA) aged 2.789823s and NOT sending notification
Oct 31 15:25:05.146383: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete
Oct 31 15:25:05.146387: | get_sa_info esp.f138d22c@192.1.2.23
Oct 31 15:25:05.146402: | get_sa_info esp.7b6df899@192.1.3.33
Oct 31 15:25:05.146417: "north-east" #2: ESP traffic information: in=84B out=84B
Oct 31 15:25:05.146421: | unsuspending #2 MD (nil)
Oct 31 15:25:05.146423: | should_send_delete: no, just because
Oct 31 15:25:05.146426: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational)
Oct 31 15:25:05.146429: | state #2 deleting .st_event EVENT_SA_REKEY
Oct 31 15:25:05.146434: | libevent_free: delref ptr-libevent@0x555670535458
Oct 31 15:25:05.146437: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55567052a798
Oct 31 15:25:05.146440: | #2 STATE_CHILDSA_DEL: retransmits: cleared
Oct 31 15:25:05.146487: | running updown command "ipsec _updown" for verb down 
Oct 31 15:25:05.146493: | command executing down-client
Oct 31 15:25:05.146501: | get_sa_info esp.f138d22c@192.1.2.23
Oct 31 15:25:05.146511: | get_sa_info esp.7b6df899@192.1.3.33
Oct 31 15:25:05.146543: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157902' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='...
Oct 31 15:25:05.146547: | popen cmd is 1139 chars long
Oct 31 15:25:05.146549: | cmd(   0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO:
Oct 31 15:25:05.146552: | cmd(  80):_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HO:
Oct 31 15:25:05.146554: | cmd( 160):P='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0:
Oct 31 15:25:05.146556: | cmd( 240):.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.2:
Oct 31 15:25:05.146558: | cmd( 320):55' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE:
Oct 31 15:25:05.146562: | cmd( 400):='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.:
Oct 31 15:25:05.146564: | cmd( 480):0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' P:
Oct 31 15:25:05.146567: | cmd( 560):LUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' P:
Oct 31 15:25:05.146569: | cmd( 640):LUTO_ADDTIME='1604157902' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKE:
Oct 31 15:25:05.146571: | cmd( 720):V2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO:
Oct 31 15:25:05.146573: | cmd( 800):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN:
Oct 31 15:25:05.146575: | cmd( 880):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_:
Oct 31 15:25:05.146578: | cmd( 960):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='84' PLUTO_OUTBYTES='84' VT:
Oct 31 15:25:05.146580: | cmd(1040):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf138d22c SPI_OUT=0x7b6df899:
Oct 31 15:25:05.146582: | cmd(1120): ipsec _updown 2>&1:
Oct 31 15:25:05.156363: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0
Oct 31 15:25:05.156374: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0
Oct 31 15:25:05.156377: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:05.156379: | IPsec SA SPD priority set to 2080718
Oct 31 15:25:05.156402: | delete esp.f138d22c@192.1.2.23
Oct 31 15:25:05.156404: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:25:05.156420: | netlink response for Del SA esp.f138d22c@192.1.2.23 included non-error error
Oct 31 15:25:05.156426: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:05.156434: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50
Oct 31 15:25:05.156460: | raw_eroute result=success
Oct 31 15:25:05.156467: | delete esp.7b6df899@192.1.3.33
Oct 31 15:25:05.156470: | XFRM: deleting IPsec SA with reqid 0
Oct 31 15:25:05.156483: | netlink response for Del SA esp.7b6df899@192.1.3.33 included non-error error
Oct 31 15:25:05.156489: | in connection_discard for connection north-east
Oct 31 15:25:05.156493: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL
Oct 31 15:25:05.156497: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore)
Oct 31 15:25:05.156501: | releasing #2's fd-fd@(nil) because deleting state
Oct 31 15:25:05.156504: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:25:05.156507: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:25:05.156510: | delref pkp@NULL (in delete_state() at state.c:1202)
Oct 31 15:25:05.156516: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:25:05.156519: | resume processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:25:05.156523: | delref logger@0x55567051b0f8(1->0) (in delete_state() at state.c:1306)
Oct 31 15:25:05.156525: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:05.156526: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:05.156529: | ****emit IKEv2 Delete Payload:
Oct 31 15:25:05.156531: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:05.156533: |    flags: none (0x0)
