Oct 31 15:25:06.634902: | newref logger@0x563af95febb8(0->1) (in main() at plutomain.c:1591) Oct 31 15:25:06.634957: | delref logger@0x563af95febb8(1->0) (in main() at plutomain.c:1592) Oct 31 15:25:06.634965: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:06.634970: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:06.634976: NSS DB directory: sql:/var/lib/ipsec/nss Oct 31 15:25:06.635131: Initializing NSS Oct 31 15:25:06.635138: Opening NSS database "sql:/var/lib/ipsec/nss" read-only Oct 31 15:25:06.680035: FIPS Mode: NO Oct 31 15:25:06.680048: NSS crypto library initialized Oct 31 15:25:06.680086: FIPS mode disabled for pluto daemon Oct 31 15:25:06.680090: FIPS HMAC integrity support [disabled] Oct 31 15:25:06.680167: libcap-ng support [enabled] Oct 31 15:25:06.680179: Linux audit support [enabled] Oct 31 15:25:06.680217: Linux audit activated Oct 31 15:25:06.680228: Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2164090 Oct 31 15:25:06.680231: core dump dir: /tmp Oct 31 15:25:06.680234: secrets file: /etc/ipsec.secrets Oct 31 15:25:06.680236: leak-detective enabled Oct 31 15:25:06.680239: NSS crypto [enabled] Oct 31 15:25:06.680241: XAUTH PAM support [enabled] Oct 31 15:25:06.680328: | libevent is using pluto's memory allocator Oct 31 15:25:06.680400: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Oct 31 15:25:06.680416: | libevent_malloc: newref ptr-libevent@0x563af9682088 size 40 Oct 31 15:25:06.680423: | libevent_malloc: newref ptr-libevent@0x563af9611478 size 40 Oct 31 15:25:06.680426: | libevent_malloc: newref ptr-libevent@0x563af9682568 size 40 Oct 31 15:25:06.680429: | creating event base Oct 31 15:25:06.680432: | libevent_malloc: newref ptr-libevent@0x563af9682868 size 56 Oct 31 15:25:06.680435: | libevent_malloc: newref ptr-libevent@0x563af9678d68 size 664 Oct 31 15:25:06.680447: | libevent_malloc: newref ptr-libevent@0x563af96af6f8 size 24 Oct 31 15:25:06.680450: | libevent_malloc: newref ptr-libevent@0x563af96af748 size 384 Oct 31 15:25:06.680462: | libevent_malloc: newref ptr-libevent@0x563af96af8f8 size 16 Oct 31 15:25:06.680464: | libevent_malloc: newref ptr-libevent@0x563af96824e8 size 40 Oct 31 15:25:06.680468: | libevent_malloc: newref ptr-libevent@0x563af9681d48 size 48 Oct 31 15:25:06.680474: | libevent_realloc: newref ptr-libevent@0x563af96a5ec8 size 256 Oct 31 15:25:06.680477: | libevent_malloc: newref ptr-libevent@0x563af96af938 size 16 Oct 31 15:25:06.680547: | libevent_free: delref ptr-libevent@0x563af9682868 Oct 31 15:25:06.680553: | libevent initialized Oct 31 15:25:06.680560: | libevent_realloc: newref ptr-libevent@0x563af9682868 size 64 Oct 31 15:25:06.680564: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Oct 31 15:25:06.680571: | init_nat_traversal() initialized with keep_alive=0s Oct 31 15:25:06.680573: NAT-Traversal support [enabled] Oct 31 15:25:06.680576: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Oct 31 15:25:06.680581: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Oct 31 15:25:06.680589: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Oct 31 15:25:06.680608: | checking IKEv1 state table Oct 31 15:25:06.680618: | MAIN_R0: category: half-open IKE SA; flags: 0: Oct 31 15:25:06.680621: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) Oct 31 15:25:06.680626: | MAIN_I1: category: half-open IKE SA; flags: 0: Oct 31 15:25:06.680628: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) Oct 31 15:25:06.680631: | MAIN_R1: category: open IKE SA; flags: 0: Oct 31 15:25:06.680634: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) Oct 31 15:25:06.680636: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:06.680639: | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:06.680641: | MAIN_I2: category: open IKE SA; flags: 0: Oct 31 15:25:06.680650: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) Oct 31 15:25:06.680653: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:06.680655: | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) Oct 31 15:25:06.680658: | MAIN_R2: category: open IKE SA; flags: 0: Oct 31 15:25:06.680660: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:25:06.680662: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) Oct 31 15:25:06.680665: | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) Oct 31 15:25:06.680668: | MAIN_I3: category: open IKE SA; flags: 0: Oct 31 15:25:06.680670: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:25:06.680672: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) Oct 31 15:25:06.680674: | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) Oct 31 15:25:06.680677: | MAIN_R3: category: established IKE SA; flags: 0: Oct 31 15:25:06.680680: | -> MAIN_R3 EVENT_NULL (unexpected) Oct 31 15:25:06.680683: | MAIN_I4: category: established IKE SA; flags: 0: Oct 31 15:25:06.680685: | -> MAIN_I4 EVENT_NULL (unexpected) Oct 31 15:25:06.680688: | AGGR_R0: category: half-open IKE SA; flags: 0: Oct 31 15:25:06.680690: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) Oct 31 15:25:06.680693: | AGGR_I1: category: half-open IKE SA; flags: 0: Oct 31 15:25:06.680695: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:25:06.680697: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) Oct 31 15:25:06.680701: | AGGR_R1: category: open IKE SA; flags: 0: Oct 31 15:25:06.680703: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:25:06.680705: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) Oct 31 15:25:06.680708: | AGGR_I2: category: established IKE SA; flags: 0: Oct 31 15:25:06.680710: | -> AGGR_I2 EVENT_NULL (unexpected) Oct 31 15:25:06.680713: | AGGR_R2: category: established IKE SA; flags: 0: Oct 31 15:25:06.680716: | -> AGGR_R2 EVENT_NULL (unexpected) Oct 31 15:25:06.680719: | QUICK_R0: category: established CHILD SA; flags: 0: Oct 31 15:25:06.680721: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) Oct 31 15:25:06.680724: | QUICK_I1: category: established CHILD SA; flags: 0: Oct 31 15:25:06.680726: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) Oct 31 15:25:06.680793: | QUICK_R1: category: established CHILD SA; flags: 0: Oct 31 15:25:06.680797: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) Oct 31 15:25:06.680801: | QUICK_I2: category: established CHILD SA; flags: 0: Oct 31 15:25:06.680804: | -> QUICK_I2 EVENT_NULL (unexpected) Oct 31 15:25:06.680807: | QUICK_R2: category: established CHILD SA; flags: 0: Oct 31 15:25:06.680809: | -> QUICK_R2 EVENT_NULL (unexpected) Oct 31 15:25:06.680812: | INFO: category: informational; flags: 0: Oct 31 15:25:06.680815: | -> INFO EVENT_NULL (informational) Oct 31 15:25:06.680818: | INFO_PROTECTED: category: informational; flags: 0: Oct 31 15:25:06.680820: | -> INFO_PROTECTED EVENT_NULL (informational) Oct 31 15:25:06.680823: | XAUTH_R0: category: established IKE SA; flags: 0: Oct 31 15:25:06.680826: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) Oct 31 15:25:06.680829: | XAUTH_R1: category: established IKE SA; flags: 0: Oct 31 15:25:06.680831: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) Oct 31 15:25:06.680834: | MODE_CFG_R0: category: informational; flags: 0: Oct 31 15:25:06.680837: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) Oct 31 15:25:06.680840: | MODE_CFG_R1: category: established IKE SA; flags: 0: Oct 31 15:25:06.680842: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:25:06.680845: | MODE_CFG_R2: category: established IKE SA; flags: 0: Oct 31 15:25:06.680848: | -> MODE_CFG_R2 EVENT_NULL (unexpected) Oct 31 15:25:06.680851: | MODE_CFG_I1: category: established IKE SA; flags: 0: Oct 31 15:25:06.680853: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) Oct 31 15:25:06.680856: | XAUTH_I0: category: established IKE SA; flags: 0: Oct 31 15:25:06.680858: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) Oct 31 15:25:06.680865: | XAUTH_I1: category: established IKE SA; flags: 0: Oct 31 15:25:06.680867: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) Oct 31 15:25:06.680874: | checking IKEv2 state table Oct 31 15:25:06.680878: | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: Oct 31 15:25:06.680881: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Oct 31 15:25:06.680886: | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:25:06.680888: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Oct 31 15:25:06.681090: | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: Oct 31 15:25:06.681096: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Oct 31 15:25:06.681099: | PARENT_I0: category: ignore; flags: 0: Oct 31 15:25:06.681102: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Oct 31 15:25:06.681105: | PARENT_I1: category: half-open IKE SA; flags: 0: Oct 31 15:25:06.681107: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) Oct 31 15:25:06.681115: | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) Oct 31 15:25:06.681118: | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) Oct 31 15:25:06.681121: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:25:06.681124: | PARENT_I2: category: open IKE SA; flags: 0: Oct 31 15:25:06.681127: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) Oct 31 15:25:06.681129: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Oct 31 15:25:06.681132: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Oct 31 15:25:06.681134: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Oct 31 15:25:06.681137: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Oct 31 15:25:06.681140: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Oct 31 15:25:06.681143: | PARENT_R0: category: half-open IKE SA; flags: 0: Oct 31 15:25:06.681145: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) Oct 31 15:25:06.681148: | PARENT_R1: category: half-open IKE SA; flags: 0: Oct 31 15:25:06.681151: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) Oct 31 15:25:06.681153: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) Oct 31 15:25:06.681156: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) Oct 31 15:25:06.681158: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) Oct 31 15:25:06.681161: | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: Oct 31 15:25:06.681164: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) Oct 31 15:25:06.681167: | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: Oct 31 15:25:06.681169: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Oct 31 15:25:06.681172: | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: Oct 31 15:25:06.681175: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Oct 31 15:25:06.681178: | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:25:06.681181: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) Oct 31 15:25:06.681184: | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: Oct 31 15:25:06.681189: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) Oct 31 15:25:06.681193: | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: Oct 31 15:25:06.681195: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) Oct 31 15:25:06.681202: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) Oct 31 15:25:06.681209: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) Oct 31 15:25:06.681211: | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) Oct 31 15:25:06.681214: | IKESA_DEL: category: established IKE SA; flags: 0: Oct 31 15:25:06.681216: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:25:06.681219: | CHILDSA_DEL: category: informational; flags: 0: Oct 31 15:25:06.681221: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Oct 31 15:25:06.681225: | global one-shot timer EVENT_REVIVE_CONNS initialized Oct 31 15:25:06.681229: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Oct 31 15:25:06.681232: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Oct 31 15:25:06.681474: Encryption algorithms: Oct 31 15:25:06.681485: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Oct 31 15:25:06.681491: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Oct 31 15:25:06.681497: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Oct 31 15:25:06.681502: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Oct 31 15:25:06.681508: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Oct 31 15:25:06.681513: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Oct 31 15:25:06.681520: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Oct 31 15:25:06.681588: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Oct 31 15:25:06.681595: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Oct 31 15:25:06.681601: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Oct 31 15:25:06.681606: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Oct 31 15:25:06.681612: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Oct 31 15:25:06.681616: NULL [] IKEv1: ESP IKEv2: ESP Oct 31 15:25:06.681622: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Oct 31 15:25:06.681624: Hash algorithms: Oct 31 15:25:06.681628: MD5 IKEv1: IKE IKEv2: NSS Oct 31 15:25:06.681633: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Oct 31 15:25:06.681637: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Oct 31 15:25:06.681642: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Oct 31 15:25:06.681646: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Oct 31 15:25:06.681648: PRF algorithms: Oct 31 15:25:06.681653: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Oct 31 15:25:06.681657: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Oct 31 15:25:06.681662: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Oct 31 15:25:06.681670: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Oct 31 15:25:06.681675: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Oct 31 15:25:06.681679: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Oct 31 15:25:06.681682: Integrity algorithms: Oct 31 15:25:06.681687: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Oct 31 15:25:06.681692: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Oct 31 15:25:06.681698: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Oct 31 15:25:06.681704: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Oct 31 15:25:06.681710: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Oct 31 15:25:06.681714: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Oct 31 15:25:06.681720: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Oct 31 15:25:06.681724: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Oct 31 15:25:06.681728: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Oct 31 15:25:06.681731: DH algorithms: Oct 31 15:25:06.681735: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Oct 31 15:25:06.681740: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Oct 31 15:25:06.681744: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Oct 31 15:25:06.681748: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Oct 31 15:25:06.681752: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Oct 31 15:25:06.681756: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Oct 31 15:25:06.681761: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Oct 31 15:25:06.681830: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Oct 31 15:25:06.681837: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Oct 31 15:25:06.681842: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Oct 31 15:25:06.681845: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Oct 31 15:25:06.681848: testing CAMELLIA_CBC: Oct 31 15:25:06.681851: Camellia: 16 bytes with 128-bit key Oct 31 15:25:06.681946: Camellia: 16 bytes with 128-bit key Oct 31 15:25:06.681987: Camellia: 16 bytes with 256-bit key Oct 31 15:25:06.682025: Camellia: 16 bytes with 256-bit key Oct 31 15:25:06.682063: testing AES_GCM_16: Oct 31 15:25:06.682067: empty string Oct 31 15:25:06.682101: one block Oct 31 15:25:06.682134: two blocks Oct 31 15:25:06.682168: two blocks with associated data Oct 31 15:25:06.682207: testing AES_CTR: Oct 31 15:25:06.682214: Encrypting 16 octets using AES-CTR with 128-bit key Oct 31 15:25:06.682250: Encrypting 32 octets using AES-CTR with 128-bit key Oct 31 15:25:06.682289: Encrypting 36 octets using AES-CTR with 128-bit key Oct 31 15:25:06.682328: Encrypting 16 octets using AES-CTR with 192-bit key Oct 31 15:25:06.682366: Encrypting 32 octets using AES-CTR with 192-bit key Oct 31 15:25:06.682405: Encrypting 36 octets using AES-CTR with 192-bit key Oct 31 15:25:06.682514: Encrypting 16 octets using AES-CTR with 256-bit key Oct 31 15:25:06.682554: Encrypting 32 octets using AES-CTR with 256-bit key Oct 31 15:25:06.682601: Encrypting 36 octets using AES-CTR with 256-bit key Oct 31 15:25:06.682642: testing AES_CBC: Oct 31 15:25:06.682646: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Oct 31 15:25:06.682682: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Oct 31 15:25:06.682725: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Oct 31 15:25:06.682767: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Oct 31 15:25:06.682885: testing AES_XCBC: Oct 31 15:25:06.682891: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Oct 31 15:25:06.683027: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Oct 31 15:25:06.683167: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Oct 31 15:25:06.683307: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Oct 31 15:25:06.683458: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Oct 31 15:25:06.683597: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Oct 31 15:25:06.683733: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Oct 31 15:25:06.684013: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Oct 31 15:25:06.684155: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Oct 31 15:25:06.684312: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Oct 31 15:25:06.684564: testing HMAC_MD5: Oct 31 15:25:06.684569: RFC 2104: MD5_HMAC test 1 Oct 31 15:25:06.684751: RFC 2104: MD5_HMAC test 2 Oct 31 15:25:06.684913: RFC 2104: MD5_HMAC test 3 Oct 31 15:25:06.685104: 8 CPU cores online Oct 31 15:25:06.685109: starting up 7 helper threads Oct 31 15:25:06.685147: started thread for helper 0 Oct 31 15:25:06.685158: | starting helper thread 1 Oct 31 15:25:06.685165: seccomp security disabled for crypto helper 1 Oct 31 15:25:06.685168: started thread for helper 1 Oct 31 15:25:06.685171: | status value returned by setting the priority of this helper thread 1: 22 Oct 31 15:25:06.685176: | starting helper thread 2 Oct 31 15:25:06.685178: | helper thread 1 has nothing to do Oct 31 15:25:06.685186: seccomp security disabled for crypto helper 2 Oct 31 15:25:06.685196: started thread for helper 2 Oct 31 15:25:06.685202: | status value returned by setting the priority of this helper thread 2: 22 Oct 31 15:25:06.685215: | helper thread 2 has nothing to do Oct 31 15:25:06.685231: started thread for helper 3 Oct 31 15:25:06.685236: | starting helper thread 4 Oct 31 15:25:06.685239: seccomp security disabled for crypto helper 4 Oct 31 15:25:06.685243: | status value returned by setting the priority of this helper thread 4: 22 Oct 31 15:25:06.685246: | helper thread 4 has nothing to do Oct 31 15:25:06.685251: | starting helper thread 3 Oct 31 15:25:06.685259: | starting helper thread 5 Oct 31 15:25:06.685261: seccomp security disabled for crypto helper 3 Oct 31 15:25:06.685252: started thread for helper 4 Oct 31 15:25:06.685273: | status value returned by setting the priority of this helper thread 3: 22 Oct 31 15:25:06.685283: | helper thread 3 has nothing to do Oct 31 15:25:06.685299: started thread for helper 5 Oct 31 15:25:06.685304: | starting helper thread 6 Oct 31 15:25:06.685307: seccomp security disabled for crypto helper 6 Oct 31 15:25:06.685310: | status value returned by setting the priority of this helper thread 6: 22 Oct 31 15:25:06.685313: | helper thread 6 has nothing to do Oct 31 15:25:06.685267: seccomp security disabled for crypto helper 5 Oct 31 15:25:06.685324: | starting helper thread 7 Oct 31 15:25:06.685320: started thread for helper 6 Oct 31 15:25:06.685327: seccomp security disabled for crypto helper 7 Oct 31 15:25:06.685327: | status value returned by setting the priority of this helper thread 5: 22 Oct 31 15:25:06.685338: | status value returned by setting the priority of this helper thread 7: 22 Oct 31 15:25:06.685349: | helper thread 5 has nothing to do Oct 31 15:25:06.685350: Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 Oct 31 15:25:06.685363: | helper thread 7 has nothing to do Oct 31 15:25:06.685420: | Hard-wiring algorithms Oct 31 15:25:06.685424: | adding AES_CCM_16 to kernel algorithm db Oct 31 15:25:06.685431: | adding AES_CCM_12 to kernel algorithm db Oct 31 15:25:06.685434: | adding AES_CCM_8 to kernel algorithm db Oct 31 15:25:06.685437: | adding 3DES_CBC to kernel algorithm db Oct 31 15:25:06.685440: | adding CAMELLIA_CBC to kernel algorithm db Oct 31 15:25:06.685442: | adding AES_GCM_16 to kernel algorithm db Oct 31 15:25:06.685445: | adding AES_GCM_12 to kernel algorithm db Oct 31 15:25:06.685447: | adding AES_GCM_8 to kernel algorithm db Oct 31 15:25:06.685450: | adding AES_CTR to kernel algorithm db Oct 31 15:25:06.685452: | adding AES_CBC to kernel algorithm db Oct 31 15:25:06.685455: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Oct 31 15:25:06.685457: | adding NULL to kernel algorithm db Oct 31 15:25:06.685460: | adding CHACHA20_POLY1305 to kernel algorithm db Oct 31 15:25:06.685463: | adding HMAC_MD5_96 to kernel algorithm db Oct 31 15:25:06.685465: | adding HMAC_SHA1_96 to kernel algorithm db Oct 31 15:25:06.685468: | adding HMAC_SHA2_512_256 to kernel algorithm db Oct 31 15:25:06.685470: | adding HMAC_SHA2_384_192 to kernel algorithm db Oct 31 15:25:06.685473: | adding HMAC_SHA2_256_128 to kernel algorithm db Oct 31 15:25:06.685475: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Oct 31 15:25:06.685478: | adding AES_XCBC_96 to kernel algorithm db Oct 31 15:25:06.685480: | adding AES_CMAC_96 to kernel algorithm db Oct 31 15:25:06.685482: | adding NONE to kernel algorithm db Oct 31 15:25:06.685510: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Oct 31 15:25:06.685516: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Oct 31 15:25:06.685519: | setup kernel fd callback Oct 31 15:25:06.685522: | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x563af96b4298 Oct 31 15:25:06.685526: | libevent_malloc: newref ptr-libevent@0x563af967fff8 size 128 Oct 31 15:25:06.685530: | libevent_malloc: newref ptr-libevent@0x563af96b3738 size 16 Oct 31 15:25:06.685537: | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x563af96bab28 Oct 31 15:25:06.685540: | libevent_malloc: newref ptr-libevent@0x563af96800a8 size 128 Oct 31 15:25:06.685543: | libevent_malloc: newref ptr-libevent@0x563af96b30f8 size 16 Oct 31 15:25:06.685801: | global one-shot timer EVENT_CHECK_CRLS initialized Oct 31 15:25:06.685826: SELinux support is enabled in PERMISSIVE mode. Oct 31 15:25:06.686017: | unbound context created - setting debug level to 5 Oct 31 15:25:06.686052: | /etc/hosts lookups activated Oct 31 15:25:06.686071: | /etc/resolv.conf usage activated Oct 31 15:25:06.686128: | outgoing-port-avoid set 0-65535 Oct 31 15:25:06.686158: | outgoing-port-permit set 32768-60999 Oct 31 15:25:06.686161: | loading dnssec root key from:/var/lib/unbound/root.key Oct 31 15:25:06.686164: | no additional dnssec trust anchors defined via dnssec-trusted= option Oct 31 15:25:06.686167: | Setting up events, loop start Oct 31 15:25:06.686170: | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x563af96c0198 Oct 31 15:25:06.686173: | libevent_malloc: newref ptr-libevent@0x563af96bcdd8 size 128 Oct 31 15:25:06.686177: | libevent_malloc: newref ptr-libevent@0x563af96b3b18 size 16 Oct 31 15:25:06.686183: | libevent_realloc: newref ptr-libevent@0x563af96c0208 size 256 Oct 31 15:25:06.686186: | libevent_malloc: newref ptr-libevent@0x563af96b3778 size 8 Oct 31 15:25:06.686190: | libevent_realloc: newref ptr-libevent@0x563af96b3fa8 size 144 Oct 31 15:25:06.686193: | libevent_malloc: newref ptr-libevent@0x563af9612af8 size 152 Oct 31 15:25:06.686196: | libevent_malloc: newref ptr-libevent@0x563af96b3928 size 16 Oct 31 15:25:06.686237: | signal event handler PLUTO_SIGCHLD installed Oct 31 15:25:06.686245: | libevent_malloc: newref ptr-libevent@0x563af96c0338 size 8 Oct 31 15:25:06.686249: | libevent_malloc: newref ptr-libevent@0x563af96114d8 size 152 Oct 31 15:25:06.686252: | signal event handler PLUTO_SIGTERM installed Oct 31 15:25:06.686255: | libevent_malloc: newref ptr-libevent@0x563af96c0378 size 8 Oct 31 15:25:06.686258: | libevent_malloc: newref ptr-libevent@0x563af96c03b8 size 152 Oct 31 15:25:06.686260: | signal event handler PLUTO_SIGHUP installed Oct 31 15:25:06.686263: | libevent_malloc: newref ptr-libevent@0x563af96c0488 size 8 Oct 31 15:25:06.686267: | libevent_realloc: delref ptr-libevent@0x563af96b3fa8 Oct 31 15:25:06.686269: | libevent_realloc: newref ptr-libevent@0x563af96c04c8 size 256 Oct 31 15:25:06.686272: | libevent_malloc: newref ptr-libevent@0x563af96c05f8 size 152 Oct 31 15:25:06.686275: | signal event handler PLUTO_SIGSYS installed Oct 31 15:25:06.686623: | created addconn helper (pid:2164206) using fork+execve Oct 31 15:25:06.686642: | forked child 2164206 Oct 31 15:25:06.686655: seccomp security disabled Oct 31 15:25:06.690164: | newref struct fd@0x563af96c0758(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.690183: | fd_accept: new fd-fd@0x563af96c0758 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.690210: | whack: listen Oct 31 15:25:06.690216: listening for IKE messages Oct 31 15:25:06.701412: | Inspecting interface lo Oct 31 15:25:06.701440: | found lo with address 127.0.0.1 Oct 31 15:25:06.701448: | Inspecting interface eth0 Oct 31 15:25:06.701453: | found eth0 with address 192.0.3.254 Oct 31 15:25:06.701457: | Inspecting interface eth1 Oct 31 15:25:06.701461: | found eth1 with address 192.1.3.33 Oct 31 15:25:06.701475: | newref struct iface_dev@0x563af96c0bf8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:25:06.701498: Kernel supports NIC esp-hw-offload Oct 31 15:25:06.701514: | iface: marking eth1 add Oct 31 15:25:06.701518: | newref struct iface_dev@0x563af96c0d28(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:25:06.701523: | iface: marking eth0 add Oct 31 15:25:06.701526: | newref struct iface_dev@0x563af96c0df8(0->1) (in add_iface_dev() at iface.c:67) Oct 31 15:25:06.701529: | iface: marking lo add Oct 31 15:25:06.701603: | no interfaces to sort Oct 31 15:25:06.701627: | MSG_ERRQUEUE enabled on fd 18 Oct 31 15:25:06.701645: | addref ifd@0x563af96c0bf8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:25:06.701652: adding UDP interface eth1 192.1.3.33:500 Oct 31 15:25:06.701669: | MSG_ERRQUEUE enabled on fd 19 Oct 31 15:25:06.701677: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:25:06.701681: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:25:06.701685: | addref ifd@0x563af96c0bf8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:25:06.701688: adding UDP interface eth1 192.1.3.33:4500 Oct 31 15:25:06.701705: | MSG_ERRQUEUE enabled on fd 20 Oct 31 15:25:06.701718: | addref ifd@0x563af96c0d28(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:25:06.701723: adding UDP interface eth0 192.0.3.254:500 Oct 31 15:25:06.701739: | MSG_ERRQUEUE enabled on fd 21 Oct 31 15:25:06.701747: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:25:06.701752: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:25:06.701756: | addref ifd@0x563af96c0d28(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:25:06.701762: adding UDP interface eth0 192.0.3.254:4500 Oct 31 15:25:06.701784: | MSG_ERRQUEUE enabled on fd 22 Oct 31 15:25:06.701796: | addref ifd@0x563af96c0df8(1->2) (in bind_iface_port() at iface.c:237) Oct 31 15:25:06.701801: adding UDP interface lo 127.0.0.1:500 Oct 31 15:25:06.701816: | MSG_ERRQUEUE enabled on fd 23 Oct 31 15:25:06.701823: | NAT-Traversal: Trying sockopt style NAT-T Oct 31 15:25:06.701827: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Oct 31 15:25:06.701829: | addref ifd@0x563af96c0df8(2->3) (in bind_iface_port() at iface.c:237) Oct 31 15:25:06.701833: adding UDP interface lo 127.0.0.1:4500 Oct 31 15:25:06.701844: | updating interfaces - listing interfaces that are going down Oct 31 15:25:06.701847: | updating interfaces - checking orientation Oct 31 15:25:06.701849: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:06.701874: | libevent_malloc: newref ptr-libevent@0x563af96bcd28 size 128 Oct 31 15:25:06.701881: | libevent_malloc: newref ptr-libevent@0x563af96c17a8 size 16 Oct 31 15:25:06.701893: | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP Oct 31 15:25:06.701897: | libevent_malloc: newref ptr-libevent@0x563af96801a8 size 128 Oct 31 15:25:06.701900: | libevent_malloc: newref ptr-libevent@0x563af96c17e8 size 16 Oct 31 15:25:06.701906: | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP Oct 31 15:25:06.701909: | libevent_malloc: newref ptr-libevent@0x563af9675468 size 128 Oct 31 15:25:06.701912: | libevent_malloc: newref ptr-libevent@0x563af96c1828 size 16 Oct 31 15:25:06.701917: | setup callback for interface eth0 192.0.3.254:4500 fd 21 on UDP Oct 31 15:25:06.701920: | libevent_malloc: newref ptr-libevent@0x563af96802a8 size 128 Oct 31 15:25:06.701926: | libevent_malloc: newref ptr-libevent@0x563af96c1868 size 16 Oct 31 15:25:06.701933: | setup callback for interface eth0 192.0.3.254:500 fd 20 on UDP Oct 31 15:25:06.701938: | libevent_malloc: newref ptr-libevent@0x563af967ccc8 size 128 Oct 31 15:25:06.701940: | libevent_malloc: newref ptr-libevent@0x563af96c18a8 size 16 Oct 31 15:25:06.701945: | setup callback for interface eth1 192.1.3.33:4500 fd 19 on UDP Oct 31 15:25:06.701948: | libevent_malloc: newref ptr-libevent@0x563af967cc18 size 128 Oct 31 15:25:06.701951: | libevent_malloc: newref ptr-libevent@0x563af96c18e8 size 16 Oct 31 15:25:06.701956: | setup callback for interface eth1 192.1.3.33:500 fd 18 on UDP Oct 31 15:25:06.703483: | no stale xfrmi interface 'ipsec1' found Oct 31 15:25:06.703497: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:06.703509: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:06.703541: loading secrets from "/etc/ipsec.secrets" Oct 31 15:25:06.703561: | id type added to secret(0x563af96c31f8) PKK_PSK: @east Oct 31 15:25:06.703565: | id type added to secret(0x563af96c31f8) PKK_PSK: @north Oct 31 15:25:06.703569: | processing PSK at line 1: passed Oct 31 15:25:06.703571: | certs and keys locked by 'process_secret' Oct 31 15:25:06.703574: | certs and keys unlocked by 'process_secret' Oct 31 15:25:06.703579: | old food groups: Oct 31 15:25:06.703580: | new food groups: Oct 31 15:25:06.703584: | delref fd@0x563af96c0758(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.703589: | freeref fd-fd@0x563af96c0758 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.703595: | spent 0.819 (13.4) milliseconds in whack Oct 31 15:25:06.703610: | newref struct fd@0x563af96c0798(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.703612: | fd_accept: new fd-fd@0x563af96c0798 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.703622: | whack: options (impair|debug) Oct 31 15:25:06.703628: | old debugging base+cpu-usage + none Oct 31 15:25:06.703630: | new debugging = base+cpu-usage Oct 31 15:25:06.703634: | delref fd@0x563af96c0798(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.703638: | freeref fd-fd@0x563af96c0798 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.703643: | spent 0.0354 (0.0384) milliseconds in whack Oct 31 15:25:06.703960: | processing signal PLUTO_SIGCHLD Oct 31 15:25:06.703973: | waitpid returned pid 2164206 (exited with status 0) Oct 31 15:25:06.703978: | reaped addconn helper child (status 0) Oct 31 15:25:06.703983: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:06.703989: | spent 0.0186 (0.0183) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:06.767162: | newref struct fd@0x563af96c07d8(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.767176: | fd_accept: new fd-fd@0x563af96c07d8 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.767189: | whack: delete 'northnet-eastnet/0x1' Oct 31 15:25:06.767197: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:06.767209: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:25:06.767211: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:06.767214: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:25:06.767216: | whack: connection 'northnet-eastnet/0x1' Oct 31 15:25:06.767221: | addref fd@0x563af96c07d8(1->2) (in string_logger() at log.c:838) Oct 31 15:25:06.767227: | newref string logger@0x563af96b4068(0->1) (in add_connection() at connections.c:1998) Oct 31 15:25:06.767232: | Connection DB: adding connection "northnet-eastnet/0x1" $1 Oct 31 15:25:06.767238: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:06.767250: | added new connection northnet-eastnet/0x1 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:25:06.767330: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:25:06.767337: | from whack: got --esp= Oct 31 15:25:06.767393: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:25:06.767401: | counting wild cards for @north is 0 Oct 31 15:25:06.767406: | counting wild cards for @east is 0 Oct 31 15:25:06.767410: | updating connection from left.host_addr Oct 31 15:25:06.767414: | right host_nexthop 192.1.3.33 Oct 31 15:25:06.767417: | left host_port 500 Oct 31 15:25:06.767419: | updating connection from right.host_addr Oct 31 15:25:06.767423: | left host_nexthop 