Oct 31 15:25:02.758345: | newref logger@0x55f63c756bb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:25:02.758398: | delref logger@0x55f63c756bb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:25:02.758406: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:02.758409: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:02.758417: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:25:02.759291: Initializing NSS Oct 31 15:25:02.759305: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:25:02.804548: FIPS Mode: NO Oct 31 15:25:02.804570: NSS crypto library initialized Oct 31 15:25:02.804601: FIPS mode disabled for pluto daemon Oct 31 15:25:02.804605: FIPS HMAC integrity support [disabled] Oct 31 15:25:02.805069: libcap-ng support [enabled] Oct 31 15:25:02.805080: Linux audit support [enabled] Oct 31 15:25:02.805105: Linux audit activated Oct 31 15:25:02.805114: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2158856 Oct 31 15:25:02.805117: core dump dir: /tmp Oct 31 15:25:02.805120: secrets file: /etc/ipsec.secrets Oct 31 15:25:02.805122: leak-detective enabled Oct 31 15:25:02.805124: NSS crypto [enabled] Oct 31 15:25:02.805126: XAUTH PAM support [enabled] Oct 31 15:25:02.805205: | libevent is using pluto's memory allocator Oct 31 15:25:02.805219: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:25:02.805232: | libevent_malloc: newref ptr-libevent@0x55f63c7c4328 size 40 Oct 31 15:25:02.805236: | libevent_malloc: newref ptr-libevent@0x55f63c7c9b08 size 40 Oct 31 15:25:02.805239: | libevent_malloc: newref ptr-libevent@0x55f63c7c3b08 size 40 Oct 31 15:25:02.805242: | creating event base Oct 31 15:25:02.805244: | libevent_malloc: newref ptr-libevent@0x55f63c7c44a8 size 56 Oct 31 15:25:02.805247: | libevent_malloc: newref ptr-libevent@0x55f63c7e0ae8 size 664 Oct 31 15:25:02.805259: | libevent_malloc: newref ptr-libevent@0x55f63c7e7b28 size 24 Oct 31 15:25:02.805262: | libevent_malloc: newref ptr-libevent@0x55f63c7e7b78 size 384 Oct 31 15:25:02.805286: | libevent_malloc: newref ptr-libevent@0x55f63c7e7d28 size 16 Oct 31 15:25:02.805288: | libevent_malloc: newref ptr-libevent@0x55f63c7c3a88 size 40 Oct 31 15:25:02.805291: | libevent_malloc: newref ptr-libevent@0x55f63c7c2448 size 48 Oct 31 15:25:02.805297: | libevent_realloc: newref ptr-libevent@0x55f63c7da728 size 256 Oct 31 15:25:02.805299: | libevent_malloc: newref ptr-libevent@0x55f63c7e7d68 size 16 Oct 31 15:25:02.805304: | libevent_free: delref ptr-libevent@0x55f63c7c44a8 Oct 31 15:25:02.805306: | libevent initialized Oct 31 15:25:02.805312: | libevent_realloc: newref ptr-libevent@0x55f63c7c44a8 size 64 Oct 31 15:25:02.805315: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:25:02.805321: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:25:02.805324: NAT-Traversal support [enabled] Oct 31 15:25:02.805327: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:25:02.805331: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:25:02.805335: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:25:02.805351: | checking IKEv1 state table Oct 31 15:25:02.805360: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:25:02.805364: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:25:02.805368: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:25:02.805370: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:25:02.805373: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:25:02.805375: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:25:02.805377: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:02.805379: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:02.805382: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:25:02.805390: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:25:02.805392: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:02.805395: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:02.805397: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:25:02.805399: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:25:02.805401: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:25:02.805403: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:25:02.805405: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:25:02.805407: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:25:02.805409: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:25:02.805411: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:25:02.805413: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:25:02.805416: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:25:02.805418: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:25:02.805420: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:25:02.805422: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:25:02.805425: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:25:02.805427: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:25:02.805429: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:25:02.805432: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:25:02.805434: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:25:02.805436: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:25:02.805438: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:25:02.805441: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:25:02.805443: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:25:02.805445: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:25:02.805448: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:25:02.805450: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:25:02.805452: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:25:02.805455: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:25:02.805457: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:25:02.805459: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:25:02.805461: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:25:02.805464: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:25:02.805466: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:25:02.805469: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:25:02.805471: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:25:02.805474: | INFO: category: informational; flags: 0: Oct 31 15:25:02.805476: | -> INFO EVENT_NULL (informational) Oct 31 15:25:02.805479: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:25:02.805481: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:25:02.805483: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805485: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:25:02.805488: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:25:02.805490: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:25:02.805493: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:25:02.805495: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:25:02.805497: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:25:02.805500: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:25:02.805502: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:25:02.805519: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:25:02.805522: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:25:02.805524: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:25:02.805526: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805529: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:25:02.805534: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:25:02.805537: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:25:02.805544: | checking IKEv2 state table Oct 31 15:25:02.805548: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805551: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:25:02.805555: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805558: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:25:02.805561: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805563: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:25:02.805566: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:25:02.805568: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:25:02.805571: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:25:02.805574: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:25:02.805580: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:25:02.805583: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:25:02.805586: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:25:02.805589: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:25:02.805591: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:25:02.805594: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:25:02.805596: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:25:02.805598: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:25:02.805601: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:25:02.805603: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:25:02.805606: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:25:02.805608: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:25:02.805611: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:25:02.805614: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:25:02.805616: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:25:02.805618: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:25:02.805620: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:25:02.805623: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805625: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:25:02.805628: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:25:02.805630: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:25:02.805632: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:25:02.805634: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:25:02.805637: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805639: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:25:02.805642: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:25:02.805646: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:25:02.805649: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:25:02.805651: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:25:02.805654: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:25:02.805656: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:25:02.805658: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:25:02.805661: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:25:02.805663: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:25:02.805666: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:25:02.805668: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:25:02.805672: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:25:02.805676: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:25:02.805679: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:25:02.805808: Encryption algorithms: Oct 31 15:25:02.805817: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:25:02.805823: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:25:02.805828: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:25:02.805833: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:25:02.805837: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:25:02.805842: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:25:02.805847: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:25:02.805852: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:25:02.805857: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:25:02.805862: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:25:02.805867: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:25:02.805872: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:25:02.805875: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:25:02.805880: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:25:02.805882: Hash algorithms: Oct 31 15:25:02.805886: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:25:02.805889: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:25:02.805893: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:25:02.805897: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:25:02.805900: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:25:02.805915: PRF algorithms: Oct 31 15:25:02.805918: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:25:02.805922: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:25:02.805926: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:25:02.805933: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:25:02.805937: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:25:02.805953: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:25:02.805955: Integrity algorithms: Oct 31 15:25:02.805960: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:25:02.805964: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:25:02.805969: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:25:02.805974: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:25:02.805980: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:25:02.805983: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:25:02.805988: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:25:02.805992: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:25:02.805996: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:25:02.805998: DH algorithms: Oct 31 15:25:02.806002: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:25:02.806006: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:25:02.806010: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:25:02.806013: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:25:02.806017: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:25:02.806020: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:25:02.806023: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:25:02.806027: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:25:02.806031: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:25:02.806035: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:25:02.806038: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:25:02.806041: testing CAMELLIA_CBC: Oct 31 15:25:02.806044: Camellia: 16 bytes with 128-bit key Oct 31 15:25:02.806128: Camellia: 16 bytes with 128-bit key Oct 31 15:25:02.806166: Camellia: 16 bytes with 256-bit key Oct 31 15:25:02.806208: Camellia: 16 bytes with 256-bit key Oct 31 15:25:02.806250: testing AES_GCM_16: Oct 31 15:25:02.806255: empty string Oct 31 15:25:02.806300: one block Oct 31 15:25:02.806330: two blocks Oct 31 15:25:02.806362: two blocks with associated data Oct 31 15:25:02.806394: testing AES_CTR: Oct 31 15:25:02.806398: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:25:02.806430: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:25:02.806480: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:25:02.806517: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:25:02.806566: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:25:02.806614: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:25:02.806650: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:25:02.806684: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:25:02.806720: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:25:02.806757: testing AES_CBC: Oct 31 15:25:02.806761: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:25:02.806794: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:25:02.806831: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:25:02.806869: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:25:02.806915: testing AES_XCBC: Oct 31 15:25:02.806919: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:25:02.807049: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:25:02.807191: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:25:02.807366: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:25:02.807830: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:25:02.808314: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:25:02.808465: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:25:02.808769: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:25:02.808913: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:25:02.809066: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:25:02.809328: testing HMAC_MD5: Oct 31 15:25:02.809338: RFC 2104: MD5_HMAC test 1 Oct 31 15:25:02.809523: RFC 2104: MD5_HMAC test 2 Oct 31 15:25:02.809690: RFC 2104: MD5_HMAC test 3 Oct 31 15:25:02.809880: 8 CPU cores online Oct 31 15:25:02.809886: starting up 7 helper threads Oct 31 15:25:02.809933: started thread for helper 0 Oct 31 15:25:02.809943: | starting helper thread 1 Oct 31 15:25:02.809952: seccomp security disabled for crypto helper 1 Oct 31 15:25:02.809958: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:25:02.809963: | helper thread 1 has nothing to do Oct 31 15:25:02.809963: started thread for helper 1 Oct 31 15:25:02.809990: started thread for helper 2 Oct 31 15:25:02.809995: | starting helper thread 3 Oct 31 15:25:02.809999: seccomp security disabled for crypto helper 3 Oct 31 15:25:02.810002: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:25:02.810005: | helper thread 3 has nothing to do Oct 31 15:25:02.810012: started thread for helper 3 Oct 31 15:25:02.810018: | starting helper thread 4 Oct 31 15:25:02.810022: seccomp security disabled for crypto helper 4 Oct 31 15:25:02.810025: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:25:02.810028: | helper thread 4 has nothing to do Oct 31 15:25:02.810035: started thread for helper 4 Oct 31 15:25:02.810040: | starting helper thread 5 Oct 31 15:25:02.810044: seccomp security disabled for crypto helper 5 Oct 31 15:25:02.810047: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:25:02.810048: | starting helper thread 2 Oct 31 15:25:02.810049: | helper thread 5 has nothing to do Oct 31 15:25:02.810058: started thread for helper 5 Oct 31 15:25:02.810056: seccomp security disabled for crypto helper 2 Oct 31 15:25:02.810067: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:25:02.810069: | helper thread 2 has nothing to do Oct 31 15:25:02.810078: | starting helper thread 6 Oct 31 15:25:02.810083: seccomp security disabled for crypto helper 6 Oct 31 15:25:02.810087: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:25:02.810089: | helper thread 6 has nothing to do Oct 31 15:25:02.810102: started thread for helper 6 Oct 31 15:25:02.810106: | starting helper thread 7 Oct 31 15:25:02.810115: seccomp security disabled for crypto helper 7 Oct 31 15:25:02.810119: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:25:02.810121: | helper thread 7 has nothing to do Oct 31 15:25:02.810127: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:25:02.810183: | Hard-wiring algorithms Oct 31 15:25:02.810188: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:25:02.810195: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:25:02.810202: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:25:02.810210: | adding 3DES_CBC to kernel algorithm db Oct 31 15:25:02.810213: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:25:02.810216: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:25:02.810218: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:25:02.810221: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:25:02.810223: | adding AES_CTR to kernel algorithm db Oct 31 15:25:02.810226: | adding AES_CBC to kernel algorithm db Oct 31 15:25:02.810228: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:25:02.810230: | adding NULL to kernel algorithm db Oct 31 15:25:02.810233: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:25:02.810236: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:25:02.810238: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:25:02.810240: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:25:02.810243: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:25:02.810245: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:25:02.810248: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:25:02.810250: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:25:02.810252: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:25:02.810254: | adding NONE to kernel algorithm db Oct 31 15:25:02.810282: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:25:02.810290: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:25:02.810293: | setup kernel fd callback Oct 31 15:25:02.810296: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55f63c7f14d8 Oct 31 15:25:02.810300: | libevent_malloc: newref ptr-libevent@0x55f63c7c8b98 size 128 Oct 31 15:25:02.810304: | libevent_malloc: newref ptr-libevent@0x55f63c7ebb68 size 16 Oct 31 15:25:02.810311: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55f63c7f4ee8 Oct 31 15:25:02.810314: | libevent_malloc: newref ptr-libevent@0x55f63c7c9fb8 size 128 Oct 31 15:25:02.810317: | libevent_malloc: newref ptr-libevent@0x55f63c7eb528 size 16 Oct 31 15:25:02.810551: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:25:02.810663: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:25:02.810848: | unbound context created - setting debug level to 5 Oct 31 15:25:02.810883: | /etc/hosts lookups activated Oct 31 15:25:02.810903: | /etc/resolv.conf usage activated Oct 31 15:25:02.810959: | outgoing-port-avoid set 0-65535 Oct 31 15:25:02.810990: | outgoing-port-permit set 32768-60999 Oct 31 15:25:02.810993: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:25:02.810996: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:25:02.810999: | Setting up events, loop start Oct 31 15:25:02.811003: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55f63c7f8448 Oct 31 15:25:02.811006: | libevent_malloc: newref ptr-libevent@0x55f63c7f5008 size 128 Oct 31 15:25:02.811009: | libevent_malloc: newref ptr-libevent@0x55f63c7ebf48 size 16 Oct 31 15:25:02.811016: | libevent_realloc: newref ptr-libevent@0x55f63c7f84b8 size 256 Oct 31 15:25:02.811019: | libevent_malloc: newref ptr-libevent@0x55f63c7ebba8 size 8 Oct 31 15:25:02.811021: | libevent_realloc: newref ptr-libevent@0x55f63c7eb1e8 size 144 Oct 31 15:25:02.811024: | libevent_malloc: newref ptr-libevent@0x55f63c76b9b8 size 152 Oct 31 15:25:02.811027: | libevent_malloc: newref ptr-libevent@0x55f63c7ebd58 size 16 Oct 31 15:25:02.811031: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:25:02.811038: | libevent_malloc: newref ptr-libevent@0x55f63c7f85e8 size 8 Oct 31 15:25:02.811041: | libevent_malloc: newref ptr-libevent@0x55f63c76b7e8 size 152 Oct 31 15:25:02.811044: | signal event handler PLUTO_SIGTERM installed Oct 31 15:25:02.811047: | libevent_malloc: newref ptr-libevent@0x55f63c7f8628 size 8 Oct 31 15:25:02.811050: | libevent_malloc: newref ptr-libevent@0x55f63c7f8668 size 152 Oct 31 15:25:02.811053: | signal event handler PLUTO_SIGHUP installed Oct 31 15:25:02.811055: | libevent_malloc: newref ptr-libevent@0x55f63c7f8738 size 8 Oct 31 15:25:02.811058: | libevent_realloc: delref ptr-libevent@0x55f63c7eb1e8 Oct 31 15:25:02.811061: | libevent_realloc: newref ptr-libevent@0x55f63c7f8778 size 256 Oct 31 15:25:02.811063: | libevent_malloc: newref ptr-libevent@0x55f63c7f88a8 size 152 Oct 31 15:25:02.811066: | signal event handler PLUTO_SIGSYS installed Oct 31 15:25:02.811418: | created addconn helper (pid:2158927) using fork+execve Oct 31 15:25:02.811438: | forked child 2158927 Oct 31 15:25:02.811459: seccomp security disabled Oct 31 15:25:02.813978: | newref struct fd@0x55f63c7f8a08(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.813994: | fd_accept: new fd-fd@0x55f63c7f8a08 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.814009: | whack: listen Oct 31 15:25:02.814012: listening for IKE messages Oct 31 15:25:02.814117: | Inspecting interface lo Oct 31 15:25:02.814126: | found lo with address 127.0.0.1 Oct 31 15:25:02.814131: | Inspecting interface eth0 Oct 31 15:25:02.814136: | found eth0 with address 192.1.3.209 Oct 31 15:25:02.814147: | newref struct iface_dev@0x55f63c7f8ea8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:25:02.814165: Kernel supports NIC esp-hw-offload Oct 31 15:25:02.814177: | iface: marking eth0 add Oct 31 15:25:02.814182: | newref struct iface_dev@0x55f63c7f8fd8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:25:02.814186: | iface: marking lo add Oct 31 15:25:02.814264: | no interfaces to sort Oct 31 15:25:02.814285: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:25:02.814299: | addref ifd@0x55f63c7f8ea8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:25:02.814305: adding UDP interface eth0 192.1.3.209:500 Oct 31 15:25:02.814324: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:25:02.814369: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:25:02.814374: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:25:02.814377: | addref ifd@0x55f63c7f8ea8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:25:02.814381: adding UDP interface eth0 192.1.3.209:4500 Oct 31 15:25:02.814398: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:25:02.814407: | addref ifd@0x55f63c7f8fd8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:25:02.814412: adding UDP interface lo 127.0.0.1:500 Oct 31 15:25:02.814426: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:25:02.814433: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:25:02.814436: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:25:02.814439: | addref ifd@0x55f63c7f8fd8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:25:02.814443: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:25:02.814448: | updating interfaces - listing interfaces that are going down Oct 31 15:25:02.814451: | updating interfaces - checking orientation Oct 31 15:25:02.814453: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:02.814473: | libevent_malloc: newref ptr-libevent@0x55f63c7f4f58 size 128 Oct 31 15:25:02.814477: | libevent_malloc: newref ptr-libevent@0x55f63c7f97e8 size 16 Oct 31 15:25:02.814486: | setup callback for interface lo 127.0.0.1:4500 fd 21 on UDP Oct 31 15:25:02.814490: | libevent_malloc: newref ptr-libevent@0x55f63c7ca0b8 size 128 Oct 31 15:25:02.814493: | libevent_malloc: newref ptr-libevent@0x55f63c7f9828 size 16 Oct 31 15:25:02.814498: | setup callback for interface lo 127.0.0.1:500 fd 20 on UDP Oct 31 15:25:02.814502: | libevent_malloc: newref ptr-libevent@0x55f63c7c41d8 size 128 Oct 31 15:25:02.814509: | libevent_malloc: newref ptr-libevent@0x55f63c7f9868 size 16 Oct 31 15:25:02.814515: | setup callback for interface eth0 192.1.3.209:4500 fd 19 on UDP Oct 31 15:25:02.814518: | libevent_malloc: newref ptr-libevent@0x55f63c7c3d08 size 128 Oct 31 15:25:02.814520: | libevent_malloc: newref ptr-libevent@0x55f63c7f98a8 size 16 Oct 31 15:25:02.814525: | setup callback for interface eth0 192.1.3.209:500 fd 18 on UDP Oct 31 15:25:02.816095: | no stale xfrmi interface 'ipsec1' found Oct 31 15:25:02.816110: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:02.816113: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:02.816146: loading secrets from "/etc/ipsec.secrets" Oct 31 15:25:02.816162: | id type added to secret(0x55f63c7fb1b8) PKK_PSK: @east Oct 31 15:25:02.816168: | id type added to secret(0x55f63c7fb1b8) PKK_PSK: %any Oct 31 15:25:02.816177: | processing PSK at line 1: passed Oct 31 15:25:02.816180: | certs and keys locked by 'process_secret' Oct 31 15:25:02.816183: | certs and keys unlocked by 'process_secret' Oct 31 15:25:02.816189: | old food groups: Oct 31 15:25:02.816191: | new food groups: Oct 31 15:25:02.816196: | delref fd@0x55f63c7f8a08(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.816222: | freeref fd-fd@0x55f63c7f8a08 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.816230: | spent 0.729 (2.26) milliseconds in whack Oct 31 15:25:02.816585: | processing signal PLUTO_SIGCHLD Oct 31 15:25:02.816597: | waitpid returned pid 2158927 (exited with status 0) Oct 31 15:25:02.816601: | reaped addconn helper child (status 0) Oct 31 15:25:02.816606: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:02.816612: | spent 0.0177 (0.0177) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:02.817548: | newref struct fd@0x55f63c7f8a48(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.817558: | fd_accept: new fd-fd@0x55f63c7f8a48 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.817567: | whack: options (impair|debug) Oct 31 15:25:02.817570: | old debugging base+cpu-usage + none Oct 31 15:25:02.817572: | new debugging = base+cpu-usage Oct 31 15:25:02.817577: | delref fd@0x55f63c7f8a48(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.817583: | freeref fd-fd@0x55f63c7f8a48 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.817588: | spent 0.0466 (0.0464) milliseconds in whack Oct 31 15:25:02.883972: | newref struct fd@0x55f63c7f8a88(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.883989: | fd_accept: new fd-fd@0x55f63c7f8a88 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.884002: | whack: delete 'westnet-eastnet-ipv4-psk-ikev2' Oct 31 15:25:02.884006: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:02.884009: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:25:02.884012: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:02.884014: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:25:02.884017: | whack: connection 'westnet-eastnet-ipv4-psk-ikev2' Oct 31 15:25:02.884022: | addref fd@0x55f63c7f8a88(1->2) (in string_logger() at log.c:838) Oct 31 15:25:02.884026: | newref string logger@0x55f63c7ec3b8(0->1) (in add_connection() at connections.c:1998) Oct 31 15:25:02.884030: | Connection DB: adding connection "westnet-eastnet-ipv4-psk-ikev2" $1 Oct 31 15:25:02.884036: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:02.884048: | added new connection westnet-eastnet-ipv4-psk-ikev2 with policy PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:25:02.884141: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:25:02.884145: | from whack: got --esp= Oct 31 15:25:02.884214: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:25:02.884222: | counting wild cards for (none) is 15 Oct 31 15:25:02.884227: | counting wild cards for @east is 0 Oct 31 15:25:02.884231: | updating connection from left.host_addr Oct 31 15:25:02.884235: | right host_nexthop 192.1.3.209 Oct 31 15:25:02.884238: | left host_port 500 Oct 31 15:25:02.884240: | updating connection from right.host_addr Oct 31 15:25:02.884242: | right host_port 500 Oct 31 15:25:02.884248: | orienting westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:02.884253: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:02.884257: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:25:02.884261: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.3.209:4500 at all Oct 31 15:25:02.884264: | oriented westnet-eastnet-ipv4-psk-ikev2's this Oct 31 15:25:02.884270: | connect_to_host_pair: 192.1.3.209:500 192.1.2.23:500 -> hp@(nil): none Oct 31 15:25:02.884278: | newref hp@0x55f63c7fb968(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:25:02.884282: added IKEv2 connection "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:25:02.884294: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:25:02.884308: | 192.0.1.0/24===192.1.3.209---192.1.3.254...