Oct 31 15:25:05.156534: |    protocol ID: IKEv2_SEC_PROTO_ESP (0x3)
Oct 31 15:25:05.156537: |    SPI size: 4 (04)
Oct 31 15:25:05.156539: |    number of SPIs: 1 (00 01)
Oct 31 15:25:05.156541: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D)
Oct 31 15:25:05.156543: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:25:05.156545: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload
Oct 31 15:25:05.156549: | local SPIs: 7b 6d f8 99
Oct 31 15:25:05.156551: | emitting length of IKEv2 Delete Payload: 12
Oct 31 15:25:05.156552: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:25:05.156554: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:25:05.156556: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:25:05.156558: | emitting length of IKEv2 Encryption Payload: 41
Oct 31 15:25:05.156559: | emitting length of ISAKMP Message: 69
Oct 31 15:25:05.156578: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:25:05.156581: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.156582: |   2e 20 25 28  00 00 00 00  00 00 00 45  2a 00 00 29
Oct 31 15:25:05.156583: |   c6 9c 57 2c  ae e5 82 ee  aa 09 2d ed  e7 57 0a 03
Oct 31 15:25:05.156585: |   53 49 90 4b  08 80 40 39  29 36 81 5e  ac 8d ac 0f
Oct 31 15:25:05.156586: |   d1 1b 75 c5  05
Oct 31 15:25:05.156616: | sent 1 messages
Oct 31 15:25:05.156621: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=-1 ike.wip.responder=0
Oct 31 15:25:05.156626: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744576.767549 ike.wip.initiator=-1 ike.wip.responder=0
Oct 31 15:25:05.156634: |   #1 spent 0.637 (10.4) milliseconds in processing: Informational Request in v2_dispatch()
Oct 31 15:25:05.156637: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364)
Oct 31 15:25:05.156641: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1
Oct 31 15:25:05.156643: | Message ID: updating counters for #1
Oct 31 15:25:05.156647: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744576.767549->744579.589441 ike.wip.initiator=-1 ike.wip.responder=0->-1
Oct 31 15:25:05.156650: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744579.589441 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:25:05.156654: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744579.589441 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:25:05.156655: | announcing the state transition
Oct 31 15:25:05.156658: "north-east" #1: established IKE SA
Oct 31 15:25:05.156662: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:25:05.156664: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.156665: |   2e 20 25 28  00 00 00 00  00 00 00 45  2a 00 00 29
Oct 31 15:25:05.156666: |   c6 9c 57 2c  ae e5 82 ee  aa 09 2d ed  e7 57 0a 03
Oct 31 15:25:05.156668: |   53 49 90 4b  08 80 40 39  29 36 81 5e  ac 8d ac 0f
Oct 31 15:25:05.156669: |   d1 1b 75 c5  05
Oct 31 15:25:05.156679: | sent 1 messages
Oct 31 15:25:05.156681: | #1 is retaining EVENT_SA_REKEY with is previously set timeout
Oct 31 15:25:05.156685: | stop processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:25:05.156690: | #1 spent 0.865 (10.6) milliseconds in ikev2_process_packet()
Oct 31 15:25:05.156692: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:25:05.156694: | delref mdp@0x555670530de8(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:25:05.156696: | delref logger@0x55567052db88(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:25:05.156698: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:05.156699: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:05.156703: | spent 0.878 (10.6) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:25:05.156714: | spent 0.00121 (0.0012) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
Oct 31 15:25:05.156720: | newref struct msg_digest@0x555670530de8(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:05.156722: | newref alloc logger@0x55567052a798(0->1) (in read_message() at demux.c:103)
Oct 31 15:25:05.156725: | *received 65 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP
Oct 31 15:25:05.156727: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.156728: |   2e 20 25 00  00 00 00 01  00 00 00 41  2a 00 00 25
Oct 31 15:25:05.156730: |   95 f9 b0 8e  cb 3b aa ee  78 e5 7e 3c  70 c7 ea 0d
Oct 31 15:25:05.156731: |   18 17 e6 21  68 ea 6a ed  10 e7 72 18  7a 9a 81 ac
Oct 31 15:25:05.156733: |   51
Oct 31 15:25:05.156735: | **parse ISAKMP Message:
Oct 31 15:25:05.156738: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:05.156740: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.156742: |    next payload type: ISAKMP_NEXT_v2SK (0x2e)
