Oct 31 15:24:58.204741: | newref logger@0x55777f335bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:24:58.204818: | delref logger@0x55777f335bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:24:58.204825: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:58.204828: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:58.204833: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:24:58.205018: Initializing NSS Oct 31 15:24:58.205024: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:24:58.244232: FIPS Mode: NO Oct 31 15:24:58.244247: NSS crypto library initialized Oct 31 15:24:58.244276: FIPS mode disabled for pluto daemon Oct 31 15:24:58.244279: FIPS HMAC integrity support [disabled] Oct 31 15:24:58.244359: libcap-ng support [enabled] Oct 31 15:24:58.244368: Linux audit support [enabled] Oct 31 15:24:58.244384: Linux audit activated Oct 31 15:24:58.244391: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2155718 Oct 31 15:24:58.244393: core dump dir: /tmp Oct 31 15:24:58.244395: secrets file: /etc/ipsec.secrets Oct 31 15:24:58.244396: leak-detective enabled Oct 31 15:24:58.244397: NSS crypto [enabled] Oct 31 15:24:58.244399: XAUTH PAM support [enabled] Oct 31 15:24:58.244474: | libevent is using pluto's memory allocator Oct 31 15:24:58.244481: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:24:58.244491: | libevent_malloc: newref ptr-libevent@0x55777f33a5d8 size 40 Oct 31 15:24:58.244495: | libevent_malloc: newref ptr-libevent@0x55777f3af688 size 40 Oct 31 15:24:58.244498: | libevent_malloc: newref ptr-libevent@0x55777f3b91d8 size 40 Oct 31 15:24:58.244499: | creating event base Oct 31 15:24:58.244501: | libevent_malloc: newref ptr-libevent@0x55777f3bb828 size 56 Oct 31 15:24:58.244503: | libevent_malloc: newref ptr-libevent@0x55777f3b1fc8 size 664 Oct 31 15:24:58.244513: | libevent_malloc: newref ptr-libevent@0x55777f3e8718 size 24 Oct 31 15:24:58.244514: | libevent_malloc: newref ptr-libevent@0x55777f3e8768 size 384 Oct 31 15:24:58.244523: | libevent_malloc: newref ptr-libevent@0x55777f3e8918 size 16 Oct 31 15:24:58.244525: | libevent_malloc: newref ptr-libevent@0x55777f3b9158 size 40 Oct 31 15:24:58.244526: | libevent_malloc: newref ptr-libevent@0x55777f3bae48 size 48 Oct 31 15:24:58.244531: | libevent_realloc: newref ptr-libevent@0x55777f3deec8 size 256 Oct 31 15:24:58.244532: | libevent_malloc: newref ptr-libevent@0x55777f3e8958 size 16 Oct 31 15:24:58.244536: | libevent_free: delref ptr-libevent@0x55777f3bb828 Oct 31 15:24:58.244538: | libevent initialized Oct 31 15:24:58.244544: | libevent_realloc: newref ptr-libevent@0x55777f3bb828 size 64 Oct 31 15:24:58.244547: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:24:58.244551: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:24:58.244553: NAT-Traversal support [enabled] Oct 31 15:24:58.244555: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:24:58.244558: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:24:58.244560: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:24:58.244571: | checking IKEv1 state table Oct 31 15:24:58.244579: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:58.244581: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:24:58.244583: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:58.244585: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:24:58.244586: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:24:58.244588: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:24:58.244589: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:58.244591: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:58.244592: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:24:58.244598: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:24:58.244599: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:58.244601: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:24:58.244602: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:24:58.244604: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:58.244605: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:24:58.244606: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:58.244608: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:24:58.244609: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:58.244611: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:24:58.244612: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:24:58.244614: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:24:58.244615: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:24:58.244617: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:24:58.244618: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:24:58.244619: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:58.244621: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:24:58.244622: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:58.244624: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:58.244625: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:24:58.244627: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:24:58.244628: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:58.244629: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:24:58.244631: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:24:58.244632: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:24:58.244634: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:24:58.244635: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:24:58.244637: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:24:58.244638: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:24:58.244640: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:24:58.244641: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:24:58.244643: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:24:58.244644: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:24:58.244646: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:24:58.244647: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:24:58.244648: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:24:58.244650: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:24:58.244651: | INFO: category: informational; flags: 0: Oct 31 15:24:58.244653: | -> INFO EVENT_NULL (informational) Oct 31 15:24:58.244654: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:24:58.244656: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:24:58.244657: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244659: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:24:58.244660: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:24:58.244662: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:24:58.244663: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:24:58.244665: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:24:58.244666: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:24:58.244668: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:58.244669: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:24:58.244670: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:24:58.244672: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:24:58.244673: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:24:58.244675: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244676: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:24:58.244679: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:24:58.244680: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:24:58.244685: | checking IKEv2 state table Oct 31 15:24:58.244687: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244689: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:58.244691: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244693: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:24:58.244695: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244696: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:24:58.244698: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:24:58.244699: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:24:58.244701: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:24:58.244702: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:24:58.244710: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:24:58.244712: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:24:58.244714: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:58.244716: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:24:58.244717: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:24:58.244719: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:24:58.244720: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:24:58.244721: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:24:58.244723: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:24:58.244724: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:24:58.244726: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:24:58.244727: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:24:58.244729: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:24:58.244731: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:24:58.244732: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:24:58.244733: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:24:58.244735: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:24:58.244737: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244738: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:24:58.244740: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:24:58.244741: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:24:58.244743: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:24:58.244744: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:24:58.244746: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244747: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:24:58.244749: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:24:58.244751: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:24:58.244753: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:24:58.244754: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:24:58.244756: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:24:58.244757: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:24:58.244759: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:24:58.244760: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:24:58.244762: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:58.244763: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:24:58.244765: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:24:58.244767: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:24:58.244769: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:24:58.244771: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:24:58.244859: Encryption algorithms: Oct 31 15:24:58.244864: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:24:58.244871: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:24:58.244874: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:24:58.244876: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:24:58.244879: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:24:58.244882: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:24:58.244885: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:24:58.244888: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:24:58.244891: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:24:58.244893: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:24:58.244896: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:24:58.244899: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:24:58.244901: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:24:58.244904: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:24:58.244905: Hash algorithms: Oct 31 15:24:58.244907: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:24:58.244910: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:24:58.244912: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:24:58.244914: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:24:58.244916: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:24:58.244917: PRF algorithms: Oct 31 15:24:58.244920: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:24:58.244922: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:24:58.244924: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:24:58.244929: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:24:58.244931: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:24:58.244933: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:24:58.244934: Integrity algorithms: Oct 31 15:24:58.244937: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:24:58.244940: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:24:58.244942: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:24:58.244945: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:24:58.244948: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:24:58.244950: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:24:58.244953: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:24:58.244958: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:24:58.244960: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:24:58.244962: DH algorithms: Oct 31 15:24:58.244964: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:24:58.244966: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:24:58.244969: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:24:58.244976: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:24:58.244981: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:24:58.244984: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:24:58.244987: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:24:58.244991: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:24:58.244995: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:24:58.244999: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:24:58.245002: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:24:58.245004: testing CAMELLIA_CBC: Oct 31 15:24:58.245007: Camellia: 16 bytes with 128-bit key Oct 31 15:24:58.245061: Camellia: 16 bytes with 128-bit key Oct 31 15:24:58.245082: Camellia: 16 bytes with 256-bit key Oct 31 15:24:58.245102: Camellia: 16 bytes with 256-bit key Oct 31 15:24:58.245121: testing AES_GCM_16: Oct 31 15:24:58.245123: empty string Oct 31 15:24:58.245142: one block Oct 31 15:24:58.245167: two blocks Oct 31 15:24:58.245208: two blocks with associated data Oct 31 15:24:58.245247: testing AES_CTR: Oct 31 15:24:58.245252: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:24:58.245305: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:24:58.245352: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:24:58.245385: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:24:58.245407: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:24:58.245427: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:24:58.245468: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:24:58.245494: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:24:58.245514: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:24:58.245533: testing AES_CBC: Oct 31 15:24:58.245535: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:24:58.245553: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:24:58.245572: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:24:58.245592: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:24:58.245615: testing AES_XCBC: Oct 31 15:24:58.245617: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:24:58.245690: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:24:58.245767: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:24:58.245840: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:24:58.245913: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:24:58.245987: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:24:58.246063: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:24:58.246272: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:24:58.246433: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:24:58.246582: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:24:58.246727: testing HMAC_MD5: Oct 31 15:24:58.246730: RFC 2104: MD5_HMAC test 1 Oct 31 15:24:58.246837: RFC 2104: MD5_HMAC test 2 Oct 31 15:24:58.246928: RFC 2104: MD5_HMAC test 3 Oct 31 15:24:58.247077: 8 CPU cores online Oct 31 15:24:58.247081: starting up 7 helper threads Oct 31 15:24:58.247117: started thread for helper 0 Oct 31 15:24:58.247123: | starting helper thread 1 Oct 31 15:24:58.247129: seccomp security disabled for crypto helper 1 Oct 31 15:24:58.247137: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:24:58.247141: | helper thread 1 has nothing to do Oct 31 15:24:58.247144: started thread for helper 1 Oct 31 15:24:58.247162: started thread for helper 2 Oct 31 15:24:58.247167: | starting helper thread 3 Oct 31 15:24:58.247171: seccomp security disabled for crypto helper 3 Oct 31 15:24:58.247174: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:24:58.247177: | helper thread 3 has nothing to do Oct 31 15:24:58.247185: started thread for helper 3 Oct 31 15:24:58.247189: | starting helper thread 4 Oct 31 15:24:58.247192: seccomp security disabled for crypto helper 4 Oct 31 15:24:58.247195: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:24:58.247197: | helper thread 4 has nothing to do Oct 31 15:24:58.247213: started thread for helper 4 Oct 31 15:24:58.247255: started thread for helper 5 Oct 31 15:24:58.247279: started thread for helper 6 Oct 31 15:24:58.247329: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:24:58.247331: | starting helper thread 6 Oct 31 15:24:58.247386: seccomp security disabled for crypto helper 6 Oct 31 15:24:58.247386: | Hard-wiring algorithms Oct 31 15:24:58.247395: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:24:58.247402: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:24:58.247407: | helper thread 6 has nothing to do Oct 31 15:24:58.247419: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:24:58.247422: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:24:58.247424: | adding 3DES_CBC to kernel algorithm db Oct 31 15:24:58.247425: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:24:58.247427: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:24:58.247429: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:24:58.247433: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:24:58.247435: | adding AES_CTR to kernel algorithm db Oct 31 15:24:58.247437: | adding AES_CBC to kernel algorithm db Oct 31 15:24:58.247439: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:24:58.247441: | adding NULL to kernel algorithm db Oct 31 15:24:58.247443: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:24:58.247445: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:24:58.247447: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:24:58.247449: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:24:58.247450: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:24:58.247452: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:24:58.247454: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:24:58.247456: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:24:58.247458: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:24:58.247459: | adding NONE to kernel algorithm db Oct 31 15:24:58.247482: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:24:58.247487: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:24:58.247489: | setup kernel fd callback Oct 31 15:24:58.247492: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55777f3f5aa8 Oct 31 15:24:58.247494: | libevent_malloc: newref ptr-libevent@0x55777f3adfb8 size 128 Oct 31 15:24:58.247497: | libevent_malloc: newref ptr-libevent@0x55777f3ec6b8 size 16 Oct 31 15:24:58.247501: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55777f3f5b18 Oct 31 15:24:58.247503: | libevent_malloc: newref ptr-libevent@0x55777f3ae268 size 128 Oct 31 15:24:58.247504: | libevent_malloc: newref ptr-libevent@0x55777f3ec078 size 16 Oct 31 15:24:58.247638: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:24:58.247725: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:24:58.247922: | unbound context created - setting debug level to 5 Oct 31 15:24:58.247956: | /etc/hosts lookups activated Oct 31 15:24:58.247971: | /etc/resolv.conf usage activated Oct 31 15:24:58.248006: | outgoing-port-avoid set 0-65535 Oct 31 15:24:58.248021: | outgoing-port-permit set 32768-60999 Oct 31 15:24:58.248022: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:24:58.248024: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:24:58.248027: | Setting up events, loop start Oct 31 15:24:58.248029: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55777f3f9078 Oct 31 15:24:58.248031: | libevent_malloc: newref ptr-libevent@0x55777f3f5c38 size 128 Oct 31 15:24:58.248033: | libevent_malloc: newref ptr-libevent@0x55777f3eca98 size 16 Oct 31 15:24:58.248037: | libevent_realloc: newref ptr-libevent@0x55777f3f90e8 size 256 Oct 31 15:24:58.248039: | libevent_malloc: newref ptr-libevent@0x55777f3ec6f8 size 8 Oct 31 15:24:58.248041: | libevent_realloc: newref ptr-libevent@0x55777f3ed0e8 size 144 Oct 31 15:24:58.248042: | libevent_malloc: newref ptr-libevent@0x55777f340ed8 size 152 Oct 31 15:24:58.248045: | libevent_malloc: newref ptr-libevent@0x55777f3ec8a8 size 16 Oct 31 15:24:58.248048: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:24:58.248049: | libevent_malloc: newref ptr-libevent@0x55777f3f9218 size 8 Oct 31 15:24:58.248051: | libevent_malloc: newref ptr-libevent@0x55777f34aed8 size 152 Oct 31 15:24:58.248053: | signal event handler PLUTO_SIGTERM installed Oct 31 15:24:58.248054: | libevent_malloc: newref ptr-libevent@0x55777f3f9258 size 8 Oct 31 15:24:58.248056: | libevent_malloc: newref ptr-libevent@0x55777f3f9298 size 152 Oct 31 15:24:58.248058: | signal event handler PLUTO_SIGHUP installed Oct 31 15:24:58.248059: | libevent_malloc: newref ptr-libevent@0x55777f3f9368 size 8 Oct 31 15:24:58.248061: | libevent_realloc: delref ptr-libevent@0x55777f3ed0e8 Oct 31 15:24:58.248063: | libevent_realloc: newref ptr-libevent@0x55777f3f93a8 size 256 Oct 31 15:24:58.248064: | libevent_malloc: newref ptr-libevent@0x55777f3f94d8 size 152 Oct 31 15:24:58.248070: | signal event handler PLUTO_SIGSYS installed Oct 31 15:24:58.248392: | created addconn helper (pid:2155759) using fork+execve Oct 31 15:24:58.248413: | forked child 2155759 Oct 31 15:24:58.248431: | starting helper thread 7 Oct 31 15:24:58.248437: seccomp security disabled for crypto helper 7 Oct 31 15:24:58.248441: seccomp security disabled Oct 31 15:24:58.248442: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:24:58.248459: | helper thread 7 has nothing to do Oct 31 15:24:58.248679: | starting helper thread 2 Oct 31 15:24:58.248687: seccomp security disabled for crypto helper 2 Oct 31 15:24:58.248690: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:24:58.248692: | helper thread 2 has nothing to do Oct 31 15:24:58.262822: | newref struct fd@0x55777f3f9638(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.262833: | fd_accept: new fd-fd@0x55777f3f9638 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.262855: | whack: options (impair|debug) Oct 31 15:24:58.262864: | old debugging base+cpu-usage + none Oct 31 15:24:58.262868: | new debugging = base+cpu-usage Oct 31 15:24:58.262875: | delref fd@0x55777f3f9638(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.262882: | freeref fd-fd@0x55777f3f9638 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.262890: | spent 0.0692 (0.0753) milliseconds in whack Oct 31 15:24:58.274509: | newref struct fd@0x55777f3f9678(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.274524: | fd_accept: new fd-fd@0x55777f3f9678 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.274538: | whack: delete 'north-east' Oct 31 15:24:58.274541: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:58.274544: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:58.274545: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:58.274547: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:24:58.274550: | whack: connection 'north-east' Oct 31 15:24:58.274557: | addref fd@0x55777f3f9678(1->2) (in string_logger() at log.c:838) Oct 31 15:24:58.274564: | newref string