192.1.2.23 Oct 31 15:25:06.767425: | right host_port 500 Oct 31 15:25:06.767432: | orienting northnet-eastnet/0x1 Oct 31 15:25:06.767437: | northnet-eastnet/0x1 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:06.767441: | northnet-eastnet/0x1 doesn't match 127.0.0.1:500 at all Oct 31 15:25:06.767445: | northnet-eastnet/0x1 doesn't match 192.0.3.254:4500 at all Oct 31 15:25:06.767449: | northnet-eastnet/0x1 doesn't match 192.0.3.254:500 at all Oct 31 15:25:06.767453: | northnet-eastnet/0x1 doesn't match 192.1.3.33:4500 at all Oct 31 15:25:06.767455: | oriented northnet-eastnet/0x1's this Oct 31 15:25:06.767462: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Oct 31 15:25:06.767468: | newref hp@0x563af96c3aa8(0->1) (in connect_to_host_pair() at hostpair.c:290) Oct 31 15:25:06.767473: added IKEv2 connection "northnet-eastnet/0x1" Oct 31 15:25:06.767486: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:25:06.767498: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:25:06.767502: | delref logger@0x563af96b4068(1->0) (in add_connection() at connections.c:2026) Oct 31 15:25:06.767505: | delref fd@0x563af96c07d8(2->1) (in free_logger() at log.c:853) Oct 31 15:25:06.767507: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:06.767512: | delref fd@0x563af96c07d8(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.767521: | freeref fd-fd@0x563af96c07d8 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.767529: | spent 0.368 (0.377) milliseconds in whack Oct 31 15:25:06.767571: | newref struct fd@0x563af96c1968(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.767578: | fd_accept: new fd-fd@0x563af96c1968 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.767589: | whack: delete 'northnet-eastnet/0x2' Oct 31 15:25:06.767591: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:06.767593: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:25:06.767600: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:06.767602: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:25:06.767604: | whack: connection 'northnet-eastnet/0x2' Oct 31 15:25:06.767607: | addref fd@0x563af96c1968(1->2) (in string_logger() at log.c:838) Oct 31 15:25:06.767610: | newref string logger@0x563af96c0908(0->1) (in add_connection() at connections.c:1998) Oct 31 15:25:06.767619: | Connection DB: adding connection "northnet-eastnet/0x2" $2 Oct 31 15:25:06.767624: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:06.767630: | added new connection northnet-eastnet/0x2 with policy PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:25:06.767696: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 Oct 31 15:25:06.767700: | from whack: got --esp= Oct 31 15:25:06.767749: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 Oct 31 15:25:06.767753: | counting wild cards for @north is 0 Oct 31 15:25:06.767756: | counting wild cards for @east is 0 Oct 31 15:25:06.767758: | updating connection from left.host_addr Oct 31 15:25:06.767761: | right host_nexthop 192.1.3.33 Oct 31 15:25:06.767762: | left host_port 500 Oct 31 15:25:06.767764: | updating connection from right.host_addr Oct 31 15:25:06.767766: | left host_nexthop 192.1.2.23 Oct 31 15:25:06.767767: | right host_port 500 Oct 31 15:25:06.767769: | orienting northnet-eastnet/0x2 Oct 31 15:25:06.767772: | northnet-eastnet/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:06.767774: | northnet-eastnet/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:25:06.767777: | northnet-eastnet/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:25:06.767781: | northnet-eastnet/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:25:06.767787: | northnet-eastnet/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:25:06.767790: | oriented northnet-eastnet/0x2's this Oct 31 15:25:06.767795: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Oct 31 15:25:06.767800: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x563af96c3aa8: northnet-eastnet/0x1 Oct 31 15:25:06.767803: added IKEv2 connection "northnet-eastnet/0x2" Oct 31 15:25:06.767811: | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO Oct 31 15:25:06.767821: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[@north]...192.1.2.23<192.1.2.23>[@east]===192.0.2.0/24 Oct 31 15:25:06.767824: | delref logger@0x563af96c0908(1->0) (in add_connection() at connections.c:2026) Oct 31 15:25:06.767827: | delref fd@0x563af96c1968(2->1) (in free_logger() at log.c:853) Oct 31 15:25:06.767830: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:06.767834: | delref fd@0x563af96c1968(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.767840: | freeref fd-fd@0x563af96c1968 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.767846: | spent 0.281 (0.282) milliseconds in whack Oct 31 15:25:06.825630: | newref struct fd@0x563af96c3b58(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.825645: | fd_accept: new fd-fd@0x563af96c3b58 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.825656: | whack: options (impair|debug) Oct 31 15:25:06.825661: | old debugging base+cpu-usage + none Oct 31 15:25:06.825664: | new debugging = base+cpu-usage Oct 31 15:25:06.825667: | suppress-retransmits:yes Oct 31 15:25:06.825672: | delref fd@0x563af96c3b58(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.825685: | freeref fd-fd@0x563af96c3b58 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.825693: | spent 0.0745 (0.0781) milliseconds in whack Oct 31 15:25:06.991930: | newref struct fd@0x563af96c0908(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.991950: | fd_accept: new fd-fd@0x563af96c0908 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:06.991963: | whack: status Oct 31 15:25:06.992251: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:06.992259: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:06.992371: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:06.992382: | delref fd@0x563af96c0908(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.992390: | freeref fd-fd@0x563af96c0908 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:06.992396: | spent 0.471 (0.479) milliseconds in whack Oct 31 15:25:07.052885: | newref struct fd@0x563af96c3b98(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:07.052902: | fd_accept: new fd-fd@0x563af96c3b98 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:07.052912: | whack: initiate Oct 31 15:25:07.052915: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:07.052918: initiating all conns with alias='northnet-eastnet' Oct 31 15:25:07.052924: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Oct 31 15:25:07.052931: | connection 'northnet-eastnet/0x2' +POLICY_UP Oct 31 15:25:07.052934: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:07.052959: | newref alloc logger@0x563af96c1a48(0->1) (in new_state() at state.c:576) Oct 31 15:25:07.052963: | addref fd@0x563af96c3b98(1->2) (in new_state() at state.c:577) Oct 31 15:25:07.052966: | creating state object #1 at 0x563af96c5fe8 Oct 31 15:25:07.052969: | State DB: adding IKEv2 state #1 in UNDEFINED Oct 31 15:25:07.052979: | pstats #1 ikev2.ike started Oct 31 15:25:07.052983: | parent state #1: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:25:07.052987: | #1.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:25:07.052996: | Message ID: IKE #1 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744581.485786 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744581.485786 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:25:07.052999: | orienting northnet-eastnet/0x2 Oct 31 15:25:07.053005: | northnet-eastnet/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:07.053009: | northnet-eastnet/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:25:07.053012: | northnet-eastnet/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:25:07.053015: | northnet-eastnet/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:25:07.053019: | northnet-eastnet/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:25:07.053021: | oriented northnet-eastnet/0x2's this Oct 31 15:25:07.053028: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:25:07.053033: | addref fd@0x563af96c3b98(2->3) (in add_pending() at pending.c:86) Oct 31 15:25:07.053037: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "northnet-eastnet/0x2" Oct 31 15:25:07.053040: "northnet-eastnet/0x2" #1: initiating IKEv2 connection Oct 31 15:25:07.053053: | constructing local IKE proposals for northnet-eastnet/0x2 (IKE SA initiator selecting KE) Oct 31 15:25:07.053063: | converting ike_info AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:07.053072: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053076: | converting ike_info AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:07.053081: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053091: | converting ike_info AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:07.053095: | ... ikev2_proposal: 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053098: | converting ike_info AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 to ikev2 ... Oct 31 15:25:07.053107: | ... ikev2_proposal: 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053112: "northnet-eastnet/0x2": local IKE proposals (IKE SA initiator selecting KE): Oct 31 15:25:07.053118: "northnet-eastnet/0x2": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053124: "northnet-eastnet/0x2": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053130: "northnet-eastnet/0x2": 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053136: "northnet-eastnet/0x2": 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.053145: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:07.053149: | addref fd@0x563af96c3b98(3->4) (in clone_logger() at log.c:810) Oct 31 15:25:07.053153: | newref clone logger@0x563af96b3f38(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:07.053156: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:25:07.053158: | state #1 has no .st_event to delete Oct 31 15:25:07.053163: | #1 STATE_PARENT_I0: retransmits: cleared Oct 31 15:25:07.053168: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c3ce8 Oct 31 15:25:07.053172: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:25:07.053176: | libevent_malloc: newref ptr-libevent@0x563af96c3d58 size 128 Oct 31 15:25:07.053195: | #1 spent 0.26 (0.26) milliseconds in ikev2_parent_outI1() Oct 31 15:25:07.053216: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper 1 starting job Oct 31 15:25:07.053217: | RESET processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:25:07.053239: | connection 'northnet-eastnet/0x1' +POLICY_UP Oct 31 15:25:07.053242: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:07.053248: | addref fd@0x563af96c3b98(4->5) (in add_pending() at pending.c:86) Oct 31 15:25:07.053253: "northnet-eastnet/0x1": queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #1 "northnet-eastnet/0x2" Oct 31 15:25:07.053265: | delref fd@0x563af96c3b98(5->4) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:07.053272: | spent 0.375 (0.396) milliseconds in whack Oct 31 15:25:07.054463: | "northnet-eastnet/0x2" #1: spent 1.24 (1.25) milliseconds in helper 1 processing job 1 for state #1: ikev2_outI1 KE (pcr) Oct 31 15:25:07.054473: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): helper thread 1 sending result back to state Oct 31 15:25:07.054476: | scheduling resume sending helper answer back to state for #1 Oct 31 15:25:07.054478: | libevent_malloc: newref ptr-libevent@0x7fedac006108 size 128 Oct 31 15:25:07.054485: | helper thread 1 has nothing to do Oct 31 15:25:07.054498: | processing resume sending helper answer back to state for #1 Oct 31 15:25:07.054510: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:07.054517: | unsuspending #1 MD (nil) Oct 31 15:25:07.054520: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): processing response from helper 1 Oct 31 15:25:07.054528: | job 1 for #1: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x563af7accfe7 Oct 31 15:25:07.054532: | ikev2_parent_outI1_continue() for #1 STATE_PARENT_I0 Oct 31 15:25:07.054536: | DH secret MODP2048@0x7fedac006ba8: transferring ownership from helper KE to state #1 Oct 31 15:25:07.054567: | opening output PBS reply packet Oct 31 15:25:07.054571: | **emit ISAKMP Message: Oct 31 15:25:07.054576: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.054581: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:25:07.054583: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:07.054586: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.054589: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:07.054593: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:07.054597: | Message ID: 0 (00 00 00 00) Oct 31 15:25:07.054600: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:07.054617: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.054620: | Emitting ikev2_proposals ... Oct 31 15:25:07.054623: | ***emit IKEv2 Security Association Payload: Oct 31 15:25:07.054626: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.054628: | flags: none (0x0) Oct 31 15:25:07.054631: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:07.054634: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.054639: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.054642: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.054645: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.054648: | prop #: 1 (01) Oct 31 15:25:07.054650: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:07.054653: | spi size: 0 (00) Oct 31 15:25:07.054656: | # transforms: 11 (0b) Oct 31 15:25:07.054659: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.054662: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054664: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054667: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.054669: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.054671: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054674: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.054677: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.054680: | length/value: 256 (01 00) Oct 31 15:25:07.054683: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.054685: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054688: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054690: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.054692: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:07.054694: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054700: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054703: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054706: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054708: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054715: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.054718: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:07.054721: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054723: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054726: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054729: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.054731: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054735: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054738: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.054740: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054743: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054745: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054747: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054750: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054752: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054754: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.054757: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054759: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054761: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054763: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054765: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054767: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054770: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:07.054772: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054774: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054776: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054779: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054786: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054788: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054790: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:07.054793: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054795: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054799: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054802: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054804: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054806: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054808: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:07.054811: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054816: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054818: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054820: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054823: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054825: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:07.054827: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054829: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054832: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054834: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054835: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054838: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054840: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:07.054843: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054845: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054847: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054849: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054852: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.054854: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054857: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:07.054860: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054865: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054867: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:07.054870: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.054873: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.054877: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.054880: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.054883: | prop #: 2 (02) Oct 31 15:25:07.054885: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:07.054888: | spi size: 0 (00) Oct 31 15:25:07.054891: | # transforms: 11 (0b) Oct 31 15:25:07.054894: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.054897: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.054904: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054907: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054909: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.054912: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.054915: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054917: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.054920: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.054923: | length/value: 128 (00 80) Oct 31 15:25:07.054926: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.054929: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054932: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054935: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.054937: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:07.054940: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054943: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054945: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054948: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054951: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054953: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.054956: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:07.054958: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054961: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054963: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054966: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.054969: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054972: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054974: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054977: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.054980: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054983: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.054986: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.054989: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.054991: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.054994: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.054997: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.055000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055002: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055005: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055008: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055011: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055013: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055018: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:07.055021: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055023: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055026: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055029: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055031: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055034: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055037: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:07.055040: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055042: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055045: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055048: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055050: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055052: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055055: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:07.055057: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055059: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055062: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055064: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055067: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055070: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055072: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:07.055075: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055080: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055083: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055086: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055089: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055091: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:07.055094: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055097: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055100: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055103: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055105: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.055108: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055111: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:07.055114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055120: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055123: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:07.055125: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.055129: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.055132: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.055135: | prop #: 3 (03) Oct 31 15:25:07.055137: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:07.055140: | spi size: 0 (00) Oct 31 15:25:07.055143: | # transforms: 13 (0d) Oct 31 15:25:07.055145: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.055148: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.055151: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055154: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055156: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.055159: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.055161: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055164: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.055167: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.055175: | length/value: 256 (01 00) Oct 31 15:25:07.055179: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.055181: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055184: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055186: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.055188: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:07.055191: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055193: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055195: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055203: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055209: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055211: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.055214: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:07.055216: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055220: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055223: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055225: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055227: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.055230: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.055232: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055235: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055237: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055241: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055244: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055246: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.055248: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:07.055250: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055253: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055255: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055258: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055260: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055262: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055264: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.055266: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055269: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055271: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055274: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055276: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055278: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055280: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.055283: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055346: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055351: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055354: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055356: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055359: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055361: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:07.055364: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055366: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055368: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055370: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055372: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055374: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055376: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:07.055379: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055381: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055382: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055384: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055385: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055387: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055388: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:07.055391: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055393: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055394: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055396: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055397: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055399: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055400: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:07.055402: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055403: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055404: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055406: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055407: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055409: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055410: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:07.055412: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055413: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055414: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055416: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055417: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.055419: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055420: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:07.055422: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055423: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055425: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055426: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:07.055428: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.055430: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.055432: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.055434: | prop #: 4 (04) Oct 31 15:25:07.055435: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:07.055437: | spi size: 0 (00) Oct 31 15:25:07.055439: | # transforms: 13 (0d) Oct 31 15:25:07.055441: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.055442: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.055444: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055445: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055447: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.055448: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.055450: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055453: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.055454: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.055456: | length/value: 128 (00 80) Oct 31 