Oct 31 15:25:05.156744: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:05.156745: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:25:05.156747: |    flags: none (0x0)
Oct 31 15:25:05.156749: |    Message ID: 1 (00 00 00 01)
Oct 31 15:25:05.156751: |    length: 65 (00 00 00 41)
Oct 31 15:25:05.156753: |  processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37)
Oct 31 15:25:05.156755: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request 
Oct 31 15:25:05.156758: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa)
Oct 31 15:25:05.156762: | start processing: state #1 connection "north-east" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902)
Oct 31 15:25:05.156764: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001
Oct 31 15:25:05.156766: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip)
Oct 31 15:25:05.156767: | #1 is idle
Oct 31 15:25:05.156771: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744579.589441 ike.wip.initiator=-1 ike.wip.responder=-1
Oct 31 15:25:05.156774: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983)
Oct 31 15:25:05.156775: | unpacking clear payload
Oct 31 15:25:05.156777: | Now let's proceed with payload (ISAKMP_NEXT_v2SK)
Oct 31 15:25:05.156779: | ***parse IKEv2 Encryption Payload:
Oct 31 15:25:05.156781: |    next payload type: ISAKMP_NEXT_v2D (0x2a)
Oct 31 15:25:05.156782: |    flags: none (0x0)
Oct 31 15:25:05.156784: |    length: 37 (00 25)
Oct 31 15:25:05.156786: | processing payload: ISAKMP_NEXT_v2SK (len=33)
Oct 31 15:25:05.156787: | #1 in state ESTABLISHED_IKE_SA: established IKE SA
Oct 31 15:25:05.156798: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success
Oct 31 15:25:05.156800: | Now let's proceed with payload (ISAKMP_NEXT_v2D)
Oct 31 15:25:05.156802: | **parse IKEv2 Delete Payload:
Oct 31 15:25:05.156803: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:05.156805: |    flags: none (0x0)
Oct 31 15:25:05.156807: |    length: 8 (00 08)
Oct 31 15:25:05.156811: |    protocol ID: IKEv2_SEC_PROTO_IKE (0x1)
Oct 31 15:25:05.156815: |    SPI size: 0 (00)
Oct 31 15:25:05.156821: |    number of SPIs: 0 (00 00)
Oct 31 15:25:05.156824: | processing payload: ISAKMP_NEXT_v2D (len=0)
Oct 31 15:25:05.156826: | selected state microcode Informational Request
Oct 31 15:25:05.156833: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744579.589441 ike.wip.initiator=-1 ike.wip.responder=-1->1
Oct 31 15:25:05.156836: | calling processor Informational Request
Oct 31 15:25:05.156840: | an informational request should send a response 
Oct 31 15:25:05.156845: | opening output PBS information exchange reply packet
Oct 31 15:25:05.156848: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness
Oct 31 15:25:05.156851: | **emit ISAKMP Message:
Oct 31 15:25:05.156856: |    initiator SPI: c0 ab 5f b0  46 3d 51 5a
Oct 31 15:25:05.156860: |    responder SPI: b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.156863: |    next payload type: ISAKMP_NEXT_NONE (0x0)
Oct 31 15:25:05.156866: |    ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
Oct 31 15:25:05.156868: |    exchange type: ISAKMP_v2_INFORMATIONAL (0x25)
Oct 31 15:25:05.156870: |    flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28)
Oct 31 15:25:05.156872: |    Message ID: 1 (00 00 00 01)
Oct 31 15:25:05.156874: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
Oct 31 15:25:05.156876: | ***emit IKEv2 Encryption Payload:
Oct 31 15:25:05.156878: |    next payload type: ISAKMP_NEXT_v2NONE (0x0)
Oct 31 15:25:05.156879: |    flags: none (0x0)
Oct 31 15:25:05.156881: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK)
Oct 31 15:25:05.156883: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet'
Oct 31 15:25:05.156885: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload
Oct 31 15:25:05.156893: | adding 1 bytes of padding (including 1 byte padding-length)
Oct 31 15:25:05.156895: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload
Oct 31 15:25:05.156897: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload
Oct 31 15:25:05.156898: | emitting length of IKEv2 Encryption Payload: 29
Oct 31 15:25:05.156900: | emitting length of ISAKMP Message: 57
Oct 31 15:25:05.156908: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1)
Oct 31 15:25:05.156911: |   c0 ab 5f b0  46 3d 51 5a  b7 f3 69 f8  2c 8c 41 9e
Oct 31 15:25:05.156912: |   2e 20 25 28  00 00 00 01  00 00 00 39  00 00 00 1d
Oct 31 15:25:05.156913: |   a7 ae 68 e3  ce ac 3f fe  f5 e0 09 36  f6 3a 61 25
Oct 31 15:25:05.156915: |   e3 bd 20 70  dd 57 7c 99  65
Oct 31 15:25:05.156928: | sent 1 messages
Oct 31 15:25:05.156932: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744579.589441 ike.wip.initiator=-1 ike.wip.responder=1