logger@0x55777f3eceb8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:24:58.274568: | Connection DB: adding connection "north-east" $1 Oct 31 15:24:58.274574: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:58.274585: | added new connection north-east with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:58.274663: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:24:58.274668: | from whack: got --esp= Oct 31 15:24:58.274717: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:24:58.274770: | computed rsa CKAID Oct 31 15:24:58.274774: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:58.274777: | 88 aa 7c 5d Oct 31 15:24:58.274783: | keyid: *AQPl33O2P Oct 31 15:24:58.274785: | size: 274 Oct 31 15:24:58.274787: | n Oct 31 15:24:58.274789: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:58.274790: | starting helper thread 5 Oct 31 15:24:58.274792: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:58.274810: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:58.274812: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:58.274814: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:58.275143: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:58.275150: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:58.275158: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:58.275161: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:58.275163: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:58.275165: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:58.275167: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:58.275169: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:58.275172: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:58.275174: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:58.275176: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:58.275178: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:58.275181: | a5 99 Oct 31 15:24:58.275184: | e Oct 31 15:24:58.275186: | 03 Oct 31 15:24:58.275188: | CKAID Oct 31 15:24:58.275191: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:58.275193: | 88 aa 7c 5d Oct 31 15:24:58.275205: | saving left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d extracted from raw RSA public key Oct 31 15:24:58.275343: | spent 0.126 (0.126) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:58.275352: | no private key matching left CKAID 905dfca10868747c6f20d31b2d204b8f88aa7c5d: can't find the private key matching the NSS CKAID Oct 31 15:24:58.275356: | counting wild cards for @north is 0 Oct 31 15:24:58.275382: | computed rsa CKAID Oct 31 15:24:58.275386: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:58.275388: | 8a 82 25 f1 Oct 31 15:24:58.275394: | keyid: *AQO9bJbr3 Oct 31 15:24:58.275396: | size: 274 Oct 31 15:24:58.275399: | n Oct 31 15:24:58.275401: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:58.275404: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:58.275406: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:58.275408: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:58.275411: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:58.275413: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:58.275416: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:58.275418: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:58.275420: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:58.275423: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:58.275425: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:58.275428: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:58.275430: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:58.275432: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:58.275435: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:58.275437: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:58.275439: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:58.275443: | 48 ef Oct 31 15:24:58.275447: | e Oct 31 15:24:58.275449: | 03 Oct 31 15:24:58.275451: | CKAID Oct 31 15:24:58.275454: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:58.275455: | 8a 82 25 f1 Oct 31 15:24:58.275461: | saving right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 extracted from raw RSA public key Oct 31 15:24:58.275555: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:58.275870: | copying key using reference slot Oct 31 15:24:58.278102: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:58.278115: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:58.278125: | spent 2.5 (2.66) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:58.278133: connection "north-east": loaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:58.278141: | counting wild cards for @east is 0 Oct 31 15:24:58.278146: | updating connection from left.host_addr Oct 31 15:24:58.278151: | right host_nexthop 192.1.3.33 Oct 31 15:24:58.278153: | left host_port 500 Oct 31 15:24:58.278155: | updating connection from right.host_addr Oct 31 15:24:58.278159: | left host_nexthop 192.1.2.23 Oct 31 15:24:58.278161: | right host_port 500 Oct 31 15:24:58.278167: | orienting north-east Oct 31 15:24:58.278172: added IKEv2 connection "north-east" Oct 31 15:24:58.278185: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 Oct 31 15:24:58.278197: | 192.0.3.254/32===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:24:58.278265: | delref logger@0x55777f3eceb8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:24:58.278269: | delref fd@0x55777f3f9678(2->1) (in free_logger() at log.c:853) Oct 31 15:24:58.278271: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:58.278277: | delref fd@0x55777f3f9678(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.278286: | freeref fd-fd@0x55777f3f9678 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.278290: | spent 3.27 (3.79) milliseconds in whack Oct 31 15:24:58.274803: seccomp security disabled for crypto helper 5 Oct 31 15:24:58.278306: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:24:58.278309: | helper thread 5 has nothing to do Oct 31 15:24:58.278343: | newref struct fd@0x55777f3fcc28(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.278347: | fd_accept: new fd-fd@0x55777f3fcc28 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.278357: | whack: key Oct 31 15:24:58.278361: add keyid @north Oct 31 15:24:58.278363: | 01 03 e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab Oct 31 15:24:58.278366: | 7f ec 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 Oct 31 15:24:58.278368: | 93 9e 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 Oct 31 15:24:58.278370: | 01 03 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 Oct 31 15:24:58.278372: | 10 84 b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 Oct 31 15:24:58.278374: | f4 6b 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f Oct 31 15:24:58.278376: | 25 b4 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e Oct 31 15:24:58.278378: | c8 16 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 Oct 31 15:24:58.278380: | cc 92 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 Oct 31 15:24:58.278382: | 13 0f 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 Oct 31 15:24:58.278386: | 39 f9 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d Oct 31 15:24:58.278390: | 9e ca 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 Oct 31 15:24:58.278392: | ba 64 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 Oct 31 15:24:58.278394: | 9c 85 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 Oct 31 15:24:58.278396: | 61 eb 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 Oct 31 15:24:58.278398: | 83 c2 d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca Oct 31 15:24:58.278400: | f5 38 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 Oct 31 15:24:58.278403: | c7 5e a5 99 Oct 31 15:24:58.278418: | computed rsa CKAID Oct 31 15:24:58.278420: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:58.278423: | 88 aa 7c 5d Oct 31 15:24:58.278428: | keyid: *AQPl33O2P Oct 31 15:24:58.278430: | size: 274 Oct 31 15:24:58.278433: | n Oct 31 15:24:58.278435: | e5 df 73 b6 3e d5 36 a8 f1 3d 0d d3 02 ab 7f ec Oct 31 15:24:58.278437: | 4c 9e 8b 0e 0e d2 cf 0f 59 bf 6d 88 21 86 93 9e Oct 31 15:24:58.278439: | 10 34 af 2d cf b3 7e eb e5 b2 24 b2 a5 b0 01 03 Oct 31 15:24:58.278441: | 7d b5 96 ad 66 ee 48 c2 28 d9 9a 76 36 a9 10 84 Oct 31 15:24:58.278443: | b5 09 8f 17 4f 65 ce d8 2f 8e 78 80 8a 87 f4 6b Oct 31 15:24:58.278446: | 98 d9 91 94 6b 52 15 5b 9c 47 12 be d8 6f 25 b4 Oct 31 15:24:58.278448: | 65 38 7e e4 8d c7 f0 58 d3 9f 69 14 cc 3e c8 16 Oct 31 15:24:58.278453: | 1f af bb 5d 93 2b 33 39 0e 94 55 81 f4 b3 cc 92 Oct 31 15:24:58.278455: | 58 6e 4a 5a 4e c3 76 ab 04 2e 11 08 06 55 13 0f Oct 31 15:24:58.278457: | 02 6c dd d1 bc c0 b8 8d 65 f5 97 ed fc 18 39 f9 Oct 31 15:24:58.278459: | 55 ab fa 0d c5 49 99 7f 1b cf c3 de 99 7d 9e ca Oct 31 15:24:58.278461: | 6f 9e 14 d6 5a ff de d6 4f 57 6a 83 ab 51 ba 64 Oct 31 15:24:58.278463: | 74 e0 22 e9 9a c5 10 71 bb d4 eb a4 99 28 9c 85 Oct 31 15:24:58.278466: | 0e 31 ea cc ab ef 98 84 3f 59 c1 75 aa b3 61 eb Oct 31 15:24:58.278468: | 61 8c 58 a5 92 25 84 ad c7 79 f3 87 d0 c7 83 c2 Oct 31 15:24:58.278470: | d6 8a fe 26 9d 2a ff b1 dd 9b 89 21 7c ca f5 38 Oct 31 15:24:58.278472: | 2d 3f 64 0c 41 9c 34 e9 b2 55 0f 82 1a b3 c7 5e Oct 31 15:24:58.278474: | a5 99 Oct 31 15:24:58.278476: | e Oct 31 15:24:58.278478: | 03 Oct 31 15:24:58.278480: | CKAID Oct 31 15:24:58.278483: | 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Oct 31 15:24:58.278485: | 88 aa 7c 5d Oct 31 15:24:58.278488: | newref struct pubkey@0x55777f400aa8(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:58.278492: | addref pk@0x55777f400aa8(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:58.278495: | delref pkp@0x55777f400aa8(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:58.278499: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:58.278561: | spent 0.0602 (0.06) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:58.278565: | no private key: can't find the private key matching the NSS CKAID Oct 31 15:24:58.278569: | delref fd@0x55777f3fcc28(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.278577: | freeref fd-fd@0x55777f3fcc28 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.278581: | spent 0.244 (0.244) milliseconds in whack Oct 31 15:24:58.278667: | newref struct fd@0x55777f3fcbb8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.278670: | fd_accept: new fd-fd@0x55777f3fcbb8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.278679: | whack: key Oct 31 15:24:58.278682: add keyid @east Oct 31 15:24:58.278685: | 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b Oct 31 15:24:58.278687: | e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 Oct 31 15:24:58.278689: | 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c Oct 31 15:24:58.278691: | 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 Oct 31 15:24:58.278693: | 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d Oct 31 15:24:58.278695: | d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 Oct 31 15:24:58.278698: | 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce Oct 31 15:24:58.278700: | 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e Oct 31 15:24:58.278702: | bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d Oct 31 15:24:58.278704: | ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce Oct 31 15:24:58.278706: | e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a Oct 31 15:24:58.278708: | 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 Oct 31 15:24:58.278711: | 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 Oct 31 15:24:58.278713: | 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 Oct 31 15:24:58.278715: | d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c Oct 31 15:24:58.278717: | 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 Oct 31 15:24:58.278719: | 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 Oct 31 15:24:58.278721: | 51 51 48 ef Oct 31 15:24:58.278729: | computed rsa CKAID Oct 31 15:24:58.278732: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:58.278734: | 8a 82 25 f1 Oct 31 15:24:58.278739: | keyid: *AQO9bJbr3 Oct 31 15:24:58.278741: | size: 274 Oct 31 15:24:58.278743: | n Oct 31 15:24:58.278745: | bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b e5 16 Oct 31 15:24:58.278748: | c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 85 7a Oct 31 15:24:58.278750: | e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c 78 ca Oct 31 15:24:58.278752: | 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 21 c9 Oct 31 15:24:58.278757: | f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d d2 67 Oct 31 15:24:58.278759: | 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 62 cd Oct 31 15:24:58.278761: | 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce 62 b5 Oct 31 15:24:58.278763: | af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e bb 23 Oct 31 15:24:58.278765: | 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d ac 47 Oct 31 15:24:58.278768: | f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce e0 98 Oct 31 15:24:58.278770: | 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a 92 b8 Oct 31 15:24:58.278772: | 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 4d 58 Oct 31 15:24:58.278774: | 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 5f 56 Oct 31 15:24:58.278776: | 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 d5 f1 Oct 31 15:24:58.278778: | 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c 47 cc Oct 31 15:24:58.278781: | 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 07 8f Oct 31 15:24:58.278783: | 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 51 51 Oct 31 15:24:58.278785: | 48 ef Oct 31 15:24:58.278787: | e Oct 31 15:24:58.278789: | 03 Oct 31 15:24:58.278791: | CKAID Oct 31 15:24:58.278794: | 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Oct 31 15:24:58.278796: | 8a 82 25 f1 Oct 31 15:24:58.278799: | newref struct pubkey@0x55777f3ffb48(0->1) (in add_public_key() at secrets.c:1716) Oct 31 15:24:58.278802: | addref pk@0x55777f3ffb48(1->2) (in add_public_key() at secrets.c:1718) Oct 31 15:24:58.278805: | delref pkp@0x55777f3ffb48(2->1) (in key_add_request() at rcv_whack.c:341) Oct 31 15:24:58.278809: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:58.278811: | matched Oct 31 15:24:58.278813: | secrets entry for ckaid already exists Oct 31 15:24:58.278818: | spent 0.00808 (0.00798) milliseconds in preload_private_key_by_ckaid() loading private key using CKAID Oct 31 15:24:58.278821: | delref fd@0x55777f3fcbb8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.278827: | freeref fd-fd@0x55777f3fcbb8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.278831: | spent 0.169 (0.169) milliseconds in whack Oct 31 15:24:58.278867: | newref struct fd@0x55777f3f69b8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.278870: | fd_accept: new fd-fd@0x55777f3f69b8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.278878: | whack: listen Oct 31 15:24:58.278881: listening for IKE messages Oct 31 15:24:58.279495: | Inspecting interface lo Oct 31 15:24:58.279509: | found lo with address 127.0.0.1 Oct 31 15:24:58.279512: | Inspecting interface eth0 Oct 31 15:24:58.279516: | found eth0 with address 192.0.2.254 Oct 31 15:24:58.279521: | Inspecting interface eth1 Oct 31 15:24:58.279525: | found eth1 with address 192.1.2.23 Oct 31 15:24:58.279535: | newref struct iface_dev@0x55777f400d48(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:58.279618: Kernel supports NIC esp-hw-offload Oct 31 15:24:58.279630: | iface: marking eth1 add Oct 31 15:24:58.279635: | newref struct iface_dev@0x55777f3ffc98(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:58.279639: | iface: marking eth0 add Oct 31 15:24:58.279642: | newref struct iface_dev@0x55777f3ffd88(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:24:58.279647: | iface: marking lo add Oct 31 15:24:58.279739: | no interfaces to sort Oct 31 15:24:58.279758: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:24:58.279774: | addref ifd@0x55777f400d48(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:58.279779: adding UDP interface eth1 192.1.2.23:500 Oct 31 15:24:58.279794: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:24:58.279838: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:58.279842: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:58.279845: | addref ifd@0x55777f400d48(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:58.279849: adding UDP interface eth1 192.1.2.23:4500 Oct 31 15:24:58.279862: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:24:58.279871: | addref ifd@0x55777f3ffc98(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:58.279879: adding UDP interface eth0 192.0.2.254:500 Oct 31 15:24:58.279891: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:24:58.279897: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:58.279900: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:58.279903: | addref ifd@0x55777f3ffc98(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:58.279906: adding UDP interface eth0 192.0.2.254:4500 Oct 31 15:24:58.279920: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:24:58.279931: | addref ifd@0x55777f3ffd88(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:24:58.279935: adding UDP interface lo 127.0.0.1:500 Oct 31 15:24:58.279950: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:24:58.279958: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:24:58.279962: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:24:58.279965: | addref ifd@0x55777f3ffd88(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:24:58.279969: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:24:58.279974: | updating interfaces - listing interfaces that are going down Oct 31 15:24:58.279977: | updating interfaces - checking orientation Oct 31 15:24:58.279979: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:24:58.279983: | orienting north-east Oct 31 15:24:58.279988: | north-east doesn't match 127.0.0.1:4500 at all Oct 31 15:24:58.279993: | north-east doesn't match 127.0.0.1:500 at all Oct 31 15:24:58.279997: | north-east doesn't match 192.0.2.254:4500 at all Oct 31 15:24:58.280001: | north-east doesn't match 192.0.2.254:500 at all Oct 31 15:24:58.280005: | north-east doesn't match 192.1.2.23:4500 at all Oct 31 15:24:58.280008: | oriented north-east's that Oct 31 15:24:58.280011: | swapping ends so that that is this Oct 31 15:24:58.280018: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Oct 31 15:24:58.280027: | newref hp@0x55777f3fd358(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:24:58.280054: | libevent_malloc: newref ptr-libevent@0x55777f3fbc78 size 128 Oct 31 15:24:58.280058: | libevent_malloc: newref ptr-libevent@0x55777f3fd408 size 16 Oct 31 15:24:58.280067: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP Oct 31 15:24:58.280069: | libevent_malloc: newref ptr-libevent@0x55777f3f5b88 size 128 Oct 31 15:24:58.280071: | libevent_malloc: newref ptr-libevent@0x55777f3fd448 size 16 Oct 31 15:24:58.280076: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP Oct 31 15:24:58.280078: | libevent_malloc: newref ptr-libevent@0x55777f3b56c8 size 128 Oct 31 15:24:58.280080: | libevent_malloc: newref ptr-libevent@0x55777f3fd488 size 16 Oct 31 15:24:58.280085: | setup callback for interface eth0 192.0.2.254:4500 fd 21 on UDP Oct 31 15:24:58.280087: | libevent_malloc: newref ptr-libevent@0x55777f3b58c8 size 128 Oct 31 15:24:58.280089: | libevent_malloc: newref ptr-libevent@0x55777f3fd4c8 size 16 Oct 31 15:24:58.280094: | setup callback for interface eth0 192.0.2.254:500 fd 20 on UDP Oct 31 15:24:58.280096: | libevent_malloc: newref ptr-libevent@0x55777f3b57c8 size 128 Oct 31 15:24:58.280098: | libevent_malloc: newref ptr-libevent@0x55777f3fd508 size 16 Oct 31 15:24:58.280102: | setup callback for interface eth1 192.1.2.23:4500 fd 19 on UDP Oct 31 15:24:58.280104: | libevent_malloc: newref ptr-libevent@0x55777f3ae168 size 128 Oct 31 15:24:58.280107: | libevent_malloc: newref ptr-libevent@0x55777f3fd548 size 16 Oct 31 15:24:58.280113: | setup callback for interface eth1 192.1.2.23:500 fd 18 on UDP Oct 31 15:24:58.284307: | no stale xfrmi interface 'ipsec1' found Oct 31 15:24:58.284321: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:24:58.284323: forgetting secrets Oct 31 15:24:58.284351: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:24:58.284381: loading secrets from "/etc/ipsec.secrets" Oct 31 15:24:58.284412: no secrets filename matched "/etc/ipsec.d/*.secrets" Oct 31 15:24:58.284426: | old food groups: Oct 31 15:24:58.284434: | new food groups: Oct 31 15:24:58.284441: | delref fd@0x55777f3f69b8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.284449: | freeref fd-fd@0x55777f3f69b8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.284457: | spent 1.45 (5.59) milliseconds in whack Oct 31 15:24:58.284527: | newref struct fd@0x55777f3fcbb8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.284532: | fd_accept: new fd-fd@0x55777f3fcbb8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:24:58.284542: | whack: route Oct 31 15:24:58.284545: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:24:58.284551: | could_route called for north-east; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:58.284556: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:58.284559: | conn north-east mark 0/00000000, 0/00000000 vs Oct 31 15:24:58.284562: | conn north-east mark 0/00000000, 0/00000000 Oct 31 15:24:58.284566: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Oct 31 15:24:58.284569: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:58.284572: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:58.284575: | conn north-east mark 0/00000000, 0/00000000 vs Oct 31 15:24:58.284578: | conn north-east mark 0/00000000, 0/00000000 Oct 31 15:24:58.284581: | route owner of "north-east" unrouted: NULL; eroute owner: NULL Oct 31 15:24:58.284584: | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #0 Oct 31 15:24:58.284592: | shunt_eroute() called for connection 'north-east' to 'add' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.254/32:0 Oct 31 15:24:58.284600: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.254/32:0 Oct 31 15:24:58.284606: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:24:58.284615: | IPsec SA SPD priority set to 2084798 Oct 31 15:24:58.284851: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:24:58.284857: | route_and_eroute: firewall_notified: true Oct 31 15:24:58.284860: | running updown command "ipsec _updown" for verb prepare Oct 31 15:24:58.284863: | command executing prepare-client Oct 31 15:24:58.284893: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'... Oct 31 15:24:58.284897: | popen cmd is 1081 chars long Oct 31 15:24:58.284900: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Oct 31 15:24:58.284902: | cmd( 80):UTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT: Oct 31 15:24:58.284905: | cmd( 160):_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192: Oct 31 15:24:58.284907: | cmd( 240):.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' : Oct 31 15:24:58.284909: | cmd( 320):PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='no: Oct 31 15:24:58.284912: | cmd( 400):ne' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.25: Oct 31 15:24:58.284917: | cmd( 480):4/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.25: Oct 31 15:24:58.284920: | cmd( 560):5' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:24:58.284922: | cmd( 640):m' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_AL: Oct 31 15:24:58.284924: | cmd( 720):LOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN: Oct 31 15:24:58.284929: | cmd( 800):_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='': Oct 31 15:24:58.284933: | cmd( 880): PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_C: Oct 31 15:24:58.284935: | cmd( 960):LIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' : Oct 31 15:24:58.284938: | cmd(1040):SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:58.312008: | running updown command "ipsec _updown" for verb route Oct 31 15:24:58.312021: | command executing route-client Oct 31 15:24:58.312058: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI... Oct 31 15:24:58.312064: | popen cmd is 1079 chars long Oct 31 15:24:58.312068: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: Oct 31 15:24:58.312071: | cmd( 80):O_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_H: Oct 31 15:24:58.312074: | cmd( 160):OP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0: Oct 31 15:24:58.312077: | cmd( 240):.