15:25:07.055458: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.055459: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055461: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055462: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.055463: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:07.055465: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055466: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055468: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055469: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055471: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055472: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.055474: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:07.055475: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055476: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055478: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055479: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055481: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055482: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.055484: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.055485: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055487: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055488: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055490: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055491: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055492: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.055494: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:07.055495: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055497: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055498: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055500: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055501: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055502: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055504: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.055505: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055507: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055508: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055510: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055512: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055513: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055515: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:07.055516: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055518: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055519: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055520: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055522: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055523: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055525: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:07.055526: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055528: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055529: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055530: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055532: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055533: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055535: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:07.055536: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055538: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055539: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055541: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055542: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055543: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055545: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:07.055546: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055548: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055549: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055551: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055552: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055553: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055555: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:07.055559: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055563: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055566: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055569: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055571: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055574: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055576: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:07.055579: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055584: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055586: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055589: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.055592: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.055595: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.055597: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:07.055600: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.055603: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.055606: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.055609: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:07.055611: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.055614: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:25:07.055615: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:07.055617: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:25:07.055619: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.055620: | flags: none (0x0) Oct 31 15:25:07.055622: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.055624: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:07.055625: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.055628: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:07.055629: | ikev2 g^x: Oct 31 15:25:07.055631: | f1 22 18 27 da 0a 5a ac 39 cb f1 d6 22 ec 10 e5 Oct 31 15:25:07.055633: | ba c0 8b 0c eb f4 14 a4 97 35 b1 12 55 70 a4 19 Oct 31 15:25:07.055634: | d6 dd 05 0f 99 23 69 db ac 67 4e ee c5 17 88 bc Oct 31 15:25:07.055635: | 7e ba 37 c7 b0 33 dc 6a 66 0f bf f5 dc 09 19 91 Oct 31 15:25:07.055637: | 92 2c 99 8f e9 ff bf af ae 6c 2a 65 9d 82 28 8b Oct 31 15:25:07.055638: | d8 3b 38 d7 66 6f 80 34 42 d6 8b 41 40 1f 63 ed Oct 31 15:25:07.055639: | 0c a3 a5 08 64 50 51 fe dc ed 4f 1b c8 d1 61 70 Oct 31 15:25:07.055641: | 33 4a 19 e1 52 9a b5 93 e7 ea 9b 9d 66 a6 8f dc Oct 31 15:25:07.055642: | 7e 32 6f a7 3e 16 bf f6 70 a1 06 47 9c c2 0d 41 Oct 31 15:25:07.055643: | 9c 4b 81 19 59 20 74 18 e5 eb 16 11 f5 8b 95 09 Oct 31 15:25:07.055645: | 4f 96 d1 33 f7 cd 6d 88 7b d9 b5 74 19 7b 4a ea Oct 31 15:25:07.055646: | 41 28 f2 f8 48 0f 62 74 f4 fd b9 ae a9 db 69 39 Oct 31 15:25:07.055647: | ac 29 eb 1f 4e 92 56 c1 84 cf d1 fc e2 93 7b 92 Oct 31 15:25:07.055649: | 79 ec 4c d5 10 d7 c5 0e ea f8 aa 25 91 59 fd 84 Oct 31 15:25:07.055650: | 88 49 0f 1d bf 2d fc 80 7f 30 9c 2b 82 7c 39 78 Oct 31 15:25:07.055652: | f1 8a db be 55 a3 70 38 17 94 13 60 f2 59 e3 ee Oct 31 15:25:07.055653: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:25:07.055655: | ***emit IKEv2 Nonce Payload: Oct 31 15:25:07.055657: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.055658: | flags: none (0x0) Oct 31 15:25:07.055660: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:07.055661: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.055666: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:07.055667: | IKEv2 nonce: Oct 31 15:25:07.055669: | be 61 bb 04 4f 69 e6 af db 9c 21 82 8f 59 12 a7 Oct 31 15:25:07.055670: | 54 f6 e9 6e 87 df 4d be 72 60 78 a2 eb 7f 44 bc Oct 31 15:25:07.055672: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:07.055674: | adding a v2N Payload Oct 31 15:25:07.055675: | ***emit IKEv2 Notify Payload: Oct 31 15:25:07.055677: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.055678: | flags: none (0x0) Oct 31 15:25:07.055680: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:07.055681: | SPI size: 0 (00) Oct 31 15:25:07.055683: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:07.055685: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:07.055687: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.055688: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:25:07.055691: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:25:07.055692: | nat: IKE.SPIr is zero Oct 31 15:25:07.055707: | natd_hash: hasher=0x563af7bbef80(20) Oct 31 15:25:07.055709: | natd_hash: icookie= Oct 31 15:25:07.055710: | be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.055712: | natd_hash: rcookie= Oct 31 15:25:07.055713: | 00 00 00 00 00 00 00 00 Oct 31 15:25:07.055714: | natd_hash: ip= Oct 31 15:25:07.055716: | c0 01 03 21 Oct 31 15:25:07.055717: | natd_hash: port= Oct 31 15:25:07.055718: | 01 f4 Oct 31 15:25:07.055720: | natd_hash: hash= Oct 31 15:25:07.055721: | 9a 17 c0 c3 ae 40 38 a7 19 2f c7 75 55 77 0c 82 Oct 31 15:25:07.055722: | 5c c6 ae 64 Oct 31 15:25:07.055724: | adding a v2N Payload Oct 31 15:25:07.055725: | ***emit IKEv2 Notify Payload: Oct 31 15:25:07.055727: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.055728: | flags: none (0x0) Oct 31 15:25:07.055730: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:07.055731: | SPI size: 0 (00) Oct 31 15:25:07.055733: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:07.055735: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:07.055736: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.055738: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:07.055739: | Notify data: Oct 31 15:25:07.055741: | 9a 17 c0 c3 ae 40 38 a7 19 2f c7 75 55 77 0c 82 Oct 31 15:25:07.055743: | 5c c6 ae 64 Oct 31 15:25:07.055747: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:07.055750: | nat: IKE.SPIr is zero Oct 31 15:25:07.055759: | natd_hash: hasher=0x563af7bbef80(20) Oct 31 15:25:07.055762: | natd_hash: icookie= Oct 31 15:25:07.055764: | be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.055766: | natd_hash: rcookie= Oct 31 15:25:07.055768: | 00 00 00 00 00 00 00 00 Oct 31 15:25:07.055771: | natd_hash: ip= Oct 31 15:25:07.055773: | c0 01 02 17 Oct 31 15:25:07.055775: | natd_hash: port= Oct 31 15:25:07.055777: | 01 f4 Oct 31 15:25:07.055780: | natd_hash: hash= Oct 31 15:25:07.055782: | 48 5d 05 ba 6b fb f5 54 b7 59 d2 3f ec d7 33 f7 Oct 31 15:25:07.055785: | e9 69 18 c3 Oct 31 15:25:07.055787: | adding a v2N Payload Oct 31 15:25:07.055790: | ***emit IKEv2 Notify Payload: Oct 31 15:25:07.055793: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.055795: | flags: none (0x0) Oct 31 15:25:07.055798: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:07.055800: | SPI size: 0 (00) Oct 31 15:25:07.055802: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:07.055804: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:07.055807: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.055809: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:07.055810: | Notify data: Oct 31 15:25:07.055812: | 48 5d 05 ba 6b fb f5 54 b7 59 d2 3f ec d7 33 f7 Oct 31 15:25:07.055813: | e9 69 18 c3 Oct 31 15:25:07.055814: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:07.055816: | emitting length of ISAKMP Message: 828 Oct 31 15:25:07.055822: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.055825: | #1 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:25:07.055827: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:25:07.055829: | Message ID: updating counters for #1 Oct 31 15:25:07.055831: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:25:07.055835: | Message ID: IKE #1 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744581.485786 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:07.055839: "northnet-eastnet/0x2" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:25:07.055853: | event_schedule: newref EVENT_RETRANSMIT-pe@0x563af96c5f48 Oct 31 15:25:07.055859: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 Oct 31 15:25:07.055862: | libevent_malloc: newref ptr-libevent@0x563af96c5e98 size 128 Oct 31 15:25:07.055867: | #1 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744581.488648 Oct 31 15:25:07.055874: | Message ID: IKE #1 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744581.485786 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:07.055881: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744581.485786 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:07.055886: | parent state #1: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:25:07.055889: | announcing the state transition Oct 31 15:25:07.055892: "northnet-eastnet/0x2" #1: sent IKE_SA_INIT request Oct 31 15:25:07.055907: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:07.055909: | be 24 bd 7a a6 09 d5 ef 00 00 00 00 00 00 00 00 Oct 31 15:25:07.055910: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Oct 31 15:25:07.055912: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:07.055913: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:07.055914: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:07.055916: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:07.055917: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:07.055918: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:07.055920: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:07.055921: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:07.055922: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:07.055924: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:07.055925: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:07.055927: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:07.055928: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:07.055929: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:07.055931: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:07.055933: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:07.055935: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:07.055936: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:07.055937: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:07.055939: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:07.055940: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:07.055941: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:07.055943: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:07.055944: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:07.055945: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:07.055947: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:07.055948: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:07.055949: | 28 00 01 08 00 0e 00 00 f1 22 18 27 da 0a 5a ac Oct 31 15:25:07.055951: | 39 cb f1 d6 22 ec 10 e5 ba c0 8b 0c eb f4 14 a4 Oct 31 15:25:07.055952: | 97 35 b1 12 55 70 a4 19 d6 dd 05 0f 99 23 69 db Oct 31 15:25:07.055953: | ac 67 4e ee c5 17 88 bc 7e ba 37 c7 b0 33 dc 6a Oct 31 15:25:07.055955: | 66 0f bf f5 dc 09 19 91 92 2c 99 8f e9 ff bf af Oct 31 15:25:07.055956: | ae 6c 2a 65 9d 82 28 8b d8 3b 38 d7 66 6f 80 34 Oct 31 15:25:07.055957: | 42 d6 8b 41 40 1f 63 ed 0c a3 a5 08 64 50 51 fe Oct 31 15:25:07.055959: | dc ed 4f 1b c8 d1 61 70 33 4a 19 e1 52 9a b5 93 Oct 31 15:25:07.055960: | e7 ea 9b 9d 66 a6 8f dc 7e 32 6f a7 3e 16 bf f6 Oct 31 15:25:07.055962: | 70 a1 06 47 9c c2 0d 41 9c 4b 81 19 59 20 74 18 Oct 31 15:25:07.055963: | e5 eb 16 11 f5 8b 95 09 4f 96 d1 33 f7 cd 6d 88 Oct 31 15:25:07.055964: | 7b d9 b5 74 19 7b 4a ea 41 28 f2 f8 48 0f 62 74 Oct 31 15:25:07.055966: | f4 fd b9 ae a9 db 69 39 ac 29 eb 1f 4e 92 56 c1 Oct 31 15:25:07.055967: | 84 cf d1 fc e2 93 7b 92 79 ec 4c d5 10 d7 c5 0e Oct 31 15:25:07.055968: | ea f8 aa 25 91 59 fd 84 88 49 0f 1d bf 2d fc 80 Oct 31 15:25:07.055970: | 7f 30 9c 2b 82 7c 39 78 f1 8a db be 55 a3 70 38 Oct 31 15:25:07.055971: | 17 94 13 60 f2 59 e3 ee 29 00 00 24 be 61 bb 04 Oct 31 15:25:07.055972: | 4f 69 e6 af db 9c 21 82 8f 59 12 a7 54 f6 e9 6e Oct 31 15:25:07.055974: | 87 df 4d be 72 60 78 a2 eb 7f 44 bc 29 00 00 08 Oct 31 15:25:07.055975: | 00 00 40 2e 29 00 00 1c 00 00 40 04 9a 17 c0 c3 Oct 31 15:25:07.055976: | ae 40 38 a7 19 2f c7 75 55 77 0c 82 5c c6 ae 64 Oct 31 15:25:07.055978: | 00 00 00 1c 00 00 40 05 48 5d 05 ba 6b fb f5 54 Oct 31 15:25:07.055979: | b7 59 d2 3f ec d7 33 f7 e9 69 18 c3 Oct 31 15:25:07.056085: | sent 1 messages Oct 31 15:25:07.056090: | checking that a retransmit timeout_event was already Oct 31 15:25:07.056093: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:07.056097: | libevent_free: delref ptr-libevent@0x563af96c3d58 Oct 31 15:25:07.056100: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c3ce8 Oct 31 15:25:07.056104: | delref logger@0x563af96b3f38(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:07.056107: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.056110: | delref fd@0x563af96c3b98(4->3) (in free_logger() at log.c:854) Oct 31 15:25:07.056113: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition() Oct 31 15:25:07.056116: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:07.056122: | #1 spent 1.47 (1.6) milliseconds in resume sending helper answer back to state Oct 31 15:25:07.056128: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:07.056131: | libevent_free: delref ptr-libevent@0x7fedac006108 Oct 31 15:25:07.060523: | spent 0.00246 (0.00241) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:07.060558: | newref struct msg_digest@0x563af96c8fa8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.060567: | newref alloc logger@0x563af96b3f38(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.060574: | *received 432 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:07.060576: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.060578: | 21 20 22 20 00 00 00 00 00 00 01 b0 22 00 00 28 Oct 31 15:25:07.060580: | 00 00 00 24 01 01 00 03 03 00 00 0c 01 00 00 14 Oct 31 15:25:07.060583: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 Oct 31 15:25:07.060585: | 04 00 00 0e 28 00 01 08 00 0e 00 00 74 54 b8 54 Oct 31 15:25:07.060587: | ea 3a cf 65 db a3 4a f3 54 66 8a 8a fe 89 d8 29 Oct 31 15:25:07.060589: | ec c0 64 7a 76 9f a0 16 b6 e9 62 83 b6 a0 5f d7 Oct 31 15:25:07.060591: | 06 5b 1e 31 c2 b6 87 f2 ba 5f 95 8b dd 2d a0 bb Oct 31 15:25:07.060593: | 48 9f 9e 24 90 d0 be 09 40 97 a1 8c 29 4b b7 63 Oct 31 15:25:07.060595: | b6 73 80 21 e7 e9 41 4c fa ac 57 27 0a ac 4e de Oct 31 15:25:07.060597: | 1b 14 bb d3 60 9e 8f d1 52 84 c5 86 55 d3 4b 55 Oct 31 15:25:07.060600: | 01 70 f4 9b 6d 21 18 df 3b ca 8c cb b6 01 d8 4f Oct 31 15:25:07.060602: | ee db cf bd 2d 70 26 4e 7a 5f d9 7c 8e d6 d4 65 Oct 31 15:25:07.060604: | d3 fd ec 17 73 90 49 e5 e9 6b f3 98 1f 8b 2b 8f Oct 31 15:25:07.060606: | e3 4d d5 e6 6d 97 84 aa 35 2b 55 b6 5c bd 89 bf Oct 31 15:25:07.060608: | 40 9f 04 be 5a 82 12 ad 65 c7 e5 07 de b0 f7 95 Oct 31 15:25:07.060610: | eb 13 17 8c 72 ba ca aa 1a 6e 6e ec ba b0 cc bc Oct 31 15:25:07.060612: | bd 68 1f 3d 8f 92 0f 85 1c 29 26 2f 02 df 6b 12 Oct 31 15:25:07.060615: | be 43 5f f7 2a 93 c6 34 45 a7 b0 2c 01 0b b2 ca Oct 31 15:25:07.060617: | 84 57 55 65 c9 3f 58 fa da b0 27 48 16 e2 04 44 Oct 31 15:25:07.060619: | 05 8b 56 94 d1 7b b8 bb 90 cd d1 56 29 00 00 24 Oct 31 15:25:07.060621: | fe 26 66 b2 8a 91 e3 34 40 b8 79 47 31 ab 1a 1f Oct 31 15:25:07.060623: | a6 51 35 cd 1e 0d 3a 8c bd 10 1a 07 c4 76 9d ba Oct 31 15:25:07.060625: | 29 00 00 08 00 00 40 2e 29 00 00 1c 00 00 40 04 Oct 31 15:25:07.060627: | 83 45 34 dc bc 5c f5 1e dc e0 4c bd d2 81 db 7a Oct 31 15:25:07.060630: | 29 48 a2 83 00 00 00 1c 00 00 40 05 ae 40 3c a4 Oct 31 15:25:07.060632: | 01 ac e0 bc b8 24 66 62 d6 33 c4 6a 9c 83 b3 fd Oct 31 15:25:07.060636: | **parse ISAKMP Message: Oct 31 15:25:07.060641: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.060645: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.060647: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:07.060650: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.060652: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:07.060655: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:07.060659: | Message ID: 0 (00 00 00 00) Oct 31 15:25:07.060662: | length: 432 (00 00 01 b0) Oct 31 15:25:07.060665: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34) Oct 31 15:25:07.060669: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_SA_INIT response Oct 31 15:25:07.060673: | State DB: found IKEv2 state #1 in PARENT_I1 (find_v2_ike_sa_by_initiator_spi) Oct 31 15:25:07.060675: | #1 is idle Oct 31 15:25:07.060677: | #1 idle Oct 31 15:25:07.060680: | unpacking clear payloads Oct 31 15:25:07.060682: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:07.060686: | ***parse IKEv2 Security Association Payload: Oct 31 15:25:07.060688: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:25:07.060691: | flags: none (0x0) Oct 31 15:25:07.060694: | length: 40 (00 28) Oct 31 15:25:07.060696: | processing payload: ISAKMP_NEXT_v2SA (len=36) Oct 31 15:25:07.060699: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:25:07.060701: | ***parse IKEv2 Key Exchange Payload: Oct 31 15:25:07.060704: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:25:07.060706: | flags: none (0x0) Oct 31 15:25:07.060711: | length: 264 (01 08) Oct 31 15:25:07.060714: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.060716: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:25:07.060718: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:25:07.060721: | ***parse IKEv2 Nonce Payload: Oct 31 15:25:07.060723: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:25:07.060725: | flags: none (0x0) Oct 31 15:25:07.060728: | length: 36 (00 24) Oct 31 15:25:07.060731: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:25:07.060733: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:25:07.060735: | ***parse IKEv2 Notify Payload: Oct 31 15:25:07.060738: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:25:07.060740: | flags: none (0x0) Oct 31 15:25:07.060743: | length: 8 (00 08) Oct 31 15:25:07.060745: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:07.060748: | SPI size: 0 (00) Oct 31 15:25:07.060751: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:07.060753: | processing payload: ISAKMP_NEXT_v2N (len=0) Oct 31 15:25:07.060756: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:25:07.060758: | ***parse IKEv2 Notify Payload: Oct 31 15:25:07.060761: | next payload type: ISAKMP_NEXT_v2N (0x29) Oct 31 15:25:07.060763: | flags: none (0x0) Oct 31 15:25:07.060779: | length: 28 (00 1c) Oct 31 15:25:07.060781: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:07.060784: | SPI size: 0 (00) Oct 31 15:25:07.060786: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:07.060789: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:25:07.060791: | Now let's proceed with payload (ISAKMP_NEXT_v2N) Oct 31 15:25:07.060793: | ***parse IKEv2 Notify Payload: Oct 31 15:25:07.060796: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.060798: | flags: none (0x0) Oct 31 15:25:07.060801: | length: 28 (00 1c) Oct 31 15:25:07.060803: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:07.060806: | SPI size: 0 (00) Oct 31 15:25:07.060809: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:07.060811: | processing payload: ISAKMP_NEXT_v2N (len=20) Oct 31 15:25:07.060813: | looking for message matching transition from STATE_PARENT_I1 Oct 31 15:25:07.060816: | trying received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added Oct 31 15:25:07.060818: | message has errors Oct 31 15:25:07.060821: | trying received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload Oct 31 15:25:07.060823: | message has errors Oct 31 15:25:07.060825: | trying received REDIRECT notify response; resending IKE_SA_INIT request to new destination Oct 31 15:25:07.060828: | message has errors Oct 31 15:25:07.060830: | trying Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:25:07.060832: | matched unencrypted message Oct 31 15:25:07.060839: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1848) Oct 31 15:25:07.060842: | calling processor Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE Oct 31 15:25:07.060845: | ikev2 parent inR1: calculating g^{xy} in order to send I2 Oct 31 15:25:07.060864: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator accepting remote proposal): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:07.060868: | comparing remote proposals against IKE initiator (accepting) 4 local proposals Oct 31 15:25:07.060872: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:07.060875: | local proposal 1 type PRF has 2 transforms Oct 31 15:25:07.060877: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:07.060880: | local proposal 1 type DH has 8 transforms Oct 31 15:25:07.060882: | local proposal 1 type ESN has 0 transforms Oct 31 15:25:07.060886: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:25:07.060888: | local proposal 2 type ENCR has 1 transforms Oct 31 15:25:07.060891: | local proposal 2 type PRF has 2 transforms Oct 31 15:25:07.060893: | local proposal 2 type INTEG has 1 transforms Oct 31 15:25:07.060895: | local proposal 2 type DH has 8 transforms Oct 31 15:25:07.060898: | local proposal 2 type ESN has 0 transforms Oct 31 15:25:07.060901: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG Oct 31 15:25:07.060903: | local proposal 3 type ENCR has 1 transforms Oct 31 15:25:07.060905: | local proposal 3 type PRF has 2 transforms Oct 31 15:25:07.060908: | local proposal 3 type INTEG has 2 transforms Oct 31 15:25:07.060910: | local proposal 3 type DH has 8 transforms Oct 31 15:25:07.060913: | local proposal 3 type ESN has 0 transforms Oct 31 15:25:07.060916: | local proposal 3 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:25:07.060918: | local proposal 4 type ENCR has 1 transforms Oct 31 15:25:07.060920: | local proposal 4 type PRF has 2 transforms Oct 31 15:25:07.060923: | local proposal 4 type INTEG has 2 transforms Oct 31 15:25:07.060925: | local proposal 4 type DH has 8 transforms Oct 31 15:25:07.060927: | local proposal 4 type ESN has 0 transforms Oct 31 15:25:07.060930: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none Oct 31 15:25:07.060933: | ****parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.060936: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.060939: | length: 36 (00 24) Oct 31 15:25:07.060942: | prop #: 1 (01) Oct 31 15:25:07.060944: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:07.060947: | spi size: 0 (00) Oct 31 15:25:07.060950: | # transforms: 3 (03) Oct 31 15:25:07.060953: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:25:07.060956: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.060959: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.060962: | length: 12 (00 0c) Oct 31 15:25:07.060964: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.060967: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.060970: | ******parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.060972: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.060975: | length/value: 256 (01 00) Oct 31 15:25:07.060980: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:07.060982: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.060985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.060987: | length: 8 (00 08) Oct 31 15:25:07.060990: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:07.060992: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:07.060995: | remote proposal 1 transform 1 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0 Oct 31 15:25:07.060998: | *****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.061000: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.061009: | length: 8 (00 08) Oct 31 15:25:07.061011: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.061014: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.061017: | remote proposal 1 transform 2 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:25:07.061021: | remote proposal 1 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none Oct 31 15:25:07.061027: | comparing remote proposal 1 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH Oct 31 15:25:07.061030: | remote proposal 1 matches local proposal 1 Oct 31 15:25:07.061033: | remote accepted the proposal 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_512;DH=MODP2048[first-match] Oct 31 15:25:07.061035: | converting proposal to internal trans attrs Oct 31 15:25:07.061065: | natd_hash: hasher=0x563af7bbef80(20) Oct 31 15:25:07.061069: | natd_hash: icookie= Oct 31 15:25:07.061071: | be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.061073: | natd_hash: rcookie= Oct 31 15:25:07.061075: | 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.061077: | natd_hash: ip= Oct 31 15:25:07.061079: | c0 01 03 21 Oct 31 15:25:07.061081: | natd_hash: port= Oct 31 15:25:07.061083: | 01 f4 Oct 31 15:25:07.061085: | natd_hash: hash= Oct 31 15:25:07.061087: | ae 40 3c a4 01 ac e0 bc b8 24 66 62 d6 33 c4 6a Oct 31 15:25:07.061089: | 9c 83 b3 fd Oct 31 15:25:07.061096: | natd_hash: hasher=0x563af7bbef80(20) Oct 31 15:25:07.061098: | natd_hash: icookie= Oct 31 15:25:07.061100: | be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.061102: | natd_hash: rcookie= Oct 31 15:25:07.061104: | 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.061106: | natd_hash: ip= Oct 31 15:25:07.061109: | c0 01 02 17 Oct 31 15:25:07.061111: | natd_hash: port= Oct 31 15:25:07.061113: | 01 f4 Oct 31 15:25:07.061115: | natd_hash: hash= Oct 31 15:25:07.061117: | 83 45 34 dc bc 5c f5 1e dc e0 4c bd d2 81 db 7a Oct 31 15:25:07.061119: | 29 48 a2 83 Oct 31 15:25:07.061122: | NAT_TRAVERSAL encaps using auto-detect Oct 31 15:25:07.061124: | NAT_TRAVERSAL this end is NOT behind NAT Oct 31 15:25:07.061126: | NAT_TRAVERSAL that end is NOT behind NAT Oct 31 15:25:07.061142: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Oct 31 15:25:07.061147: | offloading IKEv2 SKEYSEED using prf=HMAC_SHA2_512 integ=NONE cipherkey=AES_GCM_16 Oct 31 15:25:07.061150: | DH secret MODP2048@0x7fedac006ba8: transferring ownership from state #1 to helper IKEv2 DH Oct 31 15:25:07.061153: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:07.061155: | addref fd@0x563af96c3b98(3->4) (in clone_logger() at log.c:810) Oct 31 15:25:07.061157: | newref clone logger@0x563af96c3ce8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:07.061159: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): adding job to queue Oct 31 15:25:07.061160: | state #1 has no .st_event to delete Oct 31 15:25:07.061163: | #1 requesting EVENT_RETRANSMIT-pe@0x563af96c5f48 be deleted Oct 31 15:25:07.061165: | libevent_free: delref ptr-libevent@0x563af96c5e98 Oct 31 15:25:07.061167: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x563af96c5f48 Oct 31 15:25:07.061168: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:07.061170: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c5e98 Oct 31 15:25:07.061172: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Oct 31 15:25:07.061174: | libevent_malloc: newref ptr-libevent@0x563af96c86a8 size 128 Oct 31 15:25:07.061184: | #1 spent 0.332 (0.337) milliseconds in processing: Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE in v2_dispatch() Oct 31 15:25:07.061191: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.061196: | #1 complete_v2_state_transition() PARENT_I1->PARENT_I2 with status STF_SUSPEND; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:25:07.061216: | suspending state #1 and saving MD 0x563af96c8fa8 Oct 31 15:25:07.061192: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper 2 starting job Oct 31 15:25:07.061223: | addref md@0x563af96c8fa8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:25:07.061233: | #1 is busy; has suspended MD 0x563af96c8fa8 Oct 31 15:25:07.061238: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1850) Oct 31 15:25:07.061245: | #1 spent 0.712 (0.734) milliseconds in ikev2_process_packet() Oct 31 15:25:07.061249: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:07.061252: | delref mdp@0x563af96c8fa8(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:07.061257: | spent 0.724 (0.745) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:07.061794: | calculating skeyseed using prf=HMAC_SHA2_512 integ=NONE cipherkey-size=32 salt-size=4 Oct 31 15:25:07.061901: | "northnet-eastnet/0x2" #1: spent 0.688 (0.709) milliseconds in helper 2 processing job 2 for state #1: ikev2_inR1outI2 KE (pcr) Oct 31 15:25:07.061905: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): helper thread 2 sending result back to state Oct 31 15:25:07.061906: | scheduling resume sending helper answer back to state for #1 Oct 31 15:25:07.061909: | libevent_malloc: newref ptr-libevent@0x7feda400b578 size 128 Oct 31 15:25:07.061915: | helper thread 2 has nothing to do Oct 31 15:25:07.061923: | processing resume sending helper answer back to state for #1 Oct 31 15:25:07.061930: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:07.061933: | unsuspending #1 MD 0x563af96c8fa8 Oct 31 15:25:07.061935: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): processing response from helper 2 Oct 31 15:25:07.061937: | job 2 for #1: ikev2_inR1outI2 KE (compute dh (V2)): calling continuation function 0x563af7accfe7 Oct 31 15:25:07.061939: | ikev2_parent_inR1outI2_continue() for #1 STATE_PARENT_I1: g^{xy} calculated, sending I2 Oct 31 15:25:07.061941: | DH secret MODP2048@0x7fedac006ba8: transferring ownership from helper IKEv2 DH to state #1 Oct 31 15:25:07.061944: | State DB: re-hashing IKEv2 state #1 IKE SPIi and SPI[ir] Oct 31 15:25:07.061978: | newref alloc logger@0x563af96c5f48(0->1) (in new_state() at state.c:576) Oct 31 15:25:07.061984: | addref fd@0x563af96c3b98(4->5) (in new_state() at state.c:577) Oct 31 15:25:07.061987: | creating state object #2 at 0x563af96cb5d8 Oct 31 15:25:07.061990: | State DB: adding IKEv2 state #2 in UNDEFINED Oct 31 15:25:07.061996: | pstats #2 ikev2.child started Oct 31 15:25:07.061999: | duplicating state object #1 "northnet-eastnet/0x2" as #2 for IPSEC SA Oct 31 15:25:07.062004: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:07.062010: | Message ID: CHILD #1.#2 initializing (CHILD SA): ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744581.485786 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:07.062025: | child state #2: UNDEFINED(ignore) => V2_IKE_AUTH_CHILD_I0(ignore) Oct 31 15:25:07.062028: | #2.st_v2_transition NULL -> NULL (in new_v2_child_state() at state.c:1666) Oct 31 15:25:07.062032: | Message ID: IKE #1 switching from IKE SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744581.485786 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=0->-1 ike.wip.responder=-1 Oct 31 15:25:07.062049: | Message ID: CHILD #1.