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:25:02.884312: | delref logger@0x55f63c7ec3b8(1->0) (in add_connection() at connections.c:2026) Oct 31 15:25:02.884316: | delref fd@0x55f63c7f8a88(2->1) (in free_logger() at log.c:853) Oct 31 15:25:02.884319: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:02.884324: | delref fd@0x55f63c7f8a88(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.884333: | freeref fd-fd@0x55f63c7f8a88 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.884342: | spent 0.376 (0.379) milliseconds in whack Oct 31 15:25:02.947800: | newref struct fd@0x55f63c7f9928(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.947818: | fd_accept: new fd-fd@0x55f63c7f9928 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:02.947832: | whack: status Oct 31 15:25:02.948047: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:02.948052: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:02.948125: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:02.948137: | delref fd@0x55f63c7f9928(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.948145: | freeref fd-fd@0x55f63c7f9928 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:02.948153: | spent 0.353 (0.363) milliseconds in whack Oct 31 15:25:03.004480: | newref struct fd@0x55f63c7fa518(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.004499: | fd_accept: new fd-fd@0x55f63c7fa518 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.004509: | whack: options (impair|debug) Oct 31 15:25:03.004512: | old debugging base+cpu-usage + none Oct 31 15:25:03.004514: | new debugging = base+cpu-usage Oct 31 15:25:03.004517: | suppress-retransmits:yes Oct 31 15:25:03.004520: | delref fd@0x55f63c7fa518(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:03.004526: | freeref fd-fd@0x55f63c7fa518 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:03.004532: | spent 0.0597 (0.0629) milliseconds in whack Oct 31 15:25:03.168576: | newref struct fd@0x55f63c7f9968(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.168592: | fd_accept: new fd-fd@0x55f63c7f9968 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.168608: | whack: initiate Oct 31 15:25:03.168614: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:03.168619: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Oct 31 15:25:03.168623: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:03.168649: | newref alloc logger@0x55f63c7f8bb8(0->1) (in new_state() at state.c:576) Oct 31 15:25:03.168658: | addref fd@0x55f63c7f9968(1->2) (in new_state() at state.c:577) Oct 31 15:25:03.168661: | creating state object #1 at 0x55f63c7fbe78 Oct 31 15:25:03.168664: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:25:03.168675: | pstats #1 ikev2.ike started Oct 31 15:25:03.168679: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:25:03.168684: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:25:03.168694: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744577.601483 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744577.601483 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:25:03.168700: | orienting westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:03.168706: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:03.168711: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:25:03.168714: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.3.209:4500 at all Oct 31 15:25:03.168717: | oriented westnet-eastnet-ipv4-psk-ikev2's this Oct 31 15:25:03.168725: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:25:03.168730: | addref fd@0x55f63c7f9968(2->3) (in add_pending() at pending.c:86) Oct 31 15:25:03.168735: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:25:03.168739: "westnet-eastnet-ipv4-psk-ikev2" #1: initiating IKEv2 connection Oct 31 15:25:03.168748: | constructing local IKE proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE) Oct 31 15:25:03.168759: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:03.168770: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168775: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:03.168782: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168786: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:03.168793: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168797: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:03.168803: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168806: "westnet-eastnet-ipv4-psk-ikev2": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:25:03.168812: "westnet-eastnet-ipv4-psk-ikev2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168817: "westnet-eastnet-ipv4-psk-ikev2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168823: "westnet-eastnet-ipv4-psk-ikev2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168829: "westnet-eastnet-ipv4-psk-ikev2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.168840: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:03.168843: | addref fd@0x55f63c7f9968(3->4) (in clone_logger() at log.c:810) Oct 31 15:25:03.168847: | newref clone logger@0x55f63c7ebf88(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:03.168850: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:25:03.168853: | state #1 has no .st_event to delete Oct 31 15:25:03.168856: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:25:03.168859: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c7f9ab8 Oct 31 15:25:03.168862: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:25:03.168866: | libevent_malloc: newref ptr-libevent@0x55f63c7c3db8 size 128 Oct 31 15:25:03.168882: | #1 spent 0.26 (0.26) milliseconds in ikev2_parent_outI1() Oct 31 15:25:03.168888: | RESET processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:25:03.168893: | delref fd@0x55f63c7f9968(4->3) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:03.168899: | spent 0.338 (0.337) milliseconds in whack Oct 31 15:25:03.168892: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:25:03.170304: | "westnet-eastnet-ipv4-psk-ikev2" #1: spent 1.39 (1.41) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:25:03.170316: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:25:03.170320: | scheduling resume sending helper answer back to state for #1 Oct 31 15:25:03.170323: | libevent_malloc: newref ptr-libevent@0x7fb420006108 size 128 Oct 31 15:25:03.170331: | helper thread 1 has nothing to do Oct 31 15:25:03.170349: | processing resume sending helper answer back to state for #1 Oct 31 15:25:03.170363: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:03.170370: | unsuspending #1 MD (nil) Oct 31 15:25:03.170374: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:25:03.170378: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55f63ad57fe7 Oct 31 15:25:03.170382: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:25:03.170386: | DH secret MODP2048@0x7fb420006ba8: transferring ownership from helper KE to state #1 Oct 31 15:25:03.170423: | opening output PBS reply packet Oct 31 15:25:03.170429: | **emit ISAKMP Message: Oct 31 15:25:03.170435: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.170441: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:25:03.170445: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:03.170449: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.170452: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:03.170457: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.170462: | Message ID: 0 (00 00 00 00) Oct 31 15:25:03.170466: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:03.170486: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.170491: | Emitting ikev2_proposals ... Oct 31 15:25:03.170494: | ***emit IKEv2 Security Association Payload: Oct 31 15:25:03.170502: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.170505: | flags: none (0x0) Oct 31 15:25:03.170509: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:03.170512: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.170517: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.170521: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.170525: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.170529: | prop #: 1 (01) Oct 31 15:25:03.170532: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:03.170535: | spi size: 0 (00) Oct 31 15:25:03.170538: | # transforms: 11 (0b) Oct 31 15:25:03.170542: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.170546: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170549: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170552: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.170555: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:03.170558: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170561: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.170565: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.170568: | length/value: 256 (01 00) Oct 31 15:25:03.170572: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.170575: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170578: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170581: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.170584: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:03.170587: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170590: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170594: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170597: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170599: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170602: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.170605: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:03.170609: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170611: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170614: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170618: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.170621: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170624: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170627: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170630: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:03.170633: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170636: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170639: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170645: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170648: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170651: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170654: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.170657: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170660: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170663: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170666: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170669: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170671: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170674: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:03.170677: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170680: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170683: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170686: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170689: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170692: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170695: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:03.170698: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170701: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170704: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170707: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170710: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170712: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170715: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:03.170719: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170724: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170727: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170730: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170733: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170736: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:03.170739: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170742: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170745: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170748: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170751: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170753: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170756: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:03.170759: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170765: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170768: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170771: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170774: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.170777: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170780: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:03.170783: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170786: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170789: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170792: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:03.170795: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.170799: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.170803: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.170806: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.170809: | prop #: 2 (02) Oct 31 15:25:03.170812: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:03.170816: | spi size: 0 (00) Oct 31 15:25:03.170819: | # transforms: 11 (0b) Oct 31 15:25:03.170823: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.170826: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.170829: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170832: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170835: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.170838: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:03.170841: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170844: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.170847: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.170851: | length/value: 128 (00 80) Oct 31 15:25:03.170854: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.170857: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170860: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170863: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.170866: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:03.170869: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170872: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170875: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170878: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170881: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170883: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.170886: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:03.170890: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170895: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170898: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170902: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.170905: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170908: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170910: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170913: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:03.170916: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170919: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170922: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170925: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170928: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170931: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170934: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.170937: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170940: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170943: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170946: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170949: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170952: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170955: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:03.170958: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170963: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170966: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170969: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170972: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170975: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:03.170978: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170981: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.170984: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.170987: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.170989: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.170992: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.170995: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:03.170999: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171009: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171012: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171015: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171018: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171021: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:03.171024: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171027: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171030: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171032: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171035: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171038: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171041: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:03.171044: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171047: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171050: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171053: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171056: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.171059: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171061: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:03.171065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171071: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171073: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:03.171076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.171081: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.171084: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.171088: | prop #: 3 (03) Oct 31 15:25:03.171091: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:03.171094: | spi size: 0 (00) Oct 31 15:25:03.171097: | # transforms: 13 (0d) Oct 31 15:25:03.171101: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.171104: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.171107: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171110: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171113: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.171116: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.171119: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171122: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.171125: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.171129: | length/value: 256 (01 00) Oct 31 15:25:03.171132: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.171135: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171140: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171143: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.171146: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:03.171149: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171155: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171158: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171161: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171163: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.171166: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:03.171169: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171172: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171175: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171178: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171181: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171184: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.171187: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.171190: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171210: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171217: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171221: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171223: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171226: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.171229: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:03.171232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171238: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171241: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171247: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171249: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:03.171253: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171255: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171258: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171261: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171264: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171272: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171275: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.171278: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171284: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171287: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171290: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171292: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171295: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171298: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:03.171301: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171304: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171307: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171310: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171313: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171316: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171318: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:03.171322: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171325: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171328: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171331: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171334: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171336: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171339: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:03.171343: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171345: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171348: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171351: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171354: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171357: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171360: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:03.171363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171366: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171369: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171372: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171374: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171377: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171380: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:03.171384: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171386: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171389: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171394: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171397: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.171400: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171403: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:03.171406: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171409: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171412: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171415: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:03.171418: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.171422: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.171425: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.171429: | prop #: 4 (04) Oct 31 15:25:03.171432: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:03.171435: | spi size: 0 (00) Oct 31 15:25:03.171439: | # transforms: 13 (0d) Oct 31 15:25:03.171442: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.171445: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.171449: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171452: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171454: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.171457: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.171460: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171463: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.171467: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.171470: | length/value: 128 (00 80) Oct 31 