Oct 31 15:25:05.156936: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744576.965713 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744579.589441 ike.wip.initiator=-1 ike.wip.responder=1
Oct 31 15:25:05.156938: | State DB: IKEv2 state not found (delete_ike_family)
Oct 31 15:25:05.156940: | pstats #1 ikev2.ike deleted completed
Oct 31 15:25:05.156944: | #1 main thread spent 9.87 (77.5) milliseconds helper thread spent 10.6 (11.3) milliseconds in total
Oct 31 15:25:05.156947: | [RE]START processing: state #1 connection "north-east" from 192.1.2.23:500 (in delete_state() at state.c:935)
Oct 31 15:25:05.156951: | should_send_delete: no, just because
Oct 31 15:25:05.156954: "north-east" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.822236s and NOT sending notification
Oct 31 15:25:05.156956: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete
Oct 31 15:25:05.157000: | unsuspending #1 MD (nil)
Oct 31 15:25:05.157005: | should_send_delete: no, just because
Oct 31 15:25:05.157009: | state #1 deleting .st_event EVENT_SA_REKEY
Oct 31 15:25:05.157013: | libevent_free: delref ptr-libevent@0x7f3748000d38
Oct 31 15:25:05.157016: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55567051b168
Oct 31 15:25:05.157019: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared
Oct 31 15:25:05.157022: | State DB: IKEv2 state not found (flush_incomplete_children)
Oct 31 15:25:05.157025: | in connection_discard for connection north-east
Oct 31 15:25:05.157028: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA
Oct 31 15:25:05.157032: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore)
Oct 31 15:25:05.157035: | releasing #1's fd-fd@(nil) because deleting state
Oct 31 15:25:05.157038: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:25:05.157041: | delref fd@NULL (in delete_state() at state.c:1195)
Oct 31 15:25:05.157044: | delref pkp@0x55567052dc58(2->1) (in delete_state() at state.c:1202)
Oct 31 15:25:05.157063: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239)
Oct 31 15:25:05.157078: | delref logger@0x555670527d08(1->0) (in delete_state() at state.c:1306)
Oct 31 15:25:05.157081: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:05.157084: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:05.157088: | in statetime_stop() and could not find #1
Oct 31 15:25:05.157091: | XXX: processor 'Informational Request' for #1 deleted state MD.ST
Oct 31 15:25:05.157093: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904)
Oct 31 15:25:05.157096: | in statetime_stop() and could not find #1
Oct 31 15:25:05.157099: | processing: STOP state #0 (in process_md() at demux.c:287)
Oct 31 15:25:05.157102: | delref mdp@0x555670530de8(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:25:05.157105: | delref logger@0x55567052a798(1->0) (in handle_packet_cb() at demux.c:318)
Oct 31 15:25:05.157108: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:05.157110: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:05.157117: | spent 0.394 (0.404) milliseconds in handle_packet_cb() reading and processing packet
Oct 31 15:25:05.157124: | processing signal PLUTO_SIGCHLD
Oct 31 15:25:05.157130: | waitpid returned ECHILD (no child processes left)
Oct 31 15:25:05.157134: | spent 0.00548 (0.00547) milliseconds in signal handler PLUTO_SIGCHLD
Oct 31 15:25:05.620270: | newref struct fd@0x55567051b1d8(0->1) (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:05.620293: | fd_accept: new fd-fd@0x55567051b1d8 (in whack_handle_cb() at rcv_whack.c:869)
Oct 31 15:25:05.621197: shutting down
Oct 31 15:25:05.621232: | leaking fd-fd@0x55567051b1d8's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889)
Oct 31 15:25:05.621238: | delref fd@0x55567051b1d8(1->0) (in whack_handle_cb() at rcv_whack.c:895)
Oct 31 15:25:05.621242: | freeref fd-fd@0x55567051b1d8 (in whack_handle_cb() at rcv_whack.c:895)
Oct 31 15:25:05.621256: | shutting down helper thread 4
Oct 31 15:25:05.621301: | helper thread 4 exited
Oct 31 15:25:05.621313: | shutting down helper thread 5
Oct 31 15:25:05.621334: | helper thread 5 exited
Oct 31 15:25:05.621343: | shutting down helper thread 6
Oct 31 15:25:05.621363: | helper thread 6 exited
Oct 31 15:25:05.621379: | shutting down helper thread 7
Oct 31 15:25:05.621409: | helper thread 7 exited
Oct 31 15:25:05.621421: | shutting down helper thread 1
Oct 31 15:25:05.621444: | helper thread 1 exited
Oct 31 15:25:05.621454: | shutting down helper thread 2
Oct 31 15:25:05.621469: | helper thread 2 exited
Oct 31 15:25:05.621487: | shutting down helper thread 3
Oct 31 15:25:05.621501: | helper thread 3 exited
Oct 31 15:25:05.621507: 7 helper threads shutdown