#2 switching to CHILD SA initiator message response 0: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744581.485786 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1->0 child.wip.responder=-1 Oct 31 15:25:07.062057: | switching IKEv2 MD.ST from IKE #1 PARENT_I1 to CHILD #2 V2_IKE_AUTH_CHILD_I0 (in ikev2_parent_inR1outI2_auth_signature_continue() at ikev2_parent.c:2155) Oct 31 15:25:07.062060: | state #1 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:07.062063: | libevent_free: delref ptr-libevent@0x563af96c86a8 Oct 31 15:25:07.062065: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c5e98 Oct 31 15:25:07.062068: | #1 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:07.062071: | event_schedule: newref EVENT_SA_REPLACE-pe@0x563af96c86a8 Oct 31 15:25:07.062076: | inserting event EVENT_SA_REPLACE, timeout in 120 seconds for #1 Oct 31 15:25:07.062078: | libevent_malloc: newref ptr-libevent@0x563af96cb3b8 size 128 Oct 31 15:25:07.062082: | parent state #1: PARENT_I1(half-open IKE SA) => PARENT_I2(open IKE SA) Oct 31 15:25:07.062087: | opening output PBS reply packet Oct 31 15:25:07.062090: | **emit ISAKMP Message: Oct 31 15:25:07.062094: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.062097: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.062099: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:07.062101: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.062104: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:07.062106: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:07.062110: | Message ID: 1 (00 00 00 01) Oct 31 15:25:07.062113: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:07.062116: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:07.062118: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.062120: | flags: none (0x0) Oct 31 15:25:07.062123: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:07.062126: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.062129: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:07.062137: | IKEv2 CERT: send a certificate? Oct 31 15:25:07.062140: | IKEv2 CERT: policy does not have RSASIG or ECDSA: PSK Oct 31 15:25:07.062143: | IDr payload will be sent Oct 31 15:25:07.062145: | ****emit IKEv2 Identification - Initiator - Payload: Oct 31 15:25:07.062147: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.062149: | flags: none (0x0) Oct 31 15:25:07.062151: | ID type: ID_FQDN (0x2) Oct 31 15:25:07.062154: | reserved: 00 00 00 Oct 31 15:25:07.062157: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Identification - Initiator - Payload (35:ISAKMP_NEXT_v2IDi) Oct 31 15:25:07.062159: | next payload chain: saving location 'IKEv2 Identification - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.062162: | emitting 5 raw bytes of my identity into IKEv2 Identification - Initiator - Payload Oct 31 15:25:07.062165: | my identity: 6e 6f 72 74 68 Oct 31 15:25:07.062167: | emitting length of IKEv2 Identification - Initiator - Payload: 13 Oct 31 15:25:07.062170: | ****emit IKEv2 Identification - Responder - Payload: Oct 31 15:25:07.062172: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.062175: | flags: none (0x0) Oct 31 15:25:07.062177: | ID type: ID_FQDN (0x2) Oct 31 15:25:07.062179: | reserved: 00 00 00 Oct 31 15:25:07.062182: | next payload chain: setting previous 'IKEv2 Identification - Initiator - Payload'.'next payload type' to current IKEv2 Identification - Responder - Payload (36:ISAKMP_NEXT_v2IDr) Oct 31 15:25:07.062184: | next payload chain: saving location 'IKEv2 Identification - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.062187: | emitting 4 raw bytes of their IDr into IKEv2 Identification - Responder - Payload Oct 31 15:25:07.062190: | their IDr: 65 61 73 74 Oct 31 15:25:07.062192: | emitting length of IKEv2 Identification - Responder - Payload: 12 Oct 31 15:25:07.062194: | not sending INITIAL_CONTACT Oct 31 15:25:07.062196: | ****emit IKEv2 Authentication Payload: Oct 31 15:25:07.062203: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.062210: | flags: none (0x0) Oct 31 15:25:07.062212: | auth method: IKEv2_AUTH_SHARED (0x2) Oct 31 15:25:07.062215: | next payload chain: setting previous 'IKEv2 Identification - Responder - Payload'.'next payload type' to current IKEv2 Authentication Payload (39:ISAKMP_NEXT_v2AUTH) Oct 31 15:25:07.062217: | next payload chain: saving location 'IKEv2 Authentication Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.062223: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to create PSK with authby=secret Oct 31 15:25:07.062227: | lsw_get_secret() using IDs for @north->@east of kind PKK_PSK Oct 31 15:25:07.062229: | line 1: key type PKK_PSK(@north) to type PKK_PSK Oct 31 15:25:07.062233: | 1: compared key @north to @north / @east -> 010 Oct 31 15:25:07.062236: | 2: compared key @east to @north / @east -> 014 Oct 31 15:25:07.062238: | line 1: match=014 Oct 31 15:25:07.062241: | match 014 beats previous best_match 000 match=0x563af96c31f8 (line=1) Oct 31 15:25:07.062243: | concluding with best_match=014 best=0x563af96c31f8 (lineno=1) Oct 31 15:25:07.062295: | emitting 64 raw bytes of PSK auth into IKEv2 Authentication Payload Oct 31 15:25:07.062299: | PSK auth: Oct 31 15:25:07.062301: | 70 38 f1 8e f7 77 81 89 7d d1 a2 c7 ed 35 f4 30 Oct 31 15:25:07.062304: | fa 15 b6 e3 7e 64 8d 6b 9d 8a bb 2c a7 bc 92 38 Oct 31 15:25:07.062305: | 29 1b cf 24 f4 cb 2b 5b 17 92 74 6f 56 f5 5d a3 Oct 31 15:25:07.062307: | 57 da 2e 41 b9 87 84 f2 3d b9 bc 24 d5 7b ea ce Oct 31 15:25:07.062310: | emitting length of IKEv2 Authentication Payload: 72 Oct 31 15:25:07.062313: | getting first pending from state #1 Oct 31 15:25:07.062316: | delref fd@0x563af96c3b98(5->4) (in first_pending() at pending.c:318) Oct 31 15:25:07.062318: | addref fd@0x563af96c3b98(4->5) (in first_pending() at pending.c:319) Oct 31 15:25:07.062321: | Switching Child connection for #2 to "northnet-eastnet/0x1" from "northnet-eastnet/0x2" Oct 31 15:25:07.062324: | in connection_discard for connection northnet-eastnet/0x2 Oct 31 15:25:07.062700: | netlink_get_spi: allocated 0x8430c847 for esp.0@192.1.3.33 Oct 31 15:25:07.062708: | constructing ESP/AH proposals with all DH removed for northnet-eastnet/0x1 (IKE SA initiator emitting ESP/AH proposals) Oct 31 15:25:07.062717: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:25:07.062724: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:25:07.062727: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:25:07.062729: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:25:07.062731: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:07.062734: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:07.062736: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:07.062738: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:07.062741: "northnet-eastnet/0x1": local ESP/AH proposals (IKE SA initiator emitting ESP/AH proposals): Oct 31 15:25:07.062744: "northnet-eastnet/0x1": 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED Oct 31 15:25:07.062746: "northnet-eastnet/0x1": 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED Oct 31 15:25:07.062749: "northnet-eastnet/0x1": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:07.062751: "northnet-eastnet/0x1": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:07.062753: | Emitting ikev2_proposals ... Oct 31 15:25:07.062754: | ****emit IKEv2 Security Association Payload: Oct 31 15:25:07.062756: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.062758: | flags: none (0x0) Oct 31 15:25:07.062760: | next payload chain: setting previous 'IKEv2 Authentication Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:07.062762: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.062765: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.062767: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.062768: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.062772: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.062774: | prop #: 1 (01) Oct 31 15:25:07.062776: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.062777: | spi size: 4 (04) Oct 31 15:25:07.062779: | # transforms: 2 (02) Oct 31 15:25:07.062781: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.062783: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.062785: | our spi: 84 30 c8 47 Oct 31 15:25:07.062787: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062788: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062790: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.062791: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.062793: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.062795: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.062797: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.062799: | length/value: 256 (01 00) Oct 31 15:25:07.062800: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.062802: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.062804: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.062806: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062807: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.062809: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.062810: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.062812: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062813: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.062815: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.062817: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:25:07.062818: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.062820: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.062821: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.062823: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.062824: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.062826: | prop #: 2 (02) Oct 31 15:25:07.062828: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.062829: | spi size: 4 (04) Oct 31 15:25:07.062833: | # transforms: 2 (02) Oct 31 15:25:07.062839: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.062842: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.062845: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.062848: | our spi: 84 30 c8 47 Oct 31 15:25:07.062851: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062854: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062856: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.062859: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.062861: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.062864: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.062867: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.062873: | length/value: 128 (00 80) Oct 31 15:25:07.062876: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.062880: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.062883: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.062885: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062888: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.062890: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.062894: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.062898: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062901: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.062904: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.062906: | emitting length of IKEv2 Proposal Substructure Payload: 32 Oct 31 15:25:07.062909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.062912: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.062915: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.062917: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.062920: | prop #: 3 (03) Oct 31 15:25:07.062923: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.062926: | spi size: 4 (04) Oct 31 15:25:07.062929: | # transforms: 4 (04) Oct 31 15:25:07.062932: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.062935: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.062939: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.062942: | our spi: 84 30 c8 47 Oct 31 15:25:07.062945: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062948: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062949: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.062951: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.062952: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.062954: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.062955: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.062957: | length/value: 256 (01 00) Oct 31 15:25:07.062959: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.062961: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062962: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062964: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.062965: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.062967: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062968: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.062970: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.062971: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062974: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.062976: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:07.062977: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.062982: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.062988: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.062991: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.062994: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.062996: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.062999: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.063001: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.063004: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.063007: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.063009: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.063012: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:25:07.063014: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.063018: | discard DH=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.063021: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.063024: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.063027: | prop #: 4 (04) Oct 31 15:25:07.063030: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.063033: | spi size: 4 (04) Oct 31 15:25:07.063036: | # transforms: 4 (04) Oct 31 15:25:07.063038: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.063039: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.063041: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.063043: | our spi: 84 30 c8 47 Oct 31 15:25:07.063045: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.063046: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.063048: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.063049: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.063051: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.063052: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.063054: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.063056: | length/value: 128 (00 80) Oct 31 15:25:07.063057: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.063059: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.063060: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.063062: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.063063: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.063065: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.063066: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.063068: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.063069: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.063071: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.063074: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.063075: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:07.063077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.063078: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.063080: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.063082: | discard DH=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.063086: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.063090: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.063093: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.063095: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.063098: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.063100: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.063103: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.063106: | emitting length of IKEv2 Proposal Substructure Payload: 48 Oct 31 15:25:07.063109: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.063111: | emitting length of IKEv2 Security Association Payload: 164 Oct 31 15:25:07.063114: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:07.063118: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:07.063121: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.063124: | flags: none (0x0) Oct 31 15:25:07.063128: | number of TS: 1 (01) Oct 31 15:25:07.063131: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:25:07.063133: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.063136: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:07.063139: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.063141: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.063143: | start port: 0 (00 00) Oct 31 15:25:07.063145: | end port: 65535 (ff ff) Oct 31 15:25:07.063148: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:07.063150: | IP start: c0 00 03 00 Oct 31 15:25:07.063151: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:07.063153: | IP end: c0 00 03 ff Oct 31 15:25:07.063154: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:07.063156: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:25:07.063158: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:07.063159: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.063161: | flags: none (0x0) Oct 31 15:25:07.063162: | number of TS: 1 (01) Oct 31 15:25:07.063164: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:25:07.063166: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.063167: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:07.063169: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.063170: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.063172: | start port: 0 (00 00) Oct 31 15:25:07.063174: | end port: 65535 (ff ff) Oct 31 15:25:07.063179: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:07.063181: | IP start: c0 00 02 00 Oct 31 15:25:07.063182: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:07.063184: | IP end: c0 00 02 ff Oct 31 15:25:07.063186: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:07.063187: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:25:07.063189: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:25:07.063190: | initiator child policy is compress=no, NOT sending v2N_IPCOMP_SUPPORTED Oct 31 15:25:07.063192: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:07.063194: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.063196: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:07.063197: | emitting length of IKEv2 Encryption Payload: 338 Oct 31 15:25:07.063220: | emitting length of ISAKMP Message: 366 Oct 31 15:25:07.063232: | recording outgoing fragment failed Oct 31 15:25:07.063238: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.063241: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.063244: | #2 complete_v2_state_transition() in state V2_IKE_AUTH_CHILD_I0 PARENT_I1->PARENT_I2 with status STF_OK; .st_v2_transition=NULL Oct 31 15:25:07.063246: | transitioning from state STATE_PARENT_I1 to state STATE_PARENT_I2 Oct 31 15:25:07.063248: | Message ID: updating counters for #2 Oct 31 15:25:07.063253: | Message ID: CHILD #1.#2 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744581.485786 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.063257: | Message ID: CHILD #1.#2 updating initiator received message response 0: ike.initiator.sent=0 ike.initiator.recv=-1->0 ike.initiator.last_contact=744581.485786->744581.496046 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=0->-1 child.wip.responder=-1 Oct 31 15:25:07.063261: | Message ID: CHILD #1.#2 scheduling EVENT_RETRANSMIT: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744581.496046 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=1 child.wip.responder=-1 Oct 31 15:25:07.063264: "northnet-eastnet/0x1" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:25:07.063276: | event_schedule: newref EVENT_RETRANSMIT-pe@0x563af96cc5d8 Oct 31 15:25:07.063281: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 Oct 31 15:25:07.063284: | libevent_malloc: newref ptr-libevent@0x563af96cc328 size 128 Oct 31 15:25:07.063289: | #2 STATE_V2_IKE_AUTH_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744581.496069 Oct 31 15:25:07.063295: | Message ID: CHILD #1.#2 updating initiator sent message request 1: ike.initiator.sent=0->1 ike.initiator.recv=0 ike.initiator.last_contact=744581.496046 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1->1 child.wip.responder=-1 Oct 31 15:25:07.063299: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744581.496046 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:07.063301: | child state #2: V2_IKE_AUTH_CHILD_I0(ignore) => PARENT_I2(open IKE SA) Oct 31 15:25:07.063303: | announcing the state transition Oct 31 15:25:07.063306: "northnet-eastnet/0x2" #1: sent IKE_AUTH request {auth=IKEv2 cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=MODP2048} Oct 31 15:25:07.063319: | sending 366 bytes for STATE_PARENT_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:07.063322: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.063324: | 2e 20 23 08 00 00 00 01 00 00 01 6e 23 00 01 52 Oct 31 15:25:07.063326: | a3 04 d3 0c 77 76 5b 26 05 15 ac 5c 5c 93 78 f3 Oct 31 15:25:07.063327: | 57 01 a8 d7 07 88 02 5c 92 2b 7d bb d0 4c bf 89 Oct 31 15:25:07.063329: | 72 cb 4c c4 e1 e8 44 5d 07 eb 38 ac 5d bc cd 4d Oct 31 15:25:07.063330: | f3 42 9a 53 e6 d0 6e c8 04 90 a9 b8 25 03 88 31 Oct 31 15:25:07.063331: | 0f 78 4d f0 92 dd ca 45 e2 b8 b8 e9 e1 7e 61 00 Oct 31 15:25:07.063333: | be 90 82 d4 dd 70 1c 81 c5 db 5a 47 ac a3 d8 51 Oct 31 15:25:07.063334: | d4 e6 2b 73 0c 85 ad 4b eb 31 88 7a 89 45 85 94 Oct 31 15:25:07.063335: | 23 f6 28 53 67 47 62 4f bd 06 36 8e 84 ed a4 2a Oct 31 15:25:07.063337: | 9c 1e de bc a9 0f f0 ac 51 bf eb 4d 37 82 d7 f7 Oct 31 15:25:07.063338: | 71 7b 25 65 e4 c2 46 d1 70 3d d2 f0 a2 fd fa 00 Oct 31 15:25:07.063339: | ee 50 c1 6d 38 44 f6 c0 83 6e 7f 8b 3c 1a 58 6c Oct 31 15:25:07.063341: | 50 b1 b7 6c 8f ec 7d 53 b1 89 45 44 17 e0 09 6d Oct 31 15:25:07.063342: | ca 11 ce 07 64 ad 91 fb 52 80 87 85 05 00 56 ea Oct 31 15:25:07.063343: | f1 de 9f 9d 3d 10 dc 21 2a 88 24 70 2c 23 40 bf Oct 31 15:25:07.063345: | 74 d9 e7 40 fc e4 0e 02 0b 7a 1e 90 8a 0d 05 6a Oct 31 15:25:07.063346: | 4c 0e 75 f2 82 6f 08 51 60 14 4b 5c 95 09 93 d0 Oct 31 15:25:07.063347: | 67 30 80 01 34 4d 34 5e 84 97 42 db f9 7f b7 29 Oct 31 15:25:07.063349: | e0 e8 02 e0 77 5a bc e4 c3 c7 2c a7 95 b8 f3 1d Oct 31 15:25:07.063350: | ab b3 57 31 5e 8c 87 f8 f1 6b 24 e8 fa 88 68 50 Oct 31 15:25:07.063352: | 22 db af a1 1f e9 83 01 e8 b3 57 9e 72 87 d0 65 Oct 31 15:25:07.063353: | f9 35 00 0b de 7b 68 72 37 29 4b 25 26 b1 Oct 31 15:25:07.063392: | sent 1 messages Oct 31 15:25:07.063395: | checking that a retransmit timeout_event was already Oct 31 15:25:07.063396: | state #2 has no .st_event to delete Oct 31 15:25:07.063399: | delref logger@0x563af96c3ce8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:07.063401: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.063403: | delref fd@0x563af96c3b98(5->4) (in free_logger() at log.c:854) Oct 31 15:25:07.063406: | resume sending helper answer back to state for #1 suppresed complete_v2_state_transition(); MD.ST was switched Oct 31 15:25:07.063408: | delref mdp@0x563af96c8fa8(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.063410: | delref logger@0x563af96b3f38(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.063411: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.063413: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:07.063418: | #1 spent 1.44 (1.48) milliseconds in resume sending helper answer back to state Oct 31 15:25:07.063421: | stop processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:07.063424: | libevent_free: delref ptr-libevent@0x7feda400b578 Oct 31 15:25:07.099396: | spent 0.00235 (0.00242) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:07.099414: | newref struct msg_digest@0x563af96c8fa8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.099418: | newref alloc logger@0x563af96c3ce8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.099428: | *received 225 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:07.099431: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.099433: | 2e 20 23 20 00 00 00 01 00 00 00 e1 24 00 00 c5 Oct 31 15:25:07.099436: | fb 47 a3 13 08 c7 d2 e2 f3 78 a8 0c 4c 7c 3b 1e Oct 31 15:25:07.099438: | 14 ae d4 8d 25 e4 57 5d fb e1 c5 ab 3a 1f 0b 77 Oct 31 15:25:07.099440: | 30 a0 f9 39 3f ef e8 cf 3f ec 2e da 48 52 b2 d7 Oct 31 15:25:07.099445: | 9d 80 ae bd 69 5a 18 c6 f5 5e 76 cb d2 5d 64 3b Oct 31 15:25:07.099447: | 49 79 a2 02 a5 61 a3 bb 59 2d f7 d2 e7 97 7e 79 Oct 31 15:25:07.099449: | 16 21 5d 63 d3 ce d4 e0 65 88 4e 93 18 23 57 93 Oct 31 15:25:07.099452: | 9d d7 53 0a 60 af 06 55 dc e1 2a cc 3a ec 77 f9 Oct 31 15:25:07.099459: | ff 18 f8 f8 2c 0a b5 75 2c f3 82 68 f6 83 39 09 Oct 31 15:25:07.099461: | 02 8d 49 2f cb 0f 92 0c a3 d7 e0 ec df 63 07 31 Oct 31 15:25:07.099463: | 15 42 5a da 0e 3e ae 54 56 f8 3c 98 98 99 87 9e Oct 31 15:25:07.099465: | c8 6f 93 a8 77 d0 c1 cf 6d 5b e4 4f c3 c5 f3 8d Oct 31 15:25:07.099467: | 67 04 b1 4e af 54 64 ef 8c a2 e1 7a 69 c8 79 55 Oct 31 15:25:07.099469: | 2d Oct 31 15:25:07.099475: | **parse ISAKMP Message: Oct 31 15:25:07.099480: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.099485: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.099488: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:07.099491: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.099493: | exchange type: ISAKMP_v2_IKE_AUTH (0x23) Oct 31 15:25:07.099496: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:07.099501: | Message ID: 1 (00 00 00 01) Oct 31 15:25:07.099504: | length: 225 (00 00 00 e1) Oct 31 15:25:07.099507: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_AUTH (35) Oct 31 15:25:07.099510: | I am the IKE SA Original Initiator receiving an IKEv2 IKE_AUTH response Oct 31 15:25:07.099514: | State DB: found IKEv2 state #1 in PARENT_I2 (find_v2_ike_sa) Oct 31 15:25:07.099519: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:07.099521: | State DB: found IKEv2 state #2 in PARENT_I2 (find_v2_sa_by_initiator_wip) Oct 31 15:25:07.099523: | #2 is idle Oct 31 15:25:07.099524: | #2 idle Oct 31 15:25:07.099527: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:07.099530: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:07.099531: | unpacking clear payload Oct 31 15:25:07.099533: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:07.099536: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:07.099537: | next payload type: ISAKMP_NEXT_v2IDr (0x24) Oct 31 15:25:07.099539: | flags: none (0x0) Oct 31 15:25:07.099541: | length: 197 (00 c5) Oct 31 15:25:07.099542: | processing payload: ISAKMP_NEXT_v2SK (len=193) Oct 31 15:25:07.099544: | #2 in state PARENT_I2: sent IKE_AUTH request Oct 31 15:25:07.099557: | #1 ikev2 ISAKMP_v2_IKE_AUTH decrypt success Oct 31 15:25:07.099563: | Now let's proceed with payload (ISAKMP_NEXT_v2IDr) Oct 31 15:25:07.099565: | **parse IKEv2 Identification - Responder - Payload: Oct 31 15:25:07.099567: | next payload type: ISAKMP_NEXT_v2AUTH (0x27) Oct 31 15:25:07.099568: | flags: none (0x0) Oct 31 15:25:07.099570: | length: 12 (00 0c) Oct 31 15:25:07.099572: | ID type: ID_FQDN (0x2) Oct 31 15:25:07.099574: | reserved: 00 00 00 Oct 31 15:25:07.099575: | processing payload: ISAKMP_NEXT_v2IDr (len=4) Oct 31 15:25:07.099576: | Now let's proceed with payload (ISAKMP_NEXT_v2AUTH) Oct 31 15:25:07.099578: | **parse IKEv2 Authentication Payload: Oct 31 15:25:07.099580: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:07.099581: | flags: none (0x0) Oct 31 15:25:07.099583: | length: 72 (00 48) Oct 31 15:25:07.099584: | auth method: IKEv2_AUTH_SHARED (0x2) Oct 31 15:25:07.099586: | processing payload: ISAKMP_NEXT_v2AUTH (len=64) Oct 31 15:25:07.099587: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:07.099589: | **parse IKEv2 Security Association Payload: Oct 31 15:25:07.099590: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:25:07.099592: | flags: none (0x0) Oct 31 15:25:07.099593: | length: 36 (00 24) Oct 31 15:25:07.099596: | processing payload: ISAKMP_NEXT_v2SA (len=32) Oct 31 15:25:07.099597: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:25:07.099599: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:07.099600: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:25:07.099602: | flags: none (0x0) Oct 31 15:25:07.099604: | length: 24 (00 18) Oct 31 15:25:07.099605: | number of TS: 1 (01) Oct 31 15:25:07.099607: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:25:07.099608: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:25:07.099610: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:07.099611: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.099612: | flags: none (0x0) Oct 31 15:25:07.099614: | length: 24 (00 18) Oct 31 15:25:07.099616: | number of TS: 1 (01) Oct 31 15:25:07.099617: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:25:07.099619: | selected state microcode Initiator: process IKE_AUTH response Oct 31 15:25:07.099621: | calling processor Initiator: process IKE_AUTH response Oct 31 15:25:07.099624: | no certs to decode Oct 31 15:25:07.099628: | offered CA: '%none' Oct 31 15:25:07.099630: "northnet-eastnet/0x1" #2: IKEv2 mode peer ID is ID_FQDN: '@east' Oct 31 15:25:07.099667: | verifying AUTH payload Oct 31 15:25:07.099671: | ikev2_calculate_psk_sighash() called from STATE_PARENT_I2 to verify PSK with authby=secret Oct 31 15:25:07.099673: | lsw_get_secret() using IDs for @north->@east of kind PKK_PSK Oct 31 15:25:07.099676: | line 1: key type PKK_PSK(@north) to type PKK_PSK Oct 31 15:25:07.099679: | 1: compared key @north to @north / @east -> 010 Oct 31 15:25:07.099681: | 2: compared key @east to @north / @east -> 014 Oct 31 15:25:07.099682: | line 1: match=014 Oct 31 15:25:07.099684: | match 014 beats previous best_match 000 match=0x563af96c31f8 (line=1) Oct 31 15:25:07.099686: | concluding with best_match=014 best=0x563af96c31f8 (lineno=1) Oct 31 15:25:07.099735: "northnet-eastnet/0x2" #1: authenticated using authby=secret Oct 31 15:25:07.099747: | parent state #1: PARENT_I2(open IKE SA) => ESTABLISHED_IKE_SA(established IKE SA) Oct 31 15:25:07.099753: | #1 will start re-keying in 2607 seconds with margin of 993 seconds (attempting re-key) Oct 31 15:25:07.099755: | state #1 deleting .st_event EVENT_SA_REPLACE Oct 31 15:25:07.099758: | libevent_free: delref ptr-libevent@0x563af96cb3b8 Oct 31 15:25:07.099759: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x563af96c86a8 Oct 31 15:25:07.099762: | event_schedule: newref EVENT_SA_REKEY-pe@0x563af96cacc8 Oct 31 15:25:07.099763: | inserting event EVENT_SA_REKEY, timeout in 2607 seconds for #1 Oct 31 15:25:07.099765: | libevent_malloc: newref ptr-libevent@0x7feda400b578 size 128 Oct 31 15:25:07.099825: | pstats #1 ikev2.ike established Oct 31 15:25:07.099831: | TSi: parsing 1 traffic selectors Oct 31 15:25:07.099833: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:07.099835: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.099837: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.099839: | length: 16 (00 10) Oct 31 15:25:07.099841: | start port: 0 (00 00) Oct 31 15:25:07.099843: | end port: 65535 (ff ff) Oct 31 15:25:07.099844: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:07.099846: | TS low Oct 31 15:25:07.099847: | c0 00 03 00 Oct 31 15:25:07.099849: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:07.099850: | TS high Oct 31 15:25:07.099852: | c0 00 03 ff Oct 31 15:25:07.099853: | TSi: parsed 1 traffic selectors Oct 31 15:25:07.099855: | TSr: parsing 1 traffic selectors Oct 31 15:25:07.099856: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:07.099857: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.099859: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.099861: | length: 16 (00 10) Oct 31 15:25:07.099862: | start port: 0 (00 00) Oct 31 15:25:07.099864: | end port: 65535 (ff ff) Oct 31 15:25:07.099866: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:07.099869: | TS low Oct 31 15:25:07.099870: | c0 00 02 00 Oct 31 15:25:07.099872: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:07.099873: | TS high Oct 31 15:25:07.099874: | c0 00 02 ff Oct 31 15:25:07.099876: | TSr: parsed 1 traffic selectors Oct 31 15:25:07.099880: | evaluating our conn="northnet-eastnet/0x1" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:25:07.099883: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:07.099888: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:25:07.099891: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:07.099892: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:07.099894: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:07.099896: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:07.099899: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:07.099902: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:25:07.099904: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:07.099905: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:07.099907: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:07.099909: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:07.099910: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:07.099912: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:25:07.099913: | printing contents struct traffic_selector Oct 31 15:25:07.099914: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:07.099916: | ipprotoid: 0 Oct 31 15:25:07.099917: | port range: 0-65535 Oct 31 15:25:07.099920: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:25:07.099921: | printing contents struct traffic_selector Oct 31 15:25:07.099922: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:07.099924: | ipprotoid: 0 Oct 31 15:25:07.099925: | port range: 0-65535 Oct 31 15:25:07.099927: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:25:07.099936: | using existing local ESP/AH proposals for northnet-eastnet/0x1 (IKE_AUTH initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-NONE-DISABLED 2:ESP=AES_GCM_C_128-NONE-NONE-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-DISABLED