15:25:03.171473: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.171477: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171479: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171482: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.171485: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:03.171488: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171491: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171494: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171497: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171500: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171503: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.171505: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:03.171509: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171512: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171514: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171517: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171520: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171525: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.171528: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.171531: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171537: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171540: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171543: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171546: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.171549: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:03.171552: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171554: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171557: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171560: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171563: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171566: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171569: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:03.171572: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171575: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171578: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171581: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171584: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171586: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171589: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:03.171593: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171595: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171598: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171601: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171604: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171607: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171610: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:03.171613: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171616: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171619: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171622: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171625: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171628: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171631: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:03.171634: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171638: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171641: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171644: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171647: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171650: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171653: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:03.171656: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171659: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171662: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171665: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171668: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171670: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171673: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:03.171676: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171679: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171682: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171685: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171688: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171691: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171693: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:03.171697: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171699: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171702: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171705: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.171708: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.171711: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.171714: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:03.171717: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.171720: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.171723: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.171725: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:03.171728: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.171731: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:25:03.171734: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:03.171737: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:25:03.171740: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.171743: | flags: none (0x0) Oct 31 15:25:03.171746: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:03.171749: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:03.171754: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.171759: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:03.171761: | ikev2 g^x: Oct 31 15:25:03.171765: | 65 87 1e bd ee 28 5e 0a b5 22 19 6c e0 e9 0a 11 Oct 31 15:25:03.171767: | 0f 1e 36 a6 88 8d 63 92 2f 79 b3 5c 64 35 f8 9d Oct 31 15:25:03.171770: | 73 af f8 31 36 78 18 5c b7 ef ad 37 d4 1f 28 84 Oct 31 15:25:03.171773: | 96 b4 33 b1 dd 9d bb 26 6c 6a ea c0 87 05 2a b7 Oct 31 15:25:03.171775: | 35 65 dd 52 8a d5 25 5f 42 5f bc 80 f6 4c e6 8c Oct 31 15:25:03.171778: | 53 79 a0 29 1d f0 46 f5 3d b9 c7 67 5a a7 36 7f Oct 31 15:25:03.171780: | a3 16 78 13 b2 5c ac 3b d1 08 0c 00 e9 cf e4 a2 Oct 31 15:25:03.171783: | f5 03 5a 1e 77 64 7e 39 02 52 dc 6b dd 0d 28 7c Oct 31 15:25:03.171785: | 8b a2 30 c3 f8 c3 fd 59 7c e5 27 8d 15 d5 56 11 Oct 31 15:25:03.171788: | 3d f1 83 05 a5 d4 24 7d c0 47 e9 8b 23 da e1 38 Oct 31 15:25:03.171791: | 52 2f 33 3e 5f 39 96 4a c3 0a 62 c2 f6 8f 1a 5f Oct 31 15:25:03.171793: | 1d 7a 5b 18 54 b5 ac 98 05 aa 09 98 e8 9b df bd Oct 31 15:25:03.171796: | 2d 0a b8 42 6d d4 2f 2c 5e cc 17 cd f1 48 da cb Oct 31 15:25:03.171798: | 2d e3 34 83 52 84 85 f3 6c b4 3c a4 df 5e c0 e2 Oct 31 15:25:03.171800: | b0 71 d0 28 4d 50 99 41 19 ae 2f 5a 30 f0 7c 7a Oct 31 15:25:03.171803: | df 66 52 2b 35 0b 1d a8 a4 0c c7 ec a4 30 23 8b Oct 31 15:25:03.171806: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:25:03.171809: | ***emit IKEv2 Nonce Payload: Oct 31 15:25:03.171812: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.171815: | flags: none (0x0) Oct 31 15:25:03.171819: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:03.171821: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.171825: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:03.171828: | IKEv2 nonce: Oct 31 15:25:03.171831: | 3a 0b 29 ba 37 2c c2 19 e2 13 e2 f4 1d 85 7c a2 Oct 31 15:25:03.171833: | b3 5f c8 43 ff 4f 98 79 76 d7 0c 03 bd e1 a0 9e Oct 31 15:25:03.171836: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:03.171839: | adding a v2N Payload Oct 31 15:25:03.171842: | ***emit IKEv2 Notify Payload: Oct 31 15:25:03.171845: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.171848: | flags: none (0x0) Oct 31 15:25:03.171851: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:03.171855: | SPI size: 0 (00) Oct 31 15:25:03.171858: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:03.171861: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:03.171864: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.171867: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:25:03.171871: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:25:03.171874: | nat: IKE.SPIr is zero Oct 31 15:25:03.171889: | natd_hash: hasher=0x55f63ae49f80(20) Oct 31 15:25:03.171893: | natd_hash: icookie= Oct 31 15:25:03.171896: | ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.171899: | natd_hash: rcookie= Oct 31 15:25:03.171901: | 00 00 00 00 00 00 00 00 Oct 31 15:25:03.171904: | natd_hash: ip= Oct 31 15:25:03.171906: | c0 01 03 d1 Oct 31 15:25:03.171909: | natd_hash: port= Oct 31 15:25:03.171911: | 01 f4 Oct 31 15:25:03.171914: | natd_hash: hash= Oct 31 15:25:03.171916: | 66 48 c7 fc b4 c2 ab 4f 96 d5 89 a6 2a 95 f8 5e Oct 31 15:25:03.171919: | fa 94 7d 2f Oct 31 15:25:03.171921: | adding a v2N Payload Oct 31 15:25:03.171924: | ***emit IKEv2 Notify Payload: Oct 31 15:25:03.171931: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.171935: | flags: none (0x0) Oct 31 15:25:03.171938: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:03.171941: | SPI size: 0 (00) Oct 31 15:25:03.171944: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:03.171947: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:03.171950: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.171954: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:03.171957: | Notify data: Oct 31 15:25:03.171960: | 66 48 c7 fc b4 c2 ab 4f 96 d5 89 a6 2a 95 f8 5e Oct 31 15:25:03.171962: | fa 94 7d 2f Oct 31 15:25:03.171965: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:03.171968: | nat: IKE.SPIr is zero Oct 31 15:25:03.171977: | natd_hash: hasher=0x55f63ae49f80(20) Oct 31 15:25:03.171981: | natd_hash: icookie= Oct 31 15:25:03.171983: | ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.171986: | natd_hash: rcookie= Oct 31 15:25:03.171988: | 00 00 00 00 00 00 00 00 Oct 31 15:25:03.171991: | natd_hash: ip= Oct 31 15:25:03.171993: | c0 01 02 17 Oct 31 15:25:03.171995: | natd_hash: port= Oct 31 15:25:03.171998: | 01 f4 Oct 31 15:25:03.172000: | natd_hash: hash= Oct 31 15:25:03.172003: | ae 05 e7 85 a9 e2 ce 2d 90 2a 05 fe e5 3b 02 35 Oct 31 15:25:03.172005: | bf 2e aa 33 Oct 31 15:25:03.172008: | adding a v2N Payload Oct 31 15:25:03.172011: | ***emit IKEv2 Notify Payload: Oct 31 15:25:03.172014: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.172017: | flags: none (0x0) Oct 31 15:25:03.172019: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:03.172023: | SPI size: 0 (00) Oct 31 15:25:03.172026: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:03.172029: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:03.172032: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.172036: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:03.172039: | Notify data: Oct 31 15:25:03.172041: | ae 05 e7 85 a9 e2 ce 2d 90 2a 05 fe e5 3b 02 35 Oct 31 15:25:03.172044: | bf 2e aa 33 Oct 31 15:25:03.172047: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:03.172050: | emitting length of ISAKMP Message: 828 Oct 31 15:25:03.172059: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.172065: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:25:03.172068: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:25:03.172071: | Message ID: updating counters for #1 Oct 31 15:25:03.172074: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:25:03.172082: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744577.601483 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:03.172087: "westnet-eastnet-ipv4-psk-ikev2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:25:03.172102: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55f63c7fbc28 Oct 31 15:25:03.172106: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Oct 31 15:25:03.172110: | libevent_malloc: newref ptr-libevent@0x55f63c7fbb78 size 128 Oct 31 15:25:03.172115: | #1 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744577.604896 Oct 31 15:25:03.172123: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744577.601483 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:03.172133: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744577.601483 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:03.172138: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:25:03.172141: | announcing the state transition Oct 31 15:25:03.172145: "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_SA_INIT request Oct 31 15:25:03.172165: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:03.172169: | ed d0 ee e2 b6 b5 b4 47 00 00 00 00 00 00 00 00 Oct 31 15:25:03.172172: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Oct 31 15:25:03.172175: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:03.172177: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:03.172180: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:03.172182: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:03.172185: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:03.172187: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:03.172190: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:03.172192: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:03.172195: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:03.172197: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:03.172207: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:03.172210: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:03.172213: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:03.172215: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:03.172218: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:03.172220: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:03.172222: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:03.172225: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:03.172227: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:03.172230: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:03.172233: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:03.172235: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:03.172238: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:03.172240: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:03.172243: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:03.172245: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:03.172248: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:03.172250: | 28 00 01 08 00 0e 00 00 65 87 1e bd ee 28 5e 0a Oct 31 15:25:03.172253: | b5 22 19 6c e0 e9 0a 11 0f 1e 36 a6 88 8d 63 92 Oct 31 15:25:03.172255: | 2f 79 b3 5c 64 35 f8 9d 73 af f8 31 36 78 18 5c Oct 31 15:25:03.172258: | b7 ef ad 37 d4 1f 28 84 96 b4 33 b1 dd 9d bb 26 Oct 31 15:25:03.172260: | 6c 6a ea c0 87 05 2a b7 35 65 dd 52 8a d5 25 5f Oct 31 15:25:03.172263: | 42 5f bc 80 f6 4c e6 8c 53 79 a0 29 1d f0 46 f5 Oct 31 15:25:03.172266: | 3d b9 c7 67 5a a7 36 7f a3 16 78 13 b2 5c ac 3b Oct 31 15:25:03.172268: | d1 08 0c 00 e9 cf e4 a2 f5 03 5a 1e 77 64 7e 39 Oct 31 15:25:03.172270: | 02 52 dc 6b dd 0d 28 7c 8b a2 30 c3 f8 c3 fd 59 Oct 31 15:25:03.172273: | 7c e5 27 8d 15 d5 56 11 3d f1 83 05 a5 d4 24 7d Oct 31 15:25:03.172276: | c0 47 e9 8b 23 da e1 38 52 2f 33 3e 5f 39 96 4a Oct 31 15:25:03.172278: | c3 0a 62 c2 f6 8f 1a 5f 1d 7a 5b 18 54 b5 ac 98 Oct 31 15:25:03.172283: | 05 aa 09 98 e8 9b df bd 2d 0a b8 42 6d d4 2f 2c Oct 31 15:25:03.172286: | 5e cc 17 cd f1 48 da cb 2d e3 34 83 52 84 85 f3 Oct 31 15:25:03.172288: | 6c b4 3c a4 df 5e c0 e2 b0 71 d0 28 4d 50 99 41 Oct 31 15:25:03.172291: | 19 ae 2f 5a 30 f0 7c 7a df 66 52 2b 35 0b 1d a8 Oct 31 15:25:03.172293: | a4 0c c7 ec a4 30 23 8b 29 00 00 24 3a 0b 29 ba Oct 31 15:25:03.172296: | 37 2c c2 19 e2 13 e2 f4 1d 85 7c a2 b3 5f c8 43 Oct 31 15:25:03.172298: | ff 4f 98 79 76 d7 0c 03 bd e1 a0 9e 29 00 00 08 Oct 31 15:25:03.172301: | 00 00 40 2e 29 00 00 1c 00 00 40 04 66 48 c7 fc Oct 31 15:25:03.172303: | b4 c2 ab 4f 96 d5 89 a6 2a 95 f8 5e fa 94 7d 2f Oct 31 15:25:03.172306: | 00 00 00 1c 00 00 40 05 ae 05 e7 85 a9 e2 ce 2d Oct 31 15:25:03.172309: | 90 2a 05 fe e5 3b 02 35 bf 2e aa 33 Oct 31 15:25:03.172439: | sent 1 messages Oct 31 15:25:03.172445: | checking that a retransmit timeout_event was already Oct 31 15:25:03.172450: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:03.172454: | libevent_free: delref ptr-libevent@0x55f63c7c3db8 Oct 31 15:25:03.172458: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c7f9ab8 Oct 31 15:25:03.172463: | delref logger@0x55f63c7ebf88(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:03.172466: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.172470: | delref fd@0x55f63c7f9968(3->2) (in free_logger() at log.c:854) Oct 31 15:25:03.172474: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:25:03.172477: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:03.172486: | #1 spent 2.04 (2.11) milliseconds in resume sending helper answer back to state Oct 31 15:25:03.172493: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:03.172497: | libevent_free: delref ptr-libevent@0x7fb420006108 Oct 31 15:25:03.177382: | spent 0.00222 (0.00218) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.177409: | newref struct msg_digest@0x55f63c7fee38(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.177413: | newref alloc logger@0x55f63c7ebf88(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.177418: | *received 432 bytes from 192.1.2.23:500 on eth0 192.1.3.209:500 using UDP Oct 31 15:25:03.177420: | ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:03.177422: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Oct 31 15:25:03.177424: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:25:03.177425: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:25:03.177427: | 04 00 00 0e 28 00 01 08 00 0e 00 00 69 d9 d1 2d Oct 31 15:25:03.177428: | 27 30 9f df 3d 7e b9 e7 5d 7d a1 61 41 8f d6 31 Oct 31 15:25:03.177430: | 27 4b ad 9d 5d e4 34 db 5f 01 7f 8b be 79 df 8a Oct 31 15:25:03.177432: | 59 fe 33 81 9b dc 75 f8 cd 5b ba 11 0e 90 e6 30 Oct 31 15:25:03.177433: | e8 cf 03 7b 1a a2 38 26 72 b9 ef 76 2e d1 27 7e Oct 31 15:25:03.177435: | f9 81 82 88 e8 8e 1b 30 e6 ef 9b c7 ca eb 9a 5c Oct 31 15:25:03.177436: | b2 cf 22 00 9c 3d 02 7d 61 77 49 fa 80 dc 27 a8 Oct 31 15:25:03.177438: | f7 a5 cd 41 86 b7 94 b4 a6 e6 24 48 c2 a7 0d 6f Oct 31 15:25:03.177445: | 2a da 42 06 8e 15 53 d8 47 cf 6b 26 13 29 99 6e Oct 31 15:25:03.177451: | ae 05 df 84 ed 4e cc d2 36 0a c8 df 49 19 06 b8 Oct 31 15:25:03.177455: | 6f b2 d7 2d 09 8f a4 be 0a 8f 4e 24 f9 ac 45 e8 Oct 31 15:25:03.177458: | 95 59 3a 59 e5 74 81 49 72 9a 97 1f d6 21 5c 26 Oct 31 15:25:03.177461: | b1 f9 83 73 35 86 f1 8f e4 fc 6e 5d 46 09 61 65 Oct 31 15:25:03.177463: | ca e2 f3 1c ef 1e 27 e9 a9 41 d7 6e 9d 6a 89 49 Oct 31 15:25:03.177466: | 8d be cb fd e0 0f 28 5e f5 95 79 d0 f1 82 dd 61 Oct 31 15:25:03.177468: | 8b cc 66 5a 25 9e a6 94 e3 10 df 13 7e ca 0f 5f Oct 31 15:25:03.177471: | b1 45 9c 54 eb af c5 d2 28 d6 a6 79 29 00 00 24 Oct 31 15:25:03.177477: | ea ac f7 da f1 9f a7 f5 e4 ec c5 49 46 6a cd e7 Oct 31 15:25:03.177480: | fc b3 0c bc e5 97 fe ad a7 ac d7 04 39 a0 35 64 Oct 31 15:25:03.177483: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Oct 31 15:25:03.177486: | ec e1 f0 56 6d 56 c3 1c ad 37 0d 82 ab 37 18 16 Oct 31 15:25:03.177489: | d4 cb a3 88 00 00 00 1c 00 00 40 05 7a 9c c6 5a Oct 31 15:25:03.177492: | 32 77 65 d5 d1 b5 55 16 28 39 64 eb 30 cc 13 c4 Oct 31 15:25:03.177497: | **parse ISAKMP Message: Oct 31 15:25:03.177502: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.177505: | responder SPI: 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:03.177508: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:03.177510: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.177512: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:03.177514: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:03.177516: | Message ID: 0 (00 00 00 00) Oct 31 15:25:03.177519: | length: 432 (00 00 01 b0) Oct 31 15:25:03.177521: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:25:03.177524: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:25:03.177528: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:25:03.177530: | #1 is idle Oct 31 15:25:03.177532: | #1 idle Oct 31 15:25:03.177533: | unpacking clear payloads Oct 31 15:25:03.177535: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:03.177538: | ***parse IKEv2 Security Association Payload: Oct 31 15:25:03.177540: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:25:03.177542: | flags: none (0x0) Oct 31 15:25:03.177544: | length: 40 (00 28) Oct 31 15:25:03.177546: | processing payload: ISAKMP_NEXT_v2SA (len=36) Oct 31 15:25:03.177548: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:25:03.177551: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:25:03.177554: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:25:03.177559: | flags: none (0x0) Oct 31 15:25:03.177565: | length: 264 (01 08) Oct 31 15:25:03.177568: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:03.177572: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:25:03.177575: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:25:03.177578: | ***parse IKEv2 Nonce Payload: Oct 31 15:25:03.177581: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:25:03.177584: | flags: none (0x0) Oct 31 15:25:03.177589: | length: 36 (00 24) Oct 31 15:25:03.177592: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:25:03.177595: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:25:03.177650: | ***parse IKEv2 Notify Payload: Oct 31 15:25:03.177657: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:25:03.177661: | flags: none (0x0) Oct 31 15:25:03.177665: | length: 8 (00 08) Oct 31 15:25:03.177668: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:03.177671: | SPI size: 0 (00) Oct 31 15:25:03.177675: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:03.177679: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:25:03.177682: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:25:03.177686: | ***parse IKEv2 Notify Payload: Oct 31 15:25:03.177689: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:25:03.177692: | flags: none (0x0) Oct 31 15:25:03.177696: | length: 28 (00 1c) Oct 31 15:25:03.177699: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:03.177703: | SPI size: 0 (00) Oct 31 15:25:03.177705: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:03.177707: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:25:03.177709: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:25:03.177711: | ***parse IKEv2 Notify Payload: Oct 31 15:25:03.177713: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.177717: | flags: none (0x0) Oct 31 15:25:03.177719: | length: 28 (00 1c) Oct 31 15:25:03.177721: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:03.177723: | SPI size: 0 (00) Oct 31 15:25:03.177725: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:03.177727: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:25:03.177729: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:25:03.177731: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:25:03.177733: | message has errors Oct 31 15:25:03.177735: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:25:03.177736: | message has errors Oct 31 15:25:03.177738: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:25:03.177740: | message has errors Oct 31 15:25:03.177741: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:25:03.177743: | matched unencrypted message Oct 31 15:25:03.177749: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:25:03.177752: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:25:03.177754: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:25:03.177768: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:03.177771: | comparing remote proposals against IKE initiator (accepting) 4 local proposals Oct 31 15:25:03.177774: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:03.177776: | local proposal 1 type PRF has 2 transforms Oct 31 15:25:03.177778: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:03.177780: | local proposal 1 type DH has 8 transforms Oct 31 15:25:03.177782: | local proposal 1 type ESN has 0 transforms Oct 31 15:25:03.177784: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:25:03.177786: | local proposal 2 type ENCR has 1 transforms Oct 31 15:25:03.177788: | local proposal 2 type PRF has 2 transforms Oct 31 15:25:03.177789: | local proposal 2 type INTEG has 1 transforms Oct 31 15:25:03.177791: | local proposal 2 type DH has 8 transforms Oct 31 15:25:03.177793: | local proposal 2 type ESN has 0 transforms Oct 31 15:25:03.177795: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:25:03.177797: | local proposal 3 type ENCR has 1 transforms Oct 31 15:25:03.177798: | local proposal 3 type PRF has 2 transforms Oct 31 15:25:03.177800: | local proposal 3 type INTEG has 2 transforms Oct 31 15:25:03.177802: | local proposal 3 type DH has 8 transforms Oct 31 15:25:03.177803: | local proposal 3 type ESN has 0 transforms Oct 31 15:25:03.177805: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:25:03.177807: | local proposal 4 type ENCR has 1 transforms Oct 31 15:25:03.177809: | local proposal 4 type PRF has 2 transforms Oct 31 15:25:03.177811: | local proposal 4 type INTEG has 2 transforms Oct 31 15:25:03.177812: | local proposal 4 type DH has 8 transforms Oct 31 15:25:03.177814: | local proposal 4 type ESN has 0 transforms Oct 31 15:25:03.177816: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:25:03.177820: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.177822: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.177824: | length: 36 (00 24) Oct 31 15:25:03.177826: | prop #: 1 (01) Oct 31 15:25:03.177828: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:03.177830: | spi size: 0 (00) Oct 31 15:25:03.177832: | # transforms: 3 (03) Oct 31 15:25:03.177835: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:25:03.177837: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.177839: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.177841: | length: 12 (00 0c) Oct 31 15:25:03.177843: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.177845: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:03.177847: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.177849: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.177851: | length/value: 256 (01 00) Oct 31 15:25:03.177854: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:03.177856: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.177858: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.177860: | length: 8 (00 08) Oct 31 15:25:03.177862: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:03.177864: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:03.177866: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:25:03.177868: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.177870: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.177872: | length: 8 (00 08) Oct 31 15:25:03.177874: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:03.177876: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:03.177878: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:25:03.177881: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:25:03.177884: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:25:03.177886: | remote proposal 1 matches local proposal 1 Oct 31 15:25:03.177888: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Oct 31 15:25:03.177890: | converting proposal to internal trans attrs Oct 31 15:25:03.177905: | natd_hash: hasher=0x55f63ae49f80(20) Oct 31 15:25:03.177907: | natd_hash: icookie= Oct 31 15:25:03.177909: | ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.177910: | natd_hash: rcookie= Oct 31 15:25:03.177912: | 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:03.177914: | natd_hash: ip= Oct 31 15:25:03.177915: | c0 01 03 d1 Oct 31 15:25:03.177917: | natd_hash: port= Oct 31 15:25:03.177918: | 01 f4 Oct 31 15:25:03.177920: | natd_hash: hash= Oct 31 15:25:03.177922: | 40 0f 10 86 08 b0 8d a0 ec 20 ad e6 1a 54 de e7 Oct 31 15:25:03.177923: | c7 5e e8 de Oct 31 15:25:03.177930: | natd_hash: hasher=0x55f63ae49f80(20) Oct 31 15:25:03.177932: | natd_hash: icookie= Oct 31 15:25:03.177933: | ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.177935: | natd_hash: rcookie= Oct 31 15:25:03.177936: | 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:03.177938: | natd_hash: ip= Oct 31 15:25:03.177939: | c0 01 02 17 Oct 31 15:25:03.177941: | natd_hash: port= Oct 31 15:25:03.177942: | 01 f4 Oct 31 15:25:03.177944: | natd_hash: hash= Oct 31 15:25:03.177946: | ec e1 f0 56 6d 56 c3 1c ad 37 0d 82 ab 37 18 16 Oct 31 15:25:03.177947: | d4 cb a3 88 Oct 31 15:25:03.177949: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:25:03.177951: | NAT_TRAVERSAL this end is behind NAT Oct 31 15:25:03.177953: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:25:03.177955: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Oct 31 15:25:03.177961: | NAT: #1 floating local port from 192.1.3.209:500 to 192.1.3.209:4500 using NAT_IKE_UDP_PORT (in ikev2_parent_inR1outI2() at ikev2_parent.c:1611) Oct 31 15:25:03.177964: | NAT: #1 floating remote port from 500 to 4500 using NAT_IKE_UDP_PORT (in ikev2_parent_inR1outI2() at ikev2_parent.c:1611) Oct 31 15:25:03.177969: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:25:03.177972: | DH secret MODP2048@0x7fb420006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:25:03.177976: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:03.177979: | addref fd@0x55f63c7f9968(2->3) (in clone_logger() at log.c:810) Oct 31 15:25:03.177981: | newref clone logger@0x55f63c7f9ab8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:03.177983: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:25:03.177985: | state #1 has no .st_event to delete Oct 31 15:25:03.177988: | #1 requesting EVENT_RETRANSMIT-pe@0x55f63c7fbc28 be deleted Oct 31 15:25:03.177991: | libevent_free: delref ptr-libevent@0x55f63c7fbb78 Oct 31 15:25:03.177993: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55f63c7fbc28 Oct 31 15:25:03.177995: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:03.177997: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c7fbb78 Oct 31 15:25:03.178000: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:25:03.178002: | libevent_malloc: newref ptr-libevent@0x55f63c7fbdc8 size 128 Oct 31 15:25:03.178012: | #1 spent 0.256 (0.256) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:25:03.178016: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.178020: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:25:03.178022: | suspending state #1 and saving MD 0x55f63c7fee38 Oct 31 15:25:03.178024: | addref md@0x55f63c7fee38(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:25:03.178026: | #1 is busy; has suspended MD 0x55f63c7fee38 Oct 31 