Oct 31 15:25:05.621511: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127)
Oct 31 15:25:05.621514: | certs and keys locked by 'free_preshared_secrets'
Oct 31 15:25:05.621516: forgetting secrets
Oct 31 15:25:05.621533: | certs and keys unlocked by 'free_preshared_secrets'
Oct 31 15:25:05.621538: | delref pkp@0x55567052dc58(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:25:05.621541: | delref pkp@0x55567052ebb8(1->0) (in free_public_keyentry() at secrets.c:1591)
Oct 31 15:25:05.621545: | deleting states for connection - including all other IPsec SA's of this IKE SA
Oct 31 15:25:05.621548: | pass 0
Oct 31 15:25:05.621549: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:25:05.621551: | pass 1
Oct 31 15:25:05.621552: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
Oct 31 15:25:05.621562: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.254/32:0 --0->- 192.0.2.0/24:0
Oct 31 15:25:05.621570: | netlink_shunt_eroute for proto 0, and source 192.0.3.254/32:0 dest 192.0.2.0/24:0
Oct 31 15:25:05.621573: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:05.622521: | priority calculation of connection "north-east" is 2080718 (0x1fbfce)
Oct 31 15:25:05.622547: | FOR_EACH_CONNECTION_... in route_owner
Oct 31 15:25:05.622553: |  conn north-east mark 0/00000000, 0/00000000 vs
Oct 31 15:25:05.622556: |  conn north-east mark 0/00000000, 0/00000000
Oct 31 15:25:05.622560: | route owner of "north-east" unrouted: NULL
Oct 31 15:25:05.622562: | running updown command "ipsec _updown" for verb unroute 
Oct 31 15:25:05.622565: | command executing unroute-client
Oct 31 15:25:05.622593: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'...
Oct 31 15:25:05.622597: | popen cmd is 1081 chars long
Oct 31 15:25:05.622600: | cmd(   0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL:
Oct 31 15:25:05.622605: | cmd(  80):UTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT:
Oct 31 15:25:05.622608: | cmd( 160):_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='19:
Oct 31 15:25:05.622611: | cmd( 240):2.0.3.254/32' PLUTO_MY_CLIENT_NET='192.0.3.254' PLUTO_MY_CLIENT_MASK='255.255.25:
Oct 31 15:25:05.622613: | cmd( 320):5.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_T:
Oct 31 15:25:05.622616: | cmd( 400):YPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.:
Oct 31 15:25:05.622618: | cmd( 480):0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.:
Oct 31 15:25:05.622620: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr:
Oct 31 15:25:05.622623: | cmd( 640):m' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_AL:
Oct 31 15:25:05.622626: | cmd( 720):LOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN:
Oct 31 15:25:05.622631: | cmd( 800):_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='':
Oct 31 15:25:05.622634: | cmd( 880): PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_C:
Oct 31 15:25:05.622636: | cmd( 960):LIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' :
Oct 31 15:25:05.622639: | cmd(1040):SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1:
Oct 31 15:25:05.643511: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643532: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643536: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643546: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643557: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643570: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643587: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643600: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643613: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643626: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643638: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643654: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643668: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643682: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643710: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643746: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.643758: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644112: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644150: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644248: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644294: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644329: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644357: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644366: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644380: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644393: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.644409: unroute-client output: Error: Peer netns reference is invalid.