Oct 31 15:25:07.099938: | comparing remote proposals against IKE_AUTH initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:25:07.099941: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:07.099943: | local proposal 1 type PRF has 0 transforms Oct 31 15:25:07.099944: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:07.099946: | local proposal 1 type DH has 1 transforms Oct 31 15:25:07.099947: | local proposal 1 type ESN has 1 transforms Oct 31 15:25:07.099949: | local proposal 1 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:25:07.099951: | local proposal 2 type ENCR has 1 transforms Oct 31 15:25:07.099952: | local proposal 2 type PRF has 0 transforms Oct 31 15:25:07.099954: | local proposal 2 type INTEG has 1 transforms Oct 31 15:25:07.099955: | local proposal 2 type DH has 1 transforms Oct 31 15:25:07.099957: | local proposal 2 type ESN has 1 transforms Oct 31 15:25:07.099959: | local proposal 2 transforms: required: ENCR+ESN; optional: INTEG+DH Oct 31 15:25:07.099960: | local proposal 3 type ENCR has 1 transforms Oct 31 15:25:07.099961: | local proposal 3 type PRF has 0 transforms Oct 31 15:25:07.099963: | local proposal 3 type INTEG has 2 transforms Oct 31 15:25:07.099964: | local proposal 3 type DH has 1 transforms Oct 31 15:25:07.099966: | local proposal 3 type ESN has 1 transforms Oct 31 15:25:07.099967: | local proposal 3 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:25:07.099969: | local proposal 4 type ENCR has 1 transforms Oct 31 15:25:07.099971: | local proposal 4 type PRF has 0 transforms Oct 31 15:25:07.099973: | local proposal 4 type INTEG has 2 transforms Oct 31 15:25:07.099974: | local proposal 4 type DH has 1 transforms Oct 31 15:25:07.099976: | local proposal 4 type ESN has 1 transforms Oct 31 15:25:07.099977: | local proposal 4 transforms: required: ENCR+INTEG+ESN; optional: DH Oct 31 15:25:07.099979: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.099981: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.099983: | length: 32 (00 20) Oct 31 15:25:07.099985: | prop #: 1 (01) Oct 31 15:25:07.099986: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.099988: | spi size: 4 (04) Oct 31 15:25:07.099990: | # transforms: 2 (02) Oct 31 15:25:07.099992: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:25:07.099993: | remote SPI Oct 31 15:25:07.099994: | 29 8f f4 25 Oct 31 15:25:07.099996: | Comparing remote proposal 1 containing 2 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:25:07.099998: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.100000: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.100002: | length: 12 (00 0c) Oct 31 15:25:07.100003: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.100005: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.100006: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.100008: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.100010: | length/value: 256 (01 00) Oct 31 15:25:07.100013: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:07.100014: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.100016: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.100018: | length: 8 (00 08) Oct 31 15:25:07.100019: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.100021: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.100023: | remote proposal 1 transform 1 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:25:07.100025: | remote proposal 1 proposed transforms: ENCR+ESN; matched: ENCR+ESN; unmatched: none Oct 31 15:25:07.100027: | comparing remote proposal 1 containing ENCR+ESN transforms to local proposal 1; required: ENCR+ESN; optional: INTEG+DH; matched: ENCR+ESN Oct 31 15:25:07.100029: | remote proposal 1 matches local proposal 1 Oct 31 15:25:07.100031: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED[first-match] Oct 31 15:25:07.100034: | IKE_AUTH initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-DISABLED SPI=298ff425 Oct 31 15:25:07.100035: | converting proposal to internal trans attrs Oct 31 15:25:07.100040: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:25:07.100101: | install_ipsec_sa() for #2: inbound and outbound Oct 31 15:25:07.100106: | could_route called for northnet-eastnet/0x1; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:25:07.100108: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.100110: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.100111: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.100113: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.100115: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.100117: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:25:07.100119: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:25:07.100121: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:25:07.100123: | AES_GCM_16 requires 4 salt bytes Oct 31 15:25:07.100124: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:25:07.100127: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.100131: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Oct 31 15:25:07.100133: | netlink: enabling tunnel mode Oct 31 15:25:07.100134: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:07.100136: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.100138: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.100187: | netlink response for Add SA esp.298ff425@192.1.2.23 included non-error error Oct 31 15:25:07.100190: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:25:07.100192: | set up outgoing SA, ref=0/0 Oct 31 15:25:07.100193: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:25:07.100195: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:25:07.100196: | AES_GCM_16 requires 4 salt bytes Oct 31 15:25:07.100212: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:25:07.100219: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.100221: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x1' not available on interface eth1 Oct 31 15:25:07.100222: | netlink: enabling tunnel mode Oct 31 15:25:07.100224: | XFRM: adding IPsec SA with reqid 16389 Oct 31 15:25:07.100225: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.100227: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.100252: | netlink response for Add SA esp.8430c847@192.1.3.33 included non-error error Oct 31 15:25:07.100255: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:25:07.100256: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:25:07.100258: | setup_half_ipsec_sa() before proto 50 Oct 31 15:25:07.100259: | setup_half_ipsec_sa() after proto 50 Oct 31 15:25:07.100260: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:25:07.100262: | priority calculation of connection "northnet-eastnet/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:07.100267: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:07.100269: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.100289: | raw_eroute result=success Oct 31 15:25:07.100291: | set up incoming SA, ref=0/0 Oct 31 15:25:07.100293: | sr for #2: unrouted Oct 31 15:25:07.100294: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:25:07.100296: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.100298: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.100299: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.100301: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.100302: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.100304: | route owner of "northnet-eastnet/0x1" unrouted: NULL; eroute owner: NULL Oct 31 15:25:07.100306: | route_and_eroute with c: northnet-eastnet/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Oct 31 15:25:07.100308: | priority calculation of connection "northnet-eastnet/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:07.100313: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 using reqid 16389 (raw_eroute) proto=50 Oct 31 15:25:07.100315: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.100323: | raw_eroute result=success Oct 31 15:25:07.100325: | running updown command "ipsec _updown" for verb up Oct 31 15:25:07.100327: | command executing up-client Oct 31 15:25:07.100330: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:07.100335: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:07.100355: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO... Oct 31 15:25:07.100358: | popen cmd is 1131 chars long Oct 31 15:25:07.100360: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Oct 31 15:25:07.100362: | cmd( 80):1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:07.100363: | cmd( 160):_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIEN: Oct 31 15:25:07.100365: | cmd( 240):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:25:07.100366: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TY: Oct 31 15:25:07.100367: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:25:07.100369: | cmd( 480):2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:25:07.100370: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:25:07.100371: | cmd( 640): PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAP: Oct 31 15:25:07.100373: | cmd( 720):IP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_: Oct 31 15:25:07.100374: | cmd( 800):ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' : Oct 31 15:25:07.100376: | cmd( 880):PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CL: Oct 31 15:25:07.100377: | cmd( 960):IENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE=: Oct 31 15:25:07.100378: | cmd(1040):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x298ff425 SPI_OUT=0x8430c847 ipsec _: Oct 31 15:25:07.100380: | cmd(1120):updown 2>&1: Oct 31 15:25:07.118865: | route_and_eroute: firewall_notified: true Oct 31 15:25:07.118886: | running updown command "ipsec _updown" for verb prepare Oct 31 15:25:07.118892: | command executing prepare-client Oct 31 15:25:07.118899: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:07.118918: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:07.118958: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED... Oct 31 15:25:07.118962: | popen cmd is 1136 chars long Oct 31 15:25:07.118966: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:25:07.118968: | cmd( 80):et/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' : Oct 31 15:25:07.118974: | cmd( 160):PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_: Oct 31 15:25:07.118977: | cmd( 240):CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.: Oct 31 15:25:07.118979: | cmd( 320):255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_: Oct 31 15:25:07.118982: | cmd( 400):SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='1: Oct 31 15:25:07.118984: | cmd( 480):92.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.2: Oct 31 15:25:07.118987: | cmd( 560):55.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=': Oct 31 15:25:07.118989: | cmd( 640):xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OV: Oct 31 15:25:07.118992: | cmd( 720):ERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_: Oct 31 15:25:07.118994: | cmd( 800):CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INF: Oct 31 15:25:07.118996: | cmd( 880):O='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_C: Oct 31 15:25:07.118999: | cmd( 960):FG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_I: Oct 31 15:25:07.119001: | cmd(1040):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x298ff425 SPI_OUT=0x8430c847 ip: Oct 31 15:25:07.119003: | cmd(1120):sec _updown 2>&1: Oct 31 15:25:07.129592: | running updown command "ipsec _updown" for verb route Oct 31 15:25:07.129603: | command executing route-client Oct 31 15:25:07.129608: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:07.129623: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:07.129645: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0'... Oct 31 15:25:07.129648: | popen cmd is 1134 chars long Oct 31 15:25:07.129650: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Oct 31 15:25:07.129651: | cmd( 80):/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PL: Oct 31 15:25:07.129653: | cmd( 160):UTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CL: Oct 31 15:25:07.129654: | cmd( 240):IENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.25: Oct 31 15:25:07.129655: | cmd( 320):5.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA: Oct 31 15:25:07.129657: | cmd( 400):_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192: Oct 31 15:25:07.129659: | cmd( 480):.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255: Oct 31 15:25:07.129661: | cmd( 560):.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xf: Oct 31 15:25:07.129663: | cmd( 640):rm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVER: Oct 31 15:25:07.129668: | cmd( 720):LAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO: Oct 31 15:25:07.129674: | cmd( 800):NN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=: Oct 31 15:25:07.129676: | cmd( 880):'' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG: Oct 31 15:25:07.129679: | cmd( 960):_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFA: Oct 31 15:25:07.129681: | cmd(1040):CE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x298ff425 SPI_OUT=0x8430c847 ipse: Oct 31 15:25:07.129684: | cmd(1120):c _updown 2>&1: Oct 31 15:25:07.142244: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142279: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142287: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142293: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142300: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142307: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142321: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142350: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142376: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142406: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142422: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142439: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142454: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142469: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142484: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142498: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142778: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142791: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142870: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142879: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142884: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142889: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142893: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142933: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142948: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.142966: "northnet-eastnet/0x1" #2: route-client output: Error: Peer netns reference is invalid. Oct 31 15:25:07.147080: | route_and_eroute: instance "northnet-eastnet/0x1", setting eroute_owner {spd=0x563af96c1f38,sr=0x563af96c1f38} to #2 (was #0) (newest_ipsec_sa=#0) Oct 31 15:25:07.147147: | inR2: instance northnet-eastnet/0x1[0], setting IKEv2 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Oct 31 15:25:07.147159: | #2 spent 1.59 (47.5) milliseconds in processing: Initiator: process IKE_AUTH response in v2_dispatch() Oct 31 15:25:07.147166: | [RE]START processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.147169: | #2 complete_v2_state_transition() PARENT_I2->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=NULL Oct 31 15:25:07.147177: | transitioning from state STATE_PARENT_I2 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:07.147254: | Message ID: updating counters for #2 Oct 31 15:25:07.147265: | Message ID: CHILD #1.#2 clearing EVENT_RETRANSMIT as response received: ike.initiator.sent=1 ike.initiator.recv=0 ike.initiator.last_contact=744581.496046 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.147268: | #2 requesting EVENT_RETRANSMIT-pe@0x563af96cc5d8 be deleted Oct 31 15:25:07.147273: | libevent_free: delref ptr-libevent@0x563af96cc328 Oct 31 15:25:07.147276: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x563af96cc5d8 Oct 31 15:25:07.147278: | #2 STATE_PARENT_I2: retransmits: cleared Oct 31 15:25:07.147283: | Message ID: CHILD #1.#2 updating initiator received message response 1: ike.initiator.sent=1 ike.initiator.recv=0->1 ike.initiator.last_contact=744581.496046->744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=1->-1 child.wip.responder=-1 Oct 31 15:25:07.147287: | Message ID: CHILD #1.#2 skipping update_send as nothing to send: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.147291: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:07.147294: | child state #2: PARENT_I2(open IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:25:07.147296: | pstats #2 ikev2.child established Oct 31 15:25:07.147298: | announcing the state transition Oct 31 15:25:07.147305: "northnet-eastnet/0x1" #2: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:25:07.147317: | NAT-T: encaps is 'auto' Oct 31 15:25:07.147321: "northnet-eastnet/0x1" #2: IPsec SA established tunnel mode {ESP=>0x298ff425 <0x8430c847 xfrm=AES_GCM_16_256-NONE NATOA=none NATD=none DPD=passive} Oct 31 15:25:07.147325: | releasing #2's fd-fd@0x563af96c3b98 because IKEv2 transitions finished Oct 31 15:25:07.147327: | delref fd@0x563af96c3b98(4->3) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.147329: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.147331: | unpending #2's IKE SA #1 Oct 31 15:25:07.147333: | unpending state #1 connection "northnet-eastnet/0x1" Oct 31 15:25:07.147336: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x1" Oct 31 15:25:07.147338: | delref fd@0x563af96c3b98(3->2) (in delete_pending() at pending.c:218) Oct 31 15:25:07.147340: | removing pending policy for no connection {0x563af96c3e08} Oct 31 15:25:07.147342: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:25:07.147347: | newref alloc logger@0x563af96c86a8(0->1) (in new_state() at state.c:576) Oct 31 15:25:07.147349: | addref fd@0x563af96c3b98(2->3) (in new_state() at state.c:577) Oct 31 15:25:07.147350: | creating state object #3 at 0x563af96ced18 Oct 31 15:25:07.147353: | State DB: adding IKEv2 state #3 in UNDEFINED Oct 31 15:25:07.147356: | pstats #3 ikev2.child started Oct 31 15:25:07.147359: | duplicating state object #1 "northnet-eastnet/0x2" as #3 for IPSEC SA Oct 31 15:25:07.147495: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:07.147505: | Message ID: CHILD #1.#3 initializing (CHILD SA): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:07.147510: | child state #3: UNDEFINED(ignore) => V2_NEW_CHILD_I0(established IKE SA) Oct 31 15:25:07.147513: | #3.st_v2_transition NULL -> V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:25:07.147516: | suspend processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:07.147519: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:07.147522: | create child proposal's DH changed from no-PFS to MODP2048, flushing Oct 31 15:25:07.147524: | constructing ESP/AH proposals with default DH MODP2048 for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals) Oct 31 15:25:07.147531: | converting proposal AES_GCM_16_256-NONE to ikev2 ... Oct 31 15:25:07.147536: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:07.147538: | converting proposal AES_GCM_16_128-NONE to ikev2 ... Oct 31 15:25:07.147540: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:07.147543: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:07.147545: | ... ikev2_proposal: 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:07.147547: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 ... Oct 31 15:25:07.147550: | ... ikev2_proposal: 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:07.147552: "northnet-eastnet/0x2": local ESP/AH proposals (ESP/AH initiator emitting proposals): Oct 31 15:25:07.147554: "northnet-eastnet/0x2": 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED Oct 31 15:25:07.147557: "northnet-eastnet/0x2": 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED Oct 31 15:25:07.147559: "northnet-eastnet/0x2": 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:07.147561: "northnet-eastnet/0x2": 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:07.147565: | #3 schedule initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO using IKE# 1 pfs=MODP2048 Oct 31 15:25:07.147567: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x563af96cb3d8 Oct 31 15:25:07.147569: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #3 Oct 31 15:25:07.147572: | libevent_malloc: newref ptr-libevent@0x563af96ca888 size 128 Oct 31 15:25:07.147576: | RESET processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:25:07.147579: | delete from pending Child SA with 192.1.2.23 "northnet-eastnet/0x2" Oct 31 15:25:07.147581: | delref fd@0x563af96c3b98(3->2) (in delete_pending() at pending.c:218) Oct 31 15:25:07.147582: | removing pending policy for no connection {0x563af96c3bd8} Oct 31 15:25:07.147584: | releasing #1's fd-fd@0x563af96c3b98 because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:25:07.147586: | delref fd@0x563af96c3b98(2->1) (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.147588: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.147590: | #2 will start re-keying in 28048 seconds with margin of 752 seconds (attempting re-key) Oct 31 15:25:07.147592: | state #2 has no .st_event to delete Oct 31 15:25:07.147594: | event_schedule: newref EVENT_SA_REKEY-pe@0x563af96cc328 Oct 31 15:25:07.147596: | inserting event EVENT_SA_REKEY, timeout in 28048 seconds for #2 Oct 31 15:25:07.147597: | libevent_malloc: newref ptr-libevent@0x563af96c85f8 size 128 Oct 31 15:25:07.147600: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:07.147605: | #1 spent 2.08 (48.2) milliseconds in ikev2_process_packet() Oct 31 15:25:07.147607: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:07.147609: | delref mdp@0x563af96c8fa8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:07.147612: | delref logger@0x563af96c3ce8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:07.147614: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.147615: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:07.147619: | spent 2.09 (48.2) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:07.147629: | timer_event_cb: processing event@0x563af96cb3d8 Oct 31 15:25:07.147631: | handling event EVENT_v2_INITIATE_CHILD for child state #3 Oct 31 15:25:07.147633: | libevent_free: delref ptr-libevent@0x563af96ca888 Oct 31 15:25:07.147634: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x563af96cb3d8 Oct 31 15:25:07.147637: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:07.147642: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:07.147644: | addref fd@0x563af96c3b98(1->2) (in clone_logger() at log.c:810) Oct 31 15:25:07.147646: | newref clone logger@0x563af96c3ce8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:07.147648: | job 3 for #3: Child Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:25:07.147649: | state #3 has no .st_event to delete Oct 31 15:25:07.147651: | #3 STATE_V2_NEW_CHILD_I0: retransmits: cleared Oct 31 15:25:07.147653: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x563af96cb3d8 Oct 31 15:25:07.147654: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:07.147656: | libevent_malloc: newref ptr-libevent@0x563af96ca888 size 128 Oct 31 15:25:07.147663: | #3 spent 0.0331 (0.0331) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:25:07.147666: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:07.147668: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.147672: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.147675: | spent 0.00387 (0.00385) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:07.147677: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.147679: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.147681: | spent 0.00229 (0.00229) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:07.147683: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.147681: | job 3 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper 4 starting job Oct 31 15:25:07.147685: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.147707: | spent 0.0118 (0.0207) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:07.149859: | "northnet-eastnet/0x2" #3: spent 2.14 (2.18) milliseconds in helper 4 processing job 3 for state #3: Child Initiator KE and nonce ni (pcr) Oct 31 15:25:07.149874: | job 3 for #3: Child Initiator KE and nonce ni (build KE and nonce): helper thread 4 sending result back to state Oct 31 15:25:07.149879: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:07.149884: | libevent_malloc: newref ptr-libevent@0x7feda8006108 size 128 Oct 31 15:25:07.149888: | libevent_realloc: delref ptr-libevent@0x563af9682868 Oct 31 15:25:07.149890: | libevent_realloc: newref ptr-libevent@0x563af960efb8 size 128 Oct 31 15:25:07.149897: | helper thread 4 has nothing to do Oct 31 15:25:07.149924: | processing resume sending helper answer back to state for #3 Oct 31 15:25:07.149934: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:07.149937: | unsuspending #3 MD (nil) Oct 31 15:25:07.149940: | job 3 for #3: Child Initiator KE and nonce ni (build KE and nonce): processing response from helper 4 Oct 31 15:25:07.149942: | job 3 for #3: Child Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x563af7accfe7 Oct 31 15:25:07.149944: | ikev2_child_outI_continue() for #3 STATE_V2_NEW_CHILD_I0 Oct 31 15:25:07.149947: | DH secret MODP2048@0x7feda8006ba8: transferring ownership from helper KE to state #3 Oct 31 15:25:07.149951: | adding CHILD SA #3 to IKE SA #1 message initiator queue Oct 31 15:25:07.149957: | Message ID: CHILD #1.#3 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.149959: | scheduling callback v2_msgid_schedule_next_initiator (#1) Oct 31 15:25:07.149961: | libevent_malloc: newref ptr-libevent@0x7fedac006108 size 128 Oct 31 15:25:07.149965: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.149968: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_SUSPEND Oct 31 15:25:07.149969: | no MD to suspend Oct 31 15:25:07.149972: | delref logger@0x563af96c3ce8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:07.149974: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.149976: | delref fd@0x563af96c3b98(2->1) (in free_logger() at log.c:854) Oct 31 15:25:07.149978: | resume sending helper answer back to state for #3 suppresed complete_v2_state_transition() Oct 31 15:25:07.149980: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:07.149985: | #3 spent 0.0459 (0.0459) milliseconds in resume sending helper answer back to state Oct 31 15:25:07.149988: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:07.149990: | libevent_free: delref ptr-libevent@0x7feda8006108 Oct 31 15:25:07.149993: | libevent_free: delref ptr-libevent@0x7fedac006108 Oct 31 15:25:07.149995: | processing callback v2_msgid_schedule_next_initiator for #1 Oct 31 15:25:07.149999: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:828) Oct 31 15:25:07.150003: | Message ID: CHILD #1.#3 resuming SA using IKE SA (unack 0): ike.initiator.sent=1 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.150007: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:25:07.150009: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:675) Oct 31 15:25:07.150011: | unsuspending #3 MD (nil) Oct 31 15:25:07.150016: | opening output PBS reply packet Oct 31 15:25:07.150018: | **emit ISAKMP Message: Oct 31 15:25:07.150021: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.150024: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.150026: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:07.150028: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.150029: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:07.150032: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:07.150034: | Message ID: 2 (00 00 00 02) Oct 31 15:25:07.150036: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:07.150039: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:07.150040: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.150042: | flags: none (0x0) Oct 31 15:25:07.150044: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:07.150046: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.150048: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:07.150074: | netlink_get_spi: allocated 0x6f03cd30 for esp.0@192.1.3.33 Oct 31 15:25:07.150077: | Emitting ikev2_proposals ... Oct 31 15:25:07.150079: | ****emit IKEv2 Security Association Payload: Oct 31 15:25:07.150082: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.150084: | flags: none (0x0) Oct 31 15:25:07.150085: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:07.150087: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.150090: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.150092: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.150094: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.150096: | prop #: 1 (01) Oct 31 15:25:07.150098: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.150100: | spi size: 4 (04) Oct 31 15:25:07.150101: | # transforms: 3 (03) Oct 31 15:25:07.150103: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.150106: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.150108: | our spi: 6f 03 cd 30 Oct 31 15:25:07.150110: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150111: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150113: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.150114: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.150116: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150118: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.150120: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.150122: | length/value: 256 (01 00) Oct 31 15:25:07.150124: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.150126: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.150127: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150129: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150131: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.150132: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.150134: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150136: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150137: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150139: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150141: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.150142: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.150144: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.150146: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150147: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150149: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150151: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:25:07.150152: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.150154: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:07.150156: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.150158: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.150159: | prop #: 2 (02) Oct 31 15:25:07.150161: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.150164: | spi size: 4 (04) Oct 31 15:25:07.150165: | # transforms: 3 (03) Oct 31 15:25:07.150167: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.150169: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.150171: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.150173: | our spi: 6f 03 cd 30 Oct 31 15:25:07.150175: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150176: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150178: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.150179: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.150181: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150183: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.150185: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.150187: | length/value: 128 (00 80) Oct 31 15:25:07.150188: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.150190: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:07.150192: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150193: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150195: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.150196: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.150202: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150207: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150209: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150211: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150212: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.150214: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.150215: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.150217: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150218: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150220: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150221: | emitting length of IKEv2 Proposal Substructure Payload: 40 Oct 31 15:25:07.150223: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.150225: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.150226: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.150228: | prop #: 3 (03) Oct 31 15:25:07.150230: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.150232: | spi size: 4 (04) Oct 31 15:25:07.150233: | # transforms: 5 (05) Oct 31 15:25:07.150235: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.150237: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.150239: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.150240: | our spi: 6f 03 cd 30 Oct 31 15:25:07.150242: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150245: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150246: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.150248: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.150249: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150251: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.150252: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.150254: | length/value: 256 (01 00) Oct 31 15:25:07.150256: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.150258: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150259: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150260: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.150262: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.150264: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150265: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150267: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150268: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150269: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150271: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.150272: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:07.150274: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150275: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150277: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150279: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150281: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150284: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.150286: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.150289: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150291: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150293: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150301: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150303: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.150306: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.150308: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.150311: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150314: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150317: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150319: | emitting length of IKEv2 Proposal Substructure Payload: 56 Oct 31 15:25:07.150322: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.150325: | *****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.150327: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.150329: | prop #: 4 (04) Oct 31 15:25:07.150332: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.150333: | spi size: 4 (04) Oct 31 15:25:07.150335: | # transforms: 5 (05) Oct 31 15:25:07.150337: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:07.150338: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:07.150340: | emitting 4 raw bytes of our spi into IKEv2 Proposal Substructure Payload Oct 31 15:25:07.150342: | our spi: 6f 03 cd 30 Oct 31 15:25:07.150344: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150345: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150347: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.150348: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:07.150349: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150351: | *******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.150353: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.150354: | length/value: 128 (00 80) Oct 31 15:25:07.150356: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:07.150357: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150359: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150360: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.150362: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:07.150363: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150365: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150366: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150368: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150369: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150370: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:07.150372: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:07.150373: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150375: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150376: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150378: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150379: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150380: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.150382: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.150383: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150385: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150386: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150388: | ******emit IKEv2 Transform Substructure Payload: Oct 31 15:25:07.150389: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.150391: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.150392: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.150394: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.150396: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:07.150397: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:07.150399: | emitting length of IKEv2 Proposal Substructure Payload: 56 Oct 31 15:25:07.150400: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:07.150402: | emitting length of IKEv2 Security Association Payload: 196 Oct 31 15:25:07.150403: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:07.150405: | ****emit IKEv2 Nonce Payload: Oct 31 15:25:07.150406: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.150408: | flags: none (0x0) Oct 31 15:25:07.150410: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:07.150411: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.150413: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:07.150415: | IKEv2 nonce: Oct 31 15:25:07.150416: | b6 ef e2 5a 13 ec 53 34 df d4 84 ac d8 12 b7 05 Oct 31 15:25:07.150418: | a7 0d 62 59 ae 92 72 7b 5c 24 f4 14 b4 68 92 eb Oct 31 15:25:07.150422: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:07.150424: | ****emit IKEv2 Key Exchange Payload: Oct 31 15:25:07.150426: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.150427: | flags: none (0x0) Oct 31 15:25:07.150429: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.150430: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:07.150432: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.150434: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:07.150435: | ikev2 g^x: Oct 31 15:25:07.150437: | 67 ce 9b c7 7f ef 37 80 63 33 bd 50 54 bf 6a 45 Oct 31 15:25:07.150438: | 52 a7 18 77 04 8d 1b 5d 7f 8a 53 42 91 e0 f6 32 Oct 31 15:25:07.150439: | ca 4b d7 08 02 2d 2b 12 33 26 bb af 6a c5 4b f2 Oct 31 15:25:07.150441: | 6d b5 2e 98 25 fe a2 47 5e 40 4b f2 6c 07 78 aa Oct 31 15:25:07.150442: | ea 8d 90 c7 b0 20 5c 4c ac 62 0d 6e 9b eb 63 dd Oct 31 15:25:07.150443: | b0 bc 96 85 31 36 4c d1 11 d7 af d5 ed 8f 6f 5b Oct 31 15:25:07.150445: | 15 24 06 ac 06 72 52 4e a2 e7 7e a9 91 97 7f 29 Oct 31 15:25:07.150446: | bb ad ec 6b 48 6c d2 b6 24 b7 83 a5 bf 3b 83 34 Oct 31 15:25:07.150447: | 5f 93 2b 4e b5 b3 ff b1 af 1d 7c a1 ec a3 f4 3d Oct 31 15:25:07.150449: | fc 9b 51 2e 7c 3b e9 d0 82 49 0c e5 9f d3 6c b9 Oct 31 15:25:07.150450: | 3b 44 4f 05 c2 ab b3 f1 fe 62 8f 68 22 ed 6e 90 Oct 31 15:25:07.150451: | 7b ea da 36 4a b3 18 af 9a 96 2b 42 b5 e5 3a 50 Oct 31 15:25:07.150453: | 3e 07 b7 98 e6 bd 81 4d 65 35 63 2e 3b f2 4f b0 Oct 31 15:25:07.150454: | 4e b5 eb 70 39 ea aa 36 0d 35 0b 1b a3 de 18 a9 Oct 31 15:25:07.150456: | 38 1b 8b 53 5d ab 99 eb f0 83 ce 42 6b ef 77 a1 Oct 31 15:25:07.150457: | 04 c9 14 36 c3 76 ad 32 e8 69 1d a0 ca 98 f4 7e Oct 31 15:25:07.150458: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:25:07.150461: | ****emit IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:07.150463: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.150464: | flags: none (0x0) Oct 31 15:25:07.150466: | number of TS: 1 (01) Oct 31 15:25:07.150468: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Traffic Selector - Initiator - Payload (44:ISAKMP_NEXT_v2TSi) Oct 31 15:25:07.150469: | next payload chain: saving location 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.150472: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:07.150473: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.150475: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.150477: | start port: 0 (00 00) Oct 31 15:25:07.150479: | end port: 65535 (ff ff) Oct 31 15:25:07.150481: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:07.150483: | IP start: c0 00 03 00 Oct 31 15:25:07.150484: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:07.150486: | IP end: c0 00 03 ff Oct 31 15:25:07.150488: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:07.150489: | emitting length of IKEv2 Traffic Selector - Initiator - Payload: 24 Oct 31 15:25:07.150490: | ****emit IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:07.150492: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.150493: | flags: none (0x0) Oct 31 15:25:07.150495: | number of TS: 1 (01) Oct 31 15:25:07.150497: | next payload chain: setting previous 'IKEv2 Traffic Selector - Initiator - Payload'.'next payload type' to current IKEv2 Traffic Selector - Responder - Payload (45:ISAKMP_NEXT_v2TSr) Oct 31 15:25:07.150498: | next payload chain: saving location 'IKEv2 Traffic Selector - Responder - Payload'.'next payload type' in 'reply packet' Oct 31 15:25:07.150500: | *****emit IKEv2 Traffic Selector: Oct 31 15:25:07.150501: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.150502: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.150504: | start port: 0 (00 00) Oct 31 15:25:07.150506: | end port: 65535 (ff ff) Oct 31 15:25:07.150508: | emitting 4 raw bytes of IP start into IKEv2 Traffic Selector Oct 31 15:25:07.150509: | IP start: c0 00 02 00 Oct 31 15:25:07.150511: | emitting 4 raw bytes of IP end into IKEv2 Traffic Selector Oct 31 15:25:07.150513: | IP end: c0 00 02 ff Oct 31 15:25:07.150514: | emitting length of IKEv2 Traffic Selector: 16 Oct 31 15:25:07.150516: | emitting length of IKEv2 Traffic Selector - Responder - Payload: 24 Oct 31 15:25:07.150517: | Initiator child policy is tunnel mode, NOT sending v2N_USE_TRANSPORT_MODE Oct 31 15:25:07.150519: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:07.150521: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:07.150522: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:07.150524: | emitting length of IKEv2 Encryption Payload: 573 Oct 31 15:25:07.150525: | emitting length of ISAKMP Message: 601 Oct 31 15:25:07.150539: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.150542: | #3 complete_v2_state_transition() V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 with status STF_OK Oct 31 15:25:07.150544: | transitioning from state STATE_V2_NEW_CHILD_I0 to state STATE_V2_NEW_CHILD_I1 Oct 31 15:25:07.150545: | Message ID: updating counters for #3 Oct 31 15:25:07.150547: | Message ID: IKE #1 skipping update_recv as MD is fake Oct 31 15:25:07.150551: | Message ID: CHILD #1.#3 scheduling EVENT_RETRANSMIT: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=2 child.wip.responder=-1 Oct 31 15:25:07.150554: "northnet-eastnet/0x2" #3: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:25:07.150564: | event_schedule: newref EVENT_RETRANSMIT-pe@0x563af960f068 Oct 31 15:25:07.150566: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #3 Oct 31 15:25:07.150567: | libevent_malloc: newref ptr-libevent@0x563af96c91e8 size 128 Oct 31 15:25:07.150570: | #3 STATE_V2_NEW_CHILD_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744581.583359 Oct 31 15:25:07.150575: | Message ID: CHILD #1.#3 updating initiator sent message request 2: ike.initiator.sent=1->2 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1->2 child.wip.responder=-1 Oct 31 15:25:07.150580: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:07.150583: | child state #3: V2_NEW_CHILD_I0(established IKE SA) => V2_NEW_CHILD_I1(established IKE SA) Oct 31 15:25:07.150585: | announcing the state transition Oct 31 15:25:07.150589: "northnet-eastnet/0x2" #3: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:25:07.150601: | sending 601 bytes for STATE_V2_NEW_CHILD_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:07.150606: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.150609: | 2e 20 24 08 00 00 00 02 00 00 02 59 21 00 02 3d Oct 31 15:25:07.150611: | d3 d9 e1 da 63 e9 05 0f 53 44 5d 6d 71 5e d3 0f Oct 31 15:25:07.150612: | eb b3 46 cd a1 75 12 17 01 6e f9 6c 21 a2 11 ac Oct 31 15:25:07.150614: | ba 3a 12 93 cd 83 23 dd 5a 56 d3 15 90 34 c8 ba Oct 31 15:25:07.150615: | 31 8e ce 30 20 96 72 68 82 60 f0 f5 d8 51 11 a6 Oct 31 15:25:07.150616: | a9 4e e1 02 08 6e b9 26 c3 4a 82 dd 51 e3 e2 d3 Oct 31 15:25:07.150618: | ee 23 cb d7 34 27 81 27 21 8a f5 c6 ac 5b 7f 7d Oct 31 15:25:07.150619: | fc 4f 1a 78 25 8d ad 2b 19 4a 83 2a b8 b4 f4 35 Oct 31 15:25:07.150620: | 7b 52 0f e7 77 d8 6c 49 bc d9 8c f1 65 14 da d1 Oct 31 15:25:07.150622: | 1c 57 d2 76 9e a8 2b 2c 72 61 69 6f 83 2a 6d 3e Oct 31 15:25:07.150623: | 99 06 ae b6 3f d4 4d af 04 fa b7 eb 54 06 f0 1f Oct 31 15:25:07.150624: | c7 e7 3b 6b 36 c9 7f 0c 77 3b 1e 70 ab 3e 09 9a Oct 31 15:25:07.150626: | 7f 71 5e 37 86 d9 50 63 77 0b 3a c2 ef 56 b5 e0 Oct 31 15:25:07.150627: | 76 5a ac ab d5 87 2e 44 6a 76 a6 67 8e c1 9d a8 Oct 31 15:25:07.150628: | 5c 1f 48 da 4e d4 26 48 bb a0 17 63 73 6e 2a 3c Oct 31 15:25:07.150630: | 69 34 62 8f ba a0 09 f7 be 7a c5 fd c7 51 2e 0d Oct 31 15:25:07.150631: | 3f 7d e0 aa ed 25 73 9a 34 03 3e cb 05 a3 f5 1f Oct 31 15:25:07.150632: | 5f f3 ee 43 25 9c 62 4e b5 28 02 a3 39 b8 18 fe Oct 31 15:25:07.150634: | c6 0b 84 c4 ad 1c 65 98 d8 f8 3c 84 6d 35 51 ea Oct 31 15:25:07.150635: | a7 3a be d0 67 1b d0 20 8f 1c b9 99 66 6c 2e ee Oct 31 15:25:07.150636: | 74 30 ae fd 29 7c 4b fd d2 e5 b0 cf 1d 4e bd ea Oct 31 15:25:07.150638: | c7 c1 8e 6c 00 7c 63 dc 38 ff c0 bf 5e f8 ee 27 Oct 31 15:25:07.150639: | 71 6d 4f 64 f6 40 9e ce c4 4a 39 5f b7 2f 36 5f Oct 31 15:25:07.150640: | 3f c6 1c 1e c1 66 e6 41 12 0e 7b f6 ab dc 1a 39 Oct 31 15:25:07.150642: | 78 54 75 e7 40 91 26 06 8a f4 94 03 e8 da e1 e0 Oct 31 15:25:07.150643: | 0a 96 5b 9c 83 05 4f 68 f0 9f 4c 2c 70 94 c6 28 Oct 31 15:25:07.150644: | f6 11 94 53 18 65 6a 97 ed 5d f1 15 03 94 08 55 Oct 31 15:25:07.150646: | 4c 16 93 89 7e 30 9d 43 f1 ff a2 f4 b3 1a ac fe Oct 31 15:25:07.150647: | dd 7a 42 28 83 59 91 34 b1 46 67 21 7e 6e 7a c4 Oct 31 15:25:07.150648: | 00 ac 30 72 aa 88 16 c4 12 1c 16 8b ac 64 16 8a Oct 31 15:25:07.150650: | 4a 31 8c d7 e7 b5 63 67 2f 6f 77 79 79 c4 87 3d Oct 31 15:25:07.150651: | 20 04 5b d7 51 7a 17 05 03 42 9e aa 3b fe 60 cf Oct 31 15:25:07.150652: | 1a 97 6c ad 0c 88 44 bf 01 2a b7 f0 dc 9e 2e 7c Oct 31 15:25:07.150654: | d0 83 8a 84 a4 ac eb 8b 37 e0 1a f7 a5 3e 23 02 Oct 31 15:25:07.150655: | 69 d0 72 02 89 10 d8 7a d5 85 a9 a0 e3 8b 4e c6 Oct 31 15:25:07.150656: | 2c 46 3b 6c f2 f9 3f cb dc 16 09 38 78 ef 2b f8 Oct 31 15:25:07.150658: | 99 75 cf 38 46 a6 f6 da d3 Oct 31 15:25:07.150959: | sent 1 messages Oct 31 15:25:07.150964: | checking that a retransmit timeout_event was already Oct 31 15:25:07.150968: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:07.150971: | libevent_free: delref ptr-libevent@0x563af96ca888 Oct 31 15:25:07.150973: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x563af96cb3d8 Oct 31 15:25:07.150976: | delref mdp@NULL (in initiate_next() at ikev2_msgid.c:705) Oct 31 15:25:07.150979: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:25:07.150982: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in initiate_next() at ikev2_msgid.c:707) Oct 31 15:25:07.150985: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in callback_handler() at server.c:832) Oct 31 15:25:07.150989: | spent 0.949 (0.99) milliseconds in callback v2_msgid_schedule_next_initiator Oct 31 15:25:07.157634: | spent 0.0032 (0.00319) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:07.157661: | newref struct msg_digest@0x563af96d09d8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.157666: | newref alloc logger@0x563af96c3ce8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:07.157672: | *received 449 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:07.157675: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.157677: | 2e 20 24 20 00 00 00 02 00 00 01 c1 21 00 01 a5 Oct 31 15:25:07.157679: | 04 db 65 da 77 ba ed 99 f7 c3 f6 ea d1 a3 96 b5 Oct 31 15:25:07.157681: | de 28 42 a9 8f 6a a7 90 7f eb 1f 89 4e 89 70 7a Oct 31 15:25:07.157683: | 5a 1d b5 46 c2 2b 3b 0f 74 a3 b3 5d 61 88 b6 d9 Oct 31 15:25:07.157688: | 3f a3 2c 38 10 6a 73 00 42 cf 8a a1 38 04 8e f3 Oct 31 15:25:07.157691: | 47 76 9f de 48 67 1a 6b 78 a5 c4 8c 0a fe cb 0e Oct 31 15:25:07.157693: | f6 fd 94 81 c2 90 59 ec 89 b2 f1 0f d2 77 a6 9a Oct 31 15:25:07.157696: | 02 c8 f9 54 06 62 ce 71 c0 ef e9 e8 39 fb 2f dd Oct 31 15:25:07.157698: | a1 b2 26 4d b8 47 09 a2 bf 53 d9 60 56 b9 4c c6 Oct 31 15:25:07.157700: | df 76 e6 10 93 17 af 0e ff 0d f4 15 01 80 10 f8 Oct 31 15:25:07.157702: | d0 2c 47 af 2a 91 43 06 7e 38 80 5c fb 72 0c f6 Oct 31 15:25:07.157705: | e2 7b fd f2 4b d3 a3 56 24 1a 42 c7 e6 0c 30 c6 Oct 31 15:25:07.157708: | 4d 69 c0 d8 21 49 88 e1 ba ba 0c 93 a6 da 1c db Oct 31 15:25:07.157710: | e4 26 66 47 e6 ff 8e b5 05 37 bc c7 23 03 a7 b6 Oct 31 15:25:07.157712: | 7b 0f 50 a2 61 60 1c e2 ec fb 00 6c de 79 f5 0e Oct 31 15:25:07.157715: | 23 6f 82 9a 10 f8 a0 eb 58 c5 de 64 67 99 df 3a Oct 31 15:25:07.157717: | 7d 37 34 ad 3c 91 db 35 41 2f a6 26 f2 42 f5 10 Oct 31 15:25:07.157719: | 09 d6 33 0e 74 24 63 2f 45 5d fb 19 62 cb 79 cf Oct 31 15:25:07.157721: | 18 f0 3c c4 a0 a8 26 ce ea d2 05 a8 56 1b d0 87 Oct 31 15:25:07.157724: | ce fb 00 60 fc 13 23 83 8e 98 21 ef 19 91 7f 97 Oct 31 15:25:07.157726: | 0f a8 dd 81 12 0f c0 07 dd 6e a0 f8 15 d8 8b 24 Oct 31 15:25:07.157728: | ce 79 c9 74 cc 7d 31 67 2c 26 55 4c 74 2c 7e 40 Oct 31 15:25:07.157731: | c8 b7 97 92 55 71 3a 86 87 72 10 9a 96 d4 40 73 Oct 31 15:25:07.157734: | 6a 88 d0 86 a3 73 d3 0f 04 9e 66 7a 4a 12 bb 13 Oct 31 15:25:07.157736: | 90 7a 21 e7 39 66 83 65 50 74 cd f3 62 ad 26 5f Oct 31 15:25:07.157739: | 3e 70 fe d1 49 85 fe e1 b7 d5 17 b8 d9 4c 57 90 Oct 31 15:25:07.157741: | 10 da 1b f7 70 c5 b2 9b de ed 53 87 98 f3 03 9d Oct 31 15:25:07.157744: | a4 Oct 31 15:25:07.157752: | **parse ISAKMP Message: Oct 31 15:25:07.157758: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:07.157762: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:07.157765: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:07.157768: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:07.157771: | exchange type: ISAKMP_v2_CREATE_CHILD_SA (0x24) Oct 31 15:25:07.157774: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20) Oct 31 15:25:07.157779: | Message ID: 2 (00 00 00 02) Oct 31 15:25:07.157785: | length: 449 (00 00 01 c1) Oct 31 15:25:07.157789: | processing version=2.0 packet with exchange type=ISAKMP_v2_CREATE_CHILD_SA (36) Oct 31 15:25:07.157792: | I am the IKE SA Original Initiator receiving an IKEv2 CREATE_CHILD_SA response Oct 31 15:25:07.157797: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:07.157805: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:07.157808: | State DB: found IKEv2 state #3 in V2_NEW_CHILD_I1 (find_v2_sa_by_initiator_wip) Oct 31 15:25:07.157812: | #3 is idle Oct 31 15:25:07.157814: | #3 idle Oct 31 15:25:07.157818: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:07.157823: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:07.157826: | unpacking clear payload Oct 31 15:25:07.157828: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:07.157832: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:07.157835: | next payload type: ISAKMP_NEXT_v2SA (0x21) Oct 31 15:25:07.157837: | flags: none (0x0) Oct 31 15:25:07.157840: | length: 421 (01 a5) Oct 31 15:25:07.157842: | processing payload: ISAKMP_NEXT_v2SK (len=417) Oct 31 15:25:07.157845: | #3 in state V2_NEW_CHILD_I1: sent CREATE_CHILD_SA request for new IPsec SA Oct 31 15:25:07.157861: | #1 ikev2 ISAKMP_v2_CREATE_CHILD_SA decrypt success Oct 31 15:25:07.157864: | Now let's proceed with payload (ISAKMP_NEXT_v2SA) Oct 31 15:25:07.157867: | **parse IKEv2 Security Association Payload: Oct 31 15:25:07.157869: | next payload type: ISAKMP_NEXT_v2Ni (0x28) Oct 31 15:25:07.157871: | flags: none (0x0) Oct 31 15:25:07.157874: | length: 44 (00 2c) Oct 31 15:25:07.157876: | processing payload: ISAKMP_NEXT_v2SA (len=40) Oct 31 15:25:07.157878: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni) Oct 31 15:25:07.157880: | **parse IKEv2 Nonce Payload: Oct 31 15:25:07.157882: | next payload type: ISAKMP_NEXT_v2KE (0x22) Oct 31 15:25:07.157884: | flags: none (0x0) Oct 31 15:25:07.157886: | length: 36 (00 24) Oct 31 15:25:07.157888: | processing payload: ISAKMP_NEXT_v2Ni (len=32) Oct 31 15:25:07.157890: | Now let's proceed with payload (ISAKMP_NEXT_v2KE) Oct 31 15:25:07.157893: | **parse IKEv2 Key Exchange Payload: Oct 31 15:25:07.157895: | next payload type: ISAKMP_NEXT_v2TSi (0x2c) Oct 31 15:25:07.157897: | flags: none (0x0) Oct 31 15:25:07.157900: | length: 264 (01 08) Oct 31 15:25:07.157902: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.157904: | processing payload: ISAKMP_NEXT_v2KE (len=256) Oct 31 15:25:07.157906: | Now let's proceed with payload (ISAKMP_NEXT_v2TSi) Oct 31 15:25:07.157908: | **parse IKEv2 Traffic Selector - Initiator - Payload: Oct 31 15:25:07.157911: | next payload type: ISAKMP_NEXT_v2TSr (0x2d) Oct 31 15:25:07.157913: | flags: none (0x0) Oct 31 15:25:07.157915: | length: 24 (00 18) Oct 31 15:25:07.157917: | number of TS: 1 (01) Oct 31 15:25:07.157919: | processing payload: ISAKMP_NEXT_v2TSi (len=16) Oct 31 15:25:07.157921: | Now let's proceed with payload (ISAKMP_NEXT_v2TSr) Oct 31 15:25:07.157924: | **parse IKEv2 Traffic Selector - Responder - Payload: Oct 31 15:25:07.157926: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:07.157928: | flags: none (0x0) Oct 31 15:25:07.157930: | length: 24 (00 18) Oct 31 15:25:07.157933: | number of TS: 1 (01) Oct 31 15:25:07.157935: | processing payload: ISAKMP_NEXT_v2TSr (len=16) Oct 31 15:25:07.157937: | selected state microcode Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:25:07.157943: | #1 updating local interface from 192.1.3.33:500 to 192.1.3.33:500 using md->iface (in update_ike_endpoints() at state.c:2631) Oct 31 15:25:07.157946: | forcing ST #3 to CHILD #1.#3 in FSM processor Oct 31 15:25:07.157948: | calling processor Process CREATE_CHILD_SA IPsec SA Response Oct 31 15:25:07.157963: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (CREATE_CHILD_SA initiator accepting remote ESP/AH proposal): 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:07.157967: | comparing remote proposals against CREATE_CHILD_SA initiator accepting remote ESP/AH proposal 4 local proposals Oct 31 15:25:07.157970: | local proposal 1 type ENCR has 1 transforms Oct 31 15:25:07.157973: | local proposal 1 type PRF has 0 transforms Oct 31 15:25:07.157975: | local proposal 1 type INTEG has 1 transforms Oct 31 15:25:07.157977: | local proposal 1 type DH has 1 transforms Oct 31 15:25:07.157979: | local proposal 1 type ESN has 1 transforms Oct 31 15:25:07.157982: | local proposal 1 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:25:07.157984: | local proposal 2 type ENCR has 1 transforms Oct 31 15:25:07.157986: | local proposal 2 type PRF has 0 transforms Oct 31 15:25:07.157989: | local proposal 2 type INTEG has 1 transforms Oct 31 15:25:07.157991: | local proposal 2 type DH has 1 transforms Oct 31 15:25:07.157993: | local proposal 2 type ESN has 1 transforms Oct 31 15:25:07.157996: | local proposal 2 transforms: required: ENCR+DH+ESN; optional: INTEG Oct 31 15:25:07.157998: | local proposal 3 type ENCR has 1 transforms Oct 31 15:25:07.158000: | local proposal 3 type PRF has 0 transforms Oct 31 15:25:07.158002: | local proposal 3 type INTEG has 2 transforms Oct 31 15:25:07.158069: | local proposal 3 type DH has 1 transforms Oct 31 15:25:07.158074: | local proposal 3 type ESN has 1 transforms Oct 31 15:25:07.158077: | local proposal 3 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:25:07.158079: | local proposal 4 type ENCR has 1 transforms Oct 31 15:25:07.158082: | local proposal 4 type PRF has 0 transforms Oct 31 15:25:07.158084: | local proposal 4 type INTEG has 2 transforms Oct 31 15:25:07.158086: | local proposal 4 type DH has 1 transforms Oct 31 15:25:07.158088: | local proposal 4 type ESN has 1 transforms Oct 31 15:25:07.158090: | local proposal 4 transforms: required: ENCR+INTEG+DH+ESN; optional: none Oct 31 15:25:07.158094: | ***parse IKEv2 Proposal Substructure Payload: Oct 31 15:25:07.158096: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:07.158099: | length: 40 (00 28) Oct 31 15:25:07.158102: | prop #: 1 (01) Oct 31 15:25:07.158105: | proto ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:07.158108: | spi size: 4 (04) Oct 31 15:25:07.158110: | # transforms: 3 (03) Oct 31 15:25:07.158113: | parsing 4 raw bytes of IKEv2 Proposal Substructure Payload into remote SPI Oct 31 15:25:07.158115: | remote SPI Oct 31 15:25:07.158117: | 19 40 60 e2 Oct 31 15:25:07.158120: | Comparing remote proposal 1 containing 3 transforms against local proposal [1..1] of 4 local proposals Oct 31 15:25:07.158123: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.158125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.158128: | length: 12 (00 0c) Oct 31 15:25:07.158130: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:07.158133: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:07.158136: | *****parse IKEv2 Attribute Substructure Payload: Oct 31 15:25:07.158138: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:07.158141: | length/value: 256 (01 00) Oct 31 15:25:07.158145: | remote proposal 1 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0 Oct 31 15:25:07.158148: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.158150: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:07.158152: | length: 8 (00 08) Oct 31 15:25:07.158154: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:07.158157: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:07.158160: | remote proposal 1 transform 1 (DH=MODP2048) matches local proposal 1 type 4 (DH) transform 0 Oct 31 15:25:07.158167: | ****parse IKEv2 Transform Substructure Payload: Oct 31 15:25:07.158169: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:07.158172: | length: 8 (00 08) Oct 31 15:25:07.158174: | IKEv2 transform type: TRANS_TYPE_ESN (0x5) Oct 31 15:25:07.158177: | IKEv2 transform ID: ESN_DISABLED (0x0) Oct 31 15:25:07.158180: | remote proposal 1 transform 2 (ESN=DISABLED) matches local proposal 1 type 5 (ESN) transform 0 Oct 31 15:25:07.158183: | remote proposal 1 proposed transforms: ENCR+DH+ESN; matched: ENCR+DH+ESN; unmatched: none Oct 31 15:25:07.158187: | comparing remote proposal 1 containing ENCR+DH+ESN transforms to local proposal 1; required: ENCR+DH+ESN; optional: INTEG; matched: ENCR+DH+ESN Oct 31 15:25:07.158189: | remote proposal 1 matches local proposal 1 Oct 31 15:25:07.158193: | remote accepted the proposal 1:ESP:ENCR=AES_GCM_C_256;DH=MODP2048;ESN=DISABLED[first-match] Oct 31 15:25:07.158215: | CREATE_CHILD_SA initiator accepting remote ESP/AH proposal ikev2_proposal: 1:ESP=AES_GCM_C_256-MODP2048-DISABLED SPI=194060e2 Oct 31 15:25:07.158222: | converting proposal to internal trans attrs Oct 31 15:25:07.158227: | updating #3's .st_oakley with preserved PRF, but why update? Oct 31 15:25:07.158233: | DH secret MODP2048@0x7feda8006ba8: transferring ownership from state #3 to helper DH Oct 31 15:25:07.158238: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:07.158241: | addref fd@0x563af96c3b98(1->2) (in clone_logger() at log.c:810) Oct 31 15:25:07.158245: | newref clone logger@0x563af96c5e98(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:07.158248: | job 4 for #3: ikev2 Child SA initiator pfs=yes (dh): adding job to queue Oct 31 15:25:07.158250: | state #3 has no .st_event to delete Oct 31 15:25:07.158253: | #3 requesting EVENT_RETRANSMIT-pe@0x563af960f068 be deleted Oct 31 15:25:07.158258: | libevent_free: delref ptr-libevent@0x563af96c91e8 Oct 31 15:25:07.158261: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x563af960f068 Oct 31 15:25:07.158263: | #3 STATE_V2_NEW_CHILD_I1: retransmits: cleared Oct 31 15:25:07.158266: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x563af96cb3d8 Oct 31 15:25:07.158269: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Oct 31 15:25:07.158271: | libevent_malloc: newref ptr-libevent@0x563af96ca888 size 128 Oct 31 15:25:07.158284: | #3 spent 0.256 (0.328) milliseconds in processing: Process CREATE_CHILD_SA IPsec SA Response in v2_dispatch() Oct 31 15:25:07.158291: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.158296: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_SUSPEND; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:25:07.158296: | job 4 for #3: ikev2 Child SA initiator pfs=yes (dh): helper 3 starting job Oct 31 15:25:07.158298: | suspending state #3 and saving MD 0x563af96d09d8 Oct 31 15:25:07.158313: | addref md@0x563af96d09d8(1->2) (in complete_v2_state_transition() at ikev2.c:3485) Oct 31 15:25:07.158316: | #3 is busy; has suspended MD 0x563af96d09d8 Oct 31 15:25:07.158321: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:07.158326: | #1 spent 0.627 (0.703) milliseconds in ikev2_process_packet() Oct 31 15:25:07.158329: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:07.158332: | delref mdp@0x563af96d09d8(2->1) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:07.158336: | spent 0.637 (0.714) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:07.159446: | "northnet-eastnet/0x2" #3: spent 0.954 (1.15) milliseconds in helper 3 processing job 4 for state #3: ikev2 Child SA initiator pfs=yes (dh) Oct 31 15:25:07.159463: | job 4 for #3: ikev2 Child SA initiator pfs=yes (dh): helper thread 3 sending result back to state Oct 31 15:25:07.159468: | scheduling resume sending helper answer back to state for #3 Oct 31 15:25:07.159476: | libevent_malloc: newref ptr-libevent@0x7fed9c001fb8 size 128 Oct 31 15:25:07.159487: | helper thread 3 has nothing to do Oct 31 15:25:07.159499: | processing resume sending helper answer back to state for #3 Oct 31 15:25:07.159511: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:07.159516: | unsuspending #3 MD 0x563af96d09d8 Oct 31 15:25:07.159520: | job 4 for #3: ikev2 Child SA initiator pfs=yes (dh): processing response from helper 3 Oct 31 15:25:07.159523: | job 4 for #3: ikev2 Child SA initiator pfs=yes (dh): calling continuation function 0x563af7ace7cb Oct 31 15:25:07.159526: | DH secret MODP2048@0x7feda8006ba8: transferring ownership from helper IKEv2 DH to state #3 Oct 31 15:25:07.159529: | ikev2_child_inR_continue() for #3 STATE_V2_NEW_CHILD_I1 Oct 31 15:25:07.159534: | TSi: parsing 1 traffic selectors Oct 31 15:25:07.159538: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:07.159541: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.159543: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.159547: | length: 16 (00 10) Oct 31 15:25:07.159550: | start port: 0 (00 00) Oct 31 15:25:07.159553: | end port: 65535 (ff ff) Oct 31 15:25:07.159556: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:07.159557: | TS low Oct 31 15:25:07.159559: | c0 00 03 00 Oct 31 15:25:07.159562: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:07.159564: | TS high Oct 31 15:25:07.159566: | c0 00 03 ff Oct 31 15:25:07.159569: | TSi: parsed 1 traffic selectors Oct 31 15:25:07.159571: | TSr: parsing 1 traffic selectors Oct 31 15:25:07.159573: | ***parse IKEv2 Traffic Selector: Oct 31 15:25:07.159575: | TS type: IKEv2_TS_IPV4_ADDR_RANGE (0x7) Oct 31 15:25:07.159578: | IP Protocol ID: ALL (0x0) Oct 31 15:25:07.159581: | length: 16 (00 10) Oct 31 15:25:07.159584: | start port: 0 (00 00) Oct 31 15:25:07.159587: | end port: 65535 (ff ff) Oct 31 15:25:07.159589: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS low Oct 31 15:25:07.159592: | TS low Oct 31 15:25:07.159594: | c0 00 02 00 Oct 31 15:25:07.159602: | parsing 4 raw bytes of IKEv2 Traffic Selector into TS high Oct 31 15:25:07.159604: | TS high Oct 31 15:25:07.159606: | c0 00 02 ff Oct 31 15:25:07.159609: | TSr: parsed 1 traffic selectors Oct 31 15:25:07.159616: | evaluating our conn="northnet-eastnet/0x2" I=192.0.3.0/24:0:0/0 R=192.0.2.0/24:0:0/0 to their: Oct 31 15:25:07.159621: | TSi[0] .net=192.0.3.0-192.0.3.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:07.159630: | match address end->client=192.0.3.0/24 == TSi[0]net=192.0.3.0-192.0.3.255: YES fitness 32 Oct 31 15:25:07.159633: | narrow port end=0..65535 == TSi[0]=0..65535: 0 Oct 31 15:25:07.159635: | TSi[0] port match: YES fitness 65536 Oct 31 15:25:07.159638: | narrow protocol end=*0 == TSi[0]=*0: 0 Oct 31 15:25:07.159641: | match end->protocol=*0 == TSi[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:07.159645: | TSr[0] .net=192.0.2.0-192.0.2.255 .iporotoid=0 .