15:25:03.178026: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 3 starting job Oct 31 15:25:03.178029: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:25:03.178044: | #1 spent 0.624 (0.672) milliseconds in ikev2_process_packet() Oct 31 15:25:03.178046: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.178048: | delref mdp@0x55f63c7fee38(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.178052: | spent 0.632 (0.681) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.179102: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:25:03.179319: | "westnet-eastnet-ipv4-psk-ikev2" #1: spent 1.15 (1.29) milliseconds in helper 3 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:25:03.179329: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 3 sending result back to state Oct 31 15:25:03.179334: | scheduling resume sending helper answer back to state for #1 Oct 31 15:25:03.179338: | libevent_malloc: newref ptr-libevent@0x7fb41800b578 size 128 Oct 31 15:25:03.179350: | helper thread 3 has nothing to do Oct 31 15:25:03.179365: | processing resume sending helper answer back to state for #1 Oct 31 15:25:03.179375: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in resume_handler() at server.c:641) Oct 31 15:25:03.179381: | unsuspending #1 MD 0x55f63c7fee38 Oct 31 15:25:03.179385: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 3 Oct 31 15:25:03.179388: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x55f63ad57fe7 Oct 31 15:25:03.179395: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:25:03.179399: | DH secret MODP2048@0x7fb420006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:25:03.179403: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:25:03.179444: | newref alloc logger@0x55f63c7fbc28(0->1) (in new_state() at state.c:576) Oct 31 15:25:03.179450: | addref fd@0x55f63c7f9968(3->4) (in new_state() at state.c:577) Oct 31 15:25:03.179453: | creating state object #2 at 0x55f63c801248 Oct 31 15:25:03.179455: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:25:03.179461: | pstats #2 ikev2.child started Oct 31 15:25:03.179464: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #2 for IPSEC SA Oct 31 15:25:03.179468: | #2 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:03.179478: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744577.601483 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:03.179485: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:25:03.179490: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:25:03.179498: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744577.601483 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:25:03.179506: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744577.601483 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:25:03.179571: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:25:03.179580: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:03.179584: | libevent_free: delref ptr-libevent@0x55f63c7fbdc8 Oct 31 15:25:03.179588: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c7fbb78 Oct 31 15:25:03.179592: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:03.179596: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55f63c7fe6b8 Oct 31 15:25:03.179600: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1 Oct 31 15:25:03.179603: | libevent_malloc: newref ptr-libevent@0x55f63c7fe3e8 size 128 Oct 31 15:25:03.179608: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:25:03.179615: | opening output PBS reply packet Oct 31 15:25:03.179620: | **emit ISAKMP Message: Oct 31 15:25:03.179626: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.179631: | responder SPI: 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:03.179633: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:03.179635: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.179637: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:03.179640: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:03.179643: | Message ID: 1 (00 00 00 01) Oct 31 15:25:03.179645: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:03.179648: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:03.179651: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.179656: | flags: none (0x0) Oct 31 15:25:03.179661: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:03.179664: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.179671: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:03.179682: | IKEv2 CERT: send a certificate? Oct 31 15:25:03.179686: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Oct 31 15:25:03.179689: | IDr payload will be sent Oct 31 15:25:03.179693: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:25:03.179696: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.179700: | flags: none (0x0) Oct 31 15:25:03.179762: | ID type: ID_IPV4_ADDR (0x1) Oct 31 15:25:03.179766: | reserved: 00 00 00 Oct 31 15:25:03.179769: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:25:03.179771: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.179774: | emitting 4 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:25:03.179777: | my identity: c0 01 03 d1 Oct 31 15:25:03.179779: | emitting length of IKEv2 Identification - Initiator - Payload: 12 Oct 31 15:25:03.179781: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:25:03.179783: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.179785: | flags: none (0x0) Oct 31 15:25:03.179787: | ID type: ID_FQDN (0x2) Oct 31 15:25:03.179789: | reserved: 00 00 00 Oct 31 15:25:03.179791: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:25:03.179793: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.179796: | emitting 4 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:25:03.179798: | their IDr: 65 61 73 74 Oct 31 15:25:03.179800: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:25:03.179802: | not sending INITIAL_CONTACT Oct 31 15:25:03.179804: | ****emit IKEv2 Authentication Payload: Oct 31 15:25:03.179806: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.179808: | flags: none (0x0) Oct 31 15:25:03.179810: | auth method: IKEv2_AUTH_SHARED (0x2) Oct 31 15:25:03.179812: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:25:03.179814: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.179817: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Oct 31 15:25:03.179822: | lsw_get_secret() using IDs for 192.1.3.209->@east of kind PKK_PSK Oct 31 15:25:03.179825: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Oct 31 15:25:03.179829: | 1: compared key %any to 192.1.3.209 / @east -> 002 Oct 31 15:25:03.179833: | 2: compared key @east to 192.1.3.209 / @east -> 006 Oct 31 15:25:03.179835: | line 1: match=006 Oct 31 15:25:03.179837: | match 006 beats previous best_match 000 match=0x55f63c7fb1b8 (line=1) Oct 31 15:25:03.179839: | concluding with best_match=006 best=0x55f63c7fb1b8 (lineno=1) Oct 31 15:25:03.179889: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Oct 31 15:25:03.179892: | PSK auth: Oct 31 15:25:03.179894: | ae 00 00 22 c1 bf 88 9f f7 25 f4 5a 9c c2 5e 95 Oct 31 15:25:03.179896: | ec af 85 3f cb f4 ff 3c 64 ea f2 fd e3 b7 5e 79 Oct 31 15:25:03.179898: | 56 01 26 69 4c 69 b5 b7 10 cc 82 22 15 17 a1 82 Oct 31 15:25:03.179899: | 71 b8 b4 6b fb 64 f0 46 2e 92 83 ec 1c fd 32 72 Oct 31 15:25:03.179901: | emitting length of IKEv2 Authentication Payload: 72 Oct 31 15:25:03.179904: | getting first pending from state #1 Oct 31 15:25:03.179907: | delref fd@0x55f63c7f9968(4->3) (in first_pending() at pending.c:318) Oct 31 15:25:03.179909: | addref fd@0x55f63c7f9968(3->4) (in first_pending() at pending.c:319) Oct 31 15:25:03.179930: | netlink_get_spi: allocated 0x30cee8bd for esp.0@192.1.3.209 Oct 31 15:25:03.179933: | constructing ESP/AH proposals with all DH removed for westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:25:03.179940: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:25:03.179945: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:25:03.179947: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:25:03.179950: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:25:03.179953: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:03.179956: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:03.179958: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:03.179961: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:03.179964: "westnet-eastnet-ipv4-psk-ikev2": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:25:03.179967: "westnet-eastnet-ipv4-psk-ikev2": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:25:03.179970: "westnet-eastnet-ipv4-psk-ikev2": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:25:03.179973: "westnet-eastnet-ipv4-psk-ikev2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:03.179975: "westnet-eastnet-ipv4-psk-ikev2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:03.179977: | Emitting ikev2_proposals ... Oct 31 15:25:03.179980: | ****emit IKEv2 Security Association Payload: Oct 31 15:25:03.179982: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.179984: | flags: none (0x0) Oct 31 15:25:03.179986: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:03.179988: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.179991: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.179993: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.179995: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.179997: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.179999: | prop #: 1 (01) Oct 31 15:25:03.180001: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.180003: | spi size: 4 (04) Oct 31 15:25:03.180005: | # transforms: 2 (02) Oct 31 15:25:03.180007: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.180010: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:03.180012: | our spi: 30 ce e8 bd Oct 31 15:25:03.180015: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180016: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180018: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.180020: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:03.180025: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180031: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.180034: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.180038: | length/value: 256 (01 00) Oct 31 15:25:03.180042: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.180046: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.180050: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.180054: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180057: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.180063: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.180066: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.180070: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180073: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180076: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180079: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:25:03.180082: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.180087: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.180090: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.180093: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.180096: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.180100: | prop #: 2 (02) Oct 31 15:25:03.180103: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.180106: | spi size: 4 (04) Oct 31 15:25:03.180109: | # transforms: 2 (02) Oct 31 15:25:03.180113: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.180116: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.180120: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:03.180124: | our spi: 30 ce e8 bd Oct 31 15:25:03.180127: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180130: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180133: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.180136: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:03.180139: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180142: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.180146: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.180150: | length/value: 128 (00 80) Oct 31 15:25:03.180153: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.180156: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.180159: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.180162: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180165: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.180167: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.180170: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.180173: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180175: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180177: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180179: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:25:03.180181: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.180183: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.180185: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.180187: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.180189: | prop #: 3 (03) Oct 31 15:25:03.180193: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.180195: | spi size: 4 (04) Oct 31 15:25:03.180197: | # transforms: 4 (04) Oct 31 15:25:03.180217: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.180223: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.180226: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:03.180228: | our spi: 30 ce e8 bd Oct 31 15:25:03.180230: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180232: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180234: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.180236: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.180237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180239: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.180241: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.180244: | length/value: 256 (01 00) Oct 31 15:25:03.180245: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.180247: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180249: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180251: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.180253: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.180255: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180256: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180258: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180260: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180262: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180264: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.180265: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:03.180267: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180269: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180271: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180273: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.180274: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180276: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.180278: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.180280: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.180281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180285: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180287: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:25:03.180288: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.180291: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:03.180294: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.180296: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.180298: | prop #: 4 (04) Oct 31 15:25:03.180300: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.180301: | spi size: 4 (04) Oct 31 15:25:03.180303: | # transforms: 4 (04) Oct 31 15:25:03.180305: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:03.180307: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:03.180309: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:03.180311: | our spi: 30 ce e8 bd Oct 31 15:25:03.180313: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180315: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180317: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.180318: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:03.180320: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180322: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.180324: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.180326: | length/value: 128 (00 80) Oct 31 15:25:03.180328: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:03.180330: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180331: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180333: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.180335: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:03.180337: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180338: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180340: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180342: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180344: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180345: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:03.180347: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:03.180349: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180351: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180352: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180354: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:03.180356: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:03.180358: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.180360: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.180361: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.180363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.180365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:03.180367: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:03.180368: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:25:03.180370: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:03.180373: | emitting length of IKEv2 Security Association Payload: 164 Oct 31 15:25:03.180374: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:03.180378: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:03.180380: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.180382: | flags: none (0x0) Oct 31 15:25:03.180384: | number of TS: 1 (01) Oct 31 15:25:03.180386: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:25:03.180388: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.180390: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:03.180392: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.180394: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.180396: | start port: 0 (00 00) Oct 31 15:25:03.180398: | end port: 65535 (ff ff) Oct 31 15:25:03.180401: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:03.180403: | IP start: c0 00 01 00 Oct 31 15:25:03.180405: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:03.180407: | IP end: c0 00 01 ff Oct 31 15:25:03.180409: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:03.180410: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:25:03.180412: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:03.180414: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.180416: | flags: none (0x0) Oct 31 15:25:03.180418: | number of TS: 1 (01) Oct 31 15:25:03.180420: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:25:03.180422: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:03.180424: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:03.180425: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.180427: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.180429: | start port: 0 (00 00) Oct 31 15:25:03.180431: | end port: 65535 (ff ff) Oct 31 15:25:03.180433: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:03.180435: | IP start: c0 00 02 00 Oct 31 15:25:03.180437: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:03.180439: | IP end: c0 00 02 ff Oct 31 15:25:03.180441: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:03.180443: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:25:03.180445: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:25:03.180446: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:25:03.180449: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:03.180451: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:03.180453: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:03.180455: | emitting length of IKEv2 Encryption Payload: 337 Oct 31 15:25:03.180456: | emitting length of ISAKMP Message: 365 Oct 31 15:25:03.180467: | recording outgoing fragment failed Oct 31 15:25:03.180473: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.180476: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.180480: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:25:03.180483: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:25:03.180485: | Message ID: updating counters for #2 Oct 31 15:25:03.180491: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744577.601483 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.180496: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744577.601483->744577.613284 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:25:03.180500: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744577.613284 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:25:03.180503: "westnet-eastnet-ipv4-psk-ikev2" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:25:03.180517: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55f63c8020e8 Oct 31 15:25:03.180524: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Oct 31 15:25:03.180528: | libevent_malloc: newref ptr-libevent@0x55f63c7fe548 size 128 Oct 31 15:25:03.180533: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744577.613312 Oct 31 15:25:03.180541: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744577.613284 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:25:03.180629: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744577.613284 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:03.180637: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:25:03.180641: | announcing the state transition Oct 31 15:25:03.180647: "westnet-eastnet-ipv4-psk-ikev2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:25:03.180662: | sending 369 bytes for STATE_PARENT_I1 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 using UDP (for #1) Oct 31 15:25:03.180665: | 00 00 00 00 ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f Oct 31 15:25:03.180667: | 05 0c 80 6b 2e 20 23 08 00 00 00 01 00 00 01 6d Oct 31 15:25:03.180669: | 23 00 01 51 84 af a6 4a 45 d0 de f7 46 c7 88 62 Oct 31 15:25:03.180670: | 8f 39 a5 fe 51 03 51 5d e8 e9 91 bf df 03 4f 51 Oct 31 15:25:03.180672: | 94 4c 8e 58 68 3c 87 2f 01 80 f9 74 3e 5b b2 aa Oct 31 15:25:03.180673: | 01 bd b0 26 d0 49 be 1b 42 56 62 69 f2 f5 f8 62 Oct 31 15:25:03.180675: | 27 6e 53 6f 21 96 63 f9 7d 10 b2 ad 66 9f 3a 51 Oct 31 15:25:03.180677: | bc da 82 7a de 41 8d 6c b1 8d ff e7 d4 48 46 a4 Oct 31 15:25:03.180678: | fa e2 e4 34 65 48 c5 b0 43 e9 cc 7d 9f ad 8a a3 Oct 31 15:25:03.180680: | 16 3d 04 39 33 83 e0 9a c1 b5 4e 40 d5 49 d3 27 Oct 31 15:25:03.180681: | 1f eb 61 db ae a6 9f 27 67 29 36 60 ed 45 b6 f2 Oct 31 15:25:03.180684: | 20 12 21 37 3c 66 dc 41 67 23 8d 9d 0e 8c 1e 60 Oct 31 15:25:03.180686: | cd 95 a1 71 4f e9 dc d8 06 d9 d9 4d da 22 03 dc Oct 31 15:25:03.180692: | 58 4e 5a 4f fe 3d d3 e4 b8 fb ae 0d 2c 6d d5 5f Oct 31 15:25:03.180696: | d5 6a d9 3e 6b af 6f 78 cd 4c 90 a0 bd 51 d0 94 Oct 31 15:25:03.180698: | 9f 74 07 ca 8b 1c 59 1f b4 c0 e1 c2 26 36 c6 7e Oct 31 15:25:03.180701: | a1 3e f9 ce f7 0d 3d 6d dd 02 1d e9 b8 3c db 8f Oct 31 15:25:03.180706: | c0 b3 80 a5 3f 9c 9c 33 c1 b4 ba 66 d6 8a bc c2 Oct 31 15:25:03.180709: | 4d 2e a6 b1 18 8e f7 0c d8 18 c5 63 c1 32 2e 08 Oct 31 15:25:03.180712: | b1 df 13 17 e6 64 af 5b 50 04 43 8d 8c 66 db 3b Oct 31 15:25:03.180714: | bf ad f8 07 94 50 69 8e bc 67 26 49 ec 57 96 d7 Oct 31 15:25:03.180717: | c6 c0 66 62 2a 91 7d e4 9e 32 14 9b 71 fa 2f 0e Oct 31 15:25:03.180719: | 33 76 03 b7 38 1a d2 33 0c c9 27 38 fc f7 b2 57 Oct 31 15:25:03.180722: | 0b Oct 31 15:25:03.180851: | sent 1 messages Oct 31 15:25:03.180859: | checking that a retransmit timeout_event was already Oct 31 15:25:03.180862: | state #2 has no .st_event to delete Oct 31 15:25:03.180868: | delref logger@0x55f63c7f9ab8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:03.180871: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.180874: | delref fd@0x55f63c7f9968(4->3) (in free_logger() at log.c:854) Oct 31 15:25:03.180879: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition(); MD.ST was switched Oct 31 15:25:03.180883: | delref mdp@0x55f63c7fee38(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:03.180887: | delref logger@0x55f63c7ebf88(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:03.180889: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.180892: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.180901: | #1 spent 1.23 (1.52) milliseconds in resume sending helper answer back to state Oct 31 15:25:03.180907: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in resume_handler() at server.c:745) Oct 31 15:25:03.180912: | libevent_free: delref ptr-libevent@0x7fb41800b578 Oct 31 15:25:03.247474: | spent 0.00234 (0.00231) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:03.247782: | newref struct msg_digest@0x55f63c7fee38(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.247789: | newref alloc logger@0x55f63c7f9ab8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:03.247797: | *received 225 bytes from 192.1.2.23:4500 on eth0 192.1.3.209:4500 using UDP Oct 31 15:25:03.247803: | ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:03.247806: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Oct 31 15:25:03.247809: | bd 45 f8 1d 39 9f c8 92 08 d1 f5 cb 23 68 c6 74 Oct 31 15:25:03.247811: | 22 58 de 19 85 a6 18 43 f6 a0 18 35 da ef d9 b7 Oct 31 15:25:03.247813: | 25 32 cf 4c 2e 98 7b 02 3a 1a 73 4d 88 86 bb 69 Oct 31 15:25:03.247816: | ad 15 36 f7 f1 73 4b 3c 07 f6 a9 33 3b 10 4c 51 Oct 31 15:25:03.247818: | 3d f6 4e de a9 59 c4 e4 39 ee 2f e6 a0 85 55 59 Oct 31 15:25:03.247821: | 49 de 10 6e 3a 52 24 92 50 a9 65 57 47 31 af 96 Oct 31 15:25:03.247823: | 5a d5 82 5e b3 96 9a ce 1d cf e1 e9 bd 6e b2 2f Oct 31 15:25:03.247825: | b2 65 27 1c a5 67 ea 80 12 65 8a a3 29 67 fe 3a Oct 31 15:25:03.247828: | af 31 b7 21 79 06 3c a0 c3 04 62 49 30 3d 44 b7 Oct 31 15:25:03.247830: | e1 28 0c f4 c0 8f 7d f5 57 7a 92 ff ea 6e cb eb Oct 31 15:25:03.247833: | 39 ca c4 c7 90 a4 79 e0 60 e4 ca 98 1d 56 21 d8 Oct 31 15:25:03.247835: | e7 fe b5 ac a5 c7 ea c1 e6 0e 13 aa 51 99 19 d4 Oct 31 15:25:03.247838: | 0d Oct 31 15:25:03.247844: | **parse ISAKMP Message: Oct 31 15:25:03.247849: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:03.247852: | responder SPI: 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:03.247855: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:03.247856: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:03.247858: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:03.247860: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:03.247862: | Message ID: 1 (00 00 00 01) Oct 31 15:25:03.247865: | length: 225 (00 00 00 e1) Oct 31 15:25:03.247868: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:25:03.247874: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:25:03.247882: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:25:03.247890: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:03.247894: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:25:03.247897: | #2 is idle Oct 31 15:25:03.247900: | #2 idle Oct 31 15:25:03.247905: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:03.247911: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:03.247914: | unpacking clear payload Oct 31 15:25:03.247917: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:03.247921: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:03.247923: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:25:03.247925: | flags: none (0x0) Oct 31 15:25:03.247927: | length: 197 (00 c5) Oct 31 15:25:03.247929: | processing payload: ISAKMP_NEXT_v2SK (len=193) Oct 31 15:25:03.247931: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:25:03.247944: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:25:03.247946: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:25:03.247948: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:25:03.247950: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:25:03.247952: | flags: none (0x0) Oct 31 15:25:03.247954: | length: 12 (00 0c) Oct 31 15:25:03.247955: | ID type: ID_FQDN (0x2) Oct 31 15:25:03.247957: | reserved: 00 00 00 Oct 31 15:25:03.247959: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:25:03.247960: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:25:03.247962: | **parse IKEv2 Authentication Payload: Oct 31 15:25:03.247964: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:03.247965: | flags: none (0x0) Oct 31 