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Oct 31 15:24:58.312080: | cmd( 320):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none: Oct 31 15:24:58.312082: | cmd( 400):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/: Oct 31 15:24:58.312085: | cmd( 480):32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255': Oct 31 15:24:58.312088: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:24:58.312091: | cmd( 640): PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLO: Oct 31 15:24:58.312093: | cmd( 720):W+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_A: Oct 31 15:24:58.312096: | cmd( 800):DDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' P: Oct 31 15:24:58.312098: | cmd( 880):LUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLI: Oct 31 15:24:58.312101: | cmd( 960):ENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SP: Oct 31 15:24:58.312104: | cmd(1040):I_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:24:58.336456: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336484: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336490: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336493: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336503: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336507: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336510: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336514: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336517: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336519: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336522: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336525: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336536: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336542: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336547: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336551: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336557: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336562: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336568: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336572: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336576: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336579: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336581: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336584: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336587: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.336589: route-client output: Error: Peer netns reference is invalid. Oct 31 15:24:58.348465: | delref fd@0x55777f3fcbb8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.348491: | freeref fd-fd@0x55777f3fcbb8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:24:58.348502: | spent 0.655 (64) milliseconds in whack Oct 31 15:24:58.348517: | processing signal PLUTO_SIGCHLD Oct 31 15:24:58.348524: | waitpid returned nothing left to do (all child processes are busy) Oct 31 15:24:58.348529: | spent 0.00569 (0.00552) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:58.348532: | processing signal PLUTO_SIGCHLD Oct 31 15:24:58.348535: | waitpid returned nothing left to do (all child processes are busy) Oct 31 15:24:58.348539: | spent 0.00336 (0.00337) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:58.349071: | processing signal PLUTO_SIGCHLD Oct 31 15:24:58.349087: | waitpid returned pid 2155759 (exited with status 0) Oct 31 15:24:58.349092: | reaped addconn helper child (status 0) Oct 31 15:24:58.349097: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:58.349102: | spent 0.0226 (0.0223) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:24:59.722784: | spent 0.00257 (0.00246) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.722802: | newref struct msg_digest@0x55777f401018(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.722807: | newref alloc logger@0x55777f3f9c08(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.722814: | *received 842 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:59.722817: | 2d 44 07 32 81 17 ab 77 00 00 00 00 00 00 00 00 Oct 31 15:24:59.722819: | 21 20 22 08 00 00 00 00 00 00 03 4a 22 00 01 b4 Oct 31 15:24:59.722822: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:24:59.722824: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:24:59.722826: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:24:59.722828: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:24:59.722830: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:24:59.722833: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:24:59.722835: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:24:59.722842: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:24:59.722845: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:24:59.722847: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:24:59.722849: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:24:59.722851: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:24:59.722853: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:24:59.722856: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:24:59.722858: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:24:59.722860: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:24:59.722862: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:24:59.722864: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:24:59.722867: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:24:59.722869: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:24:59.722871: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:24:59.722873: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:24:59.722875: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:24:59.722877: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:24:59.722880: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:24:59.722882: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:24:59.722884: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:24:59.722886: | 28 00 01 08 00 0e 00 00 8b 54 3a 84 05 ff 87 42 Oct 31 15:24:59.722888: | 46 df 06 e1 2e 7c 65 17 3d ca 97 2d 73 ef 47 0a Oct 31 15:24:59.722890: | b5 fc f2 81 99 58 f0 0c 7d e7 96 60 70 7e 22 06 Oct 31 15:24:59.722892: | b6 f0 a9 f4 27 32 98 11 8d a5 ee 52 44 c0 ff 95 Oct 31 15:24:59.722894: | b1 30 5c 17 ad 2c fa 8b 0f cc 42 9b 45 65 b4 9d Oct 31 15:24:59.722896: | 80 4f 3b 1c 14 18 35 bb b5 d8 1d 2e 3b ad c8 1e Oct 31 15:24:59.722898: | 35 34 3b b6 c5 ad bd e6 33 58 29 9b 9e e9 da aa Oct 31 15:24:59.722900: | 94 61 9f 03 06 80 bc 72 a1 86 65 13 1a d8 b5 04 Oct 31 15:24:59.722903: | 6e c6 aa bc e1 c1 01 ec 1e 99 ca 78 0c b0 75 e1 Oct 31 15:24:59.722905: | 67 f0 f3 0a 79 de 82 d9 69 83 15 8c 26 38 4d f6 Oct 31 15:24:59.722907: | fd 7c 49 52 0a ab 7c 0c a6 5a 4d 43 4b 0f 32 84 Oct 31 15:24:59.722910: | 07 19 83 19 28 ae 2a 6b 43 85 50 fd 35 fa 62 4e Oct 31 15:24:59.722912: | 41 1d 35 fd 10 9a 19 72 77 19 a3 02 55 c0 89 89 Oct 31 15:24:59.722914: | d7 54 e6 54 24 61 9a 9a 2f b1 27 6f 5a 0a 90 9d Oct 31 15:24:59.722916: | e3 65 49 c8 ce 90 29 04 f3 ba 60 bc de a4 4f cf Oct 31 15:24:59.722918: | 3f 7f 82 23 5d 24 e9 3f e2 c8 be 4c 02 74 2a d2 Oct 31 15:24:59.722920: | 33 de f1 b1 79 47 4f f9 29 00 00 24 62 a4 bc 83 Oct 31 15:24:59.722922: | 78 ff dd 61 7e 95 ad bf 26 97 98 8f b1 fd bd eb Oct 31 15:24:59.722924: | 9d 53 2d f9 cf 67 f6 47 e7 59 f9 cd 29 00 00 08 Oct 31 15:24:59.722926: | 00 00 40 2e 29 00 00 0e 00 00 40 2f 00 02 00 03 Oct 31 15:24:59.722928: | 00 04 29 00 00 1c 00 00 40 04 73 20 64 2f f7 26 Oct 31 15:24:59.722931: | 69 e9 7a d4 7a 1b b2 e1 74 ef 93 05 76 77 00 00 Oct 31 15:24:59.722933: | 00 1c 00 00 40 05 d6 0e 72 f3 6f 4d c2 4a 8e bb Oct 31 15:24:59.722935: | af b3 b5 28 88 09 af f1 ad bc Oct 31 15:24:59.722943: | **parse ISAKMP Message: Oct 31 15:24:59.722948: | initiator SPI: 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.722953: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:24:59.722955: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:59.722958: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.722960: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:59.722964: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.722968: | Message ID: 0 (00 00 00 00) Oct 31 15:24:59.722972: | length: 842 (00 00 03 4a) Oct 31 15:24:59.722979: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:24:59.722983: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request Oct 31 15:24:59.722987: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi) Oct 31 15:24:59.722989: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:59.722993: | ***parse IKEv2 Security Association Payload: Oct 31 15:24:59.722996: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:24:59.722998: | flags: none (0x0) Oct 31 15:24:59.723001: | length: 436 (01 b4) Oct 31 15:24:59.723004: | processing payload: ISAKMP_NEXT_v2SA (len=432) Oct 31 15:24:59.723006: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:24:59.723009: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:24:59.723012: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:24:59.723014: | flags: none (0x0) Oct 31 15:24:59.723017: | length: 264 (01 08) Oct 31 15:24:59.723020: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.723022: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:24:59.723024: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:24:59.723027: | ***parse IKEv2 Nonce Payload: Oct 31 15:24:59.723029: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.723032: | flags: none (0x0) Oct 31 15:24:59.723035: | length: 36 (00 24) Oct 31 15:24:59.723037: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:24:59.723039: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.723042: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.723044: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.723046: | flags: none (0x0) Oct 31 15:24:59.723049: | length: 8 (00 08) Oct 31 15:24:59.723052: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.723054: | SPI size: 0 (00) Oct 31 15:24:59.723057: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:59.723060: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:24:59.723063: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.723065: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.723067: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.723070: | flags: none (0x0) Oct 31 15:24:59.723073: | length: 14 (00 0e) Oct 31 15:24:59.723075: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.723077: | SPI size: 0 (00) Oct 31 15:24:59.723080: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:59.723082: | processing payload: ISAKMP_NEXT_v2N (len=6) Oct 31 15:24:59.723085: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.723087: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.723089: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:24:59.723092: | flags: none (0x0) Oct 31 15:24:59.723095: | length: 28 (00 1c) Oct 31 15:24:59.723097: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.723100: | SPI size: 0 (00) Oct 31 15:24:59.723102: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:59.723105: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:59.723107: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:24:59.723109: | ***parse IKEv2 Notify Payload: Oct 31 15:24:59.723112: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.723114: | flags: none (0x0) Oct 31 15:24:59.723117: | length: 28 (00 1c) Oct 31 15:24:59.723119: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.723122: | SPI size: 0 (00) Oct 31 15:24:59.723124: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:59.723126: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:24:59.723129: | DDOS disabled and no cookie sent, continuing Oct 31 15:24:59.723626: | looking for message matching transition from STATE_PARENT_R0 Oct 31 15:24:59.723635: | trying Respond to IKE_SA_INIT Oct 31 15:24:59.723639: | matched unencrypted message Oct 31 15:24:59.723648: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=ECDSA+IKEV2_ALLOW but ignoring ports Oct 31 15:24:59.723655: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:59.723659: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:59.723663: | found policy = RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 (north-east) Oct 31 15:24:59.723666: | find_next_host_connection returns "north-east" Oct 31 15:24:59.723669: | find_next_host_connection policy=ECDSA+IKEV2_ALLOW Oct 31 15:24:59.723671: | find_next_host_connection returns Oct 31 15:24:59.723674: | found connection: "north-east" with policy ECDSA+IKEV2_ALLOW Oct 31 15:24:59.723793: | newref alloc logger@0x55777f3ecfc8(0->1) (in new_state() at state.c:576) Oct 31 15:24:59.723799: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:59.723802: | creating state object #1 at 0x55777f402828 Oct 31 15:24:59.723804: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:24:59.723815: | pstats #1 ikev2.ike started Oct 31 15:24:59.723819: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA) Oct 31 15:24:59.723824: | #1.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (in new_v2_ike_state() at state.c:620) Oct 31 15:24:59.723832: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744574.156623 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744574.156623 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:24:59.723837: | orienting north-east Oct 31 15:24:59.723842: | north-east doesn't match 127.0.0.1:4500 at all Oct 31 15:24:59.723846: | north-east doesn't match 127.0.0.1:500 at all Oct 31 15:24:59.723850: | north-east doesn't match 192.0.2.254:4500 at all Oct 31 15:24:59.723853: | north-east doesn't match 192.0.2.254:500 at all Oct 31 15:24:59.723857: | north-east doesn't match 192.1.2.23:4500 at all Oct 31 15:24:59.723859: | oriented north-east's this Oct 31 15:24:59.723867: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1758) Oct 31 15:24:59.723874: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744574.156623 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:24:59.723877: | calling processor Respond to IKE_SA_INIT Oct 31 15:24:59.723888: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:59.723891: | constructing local IKE proposals for north-east (IKE SA responder matching remote proposals) Oct 31 15:24:59.723901: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:59.723911: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723915: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:59.723921: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723926: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:59.723931: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723936: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:24:59.723941: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723947: "north-east": local IKE proposals (IKE SA responder matching remote proposals): Oct 31 15:24:59.723953: "north-east": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723958: "north-east": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723963: "north-east": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723969: "north-east": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:24:59.723971: | comparing remote proposals against IKE responder 4 local proposals Oct 31 15:24:59.723976: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:59.723978: | local proposal 1 type PRF has 2 transforms Oct 31 15:24:59.723981: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:59.723983: | local proposal 1 type DH has 8 transforms Oct 31 15:24:59.723985: | local proposal 1 type ESN has 0 transforms Oct 31 15:24:59.723989: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:59.723992: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:59.723994: | local proposal 2 type PRF has 2 transforms Oct 31 15:24:59.723996: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:59.723999: | local proposal 2 type DH has 8 transforms Oct 31 15:24:59.724001: | local proposal 2 type ESN has 0 transforms Oct 31 15:24:59.724004: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:24:59.724006: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:59.724008: | local proposal 3 type PRF has 2 transforms Oct 31 15:24:59.724011: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:59.724013: | local proposal 3 type DH has 8 transforms Oct 31 15:24:59.724015: | local proposal 3 type ESN has 0 transforms Oct 31 15:24:59.724018: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:59.724021: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:59.724023: | local proposal 4 type PRF has 2 transforms Oct 31 15:24:59.724025: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:59.724028: | local proposal 4 type DH has 8 transforms Oct 31 15:24:59.724030: | local proposal 4 type ESN has 0 transforms Oct 31 15:24:59.724033: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:24:59.724036: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.724039: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:59.724042: | length: 100 (00 64) Oct 31 15:24:59.724045: | prop #: 1 (01) Oct 31 15:24:59.724047: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:59.724050: | spi size: 0 (00) Oct 31 15:24:59.724053: | # transforms: 11 (0b) Oct 31 15:24:59.724056: | Comparing remote proposal 1 containing 11 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:59.724059: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.724065: | length: 12 (00 0c) Oct 31 15:24:59.724068: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.724070: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:59.724073: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.724075: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.724078: | length/value: 256 (01 00) Oct 31 15:24:59.724083: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:59.724086: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724090: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.724093: | length: 8 (00 08) Oct 31 15:24:59.724095: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.724097: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:59.724101: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:24:59.724104: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0 Oct 31 15:24:59.724107: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0 Oct 31 15:24:59.724110: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0 Oct 31 15:24:59.724113: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724115: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.724118: | length: 8 (00 08) Oct 31 15:24:59.724120: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.724122: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:59.724125: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724128: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.724130: | length: 8 (00 08) Oct 31 15:24:59.724133: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.724135: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.724138: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:24:59.724142: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 2 type 4 (DH) transform 0 Oct 31 15:24:59.724145: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 3 type 4 (DH) transform 0 Oct 31 15:24:59.724148: | remote proposal 1 transform 3 (DH=MODP2048) matches local proposal 4 type 4 (DH) transform 0 Oct 31 15:24:59.724150: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724152: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.724249: | length: 8 (00 08) Oct 31 15:24:59.724302: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.724307: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:59.724961: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724966: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.724970: | length: 8 (00 08) Oct 31 15:24:59.724973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.724976: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:59.724979: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.724985: | length: 8 (00 08) Oct 31 15:24:59.724988: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.724991: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:59.724994: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.724997: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725000: | length: 8 (00 08) Oct 31 15:24:59.725002: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725005: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:59.725008: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725010: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725014: | length: 8 (00 08) Oct 31 15:24:59.725016: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725018: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:59.725022: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725025: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725028: | length: 8 (00 08) Oct 31 15:24:59.725031: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725033: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:59.725036: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725039: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.725044: | length: 8 (00 08) Oct 31 15:24:59.725046: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725049: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:59.725053: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:24:59.725058: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:24:59.725061: | remote proposal 1 matches local proposal 1 Oct 31 15:24:59.725065: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.725067: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:59.725071: | length: 100 (00 64) Oct 31 15:24:59.725073: | prop #: 2 (02) Oct 31 15:24:59.725076: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:59.725079: | spi size: 0 (00) Oct 31 15:24:59.725082: | # transforms: 11 (0b) Oct 31 15:24:59.725085: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:59.725088: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725091: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725094: | length: 12 (00 0c) Oct 31 15:24:59.725096: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.725098: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:59.725101: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.725104: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.725108: | length/value: 128 (00 80) Oct 31 15:24:59.725111: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725114: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725117: | length: 8 (00 08) Oct 31 15:24:59.725119: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.725121: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:59.725125: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725127: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725130: | length: 8 (00 08) Oct 31 15:24:59.725133: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.725135: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:59.725138: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725141: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725144: | length: 8 (00 08) Oct 31 15:24:59.725147: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725149: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.725152: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725155: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725158: | length: 8 (00 08) Oct 31 15:24:59.725160: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725163: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:59.725166: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725168: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725171: | length: 8 (00 08) Oct 31 15:24:59.725173: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725176: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:59.725324: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725330: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725603: | length: 8 (00 08) Oct 31 15:24:59.725609: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725612: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:59.725662: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725672: | length: 8 (00 08) Oct 31 15:24:59.725675: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725678: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:59.725681: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725690: | length: 8 (00 08) Oct 31 15:24:59.725693: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725695: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:59.725698: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725701: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725704: | length: 8 (00 08) Oct 31 15:24:59.725706: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725709: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:59.725712: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725715: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.725718: | length: 8 (00 08) Oct 31 15:24:59.725721: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725723: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:59.725727: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: none; unmatched: ENCR+PRF+DH Oct 31 15:24:59.725730: | remote proposal 2 does not match; unmatched remote transforms: ENCR+PRF+DH Oct 31 15:24:59.725734: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.725736: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:59.725739: | length: 116 (00 74) Oct 31 15:24:59.725742: | prop #: 3 (03) Oct 31 15:24:59.725791: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:59.725798: | spi size: 0 (00) Oct 31 15:24:59.725801: | # transforms: 13 (0d) Oct 31 15:24:59.725805: | Comparing remote proposal 3 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:59.725809: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725812: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725815: | length: 12 (00 0c) Oct 31 15:24:59.725817: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.725820: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.725823: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.725825: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.725828: | length/value: 256 (01 00) Oct 31 15:24:59.725832: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725834: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725838: | length: 8 (00 08) Oct 31 15:24:59.725840: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.725843: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:59.725846: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725849: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725852: | length: 8 (00 08) Oct 31 15:24:59.725854: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.725857: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:59.725860: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725862: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725866: | length: 8 (00 08) Oct 31 15:24:59.725868: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.725870: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:59.725873: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725876: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725879: | length: 8 (00 08) Oct 31 15:24:59.725881: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.725884: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:59.725887: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.725980: | length: 8 (00 08) Oct 31 15:24:59.725987: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.725990: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.725994: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.725996: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726002: | length: 8 (00 08) Oct 31 15:24:59.726005: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726007: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:59.726011: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726013: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726016: | length: 8 (00 08) Oct 31 15:24:59.726019: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726021: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:59.726025: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726031: | length: 8 (00 08) Oct 31 15:24:59.726033: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726035: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:59.726039: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726041: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726044: | length: 8 (00 08) Oct 31 15:24:59.726046: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726049: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:59.726052: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726054: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726058: | length: 8 (00 08) Oct 31 15:24:59.726060: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726063: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:59.726066: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726068: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726071: | length: 8 (00 08) Oct 31 15:24:59.726074: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726076: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:59.726079: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726081: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.726085: | length: 8 (00 08) Oct 31 15:24:59.726087: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726089: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:59.726094: | remote proposal 3 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:59.726097: | remote proposal 3 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:59.726100: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.726103: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.726106: | length: 116 (00 74) Oct 31 15:24:59.726109: | prop #: 4 (04) Oct 31 15:24:59.726112: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:59.726115: | spi size: 0 (00) Oct 31 15:24:59.726117: | # transforms: 13 (0d) Oct 31 15:24:59.726121: | Comparing remote proposal 4 containing 13 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:59.726124: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726126: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726129: | length: 12 (00 0c) Oct 31 15:24:59.726132: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.726134: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.726137: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.726140: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.726143: | length/value: 128 (00 80) Oct 31 15:24:59.726147: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726149: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726152: | length: 8 (00 08) Oct 31 15:24:59.726155: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.726157: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:59.726160: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726162: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726166: | length: 8 (00 08) Oct 31 15:24:59.726170: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.726172: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:24:59.726175: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726178: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726181: | length: 8 (00 08) Oct 31 15:24:59.726184: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.726186: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:59.726189: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726191: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726194: | length: 8 (00 08) Oct 31 15:24:59.726197: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.726295: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:59.726347: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726352: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726624: | length: 8 (00 08) Oct 31 15:24:59.726630: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726633: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.726637: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726692: | length: 8 (00 08) Oct 31 15:24:59.726695: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726697: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:24:59.726701: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726704: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726708: | length: 8 (00 08) Oct 31 15:24:59.726710: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726712: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:24:59.726716: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726718: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726721: | length: 8 (00 08) Oct 31 15:24:59.726723: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726726: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:24:59.726729: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726735: | length: 8 (00 08) Oct 31 15:24:59.726737: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726739: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:24:59.726742: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726745: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726749: | length: 8 (00 08) Oct 31 15:24:59.726751: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726753: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:24:59.726756: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726759: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.726762: | length: 8 (00 08) Oct 31 15:24:59.726764: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726767: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:24:59.726819: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.726823: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.726827: | length: 8 (00 08) Oct 31 15:24:59.726829: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.726832: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:24:59.726836: | remote proposal 4 proposed transforms: ENCR+PRF+INTEG+DH; matched: none; unmatched: ENCR+PRF+INTEG+DH Oct 31 15:24:59.726840: | remote proposal 4 does not match; unmatched remote transforms: ENCR+PRF+INTEG+DH Oct 31 15:24:59.726846: "north-east" #1: proposal 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519[first-match] 2:IKE:ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048;DH=MODP3072;DH=MODP4096;DH=MODP8192;DH=ECP_256;DH=ECP_384;DH=ECP_521;DH=CURVE25519 Oct 31 15:24:59.726853: | accepted IKE proposal ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512-MODP2048 Oct 31 15:24:59.726856: | converting proposal to internal trans attrs Oct 31 15:24:59.726863: | nat: IKE.SPIr is zero Oct 31 15:24:59.726876: | natd_hash: hasher=0x55777eef8f80(20) Oct 31 15:24:59.726879: | natd_hash: icookie= Oct 31 15:24:59.726882: | 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.726884: | natd_hash: rcookie= Oct 31 15:24:59.726886: | 00 00 00 00 00 00 00 00 Oct 31 15:24:59.726888: | natd_hash: ip= Oct 31 15:24:59.726890: | c0 01 02 17 Oct 31 15:24:59.726892: | natd_hash: port= Oct 31 15:24:59.726894: | 01 f4 Oct 31 15:24:59.726896: | natd_hash: hash= Oct 31 15:24:59.726898: | d6 0e 72 f3 6f 4d c2 4a 8e bb af b3 b5 28 88 09 Oct 31 15:24:59.726900: | af f1 ad bc Oct 31 15:24:59.726903: | nat: IKE.SPIr is zero Oct 31 15:24:59.726910: | natd_hash: hasher=0x55777eef8f80(20) Oct 31 15:24:59.726913: | natd_hash: icookie= Oct 31 15:24:59.727006: | 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.727012: | natd_hash: rcookie= Oct 31 15:24:59.727014: | 00 00 00 00 00 00 00 00 Oct 31 15:24:59.727017: | natd_hash: ip= Oct 31 15:24:59.727019: | c0 01 03 21 Oct 31 15:24:59.727021: | natd_hash: port= Oct 31 15:24:59.727023: | 01 f4 Oct 31 15:24:59.727025: | natd_hash: hash= Oct 31 15:24:59.727028: | 73 20 64 2f f7 26 69 e9 7a d4 7a 1b b2 e1 74 ef Oct 31 15:24:59.727030: | 93 05 76 77 Oct 31 15:24:59.727033: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:24:59.727035: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:24:59.727037: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:24:59.727041: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Oct 31 15:24:59.727044: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:59.727046: | hash algorithm identifier (network ordered) Oct 31 15:24:59.727049: | 00 02 Oct 31 15:24:59.727052: | received HASH_ALGORITHM_SHA2_256 which is allowed by local policy Oct 31 15:24:59.727055: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:59.727057: | hash algorithm identifier (network ordered) Oct 31 15:24:59.727059: | 00 03 Oct 31 15:24:59.727061: | received HASH_ALGORITHM_SHA2_384 which is allowed by local policy Oct 31 15:24:59.727063: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered) Oct 31 15:24:59.727065: | hash algorithm identifier (network ordered) Oct 31 15:24:59.727067: | 00 04 Oct 31 15:24:59.727069: | received HASH_ALGORITHM_SHA2_512 which is allowed by local policy Oct 31 15:24:59.727078: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:59.727081: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:59.727085: | newref clone logger@0x55777f3ecde8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:59.727088: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): adding job to queue Oct 31 15:24:59.727090: | state #1 has no .st_event to delete Oct 31 15:24:59.727094: | #1 STATE_PARENT_R0: retransmits: cleared Oct 31 15:24:59.727097: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55777f3eceb8 Oct 31 15:24:59.727100: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:59.727103: | libevent_malloc: newref ptr-libevent@0x55777f3ff858 size 128 Oct 31 15:24:59.727118: | #1 spent 1.48 (3.23) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch() Oct 31 15:24:59.727127: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.727132: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND Oct 31 15:24:59.727135: | suspending state #1 and saving MD 0x55777f401018 Oct 31 15:24:59.727138: | addref md@0x55777f401018(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:59.727140: | #1 is busy; has suspended MD 0x55777f401018 Oct 31 15:24:59.727145: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1760) Oct 31 15:24:59.727150: | #1 spent 2.07 (4.38) milliseconds in ikev2_process_packet() Oct 31 15:24:59.727153: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.727156: | delref mdp@0x55777f401018(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.727161: | spent 2.08 (4.39) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.727179: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper 1 starting job Oct 31 15:24:59.735012: | "north-east" #1: spent 2.1 (7.83) milliseconds in helper 1 processing job 1 for state #1: ikev2_inI1outR1 KE (pcr) Oct 31 15:24:59.735027: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:24:59.735032: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:59.735036: | libevent_malloc: newref ptr-libevent@0x7fcd48006108 size 128 Oct 31 15:24:59.735046: | helper thread 1 has nothing to do Oct 31 15:24:59.735060: | processing resume sending helper answer back to state for #1 Oct 31 15:24:59.735070: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:59.735075: | unsuspending #1 MD 0x55777f401018 Oct 31 15:24:59.735079: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:24:59.735082: | job 1 for #1: ikev2_inI1outR1 KE (build KE and nonce): calling continuation function 0x55777ee06fe7 Oct 31 15:24:59.735085: | ikev2_parent_inI1outR1_continue() for #1 STATE_PARENT_R0: calculated ke+nonce, sending R1 Oct 31 15:24:59.735216: | opening output PBS reply packet Oct 31 15:24:59.735225: | **emit ISAKMP Message: Oct 31 15:24:59.735230: | initiator SPI: 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.735234: | responder SPI: f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.735236: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:59.735238: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.735241: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:24:59.735243: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:59.735247: | Message ID: 0 (00 00 00 00) Oct 31 15:24:59.735250: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:59.735253: | emitting ikev2_proposal ... Oct 31 15:24:59.735255: | ***emit IKEv2 Security Association Payload: Oct 31 15:24:59.735257: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.735259: | flags: none (0x0) Oct 31 15:24:59.735262: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:59.735265: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.735269: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.735271: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.735274: | prop #: 1 (01) Oct 31 15:24:59.735276: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:24:59.735279: | spi size: 0 (00) Oct 31 15:24:59.735281: | # transforms: 3 (03) Oct 31 15:24:59.735283: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:59.735286: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.735292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.735294: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.735296: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:59.735298: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.735301: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.735304: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.735306: | length/value: 256 (01 00) Oct 31 15:24:59.735309: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:59.735312: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.735314: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.735316: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:24:59.735318: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:24:59.735320: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.735323: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.735325: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.735327: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.735329: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.735331: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:24:59.735333: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.735336: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.735338: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.735340: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.735342: | emitting length of IKEv2 Proposal Substructure Payload: 36 Oct 31 15:24:59.735344: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:59.735346: | emitting length of IKEv2 Security Association Payload: 40 Oct 31 15:24:59.735348: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:59.735353: | DH secret MODP2048@0x7fcd48006ba8: transferring ownership from helper KE to state #1 Oct 31 15:24:59.735355: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:24:59.735357: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.735359: | flags: none (0x0) Oct 31 15:24:59.735361: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:24:59.735364: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:24:59.735366: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.735369: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:24:59.735372: | ikev2 g^x: Oct 31 15:24:59.735374: | 96 c4 d3 a6 72 62 90 14 a8 d1 0d 01 d5 fc 90 e5 Oct 31 15:24:59.735376: | 37 22 6f 2c 84 d9 9d 79 b7 0f e5 be 4d 7d 7d 54 Oct 31 15:24:59.735378: | e9 70 69 a0 3b 66 3b 5d 75 8a db d9 c2 7b d5 d4 Oct 31 15:24:59.735380: | 80 1b 61 15 fd 5d f1 b7 ea 75 5c 3e 98 b0 38 ee Oct 31 15:24:59.735382: | ab 5f 5a 99 71 c9 75 18 bd 66 db 0b 1c 70 e2 8d Oct 31 15:24:59.735384: | e9 80 5f 10 4f c0 bc 0c ae e8 2e ee 77 c0 5f 93 Oct 31 15:24:59.735386: | 15 4a 04 c9 7d 4f 2e 06 be 69 63 07 bd 01 ad 07 Oct 31 15:24:59.735387: | 6b da f3 aa 42 85 99 d9 24 20 66 84 13 cb 95 8b Oct 31 15:24:59.735389: | 24 cd 73 0c 59 3e da 27 b4 4b 6f 49 02 5b 59 26 Oct 31 15:24:59.735393: | b8 82 2e 99 3b 6e 9f 54 1d 76 42 43 f3 7e c7 39 Oct 31 15:24:59.735395: | 40 b2 0e fa 41 dd 7a b0 25 17 60 04 fa 1c e1 2c Oct 31 15:24:59.735440: | 44 5a 4c c5 cd db 2b 10 33 cd e1 b7 d3 7a ac c3 Oct 31 15:24:59.735489: | 53 78 a8 ec f1 a9 7e ff b3 b7 57 d5 c3 44 40 9e Oct 31 15:24:59.735494: | 6d 78 d6 83 cb 7b b3 3c 96 f5 ae 6b 49 33 80 c2 Oct 31 15:24:59.735496: | 03 28 dd 67 29 9b 92 00 bc 75 72 d1 d3 36 11 23 Oct 31 15:24:59.735544: | 4e 39 e8 d1 25 10 d4 08 57 28 60 85 8d fe 83 6e Oct 31 15:24:59.735551: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:24:59.735821: | ***emit IKEv2 Nonce Payload: Oct 31 15:24:59.735828: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.735831: | flags: none (0x0) Oct 31 15:24:59.735835: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:24:59.735885: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.735891: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:24:59.735894: | IKEv2 nonce: Oct 31 15:24:59.735896: | 16 1c 3e 3b f0 02 5d 70 96 09 fc d3 51 19 5d 0c Oct 31 15:24:59.735899: | b8 9a 8b 60 cc 8d 19 8d bb e0 09 72 0d 20 22 ca Oct 31 15:24:59.735901: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:24:59.735906: | adding a v2N Payload Oct 31 15:24:59.735909: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.735912: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.735915: | flags: none (0x0) Oct 31 15:24:59.735918: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.735921: | SPI size: 0 (00) Oct 31 15:24:59.735924: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:24:59.735927: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.735930: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.735933: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:24:59.735936: | adding a v2N Payload Oct 31 15:24:59.735938: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.735941: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.735943: | flags: none (0x0) Oct 31 15:24:59.735946: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.735949: | SPI size: 0 (00) Oct 31 15:24:59.735952: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f) Oct 31 15:24:59.735955: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.735958: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.735961: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256 into IKEv2 Notify Payload Oct 31 15:24:59.735964: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_256: 00 02 Oct 31 15:24:59.735967: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384 into IKEv2 Notify Payload Oct 31 15:24:59.735970: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_384: 00 03 Oct 31 15:24:59.735973: | emitting 2 raw bytes of hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512 into IKEv2 Notify Payload Oct 31 15:24:59.736026: | hash algorithm identifier IKEv2_HASH_ALGORITHM_SHA2_512: 00 04 Oct 31 15:24:59.736030: | emitting length of IKEv2 Notify Payload: 14 Oct 31 15:24:59.736033: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:24:59.736048: | natd_hash: hasher=0x55777eef8f80(20) Oct 31 15:24:59.736052: | natd_hash: icookie= Oct 31 15:24:59.736054: | 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.736056: | natd_hash: rcookie= Oct 31 15:24:59.736058: | f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.736060: | natd_hash: ip= Oct 31 15:24:59.736064: | c0 01 02 17 Oct 31 15:24:59.736066: | natd_hash: port= Oct 31 15:24:59.736068: | 01 f4 Oct 31 15:24:59.736070: | natd_hash: hash= Oct 31 15:24:59.736072: | 9c 24 2e 28 7f 5b 6d bb 79 5c 0c fd 69 ee 52 91 Oct 31 15:24:59.736074: | 90 39 f6 9e Oct 31 15:24:59.736077: | adding a v2N Payload Oct 31 15:24:59.736079: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.736082: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.736085: | flags: none (0x0) Oct 31 15:24:59.736087: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.736090: | SPI size: 0 (00) Oct 31 15:24:59.736093: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:24:59.736095: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.736098: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.736101: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:59.736103: | Notify data: Oct 31 15:24:59.736106: | 9c 24 2e 28 7f 5b 6d bb 79 5c 0c fd 69 ee 52 91 Oct 31 15:24:59.736108: | 90 39 f6 9e Oct 31 15:24:59.736110: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:59.736119: | natd_hash: hasher=0x55777eef8f80(20) Oct 31 15:24:59.736123: | natd_hash: icookie= Oct 31 15:24:59.736257: | 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.736260: | natd_hash: rcookie= Oct 31 15:24:59.736263: | f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.736265: | natd_hash: ip= Oct 31 15:24:59.736267: | c0 01 03 21 Oct 31 15:24:59.736269: | natd_hash: port= Oct 31 15:24:59.736271: | 01 f4 Oct 31 15:24:59.736274: | natd_hash: hash= Oct 31 15:24:59.736276: | 9b a5 07 75 a2 42 05 4c 77 6d 5a cd bd 6f ab 5d Oct 31 15:24:59.736278: | 57 1b fe e5 Oct 31 15:24:59.736280: | adding a v2N Payload Oct 31 15:24:59.736283: | ***emit IKEv2 Notify Payload: Oct 31 15:24:59.736286: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.736289: | flags: none (0x0) Oct 31 15:24:59.736291: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:24:59.736295: | SPI size: 0 (00) Oct 31 15:24:59.736298: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:24:59.736301: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:24:59.736303: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.736307: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:24:59.736310: | Notify data: Oct 31 15:24:59.736312: | 9b a5 07 75 a2 42 05 4c 77 6d 5a cd bd 6f ab 5d Oct 31 15:24:59.736314: | 57 1b fe e5 Oct 31 15:24:59.736316: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:24:59.736319: | emitting length of ISAKMP Message: 446 Oct 31 15:24:59.736328: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.736334: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK Oct 31 15:24:59.736337: | transitioning from state STATE_PARENT_R0 to state STATE_PARENT_R1 Oct 31 15:24:59.736340: | Message ID: updating counters for #1 Oct 31 15:24:59.736349: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=-1 ike.responder.recv=-1->0 ike.responder.last_contact=744574.156623->744574.169139 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:24:59.736356: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=-1->0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.736363: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.736373: | parent state #1: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA) Oct 31 15:24:59.736376: | announcing the state transition Oct 31 15:24:59.736382: "north-east" #1: sent IKE_SA_INIT reply {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:24:59.736394: | sending 446 bytes for STATE_PARENT_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.736397: | 2d 44 07 32 81 17 ab 77 f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.736399: | 21 20 22 20 00 00 00 00 00 00 01 be 22 00 00 28 Oct 31 15:24:59.736401: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:24:59.736403: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:24:59.736406: | 04 00 00 0e 28 00 01 08 00 0e 00 00 96 c4 d3 a6 Oct 31 15:24:59.736408: | 72 62 90 14 a8 d1 0d 01 d5 fc 90 e5 37 22 6f 2c Oct 31 15:24:59.736410: | 84 d9 9d 79 b7 0f e5 be 4d 7d 7d 54 e9 70 69 a0 Oct 31 15:24:59.736412: | 3b 66 3b 5d 75 8a db d9 c2 7b d5 d4 80 1b 61 15 Oct 31 15:24:59.736414: | fd 5d f1 b7 ea 75 5c 3e 98 b0 38 ee ab 5f 5a 99 Oct 31 15:24:59.736416: | 71 c9 75 18 bd 66 db 0b 1c 70 e2 8d e9 80 5f 10 Oct 31 15:24:59.736512: | 4f c0 bc 0c ae e8 2e ee 77 c0 5f 93 15 4a 04 c9 Oct 31 15:24:59.736518: | 7d 4f 2e 06 be 69 63 07 bd 01 ad 07 6b da f3 aa Oct 31 15:24:59.736520: | 42 85 99 d9 24 20 66 84 13 cb 95 8b 24 cd 73 0c Oct 31 15:24:59.736572: | 59 3e da 27 b4 4b 6f 49 02 5b 59 26 b8 82 2e 99 Oct 31 15:24:59.736575: | 3b 6e 9f 54 1d 76 42 43 f3 7e c7 39 40 b2 0e fa Oct 31 15:24:59.736847: | 41 dd 7a b0 25 17 60 04 fa 1c e1 2c 44 5a 4c c5 Oct 31 15:24:59.736853: | cd db 2b 10 33 cd e1 b7 d3 7a ac c3 53 78 a8 ec Oct 31 15:24:59.736855: | f1 a9 7e ff b3 b7 57 d5 c3 44 40 9e 6d 78 d6 83 Oct 31 15:24:59.736858: | cb 7b b3 3c 96 f5 ae 6b 49 33 80 c2 03 28 dd 67 Oct 31 15:24:59.736908: | 29 9b 92 00 bc 75 72 d1 d3 36 11 23 4e 39 e8 d1 Oct 31 15:24:59.736913: | 25 10 d4 08 57 28 60 85 8d fe 83 6e 29 00 00 24 Oct 31 15:24:59.736915: | 16 1c 3e 3b f0 02 5d 70 96 09 fc d3 51 19 5d 0c Oct 31 15:24:59.736917: | b8 9a 8b 60 cc 8d 19 8d bb e0 09 72 0d 20 22 ca Oct 31 15:24:59.736919: | 29 00 00 08 00 00 40 2e 29 00 00 0e 00 00 40 2f Oct 31 15:24:59.736922: | 00 02 00 03 00 04 29 00 00 1c 00 00 40 04 9c 24 Oct 31 15:24:59.736924: | 2e 28 7f 5b 6d bb 79 5c 0c fd 69 ee 52 91 90 39 Oct 31 15:24:59.736927: | f6 9e 00 00 00 1c 00 00 40 05 9b a5 07 75 a2 42 Oct 31 15:24:59.736929: | 05 4c 77 6d 5a cd bd 6f ab 5d 57 1b fe e5 Oct 31 15:24:59.736969: | sent 1 messages Oct 31 15:24:59.736974: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:59.736979: | libevent_free: delref ptr-libevent@0x55777f3ff858 Oct 31 15:24:59.736982: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55777f3eceb8 Oct 31 15:24:59.736986: | event_schedule: newref EVENT_SO_DISCARD-pe@0x55777f3ff858 Oct 31 15:24:59.736989: | inserting event EVENT_SO_DISCARD, timeout in 200 seconds for #1 Oct 31 15:24:59.736992: | libevent_malloc: newref ptr-libevent@0x55777f3fe908 size 128 Oct 31 15:24:59.736997: | delref logger@0x55777f3ecde8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:59.737048: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.737053: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.737057: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:59.737061: | delref mdp@0x55777f401018(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.737064: | delref logger@0x55777f3f9c08(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.737066: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.737069: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.737079: | #1 spent 0.923 (2) milliseconds in resume sending helper answer back to state Oct 31 15:24:59.737085: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:59.737089: | libevent_free: delref ptr-libevent@0x7fcd48006108 Oct 31 15:24:59.758730: | spent 0.00262 (0.00256) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.758749: | newref struct msg_digest@0x55777f401018(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.758754: | newref alloc logger@0x55777f3f9c08(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.758762: | *received 539 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:59.758766: | 2d 44 07 32 81 17 ab 77 f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.758768: | 35 20 23 08 00 00 00 01 00 00 02 1b 23 00 01 ff Oct 31 15:24:59.758771: | 00 01 00 02 a0 3e 46 66 cc 6d 66 95 78 2f 43 15 Oct 31 15:24:59.758773: | 51 89 9a 65 fe a1 5c bf fb 81 29 5c 69 de 51 c3 Oct 31 15:24:59.758775: | ca 6f 9c 6c 84 30 4d a3 6c c5 20 17 82 45 16 f6 Oct 31 15:24:59.758777: | 06 03 c1 a3 56 5d 51 c0 c5 e8 02 7f 5f 57 1c 57 Oct 31 15:24:59.758779: | fb 0c 30 e8 a4 13 5e f8 bb 82 5e 05 1a e1 89 38 Oct 31 15:24:59.758781: | c0 99 8a bf 0b 15 53 bb d3 f7 c5 34 1b 8c 39 f2 Oct 31 15:24:59.758783: | ba d9 46 fe c1 be f8 72 b5 a4 0d 5f 80 bb eb f8 Oct 31 15:24:59.758785: | fc 32 53 46 4e 82 3c c4 79 a4 10 53 3d 0b 1a 15 Oct 31 15:24:59.758787: | dd ff 78 ab 44 60 04 8c 2b 29 83 53 b5 fc f2 75 Oct 31 15:24:59.758790: | c3 8d e7 e4 83 a0 32 8c 74 37 a0 fe 1d ee c3 c7 Oct 31 15:24:59.758792: | 44 b8 07 12 4d 77 e1 e4 f6 8c 3d a9 9f 27 6a 37 Oct 31 15:24:59.758794: | 67 61 f3 a8 4f 78 f2 2e b2 dc f4 85 a7 91 99 87 Oct 31 15:24:59.758796: | 8b 8c 7f 99 61 70 42 51 dd 0a f6 90 9e 4e b5 dd Oct 31 15:24:59.758798: | 18 db 96 4b 22 c8 32 a0 31 35 2f 5a ac 35 c2 e1 Oct 31 15:24:59.758800: | ff 41 3f 5b 19 89 54 74 e8 73 b5 1e ba 22 be d9 Oct 31 15:24:59.758803: | c6 6e 2a 0d 07 85 f5 1d ef 9f 46 51 75 dd 0f 9d Oct 31 15:24:59.758806: | 42 22 82 29 09 99 f4 32 b9 8f 88 3c 52 75 a6 3b Oct 31 15:24:59.758808: | 21 37 e4 e2 1a 26 6a 9a 26 04 11 bf a6 1b 07 70 Oct 31 15:24:59.758810: | 5e 83 2e 32 dc 43 ae cd 96 f2 e2 89 d6 11 b9 c6 Oct 31 15:24:59.758812: | 77 2a e2 89 9c 73 f8 88 f7 c0 21 70 d3 21 58 a8 Oct 31 15:24:59.758814: | 27 f5 92 4f 6e 4f 85 b3 63 ad 75 8c a9 99 af 07 Oct 31 15:24:59.758816: | f6 c6 40 0e cf 8c cc 6b 14 03 df 89 c5 d5 8e 09 Oct 31 15:24:59.758818: | af af 0d 48 77 9e 48 ce 6b 2c 31 1f cc 22 9e f1 Oct 31 15:24:59.758820: | 20 44 53 bf 20 7a c1 61 b7 fc 77 b7 9c a0 b1 47 Oct 31 15:24:59.758823: | b6 f7 fc c6 d1 f1 81 dc fc ad 9a ea 63 bc f8 e1 Oct 31 15:24:59.758825: | ba 26 df 23 7a 98 73 07 33 68 4f 4d 8e 05 d7 c3 Oct 31 15:24:59.758827: | 80 33 fd 95 23 e6 a1 8e 26 4b d1 b5 f0 bf ee 9a Oct 31 15:24:59.758829: | 96 e3 b0 60 32 0a 7f 8a fa 04 72 bc 38 a5 32 96 Oct 31 15:24:59.758831: | 78 b4 29 8b 96 83 2b 47 5a 24 fc 4c e3 60 83 1c Oct 31 15:24:59.758833: | 3a 34 59 23 67 c6 6c 30 75 76 08 e3 13 2f 37 20 Oct 31 15:24:59.758836: | 7e 23 fe 9e b4 4f 26 71 d2 12 9f 84 02 3c cd 2d Oct 31 15:24:59.758838: | b1 aa e1 b8 09 56 37 1e 5e 63 00 Oct 31 15:24:59.758843: | **parse ISAKMP Message: Oct 31 15:24:59.758848: | initiator SPI: 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.758852: | responder SPI: f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.758855: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.758857: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.758860: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.758862: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.758866: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.758870: | length: 539 (00 00 02 1b) Oct 31 15:24:59.758873: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.758880: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.758885: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.758893: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.758896: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.758899: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.758995: | #1 is idle Oct 31 15:24:59.759052: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.759062: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:59.759247: | unpacking clear payload Oct 31 15:24:59.759345: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:59.759398: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:59.759404: | next payload type: ISAKMP_NEXT_v2IDi (0x23) Oct 31 15:24:59.759407: | flags: none (0x0) Oct 31 15:24:59.759411: | length: 511 (01 ff) Oct 31 15:24:59.759414: | fragment number: 1 (00 01) Oct 31 15:24:59.759417: | total fragments: 2 (00 02) Oct 31 15:24:59.759420: | processing payload: ISAKMP_NEXT_v2SKF (len=503) Oct 31 15:24:59.759424: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:59.759428: | received IKE encrypted fragment number '1', total number '2', next payload '35' Oct 31 15:24:59.759436: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.759443: | #1 spent 0.304 (0.721) milliseconds in ikev2_process_packet() Oct 31 15:24:59.759446: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.759449: | delref mdp@0x55777f401018(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.759453: | delref logger@0x55777f3f9c08(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.759455: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.759458: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.759464: | spent 0.325 (0.742) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.759475: | spent 0.0017 (0.00169) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:24:59.759483: | newref struct msg_digest@0x55777f401018(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.759486: | newref alloc logger@0x55777f3f9c08(0->1) (in read_message() at demux.c:103) Oct 31 15:24:59.759540: | *received 170 bytes from 192.1.3.33:500 on eth1 192.1.2.23:500 using UDP Oct 31 15:24:59.759546: | 2d 44 07 32 81 17 ab 77 f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.759549: | 35 20 23 08 00 00 00 01 00 00 00 aa 00 00 00 8e Oct 31 15:24:59.759552: | 00 02 00 02 53 0a b3 14 a9 62 4a a3 ea c8 85 a5 Oct 31 15:24:59.759555: | 87 d9 03 38 f9 80 ed c3 e4 47 b2 29 45 f6 d7 a2 Oct 31 15:24:59.759557: | 5a 48 14 71 7c 80 0a d2 76 4d cc 96 e3 46 02 72 Oct 31 15:24:59.759560: | f6 ae d2 17 82 18 69 85 77 02 d9 df a4 59 7c c8 Oct 31 15:24:59.759562: | ae 1a ee b5 f7 c8 44 ef 8c a2 d4 17 af 83 98 a9 Oct 31 15:24:59.759564: | bd b3 8d 9b f4 af c9 64 4d 79 d8 f9 34 44 de 92 Oct 31 15:24:59.759566: | 7f 0a ed 04 6f 1f 6e f7 0a f4 f9 5b ce a9 d2 f2 Oct 31 15:24:59.759569: | ae f3 ca b7 ff 62 48 b2 a8 61 e4 65 5e c8 a0 a9 Oct 31 15:24:59.759571: | 02 a5 4a 4d d0 64 00 b5 48 fe Oct 31 15:24:59.759575: | **parse ISAKMP Message: Oct 31 15:24:59.759580: | initiator SPI: 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.759584: | responder SPI: f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.759587: | next payload type: ISAKMP_NEXT_v2SKF (0x35) Oct 31 15:24:59.759589: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.759595: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.759598: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:24:59.759602: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.759606: | length: 170 (00 00 00 aa) Oct 31 15:24:59.759609: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:24:59.759612: | I am the IKE SA Original Responder receiving an IKEv2 IKE_AUTH request Oct 31 15:24:59.759616: | State DB: found IKEv2 state #1 in PARENT_R1 (find_v2_ike_sa) Oct 31 15:24:59.759623: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:24:59.759626: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:24:59.759629: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:24:59.759680: | #1 is idle Oct 31 15:24:59.759739: | Message ID: IKE #1 not a duplicate - responder is accumulating fragments for message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.759746: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:24:59.759748: | unpacking clear payload Oct 31 15:24:59.759751: | Now let's proceed with payload (ISAKMP_NEXT_v2SKF) Oct 31 15:24:59.759755: | ***parse IKEv2 Encrypted Fragment: Oct 31 15:24:59.759757: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.759760: | flags: none (0x0) Oct 31 15:24:59.759764: | length: 142 (00 8e) Oct 31 15:24:59.759767: | fragment number: 2 (00 02) Oct 31 15:24:59.759771: | total fragments: 2 (00 02) Oct 31 15:24:59.759774: | processing payload: ISAKMP_NEXT_v2SKF (len=134) Oct 31 15:24:59.759776: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:59.759779: | received IKE encrypted fragment number '2', total number '2', next payload '0' Oct 31 15:24:59.759783: | selected state microcode Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:59.759785: | calling processor Responder: process IKE_AUTH request (no SKEYSEED) Oct 31 15:24:59.759790: | ikev2 parent ikev2_ike_sa_process_auth_request_no_skeyid(): calculating g^{xy} in order to decrypt I2 Oct 31 15:24:59.759794: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:24:59.759798: | DH secret MODP2048@0x7fcd48006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:24:59.759802: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:59.759805: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:59.759809: | newref clone logger@0x55777f3ecde8(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:59.759812: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): adding job to queue Oct 31 15:24:59.759815: | state #1 deleting .st_event EVENT_SO_DISCARD Oct 31 15:24:59.759819: | libevent_free: delref ptr-libevent@0x55777f3fe908 Oct 31 15:24:59.759822: | free_event_entry: delref EVENT_SO_DISCARD-pe@0x55777f3ff858 Oct 31 15:24:59.759825: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:59.759828: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55777f3fe908 Oct 31 15:24:59.759832: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:59.759835: | libevent_malloc: newref ptr-libevent@0x7fcd48006108 size 128 Oct 31 15:24:59.759847: | #1 spent 0.0561 (0.0559) milliseconds in processing: Responder: process IKE_AUTH request (no SKEYSEED) in v2_dispatch() Oct 31 15:24:59.759854: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.759858: | #1 complete_v2_state_transition() PARENT_R1->PARENT_R1 with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:59.759861: | suspending state #1 and saving MD 0x55777f401018 Oct 31 15:24:59.759864: | addref md@0x55777f401018(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:59.759869: | #1 is busy; has suspended MD 0x55777f401018 Oct 31 15:24:59.759874: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:24:59.759880: | #1 spent 0.285 (0.407) milliseconds in ikev2_process_packet() Oct 31 15:24:59.759883: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:24:59.759884: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper 3 starting job Oct 31 15:24:59.759886: | delref mdp@0x55777f401018(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:24:59.759902: | spent 0.303 (0.43) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:24:59.760767: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:24:59.760932: | "north-east" #1: spent 1.05 (1.05) milliseconds in helper 3 processing job 2 for state #1: ikev2_inI2outR2 KE (pcr) Oct 31 15:24:59.760938: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): helper thread 3 sending result back to state Oct 31 15:24:59.760941: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:59.760944: | libevent_malloc: newref ptr-libevent@0x7fcd4000b578 size 128 Oct 31 15:24:59.760952: | helper thread 3 has nothing to do Oct 31 15:24:59.761042: | processing resume sending helper answer back to state for #1 Oct 31 15:24:59.761097: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:59.761103: | unsuspending #1 MD 0x55777f401018 Oct 31 15:24:59.761106: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): processing response from helper 3 Oct 31 15:24:59.761110: | job 2 for #1: ikev2_inI2outR2 KE (compute dh (V2)): calling continuation function 0x55777ee06fe7 Oct 31 15:24:59.761387: | ikev2_ike_sa_process_auth_request_no_skeyid_continue() for #1 STATE_PARENT_R1: calculating g^{xy}, sending R2 Oct 31 15:24:59.761394: | DH secret MODP2048@0x7fcd48006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:24:59.761444: | #1 in state PARENT_R1: sent IKE_SA_INIT reply Oct 31 15:24:59.761448: | already have all fragments, skipping fragment collection Oct 31 15:24:59.761451: | already have all fragments, skipping fragment collection Oct 31 15:24:59.761468: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:24:59.761472: | Now let's proceed with payload (ISAKMP_NEXT_v2IDi) Oct 31 15:24:59.761476: | **parse IKEv2 Identification - Initiator - Payload: Oct 31 15:24:59.761479: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:24:59.761482: | flags: none (0x0) Oct 31 15:24:59.761485: | length: 13 (00 0d) Oct 31 15:24:59.761488: | ID type: ID_FQDN (0x2) Oct 31 15:24:59.761491: | reserved: 00 00 00 Oct 31 15:24:59.761494: | processing payload: ISAKMP_NEXT_v2IDi (len=5) Oct 31 15:24:59.761496: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:24:59.761499: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:24:59.761502: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:24:59.761504: | flags: none (0x0) Oct 31 15:24:59.761507: | length: 12 (00 0c) Oct 31 15:24:59.761510: | ID type: ID_FQDN (0x2) Oct 31 15:24:59.761513: | reserved: 00 00 00 Oct 31 15:24:59.761516: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:24:59.761518: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:24:59.761522: | **parse IKEv2 Authentication Payload: Oct 31 15:24:59.761524: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:24:59.761527: | flags: none (0x0) Oct 31 15:24:59.761530: | length: 350 (01 5e) Oct 31 15:24:59.761533: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:59.761535: | processing payload: ISAKMP_NEXT_v2AUTH (len=342) Oct 31 15:24:59.761537: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:24:59.761587: | **parse IKEv2 Security Association Payload: Oct 31 15:24:59.761593: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:24:59.761598: | flags: none (0x0) Oct 31 15:24:59.761602: | length: 164 (00 a4) Oct 31 15:24:59.761605: | processing payload: ISAKMP_NEXT_v2SA (len=160) Oct 31 15:24:59.761607: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:24:59.761611: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:59.761613: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:24:59.761616: | flags: none (0x0) Oct 31 15:24:59.761619: | length: 24 (00 18) Oct 31 15:24:59.761622: | number of TS: 1 (01) Oct 31 15:24:59.761624: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:24:59.761627: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:24:59.761630: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:59.761632: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.761635: | flags: none (0x0) Oct 31 15:24:59.761638: | length: 24 (00 18) Oct 31 15:24:59.761641: | number of TS: 1 (01) Oct 31 15:24:59.761643: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:24:59.761646: | selected state microcode Responder: process IKE_AUTH request Oct 31 15:24:59.761654: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:24:59.761657: | calling processor Responder: process IKE_AUTH request Oct 31 15:24:59.761664: "north-east" #1: processing decrypted IKE_AUTH request: SK{IDi,IDr,AUTH,SA,TSi,TSr} Oct 31 15:24:59.761667: | no certs to decode Oct 31 15:24:59.761674: | #1 updating local interface from 192.1.2.23:500 to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:24:59.761723: | received IDr payload - extracting our alleged ID Oct 31 15:24:59.761776: | refine_host_connection for IKEv2: starting with "north-east" Oct 31 15:24:59.761782: | match_id a=@north Oct 31 15:24:59.761786: | b=@north Oct 31 15:24:59.761788: | results matched Oct 31 15:24:59.761792: | refine_host_connection: checking "north-east" against "north-east", best=(none) with match=1(id=1(0)/ca=1(0)/reqca=1(0)) Oct 31 15:24:59.761794: | warning: not switching back to template of current instance Oct 31 15:24:59.761797: | peer expects us to be @east (ID_FQDN) according to its IDr payload Oct 31 15:24:59.761800: | this connection's local id is @east (ID_FQDN) Oct 31 15:24:59.761803: | refine_host_connection: checked "north-east" against "north-east", now for see if best Oct 31 15:24:59.761811: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@north of kind RSA Oct 31 15:24:59.761941: | loaded private key matching CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:59.762872: | copying key using reference slot Oct 31 15:24:59.768666: | certs and keys locked by 'lsw_add_rsa_secret' Oct 31 15:24:59.768680: | certs and keys unlocked by 'lsw_add_rsa_secret' Oct 31 15:24:59.768691: "north-east" #1: reloaded private key matching right CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 Oct 31 15:24:59.768695: | connection north-east's RSA private key found in NSS DB using CKAID Oct 31 15:24:59.768745: | returning because exact peer id match Oct 31 15:24:59.768751: | offered CA: '%none' Oct 31 15:24:59.768755: "north-east" #1: IKEv2 mode peer ID is ID_FQDN: '@north' Oct 31 15:24:59.768788: | verifying AUTH payload Oct 31 15:24:59.768793: | looking for ASN.1 blob for method rsasig for hash_algo SHA2_512 Oct 31 15:24:59.768797: | parsing 68 raw bytes of IKEv2 Authentication Payload into ASN.1 blob for hash algo Oct 31 15:24:59.768799: | ASN.1 blob for hash algo Oct 31 15:24:59.768802: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:59.768804: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:59.768806: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:59.768812: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:59.768814: | 03 02 01 40 Oct 31 15:24:59.768820: | #1 spent 3.66 (7.16) milliseconds Oct 31 15:24:59.768931: | required RSA CA is '%any' Oct 31 15:24:59.768938: | trying all remote certificates public keys for RSA key that matches ID: @north Oct 31 15:24:59.768941: | trying all preloaded keys public keys for RSA key that matches ID: @north Oct 31 15:24:59.768945: | skipping '@east' with wrong ID Oct 31 15:24:59.768949: | trying '@north' issued by CA '%any' Oct 31 15:24:59.768953: | NSS