{start,end}port=0..65535 Oct 31 15:25:07.159652: | match address end->client=192.0.2.0/24 == TSr[0]net=192.0.2.0-192.0.2.255: YES fitness 32 Oct 31 15:25:07.159655: | narrow port end=0..65535 == TSr[0]=0..65535: 0 Oct 31 15:25:07.159658: | TSr[0] port match: YES fitness 65536 Oct 31 15:25:07.159660: | narrow protocol end=*0 == TSr[0]=*0: 0 Oct 31 15:25:07.159663: | match end->protocol=*0 == TSr[0].ipprotoid=*0: YES fitness 255 Oct 31 15:25:07.159665: | best fit so far: TSi[0] TSr[0] Oct 31 15:25:07.159667: | found an acceptable TSi/TSr Traffic Selector Oct 31 15:25:07.159669: | printing contents struct traffic_selector Oct 31 15:25:07.159672: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:07.159674: | ipprotoid: 0 Oct 31 15:25:07.159676: | port range: 0-65535 Oct 31 15:25:07.159680: | ip range: 192.0.3.0-192.0.3.255 Oct 31 15:25:07.159682: | printing contents struct traffic_selector Oct 31 15:25:07.159688: | ts_type: IKEv2_TS_IPV4_ADDR_RANGE Oct 31 15:25:07.159691: | ipprotoid: 0 Oct 31 15:25:07.159693: | port range: 0-65535 Oct 31 15:25:07.159697: | ip range: 192.0.2.0-192.0.2.255 Oct 31 15:25:07.159703: | integ=NONE: .key_size=0 encrypt=AES_GCM_16: .key_size=32 .salt_size=4 keymat_len=36 Oct 31 15:25:07.159801: | install_ipsec_sa() for #3: inbound and outbound Oct 31 15:25:07.159806: | could_route called for northnet-eastnet/0x2; kind=CK_PERMANENT that.has_client=yes oppo=no this.host_port=500 Oct 31 15:25:07.159809: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.159812: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.159815: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.159819: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.159821: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.159826: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Oct 31 15:25:07.159829: | overlapping permitted with "northnet-eastnet/0x1" #2 Oct 31 15:25:07.159833: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:25:07.159837: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:25:07.159839: | AES_GCM_16 requires 4 salt bytes Oct 31 15:25:07.159842: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:25:07.159846: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.159849: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Oct 31 15:25:07.159853: | netlink: enabling tunnel mode Oct 31 15:25:07.159855: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:25:07.159858: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.159860: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.160087: | netlink response for Add SA esp.194060e2@192.1.2.23 included non-error error Oct 31 15:25:07.160094: | setup_half_ipsec_sa() is installing inbound eroute? inbound=0 owner=#0 mode=1 Oct 31 15:25:07.160097: | set up outgoing SA, ref=0/0 Oct 31 15:25:07.160100: | looking for alg with encrypt: AES_GCM_16 keylen: 256 integ: NONE Oct 31 15:25:07.160103: | encrypt AES_GCM_16 keylen=256 transid=20, key_size=32, encryptalg=20 Oct 31 15:25:07.160106: | AES_GCM_16 requires 4 salt bytes Oct 31 15:25:07.160109: | st->st_esp.keymat_len=36 is encrypt_keymat_size=36 + integ_keymat_size=0 Oct 31 15:25:07.160113: | setting IPsec SA replay-window to 32 Oct 31 15:25:07.160116: | NIC esp-hw-offload not for connection 'northnet-eastnet/0x2' not available on interface eth1 Oct 31 15:25:07.160119: | netlink: enabling tunnel mode Oct 31 15:25:07.160121: | XFRM: adding IPsec SA with reqid 16393 Oct 31 15:25:07.160124: | netlink: setting IPsec SA replay-window to 32 using old-style req Oct 31 15:25:07.160126: | netlink: esp-hw-offload not set for IPsec SA Oct 31 15:25:07.160285: | netlink response for Add SA esp.6f03cd30@192.1.3.33 included non-error error Oct 31 15:25:07.160294: | setup_half_ipsec_sa() is installing inbound eroute? inbound=1 owner=#0 mode=1 Oct 31 15:25:07.160297: | setup_half_ipsec_sa() is installing inbound eroute Oct 31 15:25:07.160300: | setup_half_ipsec_sa() before proto 50 Oct 31 15:25:07.160302: | setup_half_ipsec_sa() after proto 50 Oct 31 15:25:07.160304: | setup_half_ipsec_sa() calling raw_eroute backwards (i.e., inbound) Oct 31 15:25:07.160307: | priority calculation of connection "northnet-eastnet/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:07.160315: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:25:07.160319: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.160355: | raw_eroute result=success Oct 31 15:25:07.160361: | set up incoming SA, ref=0/0 Oct 31 15:25:07.160364: | sr for #3: unrouted Oct 31 15:25:07.160367: | route_and_eroute() for proto 0, and source port 0 dest port 0 Oct 31 15:25:07.160372: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:07.160375: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.160378: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:07.160381: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:07.160384: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:07.160389: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" erouted; eroute owner: "northnet-eastnet/0x1" erouted Oct 31 15:25:07.160392: | route_and_eroute with c: northnet-eastnet/0x2 (next: none) ero:northnet-eastnet/0x1 esr:{0x563af96c1f38} ro:northnet-eastnet/0x1 rosr:{0x563af96c1f38} and state: #3 Oct 31 15:25:07.160395: | we are replacing an eroute Oct 31 15:25:07.160398: | priority calculation of connection "northnet-eastnet/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:07.160407: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 using reqid 16393 (raw_eroute) proto=50 Oct 31 15:25:07.160410: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:07.160423: | raw_eroute result=success Oct 31 15:25:07.160426: | running updown command "ipsec _updown" for verb up Oct 31 15:25:07.160427: | command executing up-client Oct 31 15:25:07.160431: | get_sa_info esp.194060e2@192.1.2.23 Oct 31 15:25:07.160443: | get_sa_info esp.6f03cd30@192.1.3.33 Oct 31 15:25:07.160476: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO... Oct 31 15:25:07.160481: | popen cmd is 1131 chars long Oct 31 15:25:07.160484: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x: Oct 31 15:25:07.160486: | cmd( 80):2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO: Oct 31 15:25:07.160491: | cmd( 160):_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIEN: Oct 31 15:25:07.160495: | cmd( 240):T='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.2: Oct 31 15:25:07.160498: | cmd( 320):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Oct 31 15:25:07.160501: | cmd( 400):PE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.: Oct 31 15:25:07.160503: | cmd( 480):2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0': Oct 31 15:25:07.160506: | cmd( 560): PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm': Oct 31 15:25:07.160508: | cmd( 640): PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAP: Oct 31 15:25:07.160511: | cmd( 720):IP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_: Oct 31 15:25:07.160514: | cmd( 800):ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' : Oct 31 15:25:07.160516: | cmd( 880):PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CL: Oct 31 15:25:07.160518: | cmd( 960):IENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFACE=: Oct 31 15:25:07.160522: | cmd(1040):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x194060e2 SPI_OUT=0x6f03cd30 ipsec _: Oct 31 15:25:07.160524: | cmd(1120):updown 2>&1: Oct 31 15:25:07.172355: | route_and_eroute: firewall_notified: true Oct 31 15:25:07.172370: | route_and_eroute: instance "northnet-eastnet/0x2", setting eroute_owner {spd=0x563af96c4128,sr=0x563af96c4128} to #3 (was #0) (newest_ipsec_sa=#0) Oct 31 15:25:07.172454: | inR2: instance northnet-eastnet/0x2[0], setting IKEv2 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Oct 31 15:25:07.172462: | delref logger@0x563af96c5e98(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:07.172466: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.172469: | delref fd@0x563af96c3b98(2->1) (in free_logger() at log.c:854) Oct 31 15:25:07.172479: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:07.172485: | #3 complete_v2_state_transition() V2_NEW_CHILD_I1->ESTABLISHED_CHILD_SA with status STF_OK; .st_v2_transition=V2_NEW_CHILD_I0->V2_NEW_CHILD_I1 Oct 31 15:25:07.172488: | transitioning from state STATE_V2_NEW_CHILD_I1 to state STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:07.172490: | Message ID: updating counters for #3 Oct 31 15:25:07.172499: | Message ID: CHILD #1.#3 XXX: no EVENT_RETRANSMIT to clear; suspect IKE->CHILD switch: ike.initiator.sent=2 ike.initiator.recv=1 ike.initiator.last_contact=744581.580058 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.172507: | Message ID: CHILD #1.#3 updating initiator received message response 2: ike.initiator.sent=2 ike.initiator.recv=1->2 ike.initiator.last_contact=744581.580058->744581.60529 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=2->-1 child.wip.responder=-1 Oct 31 15:25:07.172514: | Message ID: CHILD #1.#3 skipping update_send as nothing to send: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:07.172521: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:07.172525: | child state #3: V2_NEW_CHILD_I1(established IKE SA) => ESTABLISHED_CHILD_SA(established CHILD SA) Oct 31 15:25:07.172528: | pstats #3 ikev2.child established Oct 31 15:25:07.172530: | announcing the state transition Oct 31 15:25:07.172537: "northnet-eastnet/0x2" #3: negotiated connection [192.0.3.0-192.0.3.255:0-65535 0] -> [192.0.2.0-192.0.2.255:0-65535 0] Oct 31 15:25:07.172550: | NAT-T: encaps is 'auto' Oct 31 15:25:07.172558: "northnet-eastnet/0x2" #3: IPsec SA established tunnel mode {ESP=>0x194060e2 <0x6f03cd30 xfrm=AES_GCM_16_256-NONE-MODP2048 NATOA=none NATD=none DPD=passive} Oct 31 15:25:07.172564: | releasing #3's fd-fd@0x563af96c3b98 because IKEv2 transitions finished Oct 31 15:25:07.172567: | delref fd@0x563af96c3b98(1->0) (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.172574: | freeref fd-fd@0x563af96c3b98 (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.172578: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3189) Oct 31 15:25:07.172580: | unpending #3's IKE SA #1 Oct 31 15:25:07.172583: | unpending state #1 connection "northnet-eastnet/0x2" Oct 31 15:25:07.172586: | releasing #1's fd-fd@(nil) because IKEv2 transitions finished so releaseing IKE SA Oct 31 15:25:07.172588: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.172590: | delref fd@NULL (in success_v2_state_transition() at ikev2.c:3222) Oct 31 15:25:07.172594: | #3 will start re-keying in 27838 seconds with margin of 962 seconds (attempting re-key) Oct 31 15:25:07.172600: | state #3 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:07.172606: | libevent_free: delref ptr-libevent@0x563af96ca888 Oct 31 15:25:07.172609: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x563af96cb3d8 Oct 31 15:25:07.172612: | event_schedule: newref EVENT_SA_REKEY-pe@0x563af96cb3d8 Oct 31 15:25:07.172615: | inserting event EVENT_SA_REKEY, timeout in 27838 seconds for #3 Oct 31 15:25:07.172618: | libevent_malloc: newref ptr-libevent@0x563af96d6da8 size 128 Oct 31 15:25:07.172623: | delref mdp@0x563af96d09d8(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.172626: | delref logger@0x563af96c3ce8(1->0) (in resume_handler() at server.c:743) Oct 31 15:25:07.172628: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:07.172631: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:07.172641: | #3 spent 1.08 (13.1) milliseconds in resume sending helper answer back to state Oct 31 15:25:07.172647: | stop processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:07.172650: | libevent_free: delref ptr-libevent@0x7fed9c001fb8 Oct 31 15:25:07.172662: | processing signal PLUTO_SIGCHLD Oct 31 15:25:07.172668: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:07.172673: | spent 0.00589 (0.00569) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:09.382481: | newref struct fd@0x563af96c3b98(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:09.382496: | fd_accept: new fd-fd@0x563af96c3b98 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:09.382519: | whack: traffic_status Oct 31 15:25:09.382522: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:25:09.382525: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:09.382536: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:09.382554: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:09.382578: | get_sa_info esp.6f03cd30@192.1.3.33 Oct 31 15:25:09.382587: | get_sa_info esp.194060e2@192.1.2.23 Oct 31 15:25:09.382599: | delref fd@0x563af96c3b98(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:09.382606: | freeref fd-fd@0x563af96c3b98 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:09.382615: | spent 0.137 (0.145) milliseconds in whack Oct 31 15:25:10.658266: | newref struct fd@0x563af96c3b98(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:10.658285: | fd_accept: new fd-fd@0x563af96c3b98 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:10.658310: | whack: traffic_status Oct 31 15:25:10.658314: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Oct 31 15:25:10.658317: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:10.658326: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:10.658355: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:10.658372: | get_sa_info esp.6f03cd30@192.1.3.33 Oct 31 15:25:10.658393: | get_sa_info esp.194060e2@192.1.2.23 Oct 31 15:25:10.658405: | delref fd@0x563af96c3b98(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:10.658413: | freeref fd-fd@0x563af96c3b98 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:10.658420: | spent 0.178 (0.177) milliseconds in whack Oct 31 15:25:10.930253: | newref struct fd@0x563af96c3b98(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:10.930265: | fd_accept: new fd-fd@0x563af96c3b98 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:10.930278: | whack: status Oct 31 15:25:10.930676: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:10.930683: | FOR_EACH_CONNECTION_... in show_connections_status Oct 31 15:25:10.930913: | FOR_EACH_STATE_... in show_states (sort_states) Oct 31 15:25:10.930918: | FOR_EACH_STATE_... in sort_states Oct 31 15:25:10.930929: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:10.930945: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:10.930968: | get_sa_info esp.6f03cd30@192.1.3.33 Oct 31 15:25:10.930977: | get_sa_info esp.194060e2@192.1.2.23 Oct 31 15:25:10.930999: | delref fd@0x563af96c3b98(1->0) (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:10.931007: | freeref fd-fd@0x563af96c3b98 (in whack_handle_cb() at rcv_whack.c:903) Oct 31 15:25:10.931014: | spent 0.462 (0.77) milliseconds in whack Oct 31 15:25:11.151814: | spent 0.00248 (0.00245) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:11.151832: | newref struct msg_digest@0x563af96d09d8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:11.151837: | newref alloc logger@0x563af96c91e8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:11.151844: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:11.151847: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.151850: | 2e 20 25 00 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:11.151852: | af bc 75 ba 34 d7 2d da 0b fa 3a b4 e6 f4 14 5b Oct 31 15:25:11.151854: | 87 c5 16 81 d3 53 6d de 3b 34 3b c9 70 e4 96 c9 Oct 31 15:25:11.151857: | f1 81 e6 4a e6 Oct 31 15:25:11.151861: | **parse ISAKMP Message: Oct 31 15:25:11.151866: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:11.151870: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.151873: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:11.151876: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:11.151878: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:11.151881: | flags: none (0x0) Oct 31 15:25:11.151885: | Message ID: 0 (00 00 00 00) Oct 31 15:25:11.151888: | length: 69 (00 00 00 45) Oct 31 15:25:11.151891: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:11.151895: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:11.151900: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:11.151910: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:11.151915: | #1 st.st_msgid_lastrecv -1 md.hdr.isa_msgid 00000000 Oct 31 15:25:11.151919: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:11.151921: | #1 is idle Oct 31 15:25:11.151928: | Message ID: IKE #1 not a duplicate - message request 0 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:11.151933: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:11.151937: | unpacking clear payload Oct 31 15:25:11.151939: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:11.151943: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:11.151945: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:11.151948: | flags: none (0x0) Oct 31 15:25:11.151951: | length: 41 (00 29) Oct 31 15:25:11.151954: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:25:11.151957: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:11.151974: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:11.151978: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:11.151981: | **parse IKEv2 Delete Payload: Oct 31 15:25:11.151984: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.151986: | flags: none (0x0) Oct 31 15:25:11.151990: | length: 12 (00 0c) Oct 31 15:25:11.151992: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:11.151995: | SPI size: 4 (04) Oct 31 15:25:11.151998: | number of SPIs: 1 (00 01) Oct 31 15:25:11.152001: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:25:11.152004: | selected state microcode Informational Request Oct 31 15:25:11.152011: | Message ID: IKE #1 responder starting message request 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=-1->0 Oct 31 15:25:11.152016: | calling processor Informational Request Oct 31 15:25:11.152021: | an informational request should send a response Oct 31 15:25:11.152025: | opening output PBS information exchange reply packet Oct 31 15:25:11.152028: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:11.152031: | **emit ISAKMP Message: Oct 31 15:25:11.152035: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:11.152039: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.152041: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:11.152044: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:11.152046: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:11.152049: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:11.152052: | Message ID: 0 (00 00 00 00) Oct 31 15:25:11.152055: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:11.152058: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:11.152061: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.152063: | flags: none (0x0) Oct 31 15:25:11.152066: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:11.152069: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:11.152072: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:11.152079: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:25:11.152082: | SPI Oct 31 15:25:11.152085: | 19 40 60 e2 Oct 31 15:25:11.152087: | delete IKEv2_SEC_PROTO_ESP SA(0x194060e2) Oct 31 15:25:11.152090: | v2 CHILD SA #3 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:11.152093: | State DB: found IKEv2 state #3 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:25:11.152095: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x194060e2) Oct 31 15:25:11.152099: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #3 now Oct 31 15:25:11.152102: | #3 requesting EVENT_SA_REKEY-pe@0x563af96cb3d8 be deleted Oct 31 15:25:11.152106: | libevent_free: delref ptr-libevent@0x563af96d6da8 Oct 31 15:25:11.152109: | free_event_entry: delref EVENT_SA_REKEY-pe@0x563af96cb3d8 Oct 31 15:25:11.152112: | event_schedule: newref EVENT_SA_REPLACE-pe@0x563af96c3ce8 Oct 31 15:25:11.152115: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 Oct 31 15:25:11.152118: | libevent_malloc: newref ptr-libevent@0x7fed9c001fb8 size 128 Oct 31 15:25:11.152121: | ****emit IKEv2 Delete Payload: Oct 31 15:25:11.152124: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.152127: | flags: none (0x0) Oct 31 15:25:11.152129: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:11.152132: | SPI size: 4 (04) Oct 31 15:25:11.152135: | number of SPIs: 1 (00 01) Oct 31 15:25:11.152139: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:11.152141: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:11.152145: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:25:11.152150: | local SPIs: 6f 03 cd 30 Oct 31 15:25:11.152154: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:11.152157: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:11.152160: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:11.152162: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:11.152164: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:25:11.152168: | emitting length of ISAKMP Message: 69 Oct 31 15:25:11.152181: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:11.152184: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.152187: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:11.152189: | 7c d8 36 d6 bb 0c 3c 17 c0 9b 9d 36 7f 4b 53 41 Oct 31 15:25:11.152191: | 8e 1a b2 fd db 8a 8b 55 42 47 1e f3 9d 87 cc 5c Oct 31 15:25:11.152194: | d8 d1 58 70 b7 Oct 31 15:25:11.152226: | sent 1 messages Oct 31 15:25:11.152238: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:11.152245: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=-1->0 ike.responder.recv=-1 ike.responder.last_contact=744581.485786 ike.wip.initiator=-1 ike.wip.responder=0 Oct 31 15:25:11.152253: | #1 spent 0.212 (0.23) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:25:11.152258: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:11.152264: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:25:11.152267: | Message ID: updating counters for #1 Oct 31 15:25:11.152274: | Message ID: IKE #1 updating responder received message request 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0 ike.responder.recv=-1->0 ike.responder.last_contact=744581.485786->744585.585066 ike.wip.initiator=-1 ike.wip.responder=0->-1 Oct 31 15:25:11.152280: | Message ID: IKE #1 updating responder sent message response 0: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744585.585066 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:11.152286: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744585.585066 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:11.152288: | announcing the state transition Oct 31 15:25:11.152292: "northnet-eastnet/0x2" #1: established IKE SA Oct 31 15:25:11.152299: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:11.152302: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.152304: | 2e 20 25 28 00 00 00 00 00 00 00 45 2a 00 00 29 Oct 31 15:25:11.152306: | 7c d8 36 d6 bb 0c 3c 17 c0 9b 9d 36 7f 4b 53 41 Oct 31 15:25:11.152308: | 8e 1a b2 fd db 8a 8b 55 42 47 1e f3 9d 87 cc 5c Oct 31 15:25:11.152310: | d8 d1 58 70 b7 Oct 31 15:25:11.152328: | sent 1 messages Oct 31 15:25:11.152332: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:25:11.152338: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:11.152344: | #1 spent 0.513 (0.537) milliseconds in ikev2_process_packet() Oct 31 15:25:11.152347: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:11.152350: | delref mdp@0x563af96d09d8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:11.152353: | delref logger@0x563af96c91e8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:11.152355: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.152359: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.152364: | spent 0.534 (0.558) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:11.152371: | timer_event_cb: processing event@0x563af96c3ce8 Oct 31 15:25:11.152375: | handling event EVENT_SA_REPLACE for child state #3 Oct 31 15:25:11.152378: | libevent_free: delref ptr-libevent@0x7fed9c001fb8 Oct 31 15:25:11.152380: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x563af96c3ce8 Oct 31 15:25:11.152385: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:11.152389: | picked newest_ipsec_sa #3 for #3 Oct 31 15:25:11.152392: | replacing stale CHILD SA Oct 31 15:25:11.152395: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:11.152400: | FOR_EACH_STATE_... in find_pending_phase2 Oct 31 15:25:11.152406: | newref alloc logger@0x563af96cb3d8(0->1) (in new_state() at state.c:576) Oct 31 15:25:11.152409: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:11.152412: | creating state object #4 at 0x563af96d09d8 Oct 31 15:25:11.152414: | State DB: adding IKEv2 state #4 in UNDEFINED Oct 31 15:25:11.152424: | pstats #4 ikev2.child started Oct 31 15:25:11.152427: | duplicating state object #1 "northnet-eastnet/0x2" as #4 for IPSEC SA Oct 31 15:25:11.152434: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1581) Oct 31 15:25:11.152443: | Message ID: CHILD #1.#4 initializing (CHILD SA): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744585.585066 child.wip.initiator=0->-1 child.wip.responder=0->-1 Oct 31 15:25:11.152447: | child state #4: UNDEFINED(ignore) => V2_REKEY_CHILD_I0(established IKE SA) Oct 31 15:25:11.152452: | #4.st_v2_transition NULL -> V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 (in new_v2_child_state() at state.c:1666) Oct 31 15:25:11.152463: | suspend processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:11.152468: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:5960) Oct 31 15:25:11.152480: | using existing local ESP/AH proposals for northnet-eastnet/0x2 (ESP/AH initiator emitting proposals): 1:ESP=AES_GCM_C_256-NONE-MODP2048-DISABLED 2:ESP=AES_GCM_C_128-NONE-MODP2048-DISABLED 3:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED 4:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048-DISABLED Oct 31 15:25:11.152486: | #4 schedule rekey initiate IPsec SA PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO to replace #3 using IKE# 1 pfs=MODP2048 Oct 31 15:25:11.152490: | event_schedule: newref EVENT_v2_INITIATE_CHILD-pe@0x563af96c5e98 Oct 31 15:25:11.152492: | inserting event EVENT_v2_INITIATE_CHILD, timeout in 0 seconds for #4 Oct 31 15:25:11.152495: | libevent_malloc: newref ptr-libevent@0x563af96ca888 size 128 Oct 31 15:25:11.152500: | RESET processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_initiate_child_sa() at ikev2_parent.c:6035) Oct 31 15:25:11.152503: | event_schedule: newref EVENT_SA_EXPIRE-pe@0x563af96c91e8 Oct 31 15:25:11.152506: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 Oct 31 15:25:11.152508: | libevent_malloc: newref ptr-libevent@0x7fedac006108 size 128 Oct 31 15:25:11.152513: | #3 spent 0.135 (0.14) milliseconds in timer_event_cb() EVENT_SA_REPLACE Oct 31 15:25:11.152515: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:11.152520: | timer_event_cb: processing event@0x563af96c5e98 Oct 31 15:25:11.152523: | handling event EVENT_v2_INITIATE_CHILD for child state #4 Oct 31 15:25:11.152525: | libevent_free: delref ptr-libevent@0x563af96ca888 Oct 31 15:25:11.152528: | free_event_entry: delref EVENT_v2_INITIATE_CHILD-pe@0x563af96c5e98 Oct 31 15:25:11.152531: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:11.152539: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:11.152541: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:11.152545: | newref clone logger@0x563af96c3ce8(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:11.152548: | job 5 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): adding job to queue Oct 31 15:25:11.152551: | state #4 has no .st_event to delete Oct 31 15:25:11.152554: | #4 STATE_V2_REKEY_CHILD_I0: retransmits: cleared Oct 31 15:25:11.152557: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c5e98 Oct 31 15:25:11.152560: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Oct 31 15:25:11.152563: | libevent_malloc: newref ptr-libevent@0x563af96ca888 size 128 Oct 31 15:25:11.152574: | #4 spent 0.052 (0.0522) milliseconds in timer_event_cb() EVENT_v2_INITIATE_CHILD Oct 31 15:25:11.152580: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:447) Oct 31 15:25:11.152585: | timer_event_cb: processing event@0x563af96c91e8 Oct 31 15:25:11.152588: | handling event EVENT_SA_EXPIRE for child state #3 Oct 31 15:25:11.152592: | libevent_free: delref ptr-libevent@0x7fedac006108 Oct 31 15:25:11.152598: | free_event_entry: delref EVENT_SA_EXPIRE-pe@0x563af96c91e8 Oct 31 15:25:11.152586: | job 5 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper 6 starting job Oct 31 15:25:11.152605: | start processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in timer_event_cb() at timer.c:188) Oct 31 15:25:11.152617: | picked newest_ipsec_sa #3 for #3 Oct 31 15:25:11.152619: | un-established partial CHILD SA timeout (SA expired) Oct 31 15:25:11.152621: | pstats #3 ikev2.child re-failed exchange-timeout Oct 31 15:25:11.152624: | should_send_delete: no, just because Oct 31 15:25:11.152626: | pstats #3 ikev2.child deleted completed Oct 31 15:25:11.152630: | #3 main thread spent 1.55 (13.7) milliseconds helper thread spent 3.1 (3.32) milliseconds in total Oct 31 15:25:11.152635: | [RE]START processing: state #3 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:11.152637: | should_send_delete: no, just because Oct 31 15:25:11.152641: "northnet-eastnet/0x2" #3: deleting state (STATE_V2_ESTABLISHED_CHILD_SA) aged 4.005294s and NOT sending notification Oct 31 15:25:11.152644: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:11.152649: | get_sa_info esp.194060e2@192.1.2.23 Oct 31 15:25:11.152663: | get_sa_info esp.6f03cd30@192.1.3.33 Oct 31 15:25:11.152672: "northnet-eastnet/0x2" #3: ESP traffic information: in=336B out=336B Oct 31 15:25:11.152680: | unsuspending #3 MD (nil) Oct 31 15:25:11.152683: | should_send_delete: no, just because Oct 31 15:25:11.152686: | child state #3: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:25:11.152689: | state #3 has no .st_event to delete Oct 31 15:25:11.152691: | #3 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:11.154303: | "northnet-eastnet/0x2" #4: spent 1.64 (1.72) milliseconds in helper 6 processing job 5 for state #4: Child Rekey Initiator KE and nonce ni (pcr) Oct 31 15:25:11.154314: | job 5 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): helper thread 6 sending result back to state Oct 31 15:25:11.154318: | scheduling resume sending helper answer back to state for #4 Oct 31 15:25:11.154322: | libevent_malloc: newref ptr-libevent@0x7feda0006108 size 128 Oct 31 15:25:11.154328: | helper thread 6 has nothing to do Oct 31 15:25:11.154335: | running updown command "ipsec _updown" for verb down Oct 31 15:25:11.154343: | command executing down-client Oct 31 15:25:11.154350: | get_sa_info esp.194060e2@192.1.2.23 Oct 31 15:25:11.154364: | get_sa_info esp.6f03cd30@192.1.3.33 Oct 31 15:25:11.154399: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' P... Oct 31 15:25:11.154407: | popen cmd is 1137 chars long Oct 31 15:25:11.154410: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Oct 31 15:25:11.154413: | cmd( 80):0x2' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLU: Oct 31 15:25:11.154415: | cmd( 160):TO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLI: Oct 31 15:25:11.154417: | cmd( 240):ENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:25:11.154420: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_: Oct 31 15:25:11.154422: | cmd( 400):TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.: Oct 31 15:25:11.154424: | cmd( 480):0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:25:11.154427: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:11.154429: | cmd( 640):m' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERL: Oct 31 15:25:11.154431: | cmd( 720):APIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CON: Oct 31 15:25:11.154433: | cmd( 800):N_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=': Oct 31 15:25:11.154435: | cmd( 880):' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_: Oct 31 15:25:11.154437: | cmd( 960):CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='336' PLUTO_OUTBYTES='336' VTI_: Oct 31 15:25:11.154440: | cmd(1040):IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x194060e2 SPI_OUT=0x6f03cd30 i: Oct 31 15:25:11.154442: | cmd(1120):psec _updown 2>&1: Oct 31 15:25:11.170097: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:11.170113: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:11.170117: | priority calculation of connection "northnet-eastnet/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:11.170121: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:11.170261: | delete esp.194060e2@192.1.2.23 Oct 31 15:25:11.170271: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:11.170428: | netlink response for Del SA esp.194060e2@192.1.2.23 included non-error error Oct 31 15:25:11.170436: | priority calculation of connection "northnet-eastnet/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:11.170446: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:11.170600: | raw_eroute result=success Oct 31 15:25:11.170608: | delete esp.6f03cd30@192.1.3.33 Oct 31 15:25:11.170612: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:11.170628: | netlink response for Del SA esp.6f03cd30@192.1.3.33 included non-error error Oct 31 15:25:11.170702: | in