15:25:03.247967: | length: 72 (00 48) Oct 31 15:25:03.247968: | auth method: IKEv2_AUTH_SHARED (0x2) Oct 31 15:25:03.247970: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Oct 31 15:25:03.247971: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:03.247973: | **parse IKEv2 Security Association Payload: Oct 31 15:25:03.247975: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:25:03.247976: | flags: none (0x0) Oct 31 15:25:03.247978: | length: 36 (00 24) Oct 31 15:25:03.247979: | processing payload: ISAKMP_NEXT_v2SA (len=32) Oct 31 15:25:03.247981: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:25:03.247982: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:03.247984: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:25:03.247985: | flags: none (0x0) Oct 31 15:25:03.247987: | length: 24 (00 18) Oct 31 15:25:03.247989: | number of TS: 1 (01) Oct 31 15:25:03.247990: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:25:03.247992: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:25:03.247993: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:03.247995: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:03.247996: | flags: none (0x0) Oct 31 15:25:03.247998: | length: 24 (00 18) Oct 31 15:25:03.248000: | number of TS: 1 (01) Oct 31 15:25:03.248001: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:25:03.248003: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:25:03.248005: | calling processor Initiator: process IKE_AUTH response Oct 31 15:25:03.248007: | no certs to decode Oct 31 15:25:03.248011: | offered CA: '%none' Oct 31 15:25:03.248014: "westnet-eastnet-ipv4-psk-ikev2" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Oct 31 15:25:03.248052: | verifying AUTH payload Oct 31 15:25:03.248059: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Oct 31 15:25:03.248066: | lsw_get_secret() using IDs for 192.1.3.209->@east of kind PKK_PSK Oct 31 15:25:03.248071: | line 1: key type PKK_PSK(192.1.3.209) to type PKK_PSK Oct 31 15:25:03.248076: | 1: compared key %any to 192.1.3.209 / @east -> 002 Oct 31 15:25:03.248080: | 2: compared key @east to 192.1.3.209 / @east -> 006 Oct 31 15:25:03.248082: | line 1: match=006 Oct 31 15:25:03.248084: | match 006 beats previous best_match 000 match=0x55f63c7fb1b8 (line=1) Oct 31 15:25:03.248087: | concluding with best_match=006 best=0x55f63c7fb1b8 (lineno=1) Oct 31 15:25:03.248141: "westnet-eastnet-ipv4-psk-ikev2" #1: authenticated using authby=secret Oct 31 15:25:03.248151: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:25:03.248156: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:25:03.248159: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:25:03.248163: | libevent_free: delref ptr-libevent@0x55f63c7fe3e8 Oct 31 15:25:03.248166: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55f63c7fe6b8 Oct 31 15:25:03.248169: | event_schedule: newref EVENT_SA_REKEY-pe@0x55f63c7fe3e8 Oct 31 15:25:03.248172: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:25:03.248175: | libevent_malloc: newref ptr-libevent@0x7fb41800b578 size 128 Oct 31 15:25:03.248689: | pstats #1 ikev2.ike established Oct 31 15:25:03.248700: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Oct 31 15:25:03.248706: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1680) Oct 31 15:25:03.248708: | skipping NAT-T KEEP-ALIVE: #2 is not current IKE SA Oct 31 15:25:03.248711: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1682) Oct 31 15:25:03.248714: | resume processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1682) Oct 31 15:25:03.248717: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1680) Oct 31 15:25:03.248719: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1680) Oct 31 15:25:03.248721: | we are behind NAT: sending of NAT-T KEEP-ALIVE for conn westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:03.248724: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in nat_traversal_send_ka() at nat_traversal.c:651) Oct 31 15:25:03.248726: | ka_event: send NAT-KA to 192.1.2.23:4500 (state=#1) Oct 31 15:25:03.248727: | sending NAT-T Keep Alive Oct 31 15:25:03.248732: | sending 1 bytes for NAT-T Keep Alive through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 using UDP (for #1) Oct 31 15:25:03.248733: | ff Oct 31 15:25:03.248788: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in nat_traversal_send_ka() at nat_traversal.c:660) Oct 31 15:25:03.248794: | processing: STOP state #0 (in for_each_state() at state.c:1682) Oct 31 15:25:03.248800: | resume processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in for_each_state() at state.c:1682) Oct 31 15:25:03.248804: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Oct 31 15:25:03.248809: | TSi: parsing 1 traffic selectors Oct 31 15:25:03.248814: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.248817: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.248820: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.248823: | length: 16 (00 10) Oct 31 15:25:03.248826: | start port: 0 (00 00) Oct 31 15:25:03.248828: | end port: 65535 (ff ff) Oct 31 15:25:03.248837: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.248840: | TS low Oct 31 15:25:03.248842: | c0 00 01 00 Oct 31 15:25:03.248845: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.248850: | TS high Oct 31 15:25:03.248852: | c0 00 01 ff Oct 31 15:25:03.248855: | TSi: parsed 1 traffic selectors Oct 31 15:25:03.248858: | TSr: parsing 1 traffic selectors Oct 31 15:25:03.248861: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:03.248864: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:03.248866: | IP Protocol ID: ALL (0x0) Oct 31 15:25:03.248870: | length: 16 (00 10) Oct 31 15:25:03.248874: | start port: 0 (00 00) Oct 31 15:25:03.248878: | end port: 65535 (ff ff) Oct 31 15:25:03.248880: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:03.248883: | TS low Oct 31 15:25:03.248885: | c0 00 02 00 Oct 31 15:25:03.248888: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:03.248890: | TS high Oct 31 15:25:03.248891: | c0 00 02 ff Oct 31 15:25:03.248893: | TSr: parsed 1 traffic selectors Oct 31 15:25:03.248898: | evaluating our conn="westnet-eastnet-ipv4-psk-ikev2" I=192.0.1.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:25:03.248906: | TSi[0] .net=192.0.1.0-192.0.1.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.248916: | match address end->client=192.0.1.0/24 == TSi[0]net=192.0.1.0-192.0.1.255: YES fitness 32 Oct 31 15:25:03.248920: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:03.248923: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:03.248926: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:03.248929: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.248933: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:03.248941: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:25:03.248945: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:03.248947: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:03.248950: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:03.248953: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:03.248956: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:03.248958: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:25:03.248960: | printing contents struct traffic_selector Oct 31 15:25:03.248961: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.248962: | ipprotoid: 0 Oct 31 15:25:03.248964: | port range: 0-65535 Oct 31 15:25:03.248967: | ip range: 192.0.1.0-192.0.1.255 Oct 31 15:25:03.248968: | printing contents struct traffic_selector Oct 31 15:25:03.248969: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:03.248971: | ipprotoid: 0 Oct 31 15:25:03.248972: | port range: 0-65535 Oct 31 15:25:03.248974: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:25:03.248983: | using existing local ESP/AH proposals for westnet-eastnet-ipv4-psk-ikev2 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:03.248986: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:25:03.248989: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:03.248991: | local proposal 1 type PRF has 0 transforms Oct 31 15:25:03.248993: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:03.248994: | local proposal 1 type DH has 1 transforms Oct 31 15:25:03.248995: | local proposal 1 type ESN has 1 transforms Oct 31 15:25:03.248998: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:25:03.248999: | local proposal 2 type ENCR has 1 transforms Oct 31 15:25:03.249001: | local proposal 2 type PRF has 0 transforms Oct 31 15:25:03.249002: | local proposal 2 type INTEG has 1 transforms Oct 31 15:25:03.249004: | local proposal 2 type DH has 1 transforms Oct 31 15:25:03.249009: | local proposal 2 type ESN has 1 transforms Oct 31 15:25:03.249010: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:25:03.249012: | local proposal 3 type ENCR has 1 transforms Oct 31 15:25:03.249013: | local proposal 3 type PRF has 0 transforms Oct 31 15:25:03.249015: | local proposal 3 type INTEG has 2 transforms Oct 31 15:25:03.249016: | local proposal 3 type DH has 1 transforms Oct 31 15:25:03.249018: | local proposal 3 type ESN has 1 transforms Oct 31 15:25:03.249019: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:25:03.249021: | local proposal 4 type ENCR has 1 transforms Oct 31 15:25:03.249022: | local proposal 4 type PRF has 0 transforms Oct 31 15:25:03.249024: | local proposal 4 type INTEG has 2 transforms Oct 31 15:25:03.249025: | local proposal 4 type DH has 1 transforms Oct 31 15:25:03.249027: | local proposal 4 type ESN has 1 transforms Oct 31 15:25:03.249028: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:25:03.249031: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:03.249033: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:03.249035: | length: 32 (00 20) Oct 31 15:25:03.249037: | prop #: 1 (01) Oct 31 15:25:03.249038: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:03.249040: | spi size: 4 (04) Oct 31 15:25:03.249042: | # transforms: 2 (02) Oct 31 15:25:03.249044: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:25:03.249045: | remote SPI Oct 31 15:25:03.249047: | 27 13 73 fe Oct 31 15:25:03.249049: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:25:03.249051: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.249052: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:03.249054: | length: 12 (00 0c) Oct 31 15:25:03.249056: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:03.249057: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:03.249059: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:03.249061: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:03.249065: | length/value: 256 (01 00) Oct 31 15:25:03.249072: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:03.249075: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:03.249774: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:03.249779: | length: 8 (00 08) Oct 31 15:25:03.249781: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:03.249782: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:03.249786: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:25:03.249789: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:25:03.249791: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:25:03.249793: | remote proposal 1 matches local proposal 1 Oct 31 15:25:03.249796: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Oct 31 15:25:03.249803: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=271373fe Oct 31 15:25:03.249808: | converting proposal to internal trans attrs Oct 31 15:25:03.249815: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:25:03.249895: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:25:03.249901: | could_route called for westnet-eastnet-ipv4-psk-ikev2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:25:03.249905: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:03.249908: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.249911: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:25:03.249920: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:25:03.249924: | natt/tcp sa encap_type=2(espinudp) sport=4500 dport=4500 Oct 31 15:25:03.249926: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:25:03.249928: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:25:03.249929: | AES_GCM_16 requires 4 salt bytes Oct 31 15:25:03.249931: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:25:03.249935: | setting IPsec SA replay-window to 32 Oct 31 15:25:03.249940: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth0 Oct 31 15:25:03.249944: | netlink: enabling tunnel mode Oct 31 15:25:03.249947: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:03.249949: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:03.249952: | adding xfrm-encap-tmpl when adding sa encap_type=2(espinudp) sport=4500 dport=4500 Oct 31 15:25:03.249955: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:03.250020: | netlink response for Add SA esp.271373fe@192.1.2.23 included non-error error Oct 31 15:25:03.250025: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:25:03.250026: | set up outgoing SA, ref=0/0 Oct 31 15:25:03.250028: | natt/tcp sa encap_type=2(espinudp) sport=4500 dport=4500 Oct 31 15:25:03.250030: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:25:03.250032: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:25:03.250033: | AES_GCM_16 requires 4 salt bytes Oct 31 15:25:03.250035: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:25:03.250037: | setting IPsec SA replay-window to 32 Oct 31 15:25:03.250039: | NIC esp-hw-offload not for connection 'westnet-eastnet-ipv4-psk-ikev2' not available on interface eth0 Oct 31 15:25:03.250041: | netlink: enabling tunnel mode Oct 31 15:25:03.250042: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:03.250043: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:03.250045: | adding xfrm-encap-tmpl when adding sa encap_type=2(espinudp) sport=4500 dport=4500 Oct 31 15:25:03.250047: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:03.250068: | netlink response for Add SA esp.30cee8bd@192.1.3.209 included non-error error Oct 31 15:25:03.250072: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:25:03.250073: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:25:03.250075: | setup_half_ipsec_sa() before proto 50 Oct 31 15:25:03.250076: | setup_half_ipsec_sa() after proto 50 Oct 31 15:25:03.250078: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:25:03.250080: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:03.250085: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => tun.10000@192.1.3.209 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:03.250087: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:03.250108: | raw_eroute result=success Oct 31 15:25:03.250113: | set up incoming SA, ref=0/0 Oct 31 15:25:03.250118: | sr for #2: unrouted Oct 31 15:25:03.250120: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:25:03.250123: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:03.250126: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:03.250128: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:25:03.250132: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL; eroute owner: NULL Oct 31 15:25:03.250135: | route_and_eroute with c: westnet-eastnet-ipv4-psk-ikev2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:25:03.250138: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:03.250147: | eroute_connection add eroute 192.0.1.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:03.250153: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:03.250171: | raw_eroute result=success Oct 31 15:25:03.250175: | running updown command "ipsec _updown" for verb up Oct 31 15:25:03.250177: | command executing up-client Oct 31 15:25:03.250180: | get_sa_info esp.271373fe@192.1.2.23 Oct 31 15:25:03.250194: | get_sa_info esp.30cee8bd@192.1.3.209 Oct 31 15:25:03.250235: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0... Oct 31 15:25:03.250242: | popen cmd is 1138 chars long Oct 31 15:25:03.250245: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv: Oct 31 15:25:03.250248: | cmd( 80):4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUT: Oct 31 15:25:03.250250: | cmd( 160):E='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.20: Oct 31 15:25:03.250251: | cmd( 240):9' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIEN: Oct 31 15:25:03.250254: | cmd( 320):T_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='1: Oct 31 15:25:03.250256: | cmd( 400):6388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PE: Oct 31 15:25:03.250258: | cmd( 480):ER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MAS: Oct 31 15:25:03.250260: | cmd( 560):K='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' P: Oct 31 15:25:03.250262: | cmd( 640):LUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNN: Oct 31 15:25:03.250264: | cmd( 720):EL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUT: Oct 31 15:25:03.250266: | cmd( 800):O_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_I: Oct 31 15:25:03.250268: | cmd( 880):NFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO: Oct 31 15:25:03.250269: | cmd( 960):_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI: Oct 31 15:25:03.250272: | cmd(1040):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x271373fe SPI_OUT=0x30cee8bd : Oct 31 15:25:03.250274: | cmd(1120):ipsec _updown 2>&1: Oct 31 15:25:03.262472: | route_and_eroute: firewall_notified: true Oct 31 15:25:03.262488: | running updown command "ipsec _updown" for verb prepare Oct 31 15:25:03.262492: | command executing prepare-client Oct 31 15:25:03.262500: | get_sa_info esp.271373fe@192.1.2.23 Oct 31 15:25:03.262519: | get_sa_info esp.30cee8bd@192.1.3.209 Oct 31 15:25:03.262559: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CON... Oct 31 15:25:03.262567: | popen cmd is 1143 chars long Oct 31 15:25:03.262570: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:25:03.262572: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI: Oct 31 15:25:03.262574: | cmd( 160):_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1: Oct 31 15:25:03.262576: | cmd( 240):.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_: Oct 31 15:25:03.262577: | cmd( 320):CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQ: Oct 31 15:25:03.262579: | cmd( 400):ID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLU: Oct 31 15:25:03.262581: | cmd( 480):TO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIEN: Oct 31 15:25:03.262583: | cmd( 560):T_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA: Oct 31 15:25:03.262585: | cmd( 640):='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT: Oct 31 15:25:03.262586: | cmd( 720):+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT': Oct 31 15:25:03.262588: | cmd( 800): PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: Oct 31 15:25:03.262745: | cmd( 880):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : Oct 31 15:25:03.262754: | cmd( 960):PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0: Oct 31 15:25:03.262756: | cmd(1040):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x271373fe SPI_OUT=0x30ce: Oct 31 15:25:03.262759: | cmd(1120):e8bd ipsec _updown 2>&1: Oct 31 15:25:03.275718: | running updown command "ipsec _updown" for verb route Oct 31 15:25:03.275730: | command executing route-client Oct 31 15:25:03.275738: | get_sa_info esp.271373fe@192.1.2.23 Oct 31 15:25:03.275757: | get_sa_info esp.30cee8bd@192.1.3.209 Oct 31 15:25:03.275785: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGU... Oct 31 15:25:03.275790: | popen cmd is 1141 chars long Oct 31 15:25:03.275793: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: Oct 31 15:25:03.275796: | cmd( 80):ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_R: Oct 31 15:25:03.275799: | cmd( 160):OUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3: Oct 31 15:25:03.275804: | cmd( 240):.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CL: Oct 31 15:25:03.275807: | cmd( 320):IENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID: Oct 31 15:25:03.275809: | cmd( 400):='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO: Oct 31 15:25:03.275812: | cmd( 480):_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_: Oct 31 15:25:03.275815: | cmd( 560):MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=': Oct 31 15:25:03.275817: | cmd( 640):' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: Oct 31 15:25:03.275820: | cmd( 720):UNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P: Oct 31 15:25:03.275823: | cmd( 800):LUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DN: Oct 31 15:25:03.275825: | cmd( 880):S_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PL: Oct 31 15:25:03.275827: | cmd( 960):UTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' : Oct 31 15:25:03.275829: | cmd(1040):VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x271373fe SPI_OUT=0x30cee8: Oct 31 15:25:03.275831: | cmd(1120):bd ipsec _updown 2>&1: Oct 31 15:25:03.289751: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.289819: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.289860: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.289897: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.289937: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.289975: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290017: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290056: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290095: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290222: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290350: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290475: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290532: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290593: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290713: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.290774: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291396: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291611: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291829: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291845: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291873: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291905: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291929: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291941: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.291967: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.292092: "westnet-eastnet-ipv4-psk-ikev2" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:03.301312: | route_and_eroute: instance "westnet-eastnet-ipv4-psk-ikev2", setting eroute_owner {spd=0x55f63c7f9ef8,sr=0x55f63c7f9ef8} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:25:03.301578: | inR2: instance westnet-eastnet-ipv4-psk-ikev2[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:25:03.301593: | #2 spent 2.25 (53.6) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:25:03.301603: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:03.301609: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:25:03.301613: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:03.301615: | Message ID: updating counters for #2 Oct 31 15:25:03.301624: | Message ID: CHILD #1.#2 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744577.613284 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.301628: | #2 requesting EVENT_RETRANSMIT-pe@0x55f63c8020e8 be deleted Oct 31 15:25:03.301633: | libevent_free: delref ptr-libevent@0x55f63c7fe548 Oct 31 15:25:03.301637: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55f63c8020e8 Oct 31 15:25:03.301640: | #2 STATE_PARENT_I2: retransmits: cleared Oct 31 15:25:03.301647: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744577.613284->744577.734414 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:25:03.301654: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:03.301660: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:03.301664: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:25:03.301667: | pstats #2 ikev2.child established Oct 31 15:25:03.301670: | announcing the state transition Oct 31 15:25:03.301680: "westnet-eastnet-ipv4-psk-ikev2" #2: negotiated connection [192.0.1.0-192.0.1.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:25:03.301695: | NAT-T: NAT Traversal detected - their IKE port is '500' Oct 31 15:25:03.301698: | NAT-T: encaps is 'auto' Oct 31 15:25:03.301706: "westnet-eastnet-ipv4-psk-ikev2" #2: IPsec SA established tunnel mode {ESPinUDP=>0x271373fe <0x30cee8bd xfrm=AES_GCM_16_256-NONE NATOA=none NATD=192.1.2.23:4500 DPD=passive} Oct 31 15:25:03.301711: | releasing #2's fd-fd@0x55f63c7f9968 because IKEv2 transitions finished Oct 31 15:25:03.301715: | delref fd@0x55f63c7f9968(3->2) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:03.301717: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:03.301720: | unpending #2's IKE SA #1 Oct 31 15:25:03.301723: | unpending state #1 connection "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:25:03.301733: | delete from pending Child SA with 192.1.2.23 "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:25:03.301737: | delref fd@0x55f63c7f9968(2->1) (in delete_pending() at pending.c:218) Oct 31 15:25:03.301739: | removing pending policy for no connection {0x55f63c7f99a8} Oct 31 15:25:03.301742: | releasing #1's fd-fd@0x55f63c7f9968 because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:25:03.301745: | delref fd@0x55f63c7f9968(1->0) (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:03.301754: | freeref fd-fd@0x55f63c7f9968 (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:03.301757: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:03.301761: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:25:03.301765: | state #2 has no .st_event to delete Oct 31 15:25:03.301768: | event_schedule: newref EVENT_SA_REKEY-pe@0x55f63c7fe548 Oct 31 15:25:03.301771: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Oct 31 15:25:03.301774: | libevent_malloc: newref ptr-libevent@0x55f63c804718 size 128 Oct 31 15:25:03.301782: | stop processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:03.301788: | #1 spent 2.7 (54.3) milliseconds in ikev2_process_packet() Oct 31 15:25:03.301790: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:03.301794: | delref mdp@0x55f63c7fee38(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.301798: | delref logger@0x55f63c7f9ab8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:03.301801: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:03.301804: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:03.301811: | spent 2.73 (54.3) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:03.301826: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.301833: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.301839: | spent 0.00689 (0.00667) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.301843: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.301847: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.301851: | spent 0.00433 (0.00412) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.301854: | processing signal PLUTO_SIGCHLD Oct 31 15:25:03.301859: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:03.301863: | spent 0.0043 (0.0041) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:03.363397: | newref struct fd@0x55f63c7fe5b8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.363416: | fd_accept: new fd-fd@0x55f63c7fe5b8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:03.363431: | whack: traffic_status Oct 31 15:25:03.363435: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:25:03.363438: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:03.363447: | get_sa_info esp.30cee8bd@192.1.3.209 Oct 31 15:25:03.363465: | get_sa_info esp.271373fe@192.1.2.23 Oct 31 15:25:03.363483: | delref fd@0x55f63c7fe5b8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:03.363491: | freeref fd-fd@0x55f63c7fe5b8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:03.363500: | spent 0.114 (0.114) milliseconds in whack Oct 31 15:25:04.307202: | newref struct fd@0x55f63c7fe5b8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:04.307219: | fd_accept: new fd-fd@0x55f63c7fe5b8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:04.307243: | whack: status Oct 31 15:25:04.307623: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:04.307628: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:04.307704: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:04.307709: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:04.307726: | get_sa_info esp.30cee8bd@192.1.3.209 Oct 31 15:25:04.307746: | get_sa_info esp.271373fe@192.1.2.23 Oct 31 15:25:04.307766: | delref fd@0x55f63c7fe5b8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:04.307777: | freeref fd-fd@0x55f63c7fe5b8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:04.307785: | spent 0.592 (0.595) milliseconds in whack Oct 31 15:25:04.530087: | spent 0.00265 (0.00256) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:04.530107: | newref struct