RSA: verifying that decrypted signature matches hash: Oct 31 15:24:59.768955: | 03 1d c8 c7 09 15 9e b0 01 6f 6f f9 fd fa d2 c3 Oct 31 15:24:59.768958: | d7 02 fb f6 28 5e 29 8a 68 d8 e6 a4 fb 83 f3 a5 Oct 31 15:24:59.768960: | 3f dd c2 e6 71 64 cf 97 c8 bd 82 6e 00 e7 b8 ae Oct 31 15:24:59.768962: | f7 26 2d 78 7b bd 00 25 08 29 63 60 86 e5 4a 80 Oct 31 15:24:59.769030: | delref pkp@NULL (in try_RSA_signature_v2() at ikev2_rsa.c:170) Oct 31 15:24:59.769036: | addref pk@0x55777f400aa8(1->2) (in try_RSA_signature_v2() at ikev2_rsa.c:171) Oct 31 15:24:59.769039: | an RSA Sig check passed with *AQPl33O2P [preloaded keys] Oct 31 15:24:59.769046: | #1 spent 0.0908 (0.0907) milliseconds in try_all_keys() trying a pubkey Oct 31 15:24:59.769050: "north-east" #1: authenticated using RSA with SHA2_512 Oct 31 15:24:59.769055: | #1 spent 0.157 (0.236) milliseconds in ikev2_verify_rsa_hash() Oct 31 15:24:59.769076: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:59.769093: | get_connection_private_key() using CKAID 61559973d3acef7d3a370e3e82ad92c18a8225f1 to find private key for @east->@north of kind RSA Oct 31 15:24:59.769098: | trying secret PKK_RSA:AQO9bJbr3 Oct 31 15:24:59.769100: | matched Oct 31 15:24:59.769102: | secrets entry for ckaid already exists Oct 31 15:24:59.769104: | connection north-east's RSA private key found in NSS DB using CKAID Oct 31 15:24:59.769110: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:24:59.769112: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:24:59.769115: | newref clone logger@0x55777f3ff858(0->1) (in clone_logger() at log.c:817) Oct 31 15:24:59.769118: | job 3 for #1: computing responder signature (signature): adding job to queue Oct 31 15:24:59.769121: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:59.769220: | libevent_free: delref ptr-libevent@0x7fcd48006108 Oct 31 15:24:59.769272: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55777f3fe908 Oct 31 15:24:59.769277: | #1 STATE_PARENT_R1: retransmits: cleared Oct 31 15:24:59.769280: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55777f3fcbb8 Oct 31 15:24:59.769283: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:24:59.769371: | libevent_malloc: newref ptr-libevent@0x55777f3fec08 size 128 Oct 31 15:24:59.769467: | ikev2_parent_inI2outR2_continue_tail returned STF_SUSPEND Oct 31 15:24:59.769497: | job 3 for #1: computing responder signature (signature): helper 4 starting job Oct 31 15:24:59.769504: | hash to sign Oct 31 15:24:59.769507: | ad 5e a7 a3 34 86 42 09 07 7e 5f 85 57 e5 3e cc Oct 31 15:24:59.769509: | 43 86 a8 8e 9d 99 5f 00 64 2d 8e c0 33 95 c2 a9 Oct 31 15:24:59.769511: | 64 56 27 48 a4 1f 8c dc 67 a3 69 a9 b2 b8 d8 ae Oct 31 15:24:59.769514: | d8 cf 82 c2 77 48 c4 53 7c 55 72 c1 62 5d 3b 38 Oct 31 15:24:59.769517: | RSA_sign_hash: Started using NSS Oct 31 15:24:59.769559: | #1 spent 3.97 (7.85) milliseconds in processing: Responder: process IKE_AUTH request in v2_dispatch() Oct 31 15:24:59.769569: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.769618: | #1 complete_v2_state_transition() PARENT_R1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=PARENT_R0->PARENT_R1 Oct 31 15:24:59.769622: | suspending state #1 and saving MD 0x55777f401018 Oct 31 15:24:59.769625: | addref md@0x55777f401018(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:24:59.769629: | #1 is busy; has suspended MD 0x55777f401018 Oct 31 15:24:59.769633: | delref logger@0x55777f3ecde8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:59.769636: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.769639: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.769642: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:24:59.769646: | delref mdp@0x55777f401018(2->1) (in resume_handler() at server.c:743) Oct 31 15:24:59.769652: | #1 spent 4.29 (8.55) milliseconds in resume sending helper answer back to state Oct 31 15:24:59.769658: | stop processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:59.769661: | libevent_free: delref ptr-libevent@0x7fcd4000b578 Oct 31 15:24:59.777142: | RSA_sign_hash: Ended using NSS Oct 31 15:24:59.777163: | "north-east" #1: spent 7.5 (7.64) milliseconds in v2_auth_signature() calling sign_hash() Oct 31 15:24:59.777169: | "north-east" #1: spent 7.52 (7.66) milliseconds in v2_auth_signature() Oct 31 15:24:59.777174: | "north-east" #1: spent 7.53 (7.68) milliseconds in helper 4 processing job 3 for state #1: computing responder signature (signature) Oct 31 15:24:59.777177: | job 3 for #1: computing responder signature (signature): helper thread 4 sending result back to state Oct 31 15:24:59.777181: | scheduling resume sending helper answer back to state for #1 Oct 31 15:24:59.777185: | libevent_malloc: newref ptr-libevent@0x7fcd44000d38 size 128 Oct 31 15:24:59.777195: | helper thread 4 has nothing to do Oct 31 15:24:59.777210: | processing resume sending helper answer back to state for #1 Oct 31 15:24:59.777225: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:641) Oct 31 15:24:59.777231: | unsuspending #1 MD 0x55777f401018 Oct 31 15:24:59.777235: | job 3 for #1: computing responder signature (signature): processing response from helper 4 Oct 31 15:24:59.777238: | job 3 for #1: computing responder signature (signature): calling continuation function 0x55777ed3577f Oct 31 15:24:59.777243: | parent state #1: PARENT_R1(half-open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:24:59.777247: | #1 will start re-keying in 3330 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:59.777251: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:24:59.777255: | libevent_free: delref ptr-libevent@0x55777f3fec08 Oct 31 15:24:59.777258: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55777f3fcbb8 Oct 31 15:24:59.777262: | event_schedule: newref EVENT_SA_REKEY-pe@0x55777f3fcbb8 Oct 31 15:24:59.777265: | inserting event EVENT_SA_REKEY, timeout in 3330 seconds for #1 Oct 31 15:24:59.777269: | libevent_malloc: newref ptr-libevent@0x7fcd4000b578 size 128 Oct 31 15:24:59.777344: | pstats #1 ikev2.ike established Oct 31 15:24:59.777352: | opening output PBS reply packet Oct 31 15:24:59.777356: | **emit ISAKMP Message: Oct 31 15:24:59.777361: | initiator SPI: 2d 44 07 32 81 17 ab 77 Oct 31 15:24:59.777365: | responder SPI: f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.777368: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:24:59.777371: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:24:59.777373: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:24:59.777377: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:24:59.777381: | Message ID: 1 (00 00 00 01) Oct 31 15:24:59.777384: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:24:59.777388: | IKEv2 CERT: send a certificate? Oct 31 15:24:59.777390: | IKEv2 CERT: no certificate to send Oct 31 15:24:59.777393: | ***emit IKEv2 Encryption Payload: Oct 31 15:24:59.777395: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.777398: | flags: none (0x0) Oct 31 15:24:59.777401: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:24:59.777407: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.777411: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:24:59.777422: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:59.777425: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:24:59.777428: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.777430: | flags: none (0x0) Oct 31 15:24:59.777433: | ID type: ID_FQDN (0x2) Oct 31 15:24:59.777436: | reserved: 00 00 00 Oct 31 15:24:59.777439: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:24:59.777442: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.777445: | emitting 4 raw bytes of my identity into IKEv2 Identification - Responder - Payload Oct 31 15:24:59.777449: | my identity: 65 61 73 74 Oct 31 15:24:59.777451: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:24:59.777453: | added IDr payload to packet Oct 31 15:24:59.777456: | CHILD SA proposals received Oct 31 15:24:59.777458: | going to assemble AUTH payload Oct 31 15:24:59.777461: | ****emit IKEv2 Authentication Payload: Oct 31 15:24:59.777463: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.777465: | flags: none (0x0) Oct 31 15:24:59.777468: | auth method: IKEv2_AUTH_DIGSIG (0xe) Oct 31 15:24:59.777471: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:24:59.777473: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.777476: | emit hash algo NEGOTIATE_AUTH_HASH_SHA2_512 Oct 31 15:24:59.777479: | emitting 68 raw bytes of OID of ASN.1 Algorithm Identifier into IKEv2 Authentication Payload Oct 31 15:24:59.777481: | OID of ASN.1 Algorithm Identifier: Oct 31 15:24:59.777484: | 43 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 Oct 31 15:24:59.777486: | a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 Oct 31 15:24:59.777488: | 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 Oct 31 15:24:59.777490: | 30 0d 06 09 60 86 48 01 65 03 04 02 03 05 00 a2 Oct 31 15:24:59.777493: | 03 02 01 40 Oct 31 15:24:59.777495: | emitting 274 raw bytes of signature into IKEv2 Authentication Payload Oct 31 15:24:59.777497: | signature: Oct 31 15:24:59.777500: | a2 8d 60 1c 8e c9 f3 dd f3 55 57 9a 6d 2b be 7d Oct 31 15:24:59.777502: | 44 fe 6c d7 1d 34 a3 50 32 f0 a0 cd e2 11 77 43 Oct 31 15:24:59.777504: | 67 21 1f 34 dd b7 77 b1 d8 f5 9c 76 7c e2 67 30 Oct 31 15:24:59.777506: | a1 69 47 fc 04 53 10 b1 30 3d 5a 26 1c 98 5d 91 Oct 31 15:24:59.777508: | ce 2a d5 7f c1 dc 49 b9 01 ca f4 c0 0a 9a 4e f6 Oct 31 15:24:59.777510: | b0 73 d9 97 f8 9a a4 90 d6 81 02 1f 3c 1b 16 2d Oct 31 15:24:59.777512: | ad 58 f6 f8 69 0e c9 1f a1 57 cc a9 98 3f 3f 24 Oct 31 15:24:59.777514: | 38 c9 4a e5 12 73 e6 ca 84 d8 aa 30 9a f6 de 08 Oct 31 15:24:59.777517: | 4f c7 22 68 16 d0 88 72 23 3e bc 8c 3b ef 27 fd Oct 31 15:24:59.777519: | 85 a1 4e f0 ae f3 c8 39 71 2c 66 e2 a3 6c 71 31 Oct 31 15:24:59.777521: | 03 ff 92 30 06 b3 70 3d af f6 7b 49 ca 66 8c 18 Oct 31 15:24:59.777523: | 56 a1 09 22 c9 ea b0 d2 5b 5a 56 14 1d 09 d7 bc Oct 31 15:24:59.777525: | 96 28 1a 94 22 3c 46 92 bd ab c1 53 63 26 52 9c Oct 31 15:24:59.777527: | 27 e5 7e 50 3c 5d 97 0d 2d ba 24 d9 01 ee 23 6b Oct 31 15:24:59.777530: | 63 bf 24 7c 5c ab 1d 36 11 45 26 84 e3 31 30 27 Oct 31 15:24:59.777532: | 31 74 5b bf f7 0c a3 bc 8c 49 99 e6 24 b7 0a 3a Oct 31 15:24:59.777534: | 33 d0 e9 33 f0 f3 13 a3 b8 f7 ba ee 0c 42 01 3d Oct 31 15:24:59.777538: | 02 fe Oct 31 15:24:59.777540: | emitting length of IKEv2 Authentication Payload: 350 Oct 31 15:24:59.777545: | newref alloc logger@0x55777f3ecde8(0->1) (in new_state() at state.c:576) Oct 31 15:24:59.777548: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:24:59.777551: | creating state object #2 at 0x55777f4082e8 Oct 31 15:24:59.777553: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:24:59.777562: | pstats #2 ikev2.child started Oct 31 15:24:59.777565: | duplicating state object #1 "north-east" as #2 for IPSEC SA Oct 31 15:24:59.777571: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:24:59.777581: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:24:59.777585: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_R0(ignore) Oct 31 15:24:59.777589: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:24:59.777596: | Message ID: IKE #1 switching from IKE SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:24:59.777602: | Message ID: CHILD #1.#2 switching to CHILD SA responder message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744574.169139 child.wip.initiator=-1 child.wip.responder=-1->1 Oct 31 15:24:59.777606: | switching IKEv2 MD.ST from IKE #1 ESTABLISHED_IKE_SA to CHILD #2 V2_IKE_AUTH_CHILD_R0 (in ike_auth_child_responder() at ikev2_parent.c:3282) Oct 31 15:24:59.777609: | Child SA TS Request has child->sa == md->st; so using child connection Oct 31 15:24:59.777612: | TSi: parsing 1 traffic selectors Oct 31 15:24:59.777616: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:59.777619: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.777622: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.777625: | length: 16 (00 10) Oct 31 15:24:59.777629: | start port: 0 (00 00) Oct 31 15:24:59.777632: | end port: 65535 (ff ff) Oct 31 15:24:59.777635: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:59.777637: | TS low Oct 31 15:24:59.777639: | c0 00 03 fe Oct 31 15:24:59.777642: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:59.777644: | TS high Oct 31 15:24:59.777646: | c0 00 03 fe Oct 31 15:24:59.777648: | TSi: parsed 1 traffic selectors Oct 31 15:24:59.777650: | TSr: parsing 1 traffic selectors Oct 31 15:24:59.777653: | ***parse IKEv2 Traffic Selector: Oct 31 15:24:59.777655: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.777658: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.777660: | length: 16 (00 10) Oct 31 15:24:59.777754: | start port: 0 (00 00) Oct 31 15:24:59.777760: | end port: 65535 (ff ff) Oct 31 15:24:59.777763: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:24:59.777765: | TS low Oct 31 15:24:59.777768: | c0 00 02 00 Oct 31 15:24:59.777771: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:24:59.777773: | TS high Oct 31 15:24:59.778231: | c0 00 02 ff Oct 31 15:24:59.778240: | TSr: parsed 1 traffic selectors Oct 31 15:24:59.778243: | looking for best SPD in current connection Oct 31 15:24:59.778251: | evaluating our conn="north-east" I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:59.778257: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:59.778265: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Oct 31 15:24:59.778269: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:59.778274: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:59.778277: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:59.778280: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:59.778285: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:59.778292: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:59.778296: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:59.778298: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:59.778302: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:59.778304: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:59.778307: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:59.778309: | found better spd route for TSi[0],TSr[0] Oct 31 15:24:59.778312: | looking for better host pair Oct 31 15:24:59.778318: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Oct 31 15:24:59.778323: | checking hostpair 192.0.2.0/24:0 -> 192.0.3.254/32:0 is found Oct 31 15:24:59.778326: | investigating connection "north-east" as a better match Oct 31 15:24:59.778330: | match_id a=@north Oct 31 15:24:59.778332: | b=@north Oct 31 15:24:59.778334: | results matched Oct 31 15:24:59.778341: | evaluating our conn="north-east" I=192.0.3.254/32:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:24:59.778346: | TSi[0] .net=192.0.3.254-192.0.3.254 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:59.778353: | match address end->client=192.0.3.254/32 == TSi[0]net=192.0.3.254-192.0.3.254: YES fitness 32 Oct 31 15:24:59.778356: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:24:59.778359: | TSi[0] port match: YES fitness 65536 Oct 31 15:24:59.778362: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:24:59.778365: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:59.778369: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:24:59.778376: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:24:59.778380: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:24:59.778382: | TSr[0] port match: YES fitness 65536 Oct 31 15:24:59.778385: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:24:59.778388: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:24:59.778390: | best fit so far: TSi[0] TSr[0] Oct 31 15:24:59.778393: | did not find a better connection using host pair Oct 31 15:24:59.778396: | printing contents struct traffic_selector Oct 31 15:24:59.778398: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:59.778401: | ipprotoid: 0 Oct 31 15:24:59.778403: | port range: 0-65535 Oct 31 15:24:59.778407: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:24:59.778410: | printing contents struct traffic_selector Oct 31 15:24:59.778412: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:24:59.778414: | ipprotoid: 0 Oct 31 15:24:59.778417: | port range: 0-65535 Oct 31 15:24:59.778421: | ip range: 192.0.3.254-192.0.3.254 Oct 31 15:24:59.778425: | constructing ESP/AH proposals with all DH removed for north-east (IKE_AUTH responder matching remote ESP/AH proposals) Oct 31 15:24:59.778431: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:24:59.778438: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:59.778441: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:24:59.778446: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:59.778449: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:59.778455: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:59.778458: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:24:59.778464: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:59.778468: "north-east": local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): Oct 31 15:24:59.778472: "north-east": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:24:59.778476: "north-east": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:24:59.778481: "north-east": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:59.778485: "north-east": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:24:59.778488: | comparing remote proposals against IKE_AUTH responder matching remote ESP/AH proposals 4 local proposals Oct 31 15:24:59.778493: | local proposal 1 type ENCR has 1 transforms Oct 31 15:24:59.778496: | local proposal 1 type PRF has 0 transforms Oct 31 15:24:59.778498: | local proposal 1 type INTEG has 1 transforms Oct 31 15:24:59.778501: | local proposal 1 type DH has 1 transforms Oct 31 15:24:59.778503: | local proposal 1 type ESN has 1 transforms Oct 31 15:24:59.778507: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:59.778509: | local proposal 2 type ENCR has 1 transforms Oct 31 15:24:59.778511: | local proposal 2 type PRF has 0 transforms Oct 31 15:24:59.778514: | local proposal 2 type INTEG has 1 transforms Oct 31 15:24:59.778516: | local proposal 2 type DH has 1 transforms Oct 31 15:24:59.778519: | local proposal 2 type ESN has 1 transforms Oct 31 15:24:59.778522: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:24:59.778525: | local proposal 3 type ENCR has 1 transforms Oct 31 15:24:59.778527: | local proposal 3 type PRF has 0 transforms Oct 31 15:24:59.778530: | local proposal 3 type INTEG has 2 transforms Oct 31 15:24:59.779638: | local proposal 3 type DH has 1 transforms Oct 31 15:24:59.779647: | local proposal 3 type ESN has 1 transforms Oct 31 15:24:59.779652: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:59.779655: | local proposal 4 type ENCR has 1 transforms Oct 31 15:24:59.779657: | local proposal 4 type PRF has 0 transforms Oct 31 15:24:59.779659: | local proposal 4 type INTEG has 2 transforms Oct 31 15:24:59.779662: | local proposal 4 type DH has 1 transforms Oct 31 15:24:59.779665: | local proposal 4 type ESN has 1 transforms Oct 31 15:24:59.779668: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:24:59.779672: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.779675: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:59.779679: | length: 32 (00 20) Oct 31 15:24:59.779682: | prop #: 1 (01) Oct 31 15:24:59.779685: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:59.779688: | spi size: 4 (04) Oct 31 15:24:59.779691: | # transforms: 2 (02) Oct 31 15:24:59.779695: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:59.779697: | remote SPI Oct 31 15:24:59.779700: | af 3a f5 cb Oct 31 15:24:59.779703: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..4] of 4 local proposals Oct 31 15:24:59.779707: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.779710: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.779713: | length: 12 (00 0c) Oct 31 15:24:59.779716: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.779718: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:59.779721: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.779724: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.779727: | length/value: 256 (01 00) Oct 31 15:24:59.779732: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:24:59.779735: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.779738: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.779742: | length: 8 (00 08) Oct 31 15:24:59.779744: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:59.779750: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:59.779754: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:24:59.779757: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 2 type 5 (ESN) transform 0 Oct 31 15:24:59.779760: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 3 type 5 (ESN) transform 0 Oct 31 15:24:59.779763: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 4 type 5 (ESN) transform 0 Oct 31 15:24:59.779767: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:24:59.779771: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:24:59.779774: | remote proposal 1 matches local proposal 1 Oct 31 15:24:59.779777: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.779780: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:59.779784: | length: 32 (00 20) Oct 31 15:24:59.779787: | prop #: 2 (02) Oct 31 15:24:59.779789: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:59.779792: | spi size: 4 (04) Oct 31 15:24:59.779795: | # transforms: 2 (02) Oct 31 15:24:59.779798: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:59.779800: | remote SPI Oct 31 15:24:59.779803: | af 3a f5 cb Oct 31 15:24:59.779805: | Comparing remote proposal 2 containing 2 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:59.779808: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.779811: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.779814: | length: 12 (00 0c) Oct 31 15:24:59.779816: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.779819: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:59.779823: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.780403: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.780413: | length/value: 128 (00 80) Oct 31 15:24:59.780419: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780422: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.780425: | length: 8 (00 08) Oct 31 15:24:59.780428: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:59.780430: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:59.780434: | remote proposal 2 proposed transforms: ENCR+ESN; matched: none; unmatched: ENCR+ESN Oct 31 15:24:59.780437: | remote proposal 2 does not match; unmatched remote transforms: ENCR+ESN Oct 31 15:24:59.780441: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.780443: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:24:59.780446: | length: 48 (00 30) Oct 31 15:24:59.780449: | prop #: 3 (03) Oct 31 15:24:59.780451: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:59.780454: | spi size: 4 (04) Oct 31 15:24:59.780457: | # transforms: 4 (04) Oct 31 15:24:59.780460: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:59.780463: | remote SPI Oct 31 15:24:59.780465: | af 3a f5 cb Oct 31 15:24:59.780468: | Comparing remote proposal 3 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:59.780470: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780473: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780476: | length: 12 (00 0c) Oct 31 15:24:59.780479: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.780481: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.780484: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.780486: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.780489: | length/value: 256 (01 00) Oct 31 15:24:59.780493: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780495: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780500: | length: 8 (00 08) Oct 31 15:24:59.780503: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.780505: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:59.780508: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780510: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780513: | length: 8 (00 08) Oct 31 15:24:59.780516: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.780518: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:59.780521: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780524: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.780527: | length: 8 (00 08) Oct 31 15:24:59.780529: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:59.780532: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:59.780536: | remote proposal 3 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:59.780539: | remote proposal 3 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:59.780542: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.780544: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.780547: | length: 48 (00 30) Oct 31 15:24:59.780550: | prop #: 4 (04) Oct 31 15:24:59.780552: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:59.780555: | spi size: 4 (04) Oct 31 15:24:59.780558: | # transforms: 4 (04) Oct 31 15:24:59.780561: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:24:59.780563: | remote SPI Oct 31 15:24:59.780565: | af 3a f5 cb Oct 31 15:24:59.780568: | Comparing remote proposal 4 containing 4 transforms against local proposal [1..0] of 4 local proposals Oct 31 15:24:59.780571: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780573: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780576: | length: 12 (00 0c) Oct 31 15:24:59.780579: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.780582: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:24:59.780584: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.780587: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.780590: | length/value: 128 (00 80) Oct 31 15:24:59.780593: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780596: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780599: | length: 8 (00 08) Oct 31 15:24:59.780601: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.780603: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:24:59.780607: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780609: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780612: | length: 8 (00 08) Oct 31 15:24:59.780614: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:24:59.780617: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:24:59.780620: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780623: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.780626: | length: 8 (00 08) Oct 31 15:24:59.780628: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:59.780631: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:59.780635: | remote proposal 4 proposed transforms: ENCR+INTEG+ESN; matched: none; unmatched: ENCR+INTEG+ESN Oct 31 15:24:59.780638: | remote proposal 4 does not match; unmatched remote transforms: ENCR+INTEG+ESN Oct 31 15:24:59.780645: "north-east" #2: proposal 1:ESP=AES_GCM_C_256-DISABLED SPI=af3af5cb chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED Oct 31 15:24:59.780650: | IKE_AUTH responder matching remote ESP/AH proposals ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=af3af5cb Oct 31 15:24:59.780656: | converting proposal to internal trans attrs Oct 31 15:24:59.780678: | netlink_get_spi: allocated 0xe72833db for esp.0@192.1.2.23 Oct 31 15:24:59.780682: | emitting ikev2_proposal ... Oct 31 15:24:59.780685: | ****emit IKEv2 Security Association Payload: Oct 31 15:24:59.780688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.780691: | flags: none (0x0) Oct 31 15:24:59.780695: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:24:59.780697: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.780701: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:24:59.780704: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:24:59.780707: | prop #: 1 (01) Oct 31 15:24:59.780709: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:24:59.780712: | spi size: 4 (04) Oct 31 15:24:59.780715: | # transforms: 2 (02) Oct 31 15:24:59.780717: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:24:59.780721: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:24:59.780725: | our spi: e7 28 33 db Oct 31 15:24:59.780728: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780731: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780733: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:24:59.780736: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:24:59.780738: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.780741: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:24:59.780744: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:24:59.780747: | length/value: 256 (01 00) Oct 31 15:24:59.780750: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:24:59.780753: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:24:59.780756: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:24:59.780758: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:24:59.780760: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:24:59.780763: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:24:59.780766: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:24:59.780769: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:24:59.780772: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:24:59.780774: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:24:59.780777: | emitting length of IKEv2 Security Association Payload: 36 Oct 31 15:24:59.780779: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:24:59.780783: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:24:59.780785: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.780788: | flags: none (0x0) Oct 31 15:24:59.780791: | number of TS: 1 (01) Oct 31 15:24:59.780794: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:24:59.780796: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.780799: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:59.780801: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.780804: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.780808: | start port: 0 (00 00) Oct 31 15:24:59.780813: | end port: 65535 (ff ff) Oct 31 15:24:59.780817: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:59.780820: | IP start: c0 00 03 fe Oct 31 15:24:59.780823: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:59.780826: | IP end: c0 00 03 fe Oct 31 15:24:59.780828: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:59.780831: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:24:59.780833: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:24:59.780836: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:24:59.780838: | flags: none (0x0) Oct 31 15:24:59.780841: | number of TS: 1 (01) Oct 31 15:24:59.780844: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:24:59.780847: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:24:59.780850: | *****emit IKEv2 Traffic Selector: Oct 31 15:24:59.781579: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:24:59.781588: | IP Protocol ID: ALL (0x0) Oct 31 15:24:59.781593: | start port: 0 (00 00) Oct 31 15:24:59.781596: | end port: 65535 (ff ff) Oct 31 15:24:59.781600: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:24:59.781604: | IP start: c0 00 02 00 Oct 31 15:24:59.781607: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:24:59.781610: | IP end: c0 00 02 ff Oct 31 15:24:59.781613: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:24:59.781615: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:24:59.781618: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:24:59.781621: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:24:59.781709: | FOR_EACH_CONNECTION_... in IKE_SA_established Oct 31 15:24:59.781715: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:24:59.781718: | could_route called for north-east; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:24:59.781721: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:59.781724: | conn north-east mark 0/00000000, 0/00000000 vs Oct 31 15:24:59.781726: | conn north-east mark 0/00000000, 0/00000000 Oct 31 15:24:59.781730: | route owner of "north-east" prospective erouted: self; eroute owner: self Oct 31 15:24:59.781734: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:59.781737: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:59.781740: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:59.781743: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:59.781747: | setting IPsec SA replay-window to 32 Oct 31 15:24:59.781750: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Oct 31 15:24:59.781753: | netlink: enabling tunnel mode Oct 31 15:24:59.781755: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:59.781757: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:59.781760: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:59.781823: | netlink response for Add SA esp.af3af5cb@192.1.3.33 included non-error error Oct 31 15:24:59.781830: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:24:59.781834: | set up outgoing SA, ref=0/0 Oct 31 15:24:59.781838: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:24:59.781842: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:24:59.781845: | AES_GCM_16 requires 4 salt bytes Oct 31 15:24:59.781848: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:24:59.781852: | setting IPsec SA replay-window to 32 Oct 31 15:24:59.781856: | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 Oct 31 15:24:59.781859: | netlink: enabling tunnel mode Oct 31 15:24:59.781862: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:24:59.781864: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:24:59.781866: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:24:59.782524: | netlink response for Add SA esp.e72833db@192.1.2.23 included non-error error Oct 31 15:24:59.782533: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:24:59.782536: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:24:59.782539: | setup_half_ipsec_sa() before proto 50 Oct 31 15:24:59.782542: | setup_half_ipsec_sa() after proto 50 Oct 31 15:24:59.782544: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:24:59.782548: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:24:59.782556: | add inbound eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:59.782560: | IPsec SA SPD priority set to 2084798 Oct 31 15:24:59.782677: | raw_eroute result=success Oct 31 15:24:59.782683: | set up incoming SA, ref=0/0 Oct 31 15:24:59.782686: | sr for #2: prospective erouted Oct 31 15:24:59.782689: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:24:59.782692: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:24:59.782695: | conn north-east mark 0/00000000, 0/00000000 vs Oct 31 15:24:59.782698: | conn north-east mark 0/00000000, 0/00000000 Oct 31 15:24:59.782701: | route owner of "north-east" prospective erouted: self; eroute owner: self Oct 31 15:24:59.782704: | route_and_eroute with c: north-east (next: none) ero:north-east esr:{(nil)} ro:north-east rosr:{(nil)} and state: #2 Oct 31 15:24:59.782707: | we are replacing an eroute Oct 31 15:24:59.782710: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:24:59.782720: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.254/32:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:24:59.782725: | IPsec SA SPD priority set to 2084798 Oct 31 15:24:59.782784: | raw_eroute result=success Oct 31 15:24:59.782790: | running updown command "ipsec _updown" for verb up Oct 31 15:24:59.782793: | command executing up-client Oct 31 15:24:59.782798: | get_sa_info esp.af3af5cb@192.1.3.33 Oct 31 15:24:59.782808: | get_sa_info esp.e72833db@192.1.2.23 Oct 31 15:24:59.782845: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157899' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' P... Oct 31 15:24:59.782851: | popen cmd is 1135 chars long Oct 31 15:24:59.782854: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_V: Oct 31 15:24:59.782856: | cmd( 80):IRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP=: Oct 31 15:24:59.782858: | cmd( 160):'192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.: Oct 31 15:24:59.782861: | cmd( 240):0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Oct 31 15:24:59.782865: | cmd( 320):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PL: Oct 31 15:24:59.782867: | cmd( 400):UTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' : Oct 31 15:24:59.782870: | cmd( 480):PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLU: Oct 31 15:24:59.782872: | cmd( 560):TO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLU: Oct 31 15:24:59.782874: | cmd( 640):TO_ADDTIME='1604157899' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2: Oct 31 15:24:59.782876: | cmd( 720):_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_C: Oct 31 15:24:59.782878: | cmd( 800):ONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO: Oct 31 15:24:59.782881: | cmd( 880):='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CF: Oct 31 15:24:59.782883: | cmd( 960):G_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IF: Oct 31 15:24:59.782885: | cmd(1040):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xaf3af5cb SPI_OUT=0xe72833db ips: Oct 31 15:24:59.782887: | cmd(1120):ec _updown 2>&1: Oct 31 15:24:59.801493: | route_and_eroute: firewall_notified: true Oct 31 15:24:59.801559: | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x55777f3fa588,sr=0x55777f3fa588} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:24:59.801706: | ISAKMP_v2_IKE_AUTH: instance north-east[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:24:59.801761: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:24:59.801768: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:24:59.801771: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:24:59.801774: | emitting length of IKEv2 Encryption Payload: 475 Oct 31 15:24:59.801777: | emitting length of ISAKMP Message: 503 Oct 31 15:24:59.801797: | recording outgoing fragment failed Oct 31 15:24:59.801805: | delref logger@0x55777f3ff858(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:24:59.801808: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.801811: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.801815: | XXX: resume sending helper answer back to state for #1 switched MD.ST to #2 Oct 31 15:24:59.801822: | suspend processing: state #1 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.801828: | start processing: state #2 connection "north-east" from 192.1.3.33:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:24:59.801834: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_R0 PARENT_R1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:24:59.801837: | transitioning from state STATE_PARENT_R1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:24:59.801840: | Message ID: updating counters for #2 Oct 31 15:24:59.801897: | Message ID: CHILD #1.#2 updating responder received message request 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0 ike.responder.recv=0->1 ike.responder.last_contact=744574.169139->744574.234639 child.wip.initiator=-1 child.wip.responder=1->-1 Oct 31 15:24:59.801907: | Message ID: CHILD #1.#2 updating responder sent message response 1: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=0->1 ike.responder.recv=1 ike.responder.last_contact=744574.234639 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:24:59.801915: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=-1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744574.234639 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:24:59.801926: | child state #2: V2_IKE_AUTH_CHILD_R0(ignore) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:24:59.801930: | pstats #2 ikev2.child established Oct 31 15:24:59.801933: | announcing the state transition Oct 31 15:24:59.801942: "north-east" #2: negotiated connection [192.0.2.0-192.0.2.255:0-65535 0] -> [192.0.3.254-192.0.3.254:0-65535 0] Oct 31 15:24:59.801947: | NAT-T: encaps is 'auto' Oct 31 15:24:59.801999: "north-east" #2: IPsec SA established tunnel mode {ESP=>0xaf3af5cb <0xe72833db xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:24:59.802010: | sending 503 bytes for STATE_PARENT_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:24:59.802014: | 2d 44 07 32 81 17 ab 77 f6 1b 27 63 46 7a b4 7d Oct 31 15:24:59.802017: | 2e 20 23 20 00 00 00 01 00 00 01 f7 24 00 01 db Oct 31 15:24:59.802019: | a6 17 f5 26 82 f8 bf ab 9b 6d c0 2b 3f b6 a6 09 Oct 31 15:24:59.802022: | 90 b0 7a 14 55 49 91 62 1c ff 11 89 d6 65 5e 41 Oct 31 15:24:59.802024: | bd 15 4a 3f ef 88 30 fa 28 50 53 83 d1 b9 0a 11 Oct 31 15:24:59.802026: | f2 0c 4a d4 89 07 c0 a9 60 d0 2e 28 23 37 cb c4 Oct 31 15:24:59.802029: | 3e 7e 97 a1 3b 18 e4 1f e0 33 07 70 48 69 1f 5e Oct 31 15:24:59.802031: | 2a e0 a4 9b 88 55 fa 9a 2c 69 8c cd 9f 7c 18 33 Oct 31 15:24:59.802033: | 98 ad b7 f6 d4 f4 08 51 9c ec 85 3b 31 3f e2 a3 Oct 31 15:24:59.802036: | 06 13 c6 36 5b c5 e4 38 00 9e c0 3e ff e0 1e bf Oct 31 15:24:59.802038: | 06 66 e5 7b be d4 f8 d6 67 d5 47 d4 f4 9b 62 86 Oct 31 15:24:59.802040: | 84 f6 c9 61 31 17 8b 29 7d 5e 25 19 66 97 2e 99 Oct 31 15:24:59.802043: | 58 37 ea 3a 45 cd 0d 8d ea e5 d4 f9 5c d7 c4 3e Oct 31 15:24:59.802045: | 5d 34 cc cc 16 98 68 a1 63 18 a9 48 11 0e f5 26 Oct 31 15:24:59.802047: | fc 59 d6 93 10 62 bf 1c 14 e2 38 61 ac 53 f3 bf Oct 31 15:24:59.802050: | ee 47 24 bb c1 8e 45 45 9e 54 b4 ca 7d da ba 1f Oct 31 15:24:59.802052: | af c7 b5 a1 6b 71 d8 ba 49 96 8b 5f bf 5b 00 b1 Oct 31 15:24:59.802054: | 8a 4a 94 09 4a 73 75 ef ed fd f6 f5 73 66 f3 07 Oct 31 15:24:59.802057: | cd 69 17 13 c6 11 0d 57 e4 ae 1f 16 ea 23 f9 58 Oct 31 15:24:59.802059: | bc 93 53 07 d8 2f be 7c de e8 99 92 6b ae 0c 35 Oct 31 15:24:59.802062: | 69 76 fd 41 2b da d1 b7 e3 c3 b1 7d 0c fd 6e db Oct 31 15:24:59.802064: | 4c 00 ca 54 6a c0 5c 4d c8 2c 2c fe 80 5a 22 d7 Oct 31 15:24:59.802066: | 04 c1 91 b8 d8 e4 4d 9a 2d b3 0d d0 0f 49 9c 68 Oct 31 15:24:59.802069: | 09 af d6 1b d8 f7 b6 7b bd 14 3c 29 82 26 df f2 Oct 31 15:24:59.802071: | 74 7b b5 ab c0 28 a8 e6 a1 c2 8e d4 52 5f 02 12 Oct 31 15:24:59.802073: | a1 8a 71 cb 5b cf 2e df bf 6f f3 99 6c 80 61 36 Oct 31 15:24:59.802075: | 87 f5 a7 2c bc 5c cb ca 83 52 d5 73 03 88 94 17 Oct 31 15:24:59.802078: | 90 a7 b9 ff 77 c9 81 a8 bd 0b 86 c1 46 40 32 ab Oct 31 15:24:59.802080: | 2c 91 4a 0c 33 08 34 c6 d2 f6 02 b7 c3 c9 ce 57 Oct 31 15:24:59.802082: | a5 eb b8 c4 ec 30 3f 8d b1 6a 13 46 ee 3b 03 d4 Oct 31 15:24:59.802085: | 5a 1a 91 7e 85 99 60 09 76 c8 01 6f e5 6f 75 0b Oct 31 15:24:59.802087: | e9 8c 3d 29 7c 25 bd Oct 31 15:24:59.802125: | sent 1 messages Oct 31 15:24:59.802131: | releasing #2's fd-fd@(nil) because IKEv2 transitions finished Oct 31 15:24:59.802134: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:59.802136: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:24:59.802139: | unpending #2's IKE SA #1 Oct 31 15:24:59.802142: | unpending state #1 connection "north-east" Oct 31 15:24:59.802145: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:24:59.802147: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:59.802150: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:24:59.802153: | #2 will start re-keying in 28530 seconds with margin of 270 seconds (attempting re-key) Oct 31 15:24:59.802158: | state #2 has no .st_event to delete Oct 31 15:24:59.802162: | event_schedule: newref EVENT_SA_REKEY-pe@0x55777f3ff858 Oct 31 15:24:59.802166: | inserting event EVENT_SA_REKEY, timeout in 28530 seconds for #2 Oct 31 15:24:59.802170: | libevent_malloc: newref ptr-libevent@0x55777f404578 size 128 Oct 31 15:24:59.802175: | delref mdp@0x55777f401018(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.802179: | delref logger@0x55777f3f9c08(1->0) (in resume_handler() at server.c:743) Oct 31 15:24:59.802181: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:24:59.802184: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:24:59.802192: | #1 spent 2.57 (25) milliseconds in resume sending helper answer back to state Oct 31 15:24:59.802201: | stop processing: state #2 connection "north-east" from 192.1.3.33:500 (in resume_handler() at server.c:745) Oct 31 15:24:59.802209: | libevent_free: delref ptr-libevent@0x7fcd44000d38 Oct 31 15:24:59.802221: | processing signal PLUTO_SIGCHLD Oct 31 15:24:59.802227: | waitpid returned ECHILD (no child processes left) Oct 31 15:24:59.802232: | spent 0.00563 (0.00543) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:01.430854: | newref struct fd@0x55777f4060e8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:01.430869: | fd_accept: new fd-fd@0x55777f4060e8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:01.430880: | whack: status Oct 31 15:25:01.431086: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:01.431094: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:01.431178: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:01.431186: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:01.431211: | get_sa_info esp.e72833db@192.1.2.23 Oct 31 15:25:01.431236: | get_sa_info esp.af3af5cb@192.1.3.33 Oct 31 15:25:01.431362: | delref fd@0x55777f4060e8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:01.431372: | freeref fd-fd@0x55777f4060e8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:01.431380: | spent 0.449 (0.535) milliseconds in whack Oct 31 15:25:03.281386: | newref struct fd@0x55777f4060e8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.281406: | fd_accept: new fd-fd@0x55777f4060e8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.281421: shutting down Oct 31 15:25:03.281433: | leaking fd-fd@0x55777f4060e8's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:03.281438: | delref fd@0x55777f4060e8(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:03.281442: | freeref fd-fd@0x55777f4060e8 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:03.281460: | shutting down helper thread 6 Oct 31 15:25:03.281472: | helper thread 6 exited Oct 31 15:25:03.281485: | shutting down helper thread 7 Oct 31 15:25:03.281500: | helper thread 7 exited Oct 31 15:25:03.281512: | shutting down helper thread 2 Oct 31 15:25:03.281524: | helper thread 2 exited Oct 31 15:25:03.281534: | shutting down helper thread 5 Oct 31 15:25:03.281543: | helper thread 5 exited Oct 31 15:25:03.281557: | shutting down helper thread 1 Oct 31 15:25:03.281566: | helper thread 1 exited Oct 31 15:25:03.281579: | shutting down helper thread 3 Oct 31 15:25:03.281593: | helper thread 3 exited Oct 31 15:25:03.281604: | shutting down helper thread 4 Oct 31 15:25:03.281612: | helper thread 4 exited Oct 31 15:25:03.281616: 7 helper threads shutdown Oct 31 15:25:03.281619: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:03.281622: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:03.281624: forgetting secrets Oct 31 15:25:03.281639: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:03.281644: | delref pkp@0x55777f3ffb48(1->0) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:03.281648: | delref pkp@0x55777f400aa8(2->1) (in free_public_keyentry() at secrets.c:1591) Oct 31 15:25:03.281652: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:03.281660: | pass 0 Oct 31 15:25:03.281663: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:03.281665: | state #2 Oct 31 15:25:03.281673: | start processing: state #2 connection "north-east" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:03.281676: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:03.281679: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:03.281683: | pstats #2 ikev2.child deleted completed Oct 31 15:25:03.281688: | #2 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:03.281693: | [RE]START processing: state #2 connection "north-east" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:03.281698: | should_send_delete: yes Oct 31 15:25:03.281703: "north-east" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 3.504157s and sending notification Oct 31 15:25:03.281706: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:03.281713: | get_sa_info esp.af3af5cb@192.1.3.33 Oct 31 15:25:03.281732: | get_sa_info esp.e72833db@192.1.2.23 Oct 31 15:25:03.281741: "north-east" #2: ESP traffic information: in=84B out=84B Oct 31 15:25:03.281746: | unsuspending #2 MD (nil) Oct 31 15:25:03.281749: | should_send_delete: yes Oct 31 15:25:03.281752: | #2 send IKEv2 delete notification for STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:03.281755: | opening output PBS informational exchange delete request Oct 31 15:25:03.281758: | **emit ISAKMP Message: Oct 31 15:25:03.281764: | initiator SPI: 2d 44 07 32 81 17 ab 77 Oct 31 15:25:03.281769: | responder SPI: f6 1b 27 63 46 7a b4 7d Oct 31 15:25:03.281772: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:03.281774: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.281777: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:03.281780: | flags: none (0x0) Oct 31 15:25:03.281784: | Message ID: 0 (00 00 00 00) Oct 31 15:25:03.281788: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:03.281792: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:03.281795: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.281797: | flags: none (0x0) Oct 31 15:25:03.281800: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:03.281803: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:03.281807: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:03.281815: | ****emit IKEv2 Delete Payload: Oct 31 15:25:03.281818: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.281820: | flags: none (0x0) Oct 31 15:25:03.281823: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.281826: | SPI size: 4 (04) Oct 31 15:25:03.281829: | number of SPIs: 1 (00 01) Oct 31 15:25:03.281832: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:03.281834: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:03.281837: | emitting 4 raw bytes of local spis into IKEv2 Delete Payload Oct 31 15:25:03.281840: | local spis: e7 28 33 db Oct 31 15:25:03.281843: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:03.281845: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:03.281849: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.281852: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:03.281855: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:25:03.281858: | emitting length of ISAKMP Message: 69 Oct 31 15:25:03.281888: | sending 69 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:03.281892: | 2d 44 07 32 81 17 ab 77 f6 1b 27 63 46 7a b4 7d Oct 31 15:25:03.281894: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:03.281896: | b4 9b c6 4b 46 15 dd a6 0e c9 8b 58 31 3b 12 b9 Oct 31 15:25:03.281898: | 4b 47 06 8a a9 e7 92 a0 02 bb f5 8d cd cc f2 5c Oct 31 15:25:03.281900: | 64 70 63 d4 ad Oct 31 15:25:03.281958: | sent 1 messages Oct 31 15:25:03.281962: | Message ID: IKE #1 sender #2 in send_delete hacking around record 'n' send Oct 31 15:25:03.281970: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744574.234639 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:03.281974: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55777f407608 Oct 31 15:25:03.281977: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Oct 31 15:25:03.281980: | libevent_malloc: newref ptr-libevent@0x7fcd44000d38 size 128 Oct 31 15:25:03.281986: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744577.714769 Oct 31 15:25:03.281993: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744574.234639 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:03.281996: | state #2 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:03.281999: | libevent_free: delref ptr-libevent@0x55777f404578 Oct 31 15:25:03.282003: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55777f3ff858 Oct 31 15:25:03.282005: | #2 STATE_V2_ESTABLISHED_CHILD_SA: retransmits: cleared Oct 31 15:25:03.282075: | running updown command "ipsec _updown" for verb down Oct 31 15:25:03.282080: | command executing down-client Oct 31 15:25:03.282084: | get_sa_info esp.af3af5cb@192.1.3.33 Oct 31 15:25:03.282095: | get_sa_info esp.e72833db@192.1.2.23 Oct 31 15:25:03.282130: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157899' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='... Oct 31 15:25:03.282134: | popen cmd is 1139 chars long Oct 31 15:25:03.282137: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: Oct 31 15:25:03.282139: | cmd( 80):_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HO: Oct 31 15:25:03.282142: | cmd( 160):P='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.: Oct 31 15:25:03.282144: | cmd( 240):2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLU: Oct 31 15:25:03.282146: | cmd( 320):TO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' : Oct 31 15:25:03.282148: | cmd( 400):PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32: Oct 31 15:25:03.282150: | cmd( 480):' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' P: Oct 31 15:25:03.282154: | cmd( 560):LUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' P: Oct 31 15:25:03.282157: | cmd( 640):LUTO_ADDTIME='1604157899' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKE: Oct 31 15:25:03.282159: | cmd( 720):V2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO: Oct 31 15:25:03.282161: | cmd( 800):_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_IN: Oct 31 15:25:03.282163: | cmd( 880):FO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_: Oct 31 15:25:03.282165: | cmd( 960):CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='84' PLUTO_OUTBYTES='84' VT: Oct 31 15:25:03.282168: | cmd(1040):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xaf3af5cb SPI_OUT=0xe72833db: Oct 31 15:25:03.282170: | cmd(1120): ipsec _updown 2>&1: Oct 31 15:25:03.294943: | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.254/32:0 Oct 31 15:25:03.294956: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.254/32:0 Oct 31 15:25:03.294959: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:25:03.294963: | IPsec SA SPD priority set to 2084798 Oct 31 15:25:03.295000: | delete esp.af3af5cb@192.1.3.33 Oct 31 15:25:03.295004: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:03.295017: | netlink response for Del SA esp.af3af5cb@192.1.3.33 included non-error error Oct 31 15:25:03.295020: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:25:03.295026: | delete inbound eroute 192.0.3.254/32:0 --0-> 192.0.2.0/24:0 => unk.10000@192.1.2.23 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:03.295047: | raw_eroute result=success Oct 31 15:25:03.295051: | delete esp.e72833db@192.1.2.23 Oct 31 15:25:03.295053: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:03.295062: | netlink response for Del SA esp.e72833db@192.1.2.23 included non-error error Oct 31 15:25:03.295067: | in connection_discard for connection north-east Oct 31 15:25:03.295070: | State DB: deleting IKEv2 state #2 in ESTABLISHED_CHILD_SA Oct 31 15:25:03.295074: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => UNDEFINED(ignore) Oct 31 15:25:03.295076: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:03.295078: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:03.295080: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:03.295081: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:03.295086: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:03.295091: | delref logger@0x55777f3ecde8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:03.295092: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.295094: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.295096: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:03.295098: | state #1 Oct 31 15:25:03.295099: | pass 1 Oct 31 15:25:03.295101: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:03.295102: | state #1 Oct 31 15:25:03.295105: | start processing: state #1 connection "north-east" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:03.295107: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:03.295108: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:03.295110: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:03.295115: | #1 main thread spent 10.4 (41) milliseconds helper thread spent 10.7 (16.6) milliseconds in total Oct 31 15:25:03.295118: | [RE]START processing: state #1 connection "north-east" from 192.1.3.33:500 (in delete_state() at state.c:935) Oct 31 15:25:03.295122: | should_send_delete: yes Oct 31 15:25:03.295126: "north-east" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 3.571334s and sending notification Oct 31 15:25:03.295128: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:03.295159: | unsuspending #1 MD (nil) Oct 31 15:25:03.295162: | should_send_delete: yes Oct 31 15:25:03.295164: | #1 send IKEv2 delete notification for STATE_V2_ESTABLISHED_IKE_SA Oct 31 15:25:03.295166: | opening output PBS informational exchange delete request Oct 31 15:25:03.295168: | **emit ISAKMP Message: Oct 31 15:25:03.295171: | initiator SPI: 2d 44 07 32 81 17 ab 77 Oct 31 15:25:03.295173: | responder SPI: f6 1b 27 63 46 7a b4 7d Oct 31 15:25:03.295175: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:03.295177: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.295179: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:03.295180: | flags: none (0x0) Oct 31 15:25:03.295183: | Message ID: 1 (00 00 00 01) Oct 31 15:25:03.295185: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:03.295187: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:03.295189: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.295190: | flags: none (0x0) Oct 31 15:25:03.295192: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:03.295194: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:03.295196: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:03.295210: | ****emit IKEv2 Delete Payload: Oct 31 15:25:03.295215: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.295217: | flags: none (0x0) Oct 31 15:25:03.295219: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:03.295223: | SPI size: 0 (00) Oct 31 15:25:03.295228: | number of SPIs: 0 (00 00) Oct 31 15:25:03.295231: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:03.295233: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'informational exchange delete request' Oct 31 15:25:03.295237: | emitting length of IKEv2 Delete Payload: 8 Oct 31 15:25:03.295239: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:03.295242: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.295245: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:03.295248: | emitting length of IKEv2 Encryption Payload: 37 Oct 31 15:25:03.295250: | emitting length of ISAKMP Message: 65 Oct 31 15:25:03.295273: | sending 65 bytes for delete notification through eth1 from 192.1.2.23:500 to 192.1.3.33:500 using UDP (for #1) Oct 31 15:25:03.295277: | 2d 44 07 32 81 17 ab 77 f6 1b 27 63 46 7a b4 7d Oct 31 15:25:03.295278: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Oct 31 15:25:03.295280: | d0 47 69 90 5d f7 ec 6d fd 9b ae 0d f0 6e 42 1a Oct 31 15:25:03.295281: | 47 d8 f4 5a dc 05 b4 12 b9 b0 25 3e 35 4d d1 3d Oct 31 15:25:03.295282: | 57 Oct 31 15:25:03.295321: | sent 1 messages Oct 31 15:25:03.295324: | Message ID: IKE #1 sender #1 in send_delete hacking around record 'n' send Oct 31 15:25:03.295329: | Message ID: IKE #1 XXX: expecting sender.wip.initiator 0 == -1 - suspect record'n'send out-of-order?): ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744574.234639 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:25:03.295332: | Message ID: IKE #1 XXX: EVENT_RETRANSMIT already scheduled -- suspect record'n'send: ike.initiator.sent=1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744574.234639 ike.wip.initiator=1 ike.wip.responder=-1 Oct 31 15:25:03.295338: | Message ID: IKE #1 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=-1 ike.initiator.last_contact=744574.156623 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744574.234639 ike.wip.initiator=0->1 ike.wip.responder=-1 Oct 31 15:25:03.295341: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:03.295345: | libevent_free: delref ptr-libevent@0x7fcd4000b578 Oct 31 15:25:03.295347: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55777f3fcbb8 Oct 31 15:25:03.295349: | #1 requesting EVENT_RETRANSMIT-pe@0x55777f407608 be deleted Oct 31 15:25:03.295351: | libevent_free: delref ptr-libevent@0x7fcd44000d38 Oct 31 15:25:03.295352: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55777f407608 Oct 31 15:25:03.295354: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:03.295357: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:03.295359: | in connection_discard for connection north-east Oct 31 15:25:03.295360: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:03.295363: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:03.295365: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:03.295366: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:03.295368: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:03.295370: | delref pkp@0x55777f400aa8(1->0) (in delete_state() at state.c:1202) Oct 31 15:25:03.295383: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1239) Oct 31 15:25:03.295394: | delref logger@0x55777f3ecfc8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:03.295396: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.295397: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.295399: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:03.295403: | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.254/32:0 Oct 31 15:25:03.295406: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.254/32:0 Oct 31 15:25:03.295408: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:25:03.295425: | priority calculation of connection "north-east" is 2084798 (0x1fcfbe) Oct 31 15:25:03.295435: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:03.295438: | conn north-east mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.295440: | conn north-east mark 0/00000000, 0/00000000 Oct 31 15:25:03.295442: | route owner of "north-east" unrouted: NULL Oct 31 15:25:03.295444: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:03.295445: | command executing unroute-client Oct 31 15:25:03.295463: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.254/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'... Oct 31 15:25:03.295465: | popen cmd is 1081 chars long Oct 31 15:25:03.295469: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: Oct 31 15:25:03.295470: | cmd( 80):UTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT: Oct 31 15:25:03.295472: | cmd( 160):_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='@east' PLUTO_MY_CLIENT='192: Oct 31 15:25:03.295473: | cmd( 240):.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' : Oct 31 15:25:03.295474: | cmd( 320):PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='no: Oct 31 15:25:03.295476: | cmd( 400):ne' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='@north' PLUTO_PEER_CLIENT='192.0.3.25: Oct 31 15:25:03.295477: | cmd( 480):4/32' PLUTO_PEER_CLIENT_NET='192.0.3.254' PLUTO_PEER_CLIENT_MASK='255.255.255.25: Oct 31 15:25:03.295478: | cmd( 560):5' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:03.295480: | cmd( 640):m' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_AL: Oct 31 15:25:03.295481: | cmd( 720):LOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN: Oct 31 15:25:03.295482: | cmd( 800):_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='': Oct 31 15:25:03.295484: | cmd( 880): PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_C: Oct 31 15:25:03.295485: | cmd( 960):LIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' : Oct 31 15:25:03.295487: | cmd(1040):SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:03.309875: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309896: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309899: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309902: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309905: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309915: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309924: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309934: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309946: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309956: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309965: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309976: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309987: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.309997: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310011: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310025: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310037: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310047: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310056: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310066: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310075: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310499: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310509: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310519: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310535: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310551: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310577: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310602: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310622: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310635: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.310648: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.316290: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:03.316306: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:03.316312: | newref clone logger@0x55777f405f18(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:03.316318: | delref hp@0x55777f3fd358(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:03.316321: | flush revival: connection 'north-east' wasn't on the list Oct 31 15:25:03.316325: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:03.316327: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:03.316341: | Connection DB: deleting connection $1 Oct 31 15:25:03.316346: | delref logger@0x55777f405f18(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:03.316349: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.316351: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.316355: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:03.316357: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:03.316362: | iface: marking eth1 dead Oct 31 15:25:03.316364: | iface: marking eth0 dead Oct 31 15:25:03.316366: | iface: marking lo dead Oct 31 15:25:03.316369: | updating interfaces - listing interfaces that are going down Oct 31 15:25:03.316375: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:03.316379: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:03.316383: shutting down interface eth0 192.0.2.254:4500 Oct 31 15:25:03.316387: shutting down interface eth0 192.0.2.254:500 Oct 31 15:25:03.316391: shutting down interface eth1 192.1.2.23:4500 Oct 31 15:25:03.316394: shutting down interface eth1 192.1.2.23:500 Oct 31 15:25:03.316396: | updating interfaces - deleting the dead Oct 31 15:25:03.316403: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:03.316412: | libevent_free: delref ptr-libevent@0x55777f3fbc78 Oct 31 15:25:03.316416: | delref id@0x55777f3ffd88(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316427: | libevent_free: delref ptr-libevent@0x55777f3f5b88 Oct 31 15:25:03.316431: | delref id@0x55777f3ffd88(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316439: | libevent_free: delref ptr-libevent@0x55777f3b56c8 Oct 31 15:25:03.316442: | delref id@0x55777f3ffc98(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316448: | libevent_free: delref ptr-libevent@0x55777f3b58c8 Oct 31 15:25:03.316451: | delref id@0x55777f3ffc98(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316458: | libevent_free: delref ptr-libevent@0x55777f3b57c8 Oct 31 15:25:03.316461: | delref id@0x55777f400d48(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316469: | libevent_free: delref ptr-libevent@0x55777f3ae168 Oct 31 15:25:03.316472: | delref id@0x55777f400d48(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316477: | delref id@0x55777f400d48(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316481: | delref id@0x55777f3ffc98(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316484: | delref id@0x55777f3ffd88(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:03.316486: | updating interfaces - checking orientation Oct 31 15:25:03.316488: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:03.318103: | libevent_free: delref ptr-libevent@0x55777f3f5c38 Oct 31 15:25:03.318116: | free_event_entry: delref EVENT_NULL-pe@0x55777f3f9078 Oct 31 15:25:03.318123: | libevent_free: delref ptr-libevent@0x55777f3ae268 Oct 31 15:25:03.318125: | free_event_entry: delref EVENT_NULL-pe@0x55777f3f5b18 Oct 31 15:25:03.318129: | libevent_free: delref ptr-libevent@0x55777f3adfb8 Oct 31 15:25:03.318131: | free_event_entry: delref EVENT_NULL-pe@0x55777f3f5aa8 Oct 31 15:25:03.318135: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:03.318140: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:03.318142: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:03.318145: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:03.318147: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:03.318149: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:03.318151: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:03.318153: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:03.318161: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:03.318166: | libevent_free: delref ptr-libevent@0x55777f340ed8 Oct 31 15:25:03.318168: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:03.318172: | libevent_free: delref ptr-libevent@0x55777f34aed8 Oct 31 15:25:03.318174: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:03.318177: | libevent_free: delref ptr-libevent@0x55777f3f9298 Oct 31 15:25:03.318179: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:03.318182: | libevent_free: delref ptr-libevent@0x55777f3f94d8 Oct 31 15:25:03.318185: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:03.318188: | releasing event base Oct 31 15:25:03.318313: | libevent_free: delref ptr-libevent@0x55777f3f93a8 Oct 31 15:25:03.318320: | libevent_free: delref ptr-libevent@0x55777f3e8768 Oct 31 15:25:03.318325: | libevent_free: delref ptr-libevent@0x55777f3e8718 Oct 31 15:25:03.318327: | libevent_free: delref ptr-libevent@0x55777f3bb828 Oct 31 15:25:03.318329: | libevent_free: delref ptr-libevent@0x55777f3e8918 Oct 31 15:25:03.318332: | libevent_free: delref ptr-libevent@0x55777f3eca98 Oct 31 15:25:03.318335: | libevent_free: delref ptr-libevent@0x55777f3ec8a8 Oct 31 15:25:03.318337: | libevent_free: delref ptr-libevent@0x55777f3e8958 Oct 31 15:25:03.318339: | libevent_free: delref ptr-libevent@0x55777f3ec6b8 Oct 31 15:25:03.318342: | libevent_free: delref ptr-libevent@0x55777f3ec078 Oct 31 15:25:03.318344: | libevent_free: delref ptr-libevent@0x55777f3fd548 Oct 31 15:25:03.318346: | libevent_free: delref ptr-libevent@0x55777f3fd508 Oct 31 15:25:03.318348: | libevent_free: delref ptr-libevent@0x55777f3fd4c8 Oct 31 15:25:03.318351: | libevent_free: delref ptr-libevent@0x55777f3fd488 Oct 31 15:25:03.318353: | libevent_free: delref ptr-libevent@0x55777f3fd448 Oct 31 15:25:03.318355: | libevent_free: delref ptr-libevent@0x55777f3fd408 Oct 31 15:25:03.318357: | libevent_free: delref ptr-libevent@0x55777f3deec8 Oct 31 15:25:03.318359: | libevent_free: delref ptr-libevent@0x55777f3f9258 Oct 31 15:25:03.318362: | libevent_free: delref ptr-libevent@0x55777f3f9218 Oct 31 15:25:03.318364: | libevent_free: delref ptr-libevent@0x55777f3ec6f8 Oct 31 15:25:03.318366: | libevent_free: delref ptr-libevent@0x55777f3f9368 Oct 31 15:25:03.318369: | libevent_free: delref ptr-libevent@0x55777f3f90e8 Oct 31 15:25:03.318387: | libevent_free: delref ptr-libevent@0x55777f3b9158 Oct 31 15:25:03.318389: | libevent_free: delref ptr-libevent@0x55777f3bae48 Oct 31 15:25:03.318391: | libevent_free: delref ptr-libevent@0x55777f3b1fc8 Oct 31 15:25:03.318394: | releasing global libevent data Oct 31 15:25:03.318396: | libevent_free: delref ptr-libevent@0x55777f33a5d8 Oct 31 15:25:03.318399: | libevent_free: delref ptr-libevent@0x55777f3af688 Oct 31 15:25:03.318401: | libevent_free: delref ptr-libevent@0x55777f3b91d8 Oct 31 15:25:03.318449: leak detective found no leaks