Oct 31 15:25:05.657744: | addref fd@NULL (in clone_logger() at log.c:809)
Oct 31 15:25:05.657759: | addref fd@NULL (in clone_logger() at log.c:810)
Oct 31 15:25:05.657765: | newref clone logger@0x55567051b168(0->1) (in clone_logger() at log.c:817)
Oct 31 15:25:05.657772: | delref hp@0x55567052b3a8(1->0) (in delete_oriented_hp() at hostpair.c:360)
Oct 31 15:25:05.657775: | flush revival: connection 'north-east' wasn't on the list
Oct 31 15:25:05.657778: | delref vip@NULL (in discard_connection() at connections.c:262)
Oct 31 15:25:05.657781: | delref vip@NULL (in discard_connection() at connections.c:263)
Oct 31 15:25:05.657791: | Connection DB: deleting connection $1
Oct 31 15:25:05.657795: | delref logger@0x55567051b168(1->0) (in delete_connection() at connections.c:214)
Oct 31 15:25:05.657797: | delref fd@NULL (in free_logger() at log.c:853)
Oct 31 15:25:05.657799: | delref fd@NULL (in free_logger() at log.c:854)
Oct 31 15:25:05.657802: | crl fetch request list locked by 'free_crl_fetch'
Oct 31 15:25:05.657804: | crl fetch request list unlocked by 'free_crl_fetch'
Oct 31 15:25:05.657808: | iface: marking eth1 dead
Oct 31 15:25:05.657810: | iface: marking eth0 dead
Oct 31 15:25:05.657812: | iface: marking lo dead
Oct 31 15:25:05.657814: | updating interfaces - listing interfaces that are going down
Oct 31 15:25:05.657824: shutting down interface lo 127.0.0.1:4500
Oct 31 15:25:05.657828: shutting down interface lo 127.0.0.1:500
Oct 31 15:25:05.657831: shutting down interface eth0 192.0.3.254:4500
Oct 31 15:25:05.657834: shutting down interface eth0 192.0.3.254:500
Oct 31 15:25:05.657837: shutting down interface eth1 192.1.3.33:4500
Oct 31 15:25:05.657840: shutting down interface eth1 192.1.3.33:500
Oct 31 15:25:05.657842: | updating interfaces - deleting the dead
Oct 31 15:25:05.657848: | FOR_EACH_STATE_... in delete_states_dead_interfaces
Oct 31 15:25:05.657857: | libevent_free: delref ptr-libevent@0x555670529d38
Oct 31 15:25:05.657860: | delref id@0x55567052df48(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657872: | libevent_free: delref ptr-libevent@0x555670523c08
Oct 31 15:25:05.657875: | delref id@0x55567052df48(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657882: | libevent_free: delref ptr-libevent@0x5556704e3d98
Oct 31 15:25:05.657885: | delref id@0x55567052deb8(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657891: | libevent_free: delref ptr-libevent@0x5556704dc548
Oct 31 15:25:05.657894: | delref id@0x55567052deb8(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657901: | libevent_free: delref ptr-libevent@0x5556704e3e98
Oct 31 15:25:05.657904: | delref id@0x55567052de28(3->2) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657910: | libevent_free: delref ptr-libevent@0x5556704e7298
Oct 31 15:25:05.657913: | delref id@0x55567052de28(2->1) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657918: | delref id@0x55567052de28(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657921: | delref id@0x55567052deb8(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657924: | delref id@0x55567052df48(1->0) (in release_iface_dev() at iface.c:125)
Oct 31 15:25:05.657926: | updating interfaces - checking orientation
Oct 31 15:25:05.657928: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
Oct 31 15:25:05.659732: | libevent_free: delref ptr-libevent@0x555670523cb8
Oct 31 15:25:05.659742: | free_event_entry: delref EVENT_NULL-pe@0x555670527178
Oct 31 15:25:05.659746: | libevent_free: delref ptr-libevent@0x5556704e7398
Oct 31 15:25:05.659748: | free_event_entry: delref EVENT_NULL-pe@0x555670523b98
Oct 31 15:25:05.659750: | libevent_free: delref ptr-libevent@0x5556704e7138