msg_digest@0x55f63c7fee38(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.530112: | newref alloc logger@0x55f63c801148(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.530119: | *received 69 bytes from 192.1.2.23:4500 on eth0 192.1.3.209:4500 using UDP Oct 31 15:25:04.530121: | ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:04.530123: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:04.530125: | 89 d7 d0 05 f9 04 32 29 ba f5 4c 41 3d 63 10 cb Oct 31 15:25:04.530127: | e0 b5 3f d7 81 e5 42 77 39 0e 47 88 18 fc e7 c1 Oct 31 15:25:04.530129: | b6 13 81 4c 65 Oct 31 15:25:04.530134: | **parse ISAKMP Message: Oct 31 15:25:04.530138: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:04.530141: | responder SPI: 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:04.530144: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:04.530147: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:04.530149: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:04.530151: | flags: none (0x0) Oct 31 15:25:04.530155: | Message ID: 0 (00 00 00 00) Oct 31 15:25:04.530158: | length: 69 (00 00 00 45) Oct 31 15:25:04.530160: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:04.530164: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:04.530169: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:04.530405: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:04.530411: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Oct 31 15:25:04.530414: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:04.530417: | #1 is idle Oct 31 15:25:04.530424: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:04.530429: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:04.530432: | unpacking clear payload Oct 31 15:25:04.530435: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:04.530439: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:04.530442: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:04.530445: | flags: none (0x0) Oct 31 15:25:04.530448: | length: 41 (00 29) Oct 31 15:25:04.530451: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:25:04.530454: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:04.530472: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:04.530475: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:04.530479: | **parse IKEv2 Delete Payload: Oct 31 15:25:04.530481: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.530484: | flags: none (0x0) Oct 31 15:25:04.530487: | length: 12 (00 0c) Oct 31 15:25:04.530490: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:04.530492: | SPI size: 4 (04) Oct 31 15:25:04.530496: | number of SPIs: 1 (00 01) Oct 31 15:25:04.530498: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:25:04.530501: | selected state microcode Informational Request Oct 31 15:25:04.530508: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:25:04.530513: | calling processor Informational Request Oct 31 15:25:04.530646: | an informational request should send a response Oct 31 15:25:04.530654: | opening output PBS information exchange reply packet Oct 31 15:25:04.530657: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:04.530660: | **emit ISAKMP Message: Oct 31 15:25:04.530663: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:04.530667: | responder SPI: 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:04.530669: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:04.530671: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:04.530673: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:04.530676: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:04.530680: | Message ID: 0 (00 00 00 00) Oct 31 15:25:04.530683: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:04.530686: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:04.530688: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.530691: | flags: none (0x0) Oct 31 15:25:04.530694: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:04.530696: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:04.530700: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:04.530708: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:25:04.530711: | SPI Oct 31 15:25:04.530713: | 27 13 73 fe Oct 31 15:25:04.530716: | delete IKEv2_SEC_PROTO_ESP SA(0x271373fe) Oct 31 15:25:04.530719: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:04.530722: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:25:04.530724: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x271373fe) Oct 31 15:25:04.530728: "westnet-eastnet-ipv4-psk-ikev2" #1: received Delete SA payload: replace IPsec State #2 now Oct 31 15:25:04.530732: | #2 requesting EVENT_SA_REKEY-pe@0x55f63c7fe548 be deleted Oct 31 15:25:04.530737: | libevent_free: delref ptr-libevent@0x55f63c804718 Oct 31 15:25:04.530741: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55f63c7fe548 Oct 31 15:25:04.530745: | event_schedule: newref EVENT_SA_REPLACE-pe@0x55f63c7f9ab8 Oct 31 15:25:04.530748: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Oct 31 15:25:04.530752: | libevent_malloc: newref ptr-libevent@0x55f63c766f98 size 128 Oct 31 15:25:04.530756: | ****emit IKEv2 Delete Payload: Oct 31 15:25:04.530759: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.530761: | flags: none (0x0) Oct 31 15:25:04.530764: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:04.530767: | SPI size: 4 (04) Oct 31 15:25:04.530771: | number of SPIs: 1 (00 01) Oct 31 15:25:04.530774: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:04.530777: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:04.530780: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:25:04.530784: | local SPIs: 30 ce e8 bd Oct 31 15:25:04.530786: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:04.530789: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:04.530792: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:04.530795: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:04.530797: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:25:04.530802: | emitting length of ISAKMP Message: 69 Oct 31 15:25:04.530822: | sending 73 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 using UDP (for #1) Oct 31 15:25:04.530825: | 00 00 00 00 ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f Oct 31 15:25:04.530827: | 05 0c 80 6b 2e 20 25 28 00 00 00 00 00 00 00 45 Oct 31 15:25:04.530829: | 2a 00 00 29 48 52 05 b9 c7 2f 38 92 1b 40 a8 65 Oct 31 15:25:04.530832: | 8f ff af ef 4d 1a f7 f7 c9 6b a9 7f 60 13 c2 08 Oct 31 15:25:04.530834: | 2f 6e 9b f9 75 cb 6d 37 a8 Oct 31 15:25:04.530881: | sent 1 messages Oct 31 15:25:04.530896: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:04.530902: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744577.601483 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:04.530910: | #1 spent 0.238 (0.39) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:25:04.530915: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:04.530920: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:25:04.530922: | Message ID: updating counters for #1 Oct 31 15:25:04.530928: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744577.601483->744578.963721 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:25:04.530934: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744578.963721 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:04.530940: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744578.963721 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:04.530942: | announcing the state transition Oct 31 15:25:04.530945: "westnet-eastnet-ipv4-psk-ikev2" #1: established IKE SA Oct 31 15:25:04.530952: | sending 73 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 using UDP (for #1) Oct 31 15:25:04.530954: | 00 00 00 00 ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f Oct 31 15:25:04.530961: | 05 0c 80 6b 2e 20 25 28 00 00 00 00 00 00 00 45 Oct 31 15:25:04.530963: | 2a 00 00 29 48 52 05 b9 c7 2f 38 92 1b 40 a8 65 Oct 31 15:25:04.530966: | 8f ff af ef 4d 1a f7 f7 c9 6b a9 7f 60 13 c2 08 Oct 31 15:25:04.530968: | 2f 6e 9b f9 75 cb 6d 37 a8 Oct 31 15:25:04.530997: | sent 1 messages Oct 31 15:25:04.531002: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:25:04.531008: | stop processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:04.531014: | #1 spent 0.553 (0.934) milliseconds in ikev2_process_packet() Oct 31 15:25:04.531018: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:04.531022: | delref mdp@0x55f63c7fee38(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.531025: | delref logger@0x55f63c801148(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.531030: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.531033: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.531112: | spent 0.586 (1.03) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:04.531124: | timer_event_cb: processing event@0x55f63c7f9ab8 Oct 31 15:25:04.531128: | handling event EVENT_SA_REPLACE for child state #2 Oct 31 15:25:04.531132: | libevent_free: delref ptr-libevent@0x55f63c766f98 Oct 31 15:25:04.531135: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x55f63c7f9ab8 Oct 31 15:25:04.531142: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:04.531146: | picked newest_ipsec_sa #2 for #2 Oct 31 15:25:04.531150: | replacing stale CHILD SA Oct 31 15:25:04.531154: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:04.531158: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:25:04.531164: | newref alloc logger@0x55f63c7fe548(0->1) (in new_state() at state.c:576) Oct 31 15:25:04.531168: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:04.531171: | creating state object #3 at 0x55f63c7fee38 Oct 31 15:25:04.531173: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:25:04.531180: | pstats #3 ikev2.child started Oct 31 15:25:04.531183: | duplicating state object #1 "westnet-eastnet-ipv4-psk-ikev2" as #3 for IPSEC SA Oct 31 15:25:04.531189: | #3 setting local endpoint to 192.1.3.209:4500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:04.531202: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744578.963721 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:04.531214: | child state #3: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Oct 31 15:25:04.531220: | #3.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:25:04.531225: | suspend processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:04.531230: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:04.531235: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:25:04.531238: | constructing ESP/AH proposals with default DH MODP2048 for westnet-eastnet-ipv4-psk-ikev2 (ESP/AH initiator emitting proposals) Oct 31 15:25:04.531244: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:25:04.531322: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:04.531329: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:25:04.531333: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:04.531337: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:04.531342: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:04.531345: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:04.531349: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:04.531353: "westnet-eastnet-ipv4-psk-ikev2": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:25:04.531357: "westnet-eastnet-ipv4-psk-ikev2": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:04.531361: "westnet-eastnet-ipv4-psk-ikev2": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:04.531365: "westnet-eastnet-ipv4-psk-ikev2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:04.531370: "westnet-eastnet-ipv4-psk-ikev2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:04.531378: | #3 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO to replace #2 using IKE# 1 pfs=MODP2048 Oct 31 15:25:04.531382: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x55f63c7f9ab8 Oct 31 15:25:04.531385: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Oct 31 15:25:04.531388: | libevent_malloc: newref ptr-libevent@0x55f63c804718 size 128 Oct 31 15:25:04.531394: | RESET processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:25:04.531398: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x55f63c766f98 Oct 31 15:25:04.531401: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 Oct 31 15:25:04.531404: | libevent_malloc: newref ptr-libevent@0x7fb420006108 size 128 Oct 31 15:25:04.531407: | libevent_realloc: delref ptr-libevent@0x55f63c7c44a8 Oct 31 15:25:04.531410: | libevent_realloc: newref ptr-libevent@0x55f63c767008 size 128 Oct 31 15:25:04.531417: | #2 spent 0.225 (0.291) milliseconds in timer_event_cb() EVENT_SA_REPLACE Oct 31 15:25:04.531420: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:04.531425: | timer_event_cb: processing event@0x55f63c7f9ab8 Oct 31 15:25:04.531428: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Oct 31 15:25:04.531431: | libevent_free: delref ptr-libevent@0x55f63c804718 Oct 31 15:25:04.531434: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x55f63c7f9ab8 Oct 31 15:25:04.531439: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:04.531449: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:04.531452: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:04.531455: | newref clone logger@0x55f63c801148(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:04.531458: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:25:04.531461: | state #3 has no .st_event to delete Oct 31 15:25:04.531463: | #3 STATE_V2_REKEY_CHILD_I0: retransmits: cleared Oct 31 15:25:04.531466: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c7f9ab8 Oct 31 15:25:04.531469: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:04.531472: | libevent_malloc: newref ptr-libevent@0x55f63c804718 size 128 Oct 31 15:25:04.531481: | #3 spent 0.0543 (0.0543) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:25:04.531486: | stop processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:04.531490: | timer_event_cb: processing event@0x55f63c766f98 Oct 31 15:25:04.531493: | handling event EVENT_SA_EXPIRE for child state #2 Oct 31 15:25:04.531493: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 4 starting job Oct 31 15:25:04.531496: | libevent_free: delref ptr-libevent@0x7fb420006108 Oct 31 15:25:04.531509: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x55f63c766f98 Oct 31 15:25:04.531514: | start processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:04.531517: | picked newest_ipsec_sa #2 for #2 Oct 31 15:25:04.531520: | un-established partial CHILD SA timeout (SA expired) Oct 31 15:25:04.531522: | pstats #2 ikev2.child re-failed exchange-timeout Oct 31 15:25:04.531525: | should_send_delete: no, just because Oct 31 15:25:04.531527: | pstats #2 ikev2.child deleted completed Oct 31 15:25:04.531531: | #2 main thread spent 2.47 (53.9) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:04.531535: | [RE]START processing: state #2 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:935) Oct 31 15:25:04.531538: | should_send_delete: no, just because Oct 31 15:25:04.531542: "westnet-eastnet-ipv4-psk-ikev2" #2: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 1.352099s and NOT sending notification Oct 31 15:25:04.531547: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:04.531552: | get_sa_info esp.271373fe@192.1.2.23 Oct 31 15:25:04.531641: | get_sa_info esp.30cee8bd@192.1.3.209 Oct 31 15:25:04.531654: "westnet-eastnet-ipv4-psk-ikev2" #2: ESP traffic information: in=0B out=0B Oct 31 15:25:04.531658: | unsuspending #2 MD (nil) Oct 31 15:25:04.531661: | should_send_delete: no, just because Oct 31 15:25:04.531663: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:25:04.531666: | state #2 has no .st_event to delete Oct 31 15:25:04.531669: | #2 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:04.531740: | running updown command "ipsec _updown" for verb down Oct 31 15:25:04.531747: | command executing down-client Oct 31 15:25:04.531754: | get_sa_info esp.271373fe@192.1.2.23 Oct 31 15:25:04.531767: | get_sa_info esp.30cee8bd@192.1.3.209 Oct 31 15:25:04.531803: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURE... Oct 31 15:25:04.531808: | popen cmd is 1140 chars long Oct 31 15:25:04.531811: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-i: Oct 31 15:25:04.531814: | cmd( 80):pv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_RO: Oct 31 15:25:04.531816: | cmd( 160):UTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.: Oct 31 15:25:04.531819: | cmd( 240):209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLI: Oct 31 15:25:04.531821: | cmd( 320):ENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID=: Oct 31 15:25:04.531823: | cmd( 400):'16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_: Oct 31 15:25:04.531826: | cmd( 480):PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_M: Oct 31 15:25:04.531828: | cmd( 560):ASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='': Oct 31 15:25:04.531830: | cmd( 640): PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157903' PLUTO_CONN_POLICY='PSK+ENCRYPT+TU: Oct 31 15:25:04.531833: | cmd( 720):NNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PL: Oct 31 15:25:04.531835: | cmd( 800):UTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: Oct 31 15:25:04.531838: | cmd( 880):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: Oct 31 15:25:04.531840: | cmd( 960):TO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' V: Oct 31 15:25:04.531842: | cmd(1040):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x271373fe SPI_OUT=0x30cee8b: Oct 31 15:25:04.531844: | cmd(1120):d ipsec _updown 2>&1: Oct 31 15:25:04.533029: | "westnet-eastnet-ipv4-psk-ikev2" #3: spent 1.23 (1.54) milliseconds in helper 4 processing job 3 for state #3: Child Rekey Initiator KE and nonce ni (pcr) Oct 31 15:25:04.533040: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 4 sending result back to state Oct 31 15:25:04.533045: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:04.533051: | libevent_malloc: newref ptr-libevent@0x7fb41c006108 size 128 Oct 31 15:25:04.533059: | helper thread 4 has nothing to do Oct 31 15:25:04.542710: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:04.542731: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:04.542736: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:04.542741: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:04.542787: | delete esp.271373fe@192.1.2.23 Oct 31 15:25:04.542791: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:04.542808: | netlink response for Del SA esp.271373fe@192.1.2.23 included non-error error Oct 31 15:25:04.542812: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:04.542820: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk.10000@192.1.3.209 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:04.542847: | raw_eroute result=success Oct 31 15:25:04.542915: | delete esp.30cee8bd@192.1.3.209 Oct 31 15:25:04.542920: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:04.542937: | netlink response for Del SA esp.30cee8bd@192.1.3.209 included non-error error Oct 31 15:25:04.542945: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:04.543010: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Oct 31 15:25:04.543019: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:04.543023: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:04.543026: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:04.543029: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:04.543032: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:04.543039: | stop processing: state #2 from 192.1.2.23:4500 (in delete_state() at state.c:1239) Oct 31 15:25:04.543046: | delref logger@0x55f63c7fbc28(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:04.543049: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.543051: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.543056: | State DB: found IKEv2 state #3 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Oct 31 15:25:04.543059: | can't expire unused IKE SA #1; it has the child #3 Oct 31 15:25:04.543062: | in statetime_stop() and could not find #2 Oct 31 15:25:04.543064: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:04.543087: | spent 0.00221 (0.00215) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:04.543098: | newref struct msg_digest@0x55f63c806588(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.543102: | newref alloc logger@0x55f63c7c44a8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:04.543108: | *received 65 bytes from 192.1.2.23:4500 on eth0 192.1.3.209:4500 using UDP Oct 31 15:25:04.543111: | ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:04.543114: | 2e 20 25 00 00 00 00 01 00 00 00 41 2a 00 00 25 Oct 31 15:25:04.543116: | 41 14 0a 70 52 b3 71 23 0d 7e 3b ec 02 74 a8 1e Oct 31 15:25:04.543119: | ca f3 cb ab 67 bf da 8e 13 8a 8b d8 f4 fd 48 34 Oct 31 15:25:04.543121: | 23 Oct 31 15:25:04.543126: | **parse ISAKMP Message: Oct 31 15:25:04.543131: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:04.543136: | responder SPI: 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:04.543140: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:04.543143: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:04.543145: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:04.543149: | flags: none (0x0) Oct 31 15:25:04.543153: | Message ID: 1 (00 00 00 01) Oct 31 15:25:04.543160: | length: 65 (00 00 00 41) Oct 31 15:25:04.543163: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:04.543167: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:04.543171: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:04.543179: | start processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:04.543182: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:25:04.543186: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:04.543189: | #1 is idle Oct 31 15:25:04.543196: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744578.963721 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:04.543221: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:04.543225: | unpacking clear payload Oct 31 15:25:04.543227: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:04.543231: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:04.543234: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:04.543237: | flags: none (0x0) Oct 31 15:25:04.543241: | length: 37 (00 25) Oct 31 15:25:04.543243: | processing payload: ISAKMP_NEXT_v2SK (len=33) Oct 31 15:25:04.543246: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:04.543267: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:04.543270: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:04.543279: | **parse IKEv2 Delete Payload: Oct 31 15:25:04.543282: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.543285: | flags: none (0x0) Oct 31 15:25:04.543288: | length: 8 (00 08) Oct 31 15:25:04.543291: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:04.543293: | SPI size: 0 (00) Oct 31 15:25:04.543297: | number of SPIs: 0 (00 00) Oct 31 15:25:04.543299: | processing payload: ISAKMP_NEXT_v2D (len=0) Oct 31 15:25:04.543302: | selected state microcode Informational Request Oct 31 15:25:04.543310: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744578.963721 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:25:04.543312: | calling processor Informational Request Oct 31 15:25:04.543317: | an informational request should send a response Oct 31 15:25:04.543322: | opening output PBS information exchange reply packet Oct 31 15:25:04.543324: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:04.543327: | **emit ISAKMP Message: Oct 31 15:25:04.543332: | initiator SPI: ed d0 ee e2 b6 b5 b4 47 Oct 31 15:25:04.543336: | responder SPI: 4c bb 1b 6f 05 0c 80 6b Oct 31 15:25:04.543338: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:04.543341: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:04.543344: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:04.543347: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:04.543350: | Message ID: 1 (00 00 00 01) Oct 31 15:25:04.543353: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:04.543357: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:04.543359: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.543362: | flags: none (0x0) Oct 31 15:25:04.543365: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:04.543367: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:04.543373: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:04.543386: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:04.543394: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:04.543397: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:04.543400: | emitting length of IKEv2 Encryption Payload: 29 Oct 31 15:25:04.543402: | emitting length of ISAKMP Message: 57 Oct 31 15:25:04.543418: | sending 61 bytes for reply packet for process_encrypted_informational_ikev2 through eth0 from 192.1.3.209:4500 to 192.1.2.23:4500 using UDP (for #1) Oct 31 15:25:04.543421: | 00 00 00 00 ed d0 ee e2 b6 b5 b4 47 4c bb 1b 6f Oct 31 15:25:04.543424: | 05 0c 80 6b 2e 20 25 28 00 00 00 01 00 00 00 39 Oct 31 15:25:04.543426: | 00 00 00 1d 04 a7 73 cc d4 31 4b f5 17 5d b9 da Oct 31 15:25:04.543428: | 23 a3 42 de 14 07 e7 db b0 9e d9 e2 e5 Oct 31 15:25:04.543485: | sent 1 messages Oct 31 15:25:04.543494: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744578.963721 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:04.543501: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744577.734414 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744578.963721 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:04.543506: | pstats #3 ikev2.child deleted other Oct 31 15:25:04.543511: | #3 main thread spent 0.0543 (0.0543) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:04.543516: | suspend processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:935) Oct 31 15:25:04.543521: | start processing: state #3 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:935) Oct 31 15:25:04.543524: | should_send_delete: no, just because Oct 31 15:25:04.543529: "westnet-eastnet-ipv4-psk-ikev2" #3: deleting other state #3 (STATE_V2_REKEY_CHILD_I0) aged 0.012364s and NOT sending notification Oct 31 15:25:04.543653: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => delete Oct 31 15:25:04.543720: | unsuspending #3 MD (nil) Oct 31 15:25:04.543724: | should_send_delete: no, just because Oct 31 15:25:04.543728: | child state #3: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Oct 31 15:25:04.543731: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:04.543736: | libevent_free: delref ptr-libevent@0x55f63c804718 Oct 31 15:25:04.543739: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c7f9ab8 Oct 31 15:25:04.543742: | #3 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:04.543747: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:04.543755: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.1.0/24:0 => unk.10000@192.1.3.209 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:04.543770: | raw_eroute result=success Oct 31 15:25:04.543774: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:04.543777: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Oct 31 15:25:04.543781: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:04.543784: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:04.543787: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:04.543789: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:04.543792: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:04.543797: | stop processing: state #3 from 192.1.2.23:4500 (in delete_state() at state.c:1239) Oct 31 15:25:04.543805: | resume processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:1239) Oct 31 15:25:04.543810: | delref logger@0x55f63c7fe548(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:04.543813: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.543815: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.543819: | State DB: IKEv2 state not found (delete_ike_family) Oct 31 15:25:04.543822: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:04.543827: | #1 main thread spent 7.41 (59.8) milliseconds helper thread spent 2.55 (2.7) milliseconds in total Oct 31 15:25:04.543832: | [RE]START processing: state #1 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:4500 (in delete_state() at state.c:935) Oct 31 15:25:04.543835: | should_send_delete: no, just because Oct 31 15:25:04.543839: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 1.37519s and NOT sending notification Oct 31 15:25:04.543843: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:04.543962: | unsuspending #1 MD (nil) Oct 31 15:25:04.543968: | should_send_delete: no, just because Oct 31 15:25:04.543971: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:04.543975: | libevent_free: delref ptr-libevent@0x7fb41800b578 Oct 31 15:25:04.543978: | free_event_entry: delref EVENT_SA_REKEY-pe@0x55f63c7fe3e8 Oct 31 15:25:04.543981: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:04.544050: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:04.544056: | picked newest_isakmp_sa #0 for #1 Oct 31 15:25:04.544061: "westnet-eastnet-ipv4-psk-ikev2" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:04.544065: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 0 seconds Oct 31 15:25:04.544069: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Oct 31 15:25:04.544073: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:04.544076: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:04.544081: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:04.544084: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:04.544086: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:04.544089: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:04.544092: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:04.544113: | stop processing: state #1 from 192.1.2.23:4500 (in delete_state() at state.c:1239) Oct 31 15:25:04.544129: | delref logger@0x55f63c7f8bb8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:04.544132: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.544135: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.544139: | in statetime_stop() and could not find #1 Oct 31 15:25:04.544142: | XXX: processor 'Informational Request' for #1 deleted state MD.ST Oct 31 15:25:04.544144: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:04.544147: | in statetime_stop() and could not find #1 Oct 31 15:25:04.544149: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:04.544153: | delref mdp@0x55f63c806588(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.544156: | delref logger@0x55f63c7c44a8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:04.544158: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.544160: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.544168: | spent 0.754 (1.09) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:04.544177: | processing resume sending helper answer back to state for #3 Oct 31 15:25:04.544181: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 4 Oct 31 15:25:04.544187: | job 3 for #3: Child Rekey Initiator KE and nonce ni (build KE and nonce): was cancelled; ignoring respose Oct 31 15:25:04.544202: | delref logger@0x55f63c801148(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:04.544209: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.544212: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.544218: | (#3) spent 0.0322 (0.0353) milliseconds in resume sending helper answer back to state Oct 31 15:25:04.544221: | libevent_free: delref ptr-libevent@0x7fb41c006108 Oct 31 15:25:04.544224: | processing signal PLUTO_SIGCHLD Oct 31 15:25:04.544230: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:04.544234: | spent 0.0055 (0.00547) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:04.544241: | processing global timer EVENT_REVIVE_CONNS Oct 31 15:25:04.544245: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:04.544248: "westnet-eastnet-ipv4-psk-ikev2": initiating connection which received a Delete/Notify but must remain up per local policy Oct 31 15:25:04.544251: | connection 'westnet-eastnet-ipv4-psk-ikev2' +POLICY_UP Oct 31 15:25:04.544254: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:04.544261: | newref alloc logger@0x55f63c7f9ab8(0->1) (in new_state() at state.c:576) Oct 31 15:25:04.544265: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:04.544267: | creating state object #4 at 0x55f63c7fee38 Oct 31 15:25:04.544269: | State DB: adding IKEv2 state #4 in UNDEFINED Oct 31 15:25:04.544276: | pstats #4 ikev2.ike started Oct 31 15:25:04.544279: | parent state #4: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:25:04.544283: | #4.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:25:04.544292: | Message ID: IKE #4 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744578.977082 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744578.977082 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:25:04.544295: | orienting westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:04.544300: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:04.544304: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 127.0.0.1:500 at all Oct 31 15:25:04.544308: | westnet-eastnet-ipv4-psk-ikev2 doesn't match 192.1.3.209:4500 at all Oct 31 15:25:04.544310: | oriented westnet-eastnet-ipv4-psk-ikev2's this Oct 31 15:25:04.544317: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:25:04.544321: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:25:04.544325: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #4 "westnet-eastnet-ipv4-psk-ikev2" Oct 31 15:25:04.544329: "westnet-eastnet-ipv4-psk-ikev2" #4: initiating IKEv2 connection Oct 31 15:25:04.544346: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator selecting KE): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:04.544353: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:04.544355: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:04.544358: | newref clone logger@0x55f63c7fbb78(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:04.544361: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:25:04.544363: | state #4 has no .st_event to delete Oct 31 15:25:04.544365: | #4 STATE_PARENT_I0: retransmits: cleared Oct 31 15:25:04.544371: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c766f98 Oct 31 15:25:04.544374: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Oct 31 15:25:04.544376: | libevent_malloc: newref ptr-libevent@0x55f63c7ffad8 size 128 Oct 31 15:25:04.544388: | #4 spent 0.135 (0.135) milliseconds in ikev2_parent_outI1() Oct 31 15:25:04.544393: | RESET processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:25:04.544398: | spent 0.152 (0.152) milliseconds in global timer EVENT_REVIVE_CONNS Oct 31 15:25:04.544400: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): helper 5 starting job Oct 31 15:25:04.546353: | "westnet-eastnet-ipv4-psk-ikev2" #4: spent 1.92 (1.95) milliseconds in helper 5 processing job 4 for state #4: ikev2_outI1 KE (pcr) Oct 31 15:25:04.546368: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): helper thread 5 sending result back to state Oct 31 15:25:04.546371: | scheduling resume sending helper answer back to state for #4 Oct 31 15:25:04.546375: | libevent_malloc: newref ptr-libevent@0x7fb410006108 size 128 Oct 31 15:25:04.546385: | helper thread 5 has nothing to do Oct 31 15:25:04.546413: | processing resume sending helper answer back to state for #4 Oct 31 15:25:04.546423: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:04.546428: | unsuspending #4 MD (nil) Oct 31 15:25:04.546430: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): processing response from helper 5 Oct 31 15:25:04.546433: | job 4 for #4: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x55f63ad57fe7 Oct 31 15:25:04.546435: | ikev2_parent_outI1_continue() for #4 STATE_PARENT_I0 Oct 31 15:25:04.546437: | DH secret MODP2048@0x7fb410006ba8: transferring ownership from helper KE to state #4 Oct 31 15:25:04.546441: | opening output PBS reply packet Oct 31 15:25:04.546444: | **emit ISAKMP Message: Oct 31 15:25:04.546447: | initiator SPI: 5b d4 3d 38 d3 df c0 28 Oct 31 15:25:04.546450: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:25:04.546452: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:04.546454: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:04.546456: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:04.546458: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:04.546461: | Message ID: 0 (00 00 00 00) Oct 31 15:25:04.546463: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:04.546476: | using existing local IKE proposals for connection westnet-eastnet-ipv4-psk-ikev2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:04.546478: | Emitting ikev2_proposals ... Oct 31 15:25:04.546480: | ***emit IKEv2 Security Association Payload: Oct 31 15:25:04.546482: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.546483: | flags: none (0x0) Oct 31 15:25:04.546485: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:04.546487: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:04.546490: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:04.546493: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:04.546497: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:04.546499: | prop #: 1 (01) Oct 31 15:25:04.546501: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:04.546503: | spi size: 0 (00) Oct 31 15:25:04.546505: | # transforms: 11 (0b) Oct 31 15:25:04.546507: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:04.546509: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546511: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546512: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:04.546514: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:04.546516: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546518: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:04.546519: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:04.546522: | length/value: 256 (01 00) Oct 31 15:25:04.546524: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:04.546526: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546527: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546529: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.546530: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:04.546532: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546534: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546536: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546538: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546539: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546541: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.546543: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:04.546544: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546546: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546548: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546550: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:04.546551: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546553: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546555: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546556: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:04.546558: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546560: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546561: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546563: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546565: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546566: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546568: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:04.546570: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546571: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546574: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546576: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546577: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546579: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546580: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:04.546582: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546584: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546585: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546587: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546589: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546590: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546592: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:04.546594: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546595: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546597: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546599: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546600: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546602: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546603: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:04.546605: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546607: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546608: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546610: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546612: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546613: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546615: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:04.546617: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546618: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546620: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546621: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546623: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546624: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546626: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:04.546628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546629: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546631: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546633: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546634: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:04.546637: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546638: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:04.546640: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546642: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546644: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546645: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:04.546647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:04.546649: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:04.546651: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:04.546653: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:04.546655: | prop #: 2 (02) Oct 31 15:25:04.546656: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:04.546658: | spi size: 0 (00) Oct 31 15:25:04.546660: | # transforms: 11 (0b) Oct 31 15:25:04.546662: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:04.546664: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:04.546666: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546667: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546669: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:04.546671: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:04.546672: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546674: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:04.546676: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:04.546678: | length/value: 128 (00 80) Oct 31 15:25:04.546679: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:04.546681: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546687: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546689: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.546691: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:04.546692: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546694: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546696: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546697: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546699: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546701: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.546702: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:04.546704: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546705: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546707: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546709: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:04.546711: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546712: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546716: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546718: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:04.546720: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546721: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546723: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546725: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546726: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546728: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546730: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:04.546731: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546733: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546735: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546736: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546739: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546741: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546744: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:04.546746: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546749: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546752: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546754: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546757: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546759: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546761: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:04.546764: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546769: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546772: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546775: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546777: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546780: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:04.546783: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546785: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546788: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546791: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546792: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546798: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546803: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:04.546807: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546814: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546817: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546820: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546822: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546825: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546827: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:04.546830: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546832: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546835: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546837: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546840: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:04.546843: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546845: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:04.546849: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546851: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546854: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546857: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:04.546859: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:04.546864: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:04.546866: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:04.546868: | prop #: 3 (03) Oct 31 15:25:04.546870: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:04.546872: | spi size: 0 (00) Oct 31 15:25:04.546873: | # transforms: 13 (0d) Oct 31 15:25:04.546875: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:04.546877: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:04.546879: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546880: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546882: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:04.546883: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:04.546885: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546887: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:04.546888: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:04.546890: | length/value: 256 (01 00) Oct 31 15:25:04.546892: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:04.546894: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546895: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546897: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.546898: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:04.546900: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546904: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546906: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546907: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546909: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.546910: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:04.546912: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546913: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546915: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546917: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546918: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546920: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:04.546921: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:04.546923: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546926: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546927: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546929: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546930: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:04.546932: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:04.546933: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546935: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546936: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546938: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546939: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546941: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546942: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:04.546944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546945: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546947: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546948: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546950: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546951: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546953: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:04.546954: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546956: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546957: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546959: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546960: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546962: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546964: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:04.546966: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546967: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546968: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546970: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546971: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546973: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546974: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:04.546976: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546977: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546979: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546980: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546982: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546983: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546985: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:04.546986: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546988: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.546989: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.546991: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.546992: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546994: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.546995: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:04.546997: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.546998: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547000: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547001: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547003: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547004: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547006: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:04.547007: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547009: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547010: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547012: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547013: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:04.547015: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547016: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:04.547018: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547020: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547022: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547023: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:04.547025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:04.547027: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:04.547029: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:04.547030: | prop #: 4 (04) Oct 31 15:25:04.547032: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:04.547034: | spi size: 0 (00) Oct 31 15:25:04.547035: | # transforms: 13 (0d) Oct 31 15:25:04.547037: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:04.547043: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:04.547045: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547048: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:04.547049: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:04.547051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547053: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:04.547054: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:04.547056: | length/value: 128 (00 80) Oct 31 15:25:04.547058: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:04.547059: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547061: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547062: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.547064: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:04.547065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547067: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547068: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547070: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547073: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:04.547074: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:04.547076: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547077: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547079: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547080: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547082: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547083: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:04.547085: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:04.547086: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547088: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547090: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547092: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547098: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547101: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:04.547103: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:04.547106: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547109: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547112: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547119: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547122: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547125: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547127: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:04.547130: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547133: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547136: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547139: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547144: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547145: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:04.547147: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547149: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547150: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547152: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547153: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547155: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547156: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:04.547158: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547159: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547161: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547162: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547164: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547165: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547167: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:04.547168: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547171: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547173: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547174: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547176: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547181: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:04.547186: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547188: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547191: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547193: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547196: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547214: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547221: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:04.547224: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547226: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547228: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547231: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547233: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547235: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547237: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:04.547240: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547242: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547244: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547247: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:04.547249: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:04.547251: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:04.547253: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:04.547256: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:04.547258: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:04.547261: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:04.547263: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:04.547265: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:04.547267: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:25:04.547270: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:04.547272: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:25:04.547274: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.547277: | flags: none (0x0) Oct 31 15:25:04.547279: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:04.547282: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:04.547284: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:04.547287: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:04.547290: | ikev2 g^x: Oct 31 15:25:04.547292: | 60 a9 7e ef f8 fd 44 7a 7b b3 48 e6 69 06 ff e7 Oct 31 15:25:04.547294: | 02 04 1d 78 ff 03 0d 51 ea 80 54 fb 41 96 e2 2a Oct 31 15:25:04.547296: | f3 bd 02 4c eb f6 a8 80 fa 78 bb 9c f5 db 03 25 Oct 31 15:25:04.547300: | 8c bb b7 d4 78 dd bc b3 27 7c 24 c8 6e d0 a7 b9 Oct 31 15:25:04.547302: | 15 2e e3 fd 2b 50 61 3e 0c 5e 44 f7 3a 20 62 79 Oct 31 15:25:04.547304: | 6f 46 47 d3 46 c2 6c 03 91 f1 7a 3d c2 a1 1a bd Oct 31 15:25:04.547306: | 1c d1 ce e6 25 bb be 0b da b4 09 ce 6b b9 7d cf Oct 31 15:25:04.547308: | 22 41 78 4d 66 ba 17 37 1e dd 5a 4f 99 e4 b2 99 Oct 31 15:25:04.547310: | eb 25 d1 25 67 9d 63 38 36 84 c5 40 02 5e 7b a9 Oct 31 15:25:04.547312: | c2 cf 23 86 67 36 76 63 cf ff 3f 2c 85 42 61 8f Oct 31 15:25:04.547314: | 41 eb 8c f6 05 d5 d7 2d 99 8a 8c 18 0a 51 7b da Oct 31 15:25:04.547316: | 86 e7 be 50 11 09 88 2b b7 a5 af 83 f4 ea c4 e0 Oct 31 15:25:04.547318: | 8c ef 1e 2b 9d 32 6f 18 f7 19 86 45 2c b1 2b 5f Oct 31 15:25:04.547320: | cf f5 64 38 9e 97 87 04 2d 5a eb 0e 1b 86 e9 7b Oct 31 15:25:04.547322: | c2 35 4c 2f a5 96 5e 83 93 b5 b2 78 38 58 b5 96 Oct 31 15:25:04.547324: | b1 2d a3 a8 ca a5 f6 68 59 77 34 c7 12 08 25 b7 Oct 31 15:25:04.547327: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:25:04.547329: | ***emit IKEv2 Nonce Payload: Oct 31 15:25:04.547332: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.547334: | flags: none (0x0) Oct 31 15:25:04.547337: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:04.547339: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:04.547342: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:04.547344: | IKEv2 nonce: Oct 31 15:25:04.547347: | 70 b6 a2 d1 41 41 9b 23 5c 48 45 84 36 59 88 83 Oct 31 15:25:04.547349: | 87 ab 30 c7 38 23 da 33 8b 20 44 5a d2 55 87 d5 Oct 31 15:25:04.547351: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:04.547354: | adding a v2N Payload Oct 31 15:25:04.547356: | ***emit IKEv2 Notify Payload: Oct 31 15:25:04.547359: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.547361: | flags: none (0x0) Oct 31 15:25:04.547364: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:04.547366: | SPI size: 0 (00) Oct 31 15:25:04.547369: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:04.547372: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:04.547375: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:04.547377: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:25:04.547380: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:25:04.547382: | nat: IKE.SPIr is zero Oct 31 15:25:04.547398: | natd_hash: hasher=0x55f63ae49f80(20) Oct 31 15:25:04.547400: | natd_hash: icookie= Oct 31 15:25:04.547402: | 5b d4 3d 38 d3 df c0 28 Oct 31 15:25:04.547403: | natd_hash: rcookie= Oct 31 15:25:04.547405: | 00 00 00 00 00 00 00 00 Oct 31 15:25:04.547406: | natd_hash: ip= Oct 31 15:25:04.547407: | c0 01 03 d1 Oct 31 15:25:04.547409: | natd_hash: port= Oct 31 15:25:04.547410: | 01 f4 Oct 31 15:25:04.547411: | natd_hash: hash= Oct 31 15:25:04.547413: | 1e 13 20 00 13 fe 64 c3 00 96 9b 82 97 6b a9 27 Oct 31 15:25:04.547414: | ad fb 16 35 Oct 31 15:25:04.547415: | adding a v2N Payload Oct 31 15:25:04.547417: | ***emit IKEv2 Notify Payload: Oct 31 15:25:04.547419: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.547420: | flags: none (0x0) Oct 31 15:25:04.547422: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:04.547423: | SPI size: 0 (00) Oct 31 15:25:04.547425: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:04.547427: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:04.547428: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:04.547432: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:04.547434: | Notify data: Oct 31 15:25:04.547435: | 1e 13 20 00 13 fe 64 c3 00 96 9b 82 97 6b a9 27 Oct 31 15:25:04.547436: | ad fb 16 35 Oct 31 15:25:04.547438: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:04.547440: | nat: IKE.SPIr is zero Oct 31 15:25:04.547444: | natd_hash: hasher=0x55f63ae49f80(20) Oct 31 15:25:04.547446: | natd_hash: icookie= Oct 31 15:25:04.547447: | 5b d4 3d 38 d3 df c0 28 Oct 31 15:25:04.547448: | natd_hash: rcookie= Oct 31 15:25:04.547450: | 00 00 00 00 00 00 00 00 Oct 31 15:25:04.547451: | natd_hash: ip= Oct 31 15:25:04.547452: | c0 01 02 17 Oct 31 15:25:04.547454: | natd_hash: port= Oct 31 15:25:04.547455: | 01 f4 Oct 31 15:25:04.547456: | natd_hash: hash= Oct 31 15:25:04.547458: | 98 a8 4d ae 8b 8a b4 90 84 1d eb 1c 94 bc e3 50 Oct 31 15:25:04.547459: | e7 33 d0 e1 Oct 31 15:25:04.547460: | adding a v2N Payload Oct 31 15:25:04.547462: | ***emit IKEv2 Notify Payload: Oct 31 15:25:04.547463: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:04.547465: | flags: none (0x0) Oct 31 15:25:04.547466: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:04.547468: | SPI size: 0 (00) Oct 31 15:25:04.547469: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:04.547471: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:04.547473: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:04.547474: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:04.547476: | Notify data: Oct 31 15:25:04.547477: | 98 a8 4d ae 8b 8a b4 90 84 1d eb 1c 94 bc e3 50 Oct 31 15:25:04.547478: | e7 33 d0 e1 Oct 31 15:25:04.547480: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:04.547481: | emitting length of ISAKMP Message: 828 Oct 31 15:25:04.547487: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:04.547490: | #4 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:25:04.547492: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:25:04.547494: | Message ID: updating counters for #4 Oct 31 15:25:04.547496: | Message ID: IKE #4 skipping update_recv as MD is fake Oct 31 15:25:04.547500: | Message ID: IKE #4 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744578.977082 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744578.977082 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:04.547504: "westnet-eastnet-ipv4-psk-ikev2" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:25:04.547506: | event_schedule: newref EVENT_RETRANSMIT-pe@0x55f63c800a98 Oct 31 15:25:04.547508: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 Oct 31 15:25:04.547510: | libevent_malloc: newref ptr-libevent@0x55f63c7ffc18 size 128 Oct 31 15:25:04.547513: | #4 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744578.980302 Oct 31 15:25:04.547517: | Message ID: IKE #4 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744578.977082 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744578.977082 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:04.547521: | Message ID: IKE #4 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744578.977082 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744578.977082 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:04.547524: | parent state #4: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:25:04.547527: | announcing the state transition Oct 31 15:25:04.547529: "westnet-eastnet-ipv4-psk-ikev2" #4: sent IKE_SA_INIT request Oct 31 15:25:04.547534: | sending 828 bytes for STATE_PARENT_I0 through eth0 from 192.1.3.209:500 to 192.1.2.23:500 using UDP (for #4) Oct 31 15:25:04.547536: | 5b d4 3d 38 d3 df c0 28 00 00 00 00 00 00 00 00 Oct 31 15:25:04.547537: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Oct 31 15:25:04.547538: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:04.547540: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:04.547541: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:04.547543: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:04.547544: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:04.547545: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:04.547547: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:04.547548: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:04.547549: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:04.547551: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:04.547552: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:04.547553: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:04.547555: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:04.547556: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:04.547557: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:04.547559: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:04.547560: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:04.547561: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:04.547563: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:04.547564: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:04.547565: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:04.547567: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:04.547568: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:04.547570: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:04.547571: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:04.547572: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:04.547574: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:04.547575: | 28 00 01 08 00 0e 00 00 60 a9 7e ef f8 fd 44 7a Oct 31 15:25:04.547576: | 7b b3 48 e6 69 06 ff e7 02 04 1d 78 ff 03 0d 51 Oct 31 15:25:04.547578: | ea 80 54 fb 41 96 e2 2a f3 bd 02 4c eb f6 a8 80 Oct 31 15:25:04.547579: | fa 78 bb 9c f5 db 03 25 8c bb b7 d4 78 dd bc b3 Oct 31 15:25:04.547580: | 27 7c 24 c8 6e d0 a7 b9 15 2e e3 fd 2b 50 61 3e Oct 31 15:25:04.547582: | 0c 5e 44 f7 3a 20 62 79 6f 46 47 d3 46 c2 6c 03 Oct 31 15:25:04.547583: | 91 f1 7a 3d c2 a1 1a bd 1c d1 ce e6 25 bb be 0b Oct 31 15:25:04.547585: | da b4 09 ce 6b b9 7d cf 22 41 78 4d 66 ba 17 37 Oct 31 15:25:04.547586: | 1e dd 5a 4f 99 e4 b2 99 eb 25 d1 25 67 9d 63 38 Oct 31 15:25:04.547587: | 36 84 c5 40 02 5e 7b a9 c2 cf 23 86 67 36 76 63 Oct 31 15:25:04.547589: | cf ff 3f 2c 85 42 61 8f 41 eb 8c f6 05 d5 d7 2d Oct 31 15:25:04.547590: | 99 8a 8c 18 0a 51 7b da 86 e7 be 50 11 09 88 2b Oct 31 15:25:04.547591: | b7 a5 af 83 f4 ea c4 e0 8c ef 1e 2b 9d 32 6f 18 Oct 31 15:25:04.547593: | f7 19 86 45 2c b1 2b 5f cf f5 64 38 9e 97 87 04 Oct 31 15:25:04.547594: | 2d 5a eb 0e 1b 86 e9 7b c2 35 4c 2f a5 96 5e 83 Oct 31 15:25:04.547595: | 93 b5 b2 78 38 58 b5 96 b1 2d a3 a8 ca a5 f6 68 Oct 31 15:25:04.547597: | 59 77 34 c7 12 08 25 b7 29 00 00 24 70 b6 a2 d1 Oct 31 15:25:04.547598: | 41 41 9b 23 5c 48 45 84 36 59 88 83 87 ab 30 c7 Oct 31 15:25:04.547599: | 38 23 da 33 8b 20 44 5a d2 55 87 d5 29 00 00 08 Oct 31 15:25:04.547602: | 00 00 40 2e 29 00 00 1c 00 00 40 04 1e 13 20 00 Oct 31 15:25:04.547603: | 13 fe 64 c3 00 96 9b 82 97 6b a9 27 ad fb 16 35 Oct 31 15:25:04.547604: | 00 00 00 1c 00 00 40 05 98 a8 4d ae 8b 8a b4 90 Oct 31 15:25:04.547606: | 84 1d eb 1c 94 bc e3 50 e7 33 d0 e1 Oct 31 15:25:04.547654: | sent 1 messages Oct 31 15:25:04.547657: | checking that a retransmit timeout_event was already Oct 31 15:25:04.547658: | state #4 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:04.547661: | libevent_free: delref ptr-libevent@0x55f63c7ffad8 Oct 31 15:25:04.547663: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x55f63c766f98 Oct 31 15:25:04.547666: | delref logger@0x55f63c7fbb78(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:04.547668: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:04.547669: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:04.547671: | resume sending helper answer back to state for #4 suppresed complete_v2_state_transition() Oct 31 15:25:04.547673: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:04.547678: | #4 spent 1.19 (1.25) milliseconds in resume sending helper answer back to state Oct 31 15:25:04.547682: | stop processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:04.547683: | libevent_free: delref ptr-libevent@0x7fb410006108 Oct 31 15:25:05.111643: | newref struct fd@0x55f63c7f9a78(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:05.111654: | fd_accept: new fd-fd@0x55f63c7f9a78 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:05.111665: shutting down Oct 31 15:25:05.111672: | leaking fd-fd@0x55f63c7f9a78's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:05.111675: | delref fd@0x55f63c7f9a78(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:05.111678: | freeref fd-fd@0x55f63c7f9a78 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:05.111693: | shutting down helper thread 2 Oct 31 15:25:05.111704: | helper thread 2 exited Oct 31 15:25:05.111749: | shutting down helper thread 6 Oct 31 15:25:05.111789: | helper thread 6 exited Oct 31 15:25:05.111802: | shutting down helper thread 7 Oct 31 15:25:05.111810: | helper thread 7 exited Oct 31 15:25:05.111822: | shutting down helper thread 1 Oct 31 15:25:05.111857: | helper thread 1 exited Oct 31 15:25:05.111866: | shutting down helper thread 3 Oct 31 15:25:05.111873: | helper thread 3 exited Oct 31 15:25:05.111905: | shutting down helper thread 4 Oct 31 15:25:05.111912: | helper thread 4 exited Oct 31 15:25:05.111919: | shutting down helper thread 5 Oct 31 15:25:05.111926: | helper thread 5 exited Oct 31 15:25:05.111930: 7 helper threads shutdown Oct 31 15:25:05.111933: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:05.111936: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:05.111938: forgetting secrets Oct 31 15:25:05.111942: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:05.111946: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:25:05.111947: | removing pending policy for no connection {0x55f63c804718} Oct 31 15:25:05.111949: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:05.111951: | pass 0 Oct 31 15:25:05.111952: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:05.111954: | state #4 Oct 31 15:25:05.111959: | start processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:05.111961: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:05.111963: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:05.111964: | pstats #4 ikev2.ike deleted other Oct 31 15:25:05.111968: | #4 main thread spent 1.33 (1.38) milliseconds helper thread spent 1.92 (1.95) milliseconds in total Oct 31 15:25:05.111973: | [RE]START processing: state #4 connection "westnet-eastnet-ipv4-psk-ikev2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:05.111975: | should_send_delete: no, not established Oct 31 15:25:05.111979: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting state (STATE_PARENT_I1) aged 0.567717s and NOT sending notification Oct 31 15:25:05.111981: | parent state #4: PARENT_I1(half-open IKE SA) => delete Oct 31 15:25:05.111984: | unsuspending #4 MD (nil) Oct 31 15:25:05.111985: | should_send_delete: no, not established Oct 31 15:25:05.111987: | state #4 has no .st_event to delete Oct 31 15:25:05.111989: | #4 requesting EVENT_RETRANSMIT-pe@0x55f63c800a98 be deleted Oct 31 15:25:05.111992: | libevent_free: delref ptr-libevent@0x55f63c7ffc18 Oct 31 15:25:05.111993: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x55f63c800a98 Oct 31 15:25:05.111995: | #4 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:05.111998: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:05.112000: | picked newest_isakmp_sa #0 for #4 Oct 31 15:25:05.112002: "westnet-eastnet-ipv4-psk-ikev2" #4: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:05.112004: | add revival: connection 'westnet-eastnet-ipv4-psk-ikev2' added to the list and scheduled for 5 seconds Oct 31 15:25:05.112006: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Oct 31 15:25:05.112010: | in connection_discard for connection westnet-eastnet-ipv4-psk-ikev2 Oct 31 15:25:05.112011: | State DB: deleting IKEv2 state #4 in PARENT_I1 Oct 31 15:25:05.112014: | parent state #4: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Oct 31 15:25:05.112016: | releasing #4's fd-fd@(nil) because deleting state Oct 31 15:25:05.112017: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:05.112019: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:05.112021: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:05.112034: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:05.112038: | delref logger@0x55f63c7f9ab8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:05.112039: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:05.112041: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:05.112042: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:05.112044: | pass 1 Oct 31 15:25:05.112045: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:05.112050: | shunt_eroute() called for connection 'westnet-eastnet-ipv4-psk-ikev2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.1.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:05.112053: | netlink_shunt_eroute for proto 0, and source 192.0.1.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:05.112055: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:05.112326: | priority calculation of connection "westnet-eastnet-ipv4-psk-ikev2" is 2084814 (0x1fcfce) Oct 31 15:25:05.112340: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:05.112342: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:05.112344: | conn westnet-eastnet-ipv4-psk-ikev2 mark 0/00000000, 0/00000000 Oct 31 15:25:05.112346: | route owner of "westnet-eastnet-ipv4-psk-ikev2" unrouted: NULL Oct 31 15:25:05.112348: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:05.112349: | command executing unroute-client Oct 31 15:25:05.112368: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=... Oct 31 15:25:05.112381: | popen cmd is 1084 chars long Oct 31 15:25:05.112384: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: Oct 31 15:25:05.112387: | cmd( 80):t-ipv4-psk-ikev2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth0' PLUTO_XFRMI: Oct 31 15:25:05.112389: | cmd( 160):_ROUTE='' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.209' PLUTO_MY_ID='192.1: Oct 31 15:25:05.112392: | cmd( 240):.3.209' PLUTO_MY_CLIENT='192.0.1.0/24' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_: Oct 31 15:25:05.112394: | cmd( 320):CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQ: Oct 31 15:25:05.112397: | cmd( 400):ID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PL: Oct 31 15:25:05.112399: | cmd( 480):UTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIE: Oct 31 15:25:05.112402: | cmd( 560):NT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_C: Oct 31 15:25:05.112404: | cmd( 640):A='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: Oct 31 15:25:05.112407: | cmd( 720):PFS+UP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_C: Oct 31 15:25:05.112409: | cmd( 800):ONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO: Oct 31 15:25:05.112412: | cmd( 880):='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CF: Oct 31 15:25:05.112415: | cmd( 960):G_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='n: Oct 31 15:25:05.112417: | cmd(1040):o' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:05.124050: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124073: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124077: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124081: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124095: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124105: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124123: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124136: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124148: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124161: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124172: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124187: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124220: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124225: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124229: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124242: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124256: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124585: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124592: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124605: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124618: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124634: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124647: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124661: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124675: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124689: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.124704: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:05.128890: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:05.128907: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:05.128914: | newref clone logger@0x55f63c7fbc28(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:05.128920: | delref hp@0x55f63c7fb968(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:05.128924: | flush revival: connection 'westnet-eastnet-ipv4-psk-ikev2' revival flushed Oct 31 15:25:05.128928: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:05.128931: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:05.128945: | Connection DB: deleting connection $1 Oct 31 15:25:05.128950: | delref logger@0x55f63c7fbc28(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:05.128958: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:05.128960: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:05.128962: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:05.128964: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:05.128969: | iface: marking eth0 dead Oct 31 15:25:05.128971: | iface: marking lo dead Oct 31 15:25:05.128972: | updating interfaces - listing interfaces that are going down Oct 31 15:25:05.128977: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:05.128980: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:05.128982: shutting down interface eth0 192.1.3.209:4500 Oct 31 15:25:05.128984: shutting down interface eth0 192.1.3.209:500 Oct 31 15:25:05.128986: | updating interfaces - deleting the dead Oct 31 15:25:05.128990: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:05.128999: | libevent_free: delref ptr-libevent@0x55f63c7f4f58 Oct 31 15:25:05.129005: | delref id@0x55f63c7f8fd8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:05.129016: | libevent_free: delref ptr-libevent@0x55f63c7ca0b8 Oct 31 15:25:05.129020: | delref id@0x55f63c7f8fd8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:05.129032: | libevent_free: delref ptr-libevent@0x55f63c7c41d8 Oct 31 15:25:05.129036: | delref id@0x55f63c7f8ea8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:05.129043: | libevent_free: delref ptr-libevent@0x55f63c7c3d08 Oct 31 15:25:05.129047: | delref id@0x55f63c7f8ea8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:05.129054: | delref id@0x55f63c7f8ea8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:05.129059: | delref id@0x55f63c7f8fd8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:05.129062: | updating interfaces - checking orientation Oct 31 15:25:05.129064: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:05.131127: | libevent_free: delref ptr-libevent@0x55f63c7f5008 Oct 31 15:25:05.131142: | free_event_entry: delref EVENT_NULL-pe@0x55f63c7f8448 Oct 31 15:25:05.131148: | libevent_free: delref ptr-libevent@0x55f63c7c9fb8 Oct 31 15:25:05.131150: | free_event_entry: delref EVENT_NULL-pe@0x55f63c7f4ee8 Oct 31 15:25:05.131153: | libevent_free: delref ptr-libevent@0x55f63c7c8b98 Oct 31 15:25:05.131155: | free_event_entry: delref EVENT_NULL-pe@0x55f63c7f14d8 Oct 31 15:25:05.131157: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:05.131158: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:05.131160: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:05.131161: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:05.131163: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:05.131167: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:05.131168: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:05.131170: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:05.131171: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:05.131174: | libevent_free: delref ptr-libevent@0x55f63c76b9b8 Oct 31 15:25:05.131176: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:05.131178: | libevent_free: delref ptr-libevent@0x55f63c76b7e8 Oct 31 15:25:05.131179: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:05.131181: | libevent_free: delref ptr-libevent@0x55f63c7f8668 Oct 31 15:25:05.131182: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:05.131184: | libevent_free: delref ptr-libevent@0x55f63c7f88a8 Oct 31 15:25:05.131186: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:05.131187: | releasing event base Oct 31 15:25:05.131219: | libevent_free: delref ptr-libevent@0x55f63c7f8778 Oct 31 15:25:05.131224: | libevent_free: delref ptr-libevent@0x55f63c7e7b78 Oct 31 15:25:05.131227: | libevent_free: delref ptr-libevent@0x55f63c7e7b28 Oct 31 15:25:05.131228: | libevent_free: delref ptr-libevent@0x55f63c767008 Oct 31 15:25:05.131230: | libevent_free: delref ptr-libevent@0x55f63c7e7d28 Oct 31 15:25:05.131232: | libevent_free: delref ptr-libevent@0x55f63c7ebf48 Oct 31 15:25:05.131234: | libevent_free: delref ptr-libevent@0x55f63c7ebd58 Oct 31 15:25:05.131235: | libevent_free: delref ptr-libevent@0x55f63c7e7d68 Oct 31 15:25:05.131236: | libevent_free: delref ptr-libevent@0x55f63c7ebb68 Oct 31 15:25:05.131238: | libevent_free: delref ptr-libevent@0x55f63c7eb528 Oct 31 15:25:05.131239: | libevent_free: delref ptr-libevent@0x55f63c7f98a8 Oct 31 15:25:05.131241: | libevent_free: delref ptr-libevent@0x55f63c7f9868 Oct 31 15:25:05.131242: | libevent_free: delref ptr-libevent@0x55f63c7f9828 Oct 31 15:25:05.131243: | libevent_free: delref ptr-libevent@0x55f63c7f97e8 Oct 31 15:25:05.131245: | libevent_free: delref ptr-libevent@0x55f63c7da728 Oct 31 15:25:05.131246: | libevent_free: delref ptr-libevent@0x55f63c7f8628 Oct 31 15:25:05.131247: | libevent_free: delref ptr-libevent@0x55f63c7f85e8 Oct 31 15:25:05.131249: | libevent_free: delref ptr-libevent@0x55f63c7ebba8 Oct 31 15:25:05.131250: | libevent_free: delref ptr-libevent@0x55f63c7f8738 Oct 31 15:25:05.131252: | libevent_free: delref ptr-libevent@0x55f63c7f84b8 Oct 31 15:25:05.131253: | libevent_free: delref ptr-libevent@0x55f63c7c3a88 Oct 31 15:25:05.131255: | libevent_free: delref ptr-libevent@0x55f63c7c2448 Oct 31 15:25:05.131256: | libevent_free: delref ptr-libevent@0x55f63c7e0ae8 Oct 31 15:25:05.131258: | releasing global libevent data Oct 31 15:25:05.131259: | libevent_free: delref ptr-libevent@0x55f63c7c4328 Oct 31 15:25:05.131261: | libevent_free: delref ptr-libevent@0x55f63c7c9b08 Oct 31 15:25:05.131263: | libevent_free: delref ptr-libevent@0x55f63c7c3b08 Oct 31 15:25:05.131296: leak detective found no leaks