Oct 31 15:25:05.659752: | free_event_entry: delref EVENT_NULL-pe@0x555670521b78
Oct 31 15:25:05.659754: | global timer EVENT_REINIT_SECRET uninitialized
Oct 31 15:25:05.659756: | global timer EVENT_SHUNT_SCAN uninitialized
Oct 31 15:25:05.659757: | global timer EVENT_PENDING_DDNS uninitialized
Oct 31 15:25:05.659759: | global timer EVENT_PENDING_PHASE2 uninitialized
Oct 31 15:25:05.659760: | global timer EVENT_CHECK_CRLS uninitialized
Oct 31 15:25:05.659762: | global timer EVENT_REVIVE_CONNS uninitialized
Oct 31 15:25:05.659763: | global timer EVENT_FREE_ROOT_CERTS uninitialized
Oct 31 15:25:05.659764: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized
Oct 31 15:25:05.659766: | global timer EVENT_NAT_T_KEEPALIVE uninitialized
Oct 31 15:25:05.659769: | libevent_free: delref ptr-libevent@0x55567046eed8
Oct 31 15:25:05.659770: | signal event handler PLUTO_SIGCHLD uninstalled
Oct 31 15:25:05.659773: | libevent_free: delref ptr-libevent@0x555670479a78
Oct 31 15:25:05.659774: | signal event handler PLUTO_SIGTERM uninstalled
Oct 31 15:25:05.659776: | libevent_free: delref ptr-libevent@0x555670527398
Oct 31 15:25:05.659777: | signal event handler PLUTO_SIGHUP uninstalled
Oct 31 15:25:05.659779: | libevent_free: delref ptr-libevent@0x5556705275d8
Oct 31 15:25:05.659781: | signal event handler PLUTO_SIGSYS uninstalled
Oct 31 15:25:05.659782: | releasing event base
Oct 31 15:25:05.659793: | libevent_free: delref ptr-libevent@0x5556705274a8
Oct 31 15:25:05.659794: | libevent_free: delref ptr-libevent@0x5556705168e8
Oct 31 15:25:05.659797: | libevent_free: delref ptr-libevent@0x555670516898
Oct 31 15:25:05.659799: | libevent_free: delref ptr-libevent@0x5556704e9188
Oct 31 15:25:05.659802: | libevent_free: delref ptr-libevent@0x555670516a98
Oct 31 15:25:05.659804: | libevent_free: delref ptr-libevent@0x55567051ac18
Oct 31 15:25:05.659806: | libevent_free: delref ptr-libevent@0x55567051aa28
Oct 31 15:25:05.659807: | libevent_free: delref ptr-libevent@0x555670516ad8
Oct 31 15:25:05.659808: | libevent_free: delref ptr-libevent@0x55567051a838
Oct 31 15:25:05.659810: | libevent_free: delref ptr-libevent@0x55567051a1f8
Oct 31 15:25:05.659811: | libevent_free: delref ptr-libevent@0x55567052b598
Oct 31 15:25:05.659813: | libevent_free: delref ptr-libevent@0x55567052b558
Oct 31 15:25:05.659814: | libevent_free: delref ptr-libevent@0x55567052b518
Oct 31 15:25:05.659815: | libevent_free: delref ptr-libevent@0x55567052b4d8
Oct 31 15:25:05.659817: | libevent_free: delref ptr-libevent@0x55567052b498
Oct 31 15:25:05.659818: | libevent_free: delref ptr-libevent@0x55567052b458
Oct 31 15:25:05.659819: | libevent_free: delref ptr-libevent@0x55567050d068
Oct 31 15:25:05.659821: | libevent_free: delref ptr-libevent@0x555670527358
Oct 31 15:25:05.659822: | libevent_free: delref ptr-libevent@0x555670527318
Oct 31 15:25:05.659824: | libevent_free: delref ptr-libevent@0x55567051a878
Oct 31 15:25:05.659825: | libevent_free: delref ptr-libevent@0x555670527468
Oct 31 15:25:05.659826: | libevent_free: delref ptr-libevent@0x5556705271e8
Oct 31 15:25:05.659828: | libevent_free: delref ptr-libevent@0x5556704e8e68
Oct 31 15:25:05.659830: | libevent_free: delref ptr-libevent@0x5556704e8de8
Oct 31 15:25:05.659831: | libevent_free: delref ptr-libevent@0x5556704dfe48
Oct 31 15:25:05.659832: | releasing global libevent data
Oct 31 15:25:05.659834: | libevent_free: delref ptr-libevent@0x5556704e9128
Oct 31 15:25:05.659836: | libevent_free: delref ptr-libevent@0x555670479a18
Oct 31 15:25:05.659838: | libevent_free: delref ptr-libevent@0x5556704e9628
Oct 31 15:25:05.659876: leak detective found no leaks