connection_discard for connection northnet-eastnet/0x2 Oct 31 15:25:11.170708: | State DB: deleting IKEv2 state #3 in CHILDSA_DEL Oct 31 15:25:11.170716: | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:11.170720: | releasing #3's fd-fd@(nil) because deleting state Oct 31 15:25:11.170723: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.170726: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.170730: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:11.170753: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:11.170764: | delref logger@0x563af96c86a8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:11.170768: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.170770: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.170776: | State DB: found IKEv2 state #4 in V2_REKEY_CHILD_I0 (v2_expire_unused_ike_sa) Oct 31 15:25:11.170779: | can't expire unused IKE SA #1; it has the child #4 Oct 31 15:25:11.170783: | in statetime_stop() and could not find #3 Oct 31 15:25:11.170785: | processing: STOP state #0 (in timer_event_cb() at timer.c:447) Oct 31 15:25:11.170807: | spent 0.00209 (0.00226) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:11.170821: | newref struct msg_digest@0x563af96d6e38(0->1) (in read_message() at demux.c:103) Oct 31 15:25:11.170825: | newref alloc logger@0x563af96c91e8(0->1) (in read_message() at demux.c:103) Oct 31 15:25:11.170833: | *received 69 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:11.170836: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.170838: | 2e 20 25 00 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:25:11.170841: | 35 3e 4c e5 45 7d 2f be 30 c3 f7 6c e0 95 1c 4b Oct 31 15:25:11.170843: | 8c 5a 83 a2 98 cb 64 e5 dc 81 41 a2 84 31 40 ed Oct 31 15:25:11.170846: | 14 a9 23 f1 af Oct 31 15:25:11.170851: | **parse ISAKMP Message: Oct 31 15:25:11.170856: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:11.170860: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.170864: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:11.170866: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:11.170869: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:11.170872: | flags: none (0x0) Oct 31 15:25:11.170876: | Message ID: 1 (00 00 00 01) Oct 31 15:25:11.170880: | length: 69 (00 00 00 45) Oct 31 15:25:11.170883: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:11.170887: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:11.170891: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:11.170899: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:11.170903: | #1 st.st_msgid_lastrecv 0 md.hdr.isa_msgid 00000001 Oct 31 15:25:11.170907: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:11.170910: | #1 is idle Oct 31 15:25:11.170917: | Message ID: IKE #1 not a duplicate - message request 1 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744585.585066 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:11.170923: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:11.170925: | unpacking clear payload Oct 31 15:25:11.170928: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:11.170932: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:11.170935: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:11.170938: | flags: none (0x0) Oct 31 15:25:11.170941: | length: 41 (00 29) Oct 31 15:25:11.170944: | processing payload: ISAKMP_NEXT_v2SK (len=37) Oct 31 15:25:11.170947: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:11.170963: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:11.170968: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:11.170972: | **parse IKEv2 Delete Payload: Oct 31 15:25:11.170975: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.170977: | flags: none (0x0) Oct 31 15:25:11.170981: | length: 12 (00 0c) Oct 31 15:25:11.170983: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:11.170986: | SPI size: 4 (04) Oct 31 15:25:11.170990: | number of SPIs: 1 (00 01) Oct 31 15:25:11.170992: | processing payload: ISAKMP_NEXT_v2D (len=4) Oct 31 15:25:11.170995: | selected state microcode Informational Request Oct 31 15:25:11.171003: | Message ID: IKE #1 responder starting message request 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744585.585066 ike.wip.initiator=-1 ike.wip.responder=-1->1 Oct 31 15:25:11.171006: | calling processor Informational Request Oct 31 15:25:11.171010: | an informational request should send a response Oct 31 15:25:11.171015: | opening output PBS information exchange reply packet Oct 31 15:25:11.171018: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:11.171021: | **emit ISAKMP Message: Oct 31 15:25:11.171026: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:11.171030: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.171033: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:11.171035: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:11.171038: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:11.171041: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:11.171045: | Message ID: 1 (00 00 00 01) Oct 31 15:25:11.171048: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:11.171052: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:11.171054: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.171057: | flags: none (0x0) Oct 31 15:25:11.171060: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:11.171062: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:11.171067: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:11.171078: | parsing 4 raw bytes of IKEv2 Delete Payload into SPI Oct 31 15:25:11.171081: | SPI Oct 31 15:25:11.171083: | 29 8f f4 25 Oct 31 15:25:11.171086: | delete IKEv2_SEC_PROTO_ESP SA(0x298ff425) Oct 31 15:25:11.171090: | v2 CHILD SA #2 found using their inbound (our outbound) SPI, in STATE_V2_ESTABLISHED_CHILD_SA Oct 31 15:25:11.171093: | State DB: found IKEv2 state #2 in ESTABLISHED_CHILD_SA (find_v2_child_sa_by_outbound_spi) Oct 31 15:25:11.171096: | our side SPI that needs to be deleted: IKEv2_SEC_PROTO_ESP SA(0x298ff425) Oct 31 15:25:11.171100: "northnet-eastnet/0x2" #1: received Delete SA payload: replace IPsec State #2 now Oct 31 15:25:11.171104: | #2 requesting EVENT_SA_REKEY-pe@0x563af96cc328 be deleted Oct 31 15:25:11.171108: | libevent_free: delref ptr-libevent@0x563af96c85f8 Oct 31 15:25:11.171111: | free_event_entry: delref EVENT_SA_REKEY-pe@0x563af96cc328 Oct 31 15:25:11.171115: | event_schedule: newref EVENT_SA_REPLACE-pe@0x563af96b3f38 Oct 31 15:25:11.171118: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 Oct 31 15:25:11.171121: | libevent_malloc: newref ptr-libevent@0x7feda80038b8 size 128 Oct 31 15:25:11.171125: | ****emit IKEv2 Delete Payload: Oct 31 15:25:11.171128: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.171130: | flags: none (0x0) Oct 31 15:25:11.171133: | protocol ID: IKEv2_SEC_PROTO_ESP (0x3) Oct 31 15:25:11.171136: | SPI size: 4 (04) Oct 31 15:25:11.171139: | number of SPIs: 1 (00 01) Oct 31 15:25:11.171143: | next payload chain: setting previous 'IKEv2 Encryption Payload'.'next payload type' to current IKEv2 Delete Payload (42:ISAKMP_NEXT_v2D) Oct 31 15:25:11.171147: | next payload chain: saving location 'IKEv2 Delete Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:11.171151: | emitting 4 raw bytes of local SPIs into IKEv2 Delete Payload Oct 31 15:25:11.171154: | local SPIs: 84 30 c8 47 Oct 31 15:25:11.171156: | emitting length of IKEv2 Delete Payload: 12 Oct 31 15:25:11.171159: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:11.171162: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:11.171165: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:11.171168: | emitting length of IKEv2 Encryption Payload: 41 Oct 31 15:25:11.171171: | emitting length of ISAKMP Message: 69 Oct 31 15:25:11.171185: | sending 69 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:11.171189: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.171191: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:25:11.171194: | 70 23 4e b6 c8 88 27 32 6b ec 7f 74 45 8e 95 40 Oct 31 15:25:11.171196: | 28 24 54 41 b1 4f 1c d7 21 d0 4a a8 40 f1 03 2c Oct 31 15:25:11.171202: | c3 26 99 bd 49 Oct 31 15:25:11.171241: | sent 1 messages Oct 31 15:25:11.171249: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0 ike.responder.recv=0 ike.responder.last_contact=744585.585066 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:11.171256: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=0->1 ike.responder.recv=0 ike.responder.last_contact=744585.585066 ike.wip.initiator=-1 ike.wip.responder=1 Oct 31 15:25:11.171264: | #1 spent 0.23 (0.252) milliseconds in processing: Informational Request in v2_dispatch() Oct 31 15:25:11.171270: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:11.171276: | #1 complete_v2_state_transition() ESTABLISHED_IKE_SA->ESTABLISHED_IKE_SA with status STF_OK; .st_v2_transition=PARENT_I0->PARENT_I1 Oct 31 15:25:11.171279: | Message ID: updating counters for #1 Oct 31 15:25:11.171287: | Message ID: IKE #1 updating responder received message request 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1 ike.responder.recv=0->1 ike.responder.last_contact=744585.585066->744585.604078 ike.wip.initiator=-1 ike.wip.responder=1->-1 Oct 31 15:25:11.171293: | Message ID: IKE #1 updating responder sent message response 1: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744585.604078 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:11.171300: | Message ID: IKE #1 no pending message initiators to schedule: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744585.604078 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:11.171303: | announcing the state transition Oct 31 15:25:11.171306: "northnet-eastnet/0x2" #1: established IKE SA Oct 31 15:25:11.171313: | sending 69 bytes for STATE_V2_ESTABLISHED_IKE_SA through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:11.171316: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.171319: | 2e 20 25 28 00 00 00 01 00 00 00 45 2a 00 00 29 Oct 31 15:25:11.171321: | 70 23 4e b6 c8 88 27 32 6b ec 7f 74 45 8e 95 40 Oct 31 15:25:11.171326: | 28 24 54 41 b1 4f 1c d7 21 d0 4a a8 40 f1 03 2c Oct 31 15:25:11.171328: | c3 26 99 bd 49 Oct 31 15:25:11.171343: | sent 1 messages Oct 31 15:25:11.171347: | #1 is retaining EVENT_SA_REKEY with is previously set timeout Oct 31 15:25:11.171353: | stop processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:11.171359: | #1 spent 0.53 (0.558) milliseconds in ikev2_process_packet() Oct 31 15:25:11.171362: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:11.171366: | delref mdp@0x563af96d6e38(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:11.171369: | delref logger@0x563af96c91e8(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:11.171372: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.171374: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.171380: | spent 0.552 (0.58) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:11.171389: | processing resume sending helper answer back to state for #4 Oct 31 15:25:11.171395: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:11.171404: | unsuspending #4 MD (nil) Oct 31 15:25:11.171408: | job 5 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): processing response from helper 6 Oct 31 15:25:11.171411: | job 5 for #4: Child Rekey Initiator KE and nonce ni (build KE and nonce): calling continuation function 0x563af7accfe7 Oct 31 15:25:11.171415: | ikev2_child_outI_continue() for #4 STATE_V2_REKEY_CHILD_I0 Oct 31 15:25:11.171419: | DH secret MODP2048@0x7feda0006ba8: transferring ownership from helper KE to state #4 Oct 31 15:25:11.171422: | adding CHILD SA #4 to IKE SA #1 message initiator queue Oct 31 15:25:11.171430: | Message ID: CHILD #1.#4 wakeing IKE SA for next initiator (unack 0): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744585.604078 child.wip.initiator=-1 child.wip.responder=-1 Oct 31 15:25:11.171433: | scheduling callback v2_msgid_schedule_next_initiator (#1) Oct 31 15:25:11.171436: | libevent_malloc: newref ptr-libevent@0x563af96c85f8 size 128 Oct 31 15:25:11.171442: | [RE]START processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:11.171446: | #4 complete_v2_state_transition() V2_REKEY_CHILD_I0->V2_REKEY_CHILD_I1 with status STF_SUSPEND Oct 31 15:25:11.171448: | no MD to suspend Oct 31 15:25:11.171453: | delref logger@0x563af96c3ce8(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:11.171455: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.171458: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.171461: | resume sending helper answer back to state for #4 suppresed complete_v2_state_transition() Oct 31 15:25:11.171464: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:11.171469: | #4 spent 0.0636 (0.0637) milliseconds in resume sending helper answer back to state Oct 31 15:25:11.171474: | stop processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:11.171478: | libevent_free: delref ptr-libevent@0x7feda0006108 Oct 31 15:25:11.171481: | processing signal PLUTO_SIGCHLD Oct 31 15:25:11.171487: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:11.171491: | spent 0.00505 (0.00505) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:11.171502: | spent 0.00159 (0.00185) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue() Oct 31 15:25:11.171509: | newref struct msg_digest@0x563af96d6e38(0->1) (in read_message() at demux.c:103) Oct 31 15:25:11.171513: | newref alloc logger@0x563af96cc328(0->1) (in read_message() at demux.c:103) Oct 31 15:25:11.171519: | *received 65 bytes from 192.1.2.23:500 on eth1 192.1.3.33:500 using UDP Oct 31 15:25:11.171523: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.171526: | 2e 20 25 00 00 00 00 02 00 00 00 41 2a 00 00 25 Oct 31 15:25:11.171528: | a1 ea d7 ba 5f 7b 1b a0 f2 e0 ad 4c de de c2 e8 Oct 31 15:25:11.171530: | 6d a7 39 17 1c 8f 0b 5d 87 bc 38 6c 05 00 52 d6 Oct 31 15:25:11.171533: | 24 Oct 31 15:25:11.171536: | **parse ISAKMP Message: Oct 31 15:25:11.171541: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:11.171546: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.171549: | next payload type: ISAKMP_NEXT_v2SK (0x2e) Oct 31 15:25:11.171551: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:11.171554: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:11.171557: | flags: none (0x0) Oct 31 15:25:11.171561: | Message ID: 2 (00 00 00 02) Oct 31 15:25:11.171565: | length: 65 (00 00 00 41) Oct 31 15:25:11.171568: | processing version=2.0 packet with exchange type=ISAKMP_v2_INFORMATIONAL (37) Oct 31 15:25:11.171571: | I am the IKE SA Original Initiator receiving an IKEv2 INFORMATIONAL request Oct 31 15:25:11.171575: | State DB: found IKEv2 state #1 in ESTABLISHED_IKE_SA (find_v2_ike_sa) Oct 31 15:25:11.171581: | start processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_process_packet() at ikev2.c:1902) Oct 31 15:25:11.171585: | #1 st.st_msgid_lastrecv 1 md.hdr.isa_msgid 00000002 Oct 31 15:25:11.171588: | State DB: IKEv2 state not found (find_v2_sa_by_responder_wip) Oct 31 15:25:11.171590: | #1 is idle Oct 31 15:25:11.171597: | Message ID: IKE #1 not a duplicate - message request 2 is new: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744585.604078 ike.wip.initiator=-1 ike.wip.responder=-1 Oct 31 15:25:11.171603: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ike_process_packet() at ikev2.c:1983) Oct 31 15:25:11.171605: | unpacking clear payload Oct 31 15:25:11.171608: | Now let's proceed with payload (ISAKMP_NEXT_v2SK) Oct 31 15:25:11.171611: | ***parse IKEv2 Encryption Payload: Oct 31 15:25:11.171613: | next payload type: ISAKMP_NEXT_v2D (0x2a) Oct 31 15:25:11.171616: | flags: none (0x0) Oct 31 15:25:11.171620: | length: 37 (00 25) Oct 31 15:25:11.171622: | processing payload: ISAKMP_NEXT_v2SK (len=33) Oct 31 15:25:11.171625: | #1 in state ESTABLISHED_IKE_SA: established IKE SA Oct 31 15:25:11.171636: | #1 ikev2 ISAKMP_v2_INFORMATIONAL decrypt success Oct 31 15:25:11.171640: | Now let's proceed with payload (ISAKMP_NEXT_v2D) Oct 31 15:25:11.171643: | **parse IKEv2 Delete Payload: Oct 31 15:25:11.171645: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.171648: | flags: none (0x0) Oct 31 15:25:11.171652: | length: 8 (00 08) Oct 31 15:25:11.171654: | protocol ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:11.171657: | SPI size: 0 (00) Oct 31 15:25:11.171660: | number of SPIs: 0 (00 00) Oct 31 15:25:11.171663: | processing payload: ISAKMP_NEXT_v2D (len=0) Oct 31 15:25:11.171666: | selected state microcode Informational Request Oct 31 15:25:11.171673: | Message ID: IKE #1 responder starting message request 2: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744585.604078 ike.wip.initiator=-1 ike.wip.responder=-1->2 Oct 31 15:25:11.171675: | calling processor Informational Request Oct 31 15:25:11.171679: | an informational request should send a response Oct 31 15:25:11.171684: | opening output PBS information exchange reply packet Oct 31 15:25:11.171686: | Received an INFORMATIONAL response, updating st_last_liveness, no pending_liveness Oct 31 15:25:11.171689: | **emit ISAKMP Message: Oct 31 15:25:11.171693: | initiator SPI: be 24 bd 7a a6 09 d5 ef Oct 31 15:25:11.171698: | responder SPI: 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.171700: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:11.171705: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:11.171707: | exchange type: ISAKMP_v2_INFORMATIONAL (0x25) Oct 31 15:25:11.171710: | flags: ISAKMP_FLAG_v2_IKE_INIT+ISAKMP_FLAG_v2_MSG_RESPONSE (0x28) Oct 31 15:25:11.171714: | Message ID: 2 (00 00 00 02) Oct 31 15:25:11.171717: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:11.171721: | ***emit IKEv2 Encryption Payload: Oct 31 15:25:11.171723: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.171726: | flags: none (0x0) Oct 31 15:25:11.171729: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Encryption Payload (46:ISAKMP_NEXT_v2SK) Oct 31 15:25:11.171731: | next payload chain: saving location 'IKEv2 Encryption Payload'.'next payload type' in 'information exchange reply packet' Oct 31 15:25:11.171735: | emitting 8 zero bytes of IV into IKEv2 Encryption Payload Oct 31 15:25:11.171740: | adding 1 bytes of padding (including 1 byte padding-length) Oct 31 15:25:11.171743: | emitting 1 0x00 repeated bytes of padding and length into IKEv2 Encryption Payload Oct 31 15:25:11.171746: | emitting 16 zero bytes of length of truncated HMAC/KEY into IKEv2 Encryption Payload Oct 31 15:25:11.171748: | emitting length of IKEv2 Encryption Payload: 29 Oct 31 15:25:11.171751: | emitting length of ISAKMP Message: 57 Oct 31 15:25:11.171763: | sending 57 bytes for reply packet for process_encrypted_informational_ikev2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #1) Oct 31 15:25:11.171766: | be 24 bd 7a a6 09 d5 ef 3a 8b c5 ff b6 fd 49 a9 Oct 31 15:25:11.171769: | 2e 20 25 28 00 00 00 02 00 00 00 39 00 00 00 1d Oct 31 15:25:11.171771: | b9 bf 42 67 a1 d2 5e 98 6b 7e 37 cc d7 f4 b3 4f Oct 31 15:25:11.171774: | bc c7 02 55 23 55 1e 24 8f Oct 31 15:25:11.171791: | sent 1 messages Oct 31 15:25:11.171799: | Message ID: IKE #1 XXX: in process_encrypted_informational_ikev2() hacking around record 'n' send bypassing send queue hacking around delete_ike_family(): ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1 ike.responder.recv=1 ike.responder.last_contact=744585.604078 ike.wip.initiator=-1 ike.wip.responder=2 Oct 31 15:25:11.171806: | Message ID: IKE #1 updating responder sent message response 2: ike.initiator.sent=2 ike.initiator.recv=2 ike.initiator.last_contact=744581.60529 ike.responder.sent=1->2 ike.responder.recv=1 ike.responder.last_contact=744585.604078 ike.wip.initiator=-1 ike.wip.responder=2 Oct 31 15:25:11.171810: | pstats #4 ikev2.child deleted other Oct 31 15:25:11.171815: | #4 main thread spent 0.116 (0.116) milliseconds helper thread spent 1.64 (1.72) milliseconds in total Oct 31 15:25:11.171820: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:11.171825: | start processing: state #4 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:11.171828: | should_send_delete: no, just because Oct 31 15:25:11.171833: "northnet-eastnet/0x2" #4: deleting other state #4 (STATE_V2_REKEY_CHILD_I0) aged 0.019426s and NOT sending notification Oct 31 15:25:11.171836: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => delete Oct 31 15:25:11.171840: | unsuspending #4 MD (nil) Oct 31 15:25:11.171842: | should_send_delete: no, just because Oct 31 15:25:11.171845: | child state #4: V2_REKEY_CHILD_I0(established IKE SA) => CHILDSA_DEL(informational) Oct 31 15:25:11.171849: | state #4 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:11.171852: | libevent_free: delref ptr-libevent@0x563af96ca888 Oct 31 15:25:11.171856: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c5e98 Oct 31 15:25:11.171859: | #4 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:11.171863: | priority calculation of connection "northnet-eastnet/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:11.171872: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:11.171889: | raw_eroute result=success Oct 31 15:25:11.171894: | in connection_discard for connection northnet-eastnet/0x2 Oct 31 15:25:11.171897: | State DB: deleting IKEv2 state #4 in CHILDSA_DEL Oct 31 15:25:11.171902: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:11.171905: | releasing #4's fd-fd@(nil) because deleting state Oct 31 15:25:11.171907: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.171910: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.171913: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:11.171926: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:11.171932: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:11.171937: | delref logger@0x563af96cb3d8(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:11.171940: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.171942: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.171945: | pstats #2 ikev2.child deleted completed Oct 31 15:25:11.171950: | #2 main thread spent 1.59 (47.5) milliseconds helper thread spent 0 (0) milliseconds in total Oct 31 15:25:11.171955: | suspend processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:11.171961: | start processing: state #2 connection "northnet-eastnet/0x1" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:11.171963: | should_send_delete: no, just because Oct 31 15:25:11.171968: "northnet-eastnet/0x1" #2: deleting other state #2 connection (STATE_V2_ESTABLISHED_CHILD_SA) "northnet-eastnet/0x1" aged 4.10999s and NOT sending notification Oct 31 15:25:11.171971: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => delete Oct 31 15:25:11.171976: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:11.171986: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:11.171995: "northnet-eastnet/0x1" #2: ESP traffic information: in=0B out=0B Oct 31 15:25:11.171998: | unsuspending #2 MD (nil) Oct 31 15:25:11.172001: | should_send_delete: no, just because Oct 31 15:25:11.172003: | child state #2: ESTABLISHED_CHILD_SA(established CHILD SA) => CHILDSA_DEL(informational) Oct 31 15:25:11.172006: | state #2 deleting .st_event EVENT_SA_REPLACE Oct 31 15:25:11.172010: | libevent_free: delref ptr-libevent@0x7feda80038b8 Oct 31 15:25:11.172013: | free_event_entry: delref EVENT_SA_REPLACE-pe@0x563af96b3f38 Oct 31 15:25:11.172016: | #2 STATE_CHILDSA_DEL: retransmits: cleared Oct 31 15:25:11.172084: | running updown command "ipsec _updown" for verb down Oct 31 15:25:11.172092: | command executing down-client Oct 31 15:25:11.172099: | get_sa_info esp.298ff425@192.1.2.23 Oct 31 15:25:11.172111: | get_sa_info esp.8430c847@192.1.3.33 Oct 31 15:25:11.172144: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' P... Oct 31 15:25:11.172149: | popen cmd is 1133 chars long Oct 31 15:25:11.172155: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/: Oct 31 15:25:11.172158: | cmd( 80):0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLU: Oct 31 15:25:11.172161: | cmd( 160):TO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLI: Oct 31 15:25:11.172163: | cmd( 240):ENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255: Oct 31 15:25:11.172165: | cmd( 320):.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_: Oct 31 15:25:11.172168: | cmd( 400):TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.: Oct 31 15:25:11.172170: | cmd( 480):0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.: Oct 31 15:25:11.172172: | cmd( 560):0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfr: Oct 31 15:25:11.172175: | cmd( 640):m' PLUTO_ADDTIME='1604157907' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERL: Oct 31 15:25:11.172177: | cmd( 720):APIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CON: Oct 31 15:25:11.172179: | cmd( 800):N_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO=': Oct 31 15:25:11.172181: | cmd( 880):' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_: Oct 31 15:25:11.172183: | cmd( 960):CLIENT='0' PLUTO_NM_CONFIGURED='0' PLUTO_INBYTES='0' PLUTO_OUTBYTES='0' VTI_IFAC: Oct 31 15:25:11.172186: | cmd(1040):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x298ff425 SPI_OUT=0x8430c847 ipsec: Oct 31 15:25:11.172188: | cmd(1120): _updown 2>&1: Oct 31 15:25:11.194908: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:11.194924: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:11.194929: | priority calculation of connection "northnet-eastnet/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:11.194935: | IPsec SA SPD priority set to 2084814 Oct 31 15:25:11.194980: | delete esp.298ff425@192.1.2.23 Oct 31 15:25:11.194985: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:11.195018: | netlink response for Del SA esp.298ff425@192.1.2.23 included non-error error Oct 31 15:25:11.195023: | priority calculation of connection "northnet-eastnet/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:11.195031: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk.10000@192.1.3.33 using reqid 0 (raw_eroute) proto=50 Oct 31 15:25:11.195043: | raw_eroute result=success Oct 31 15:25:11.195048: | delete esp.8430c847@192.1.3.33 Oct 31 15:25:11.195121: | XFRM: deleting IPsec SA with reqid 0 Oct 31 15:25:11.195146: | netlink response for Del SA esp.8430c847@192.1.3.33 included non-error error Oct 31 15:25:11.195153: | in connection_discard for connection northnet-eastnet/0x1 Oct 31 15:25:11.195157: | State DB: deleting IKEv2 state #2 in CHILDSA_DEL Oct 31 15:25:11.195164: | child state #2: CHILDSA_DEL(informational) => UNDEFINED(ignore) Oct 31 15:25:11.195167: | releasing #2's fd-fd@(nil) because deleting state Oct 31 15:25:11.195171: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.195173: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.195176: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:11.195185: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:11.195191: | resume processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:11.195218: | delref logger@0x563af96c5f48(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:11.195226: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.195228: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.195233: | State DB: IKEv2 state not found (delete_ike_family) Oct 31 15:25:11.195239: | pstats #1 ikev2.ike deleted completed Oct 31 15:25:11.195247: | #1 main thread spent 7.62 (54.1) milliseconds helper thread spent 1.93 (1.96) milliseconds in total Oct 31 15:25:11.195253: | [RE]START processing: state #1 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:11.195256: | should_send_delete: no, just because Oct 31 15:25:11.195262: "northnet-eastnet/0x2" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 4.142301s and NOT sending notification Oct 31 15:25:11.195265: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => delete Oct 31 15:25:11.195311: | unsuspending #1 MD (nil) Oct 31 15:25:11.195316: | should_send_delete: no, just because Oct 31 15:25:11.195383: | state #1 deleting .st_event EVENT_SA_REKEY Oct 31 15:25:11.195392: | libevent_free: delref ptr-libevent@0x7feda400b578 Oct 31 15:25:11.195396: | free_event_entry: delref EVENT_SA_REKEY-pe@0x563af96cacc8 Oct 31 15:25:11.195400: | #1 STATE_V2_ESTABLISHED_IKE_SA: retransmits: cleared Oct 31 15:25:11.195404: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:11.195406: | picked newest_isakmp_sa #0 for #1 Oct 31 15:25:11.195411: "northnet-eastnet/0x2" #1: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:11.195415: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 0 seconds Oct 31 15:25:11.195419: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Oct 31 15:25:11.195424: | in connection_discard for connection northnet-eastnet/0x2 Oct 31 15:25:11.195427: | State DB: deleting IKEv2 state #1 in ESTABLISHED_IKE_SA Oct 31 15:25:11.195431: | parent state #1: ESTABLISHED_IKE_SA(established IKE SA) => UNDEFINED(ignore) Oct 31 15:25:11.195434: | releasing #1's fd-fd@(nil) because deleting state Oct 31 15:25:11.195437: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.195440: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.195442: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:11.195463: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:11.195482: | delref logger@0x563af96c1a48(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:11.195486: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.195488: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.195493: | in statetime_stop() and could not find #1 Oct 31 15:25:11.195496: | XXX: processor 'Informational Request' for #1 deleted state MD.ST Oct 31 15:25:11.195500: | processing: STOP state #0 (in ikev2_process_packet() at ikev2.c:1904) Oct 31 15:25:11.195502: | in statetime_stop() and could not find #1 Oct 31 15:25:11.195505: | processing: STOP state #0 (in process_md() at demux.c:287) Oct 31 15:25:11.195509: | delref mdp@0x563af96d6e38(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:11.195512: | delref logger@0x563af96cc328(1->0) (in handle_packet_cb() at demux.c:318) Oct 31 15:25:11.195514: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.195517: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.195524: | spent 1.23 (24) milliseconds in handle_packet_cb() reading and processing packet Oct 31 15:25:11.195529: | libevent_free: delref ptr-libevent@0x563af96c85f8 Oct 31 15:25:11.195533: | processing callback v2_msgid_schedule_next_initiator for #1 Oct 31 15:25:11.195536: | IKE SA with pending initiates disappeared Oct 31 15:25:11.195541: | spent 0.00352 (0.00347) milliseconds in callback v2_msgid_schedule_next_initiator Oct 31 15:25:11.195555: | processing global timer EVENT_REVIVE_CONNS Oct 31 15:25:11.195558: | FOR_EACH_CONNECTION_... in conn_by_name Oct 31 15:25:11.195562: "northnet-eastnet/0x2": initiating connection which received a Delete/Notify but must remain up per local policy Oct 31 15:25:11.195567: | connection 'northnet-eastnet/0x2' +POLICY_UP Oct 31 15:25:11.195570: | FOR_EACH_STATE_... in find_phase1_state Oct 31 15:25:11.195582: | newref alloc logger@0x563af96c5e98(0->1) (in new_state() at state.c:576) Oct 31 15:25:11.195588: | addref fd@NULL (in new_state() at state.c:577) Oct 31 15:25:11.195591: | creating state object #5 at 0x563af96c5fe8 Oct 31 15:25:11.195594: | State DB: adding IKEv2 state #5 in UNDEFINED Oct 31 15:25:11.195601: | pstats #5 ikev2.ike started Oct 31 15:25:11.195605: | parent state #5: UNDEFINED(ignore) => PARENT_I0(ignore) Oct 31 15:25:11.195610: | #5.st_v2_transition NULL -> PARENT_I0->PARENT_I1 (in new_v2_ike_state() at state.c:620) Oct 31 15:25:11.195620: | Message ID: IKE #5 initializing (IKE SA): ike.initiator.sent=0->-1 ike.initiator.recv=0->-1 ike.initiator.last_contact=0->744585.62841 ike.responder.sent=0->-1 ike.responder.recv=0->-1 ike.responder.last_contact=0->744585.62841 ike.wip.initiator=0->-1 ike.wip.responder=0->-1 Oct 31 15:25:11.195625: | orienting northnet-eastnet/0x2 Oct 31 15:25:11.195631: | northnet-eastnet/0x2 doesn't match 127.0.0.1:4500 at all Oct 31 15:25:11.195635: | northnet-eastnet/0x2 doesn't match 127.0.0.1:500 at all Oct 31 15:25:11.195639: | northnet-eastnet/0x2 doesn't match 192.0.3.254:4500 at all Oct 31 15:25:11.195644: | northnet-eastnet/0x2 doesn't match 192.0.3.254:500 at all Oct 31 15:25:11.195648: | northnet-eastnet/0x2 doesn't match 192.1.3.33:4500 at all Oct 31 15:25:11.195650: | oriented northnet-eastnet/0x2's this Oct 31 15:25:11.195658: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:544) Oct 31 15:25:11.195661: | addref fd@NULL (in add_pending() at pending.c:86) Oct 31 15:25:11.195666: | queuing pending IPsec SA negotiating with 192.1.2.23 IKE SA #5 "northnet-eastnet/0x2" Oct 31 15:25:11.195669: "northnet-eastnet/0x2" #5: initiating IKEv2 connection Oct 31 15:25:11.195687: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator selecting KE): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:11.195694: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:11.195696: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:11.195700: | newref clone logger@0x563af960f068(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:11.195703: | job 6 for #5: ikev2_outI1 KE (build KE and nonce): adding job to queue Oct 31 15:25:11.195705: | state #5 has no .st_event to delete Oct 31 15:25:11.195707: | #5 STATE_PARENT_I0: retransmits: cleared Oct 31 15:25:11.195710: | event_schedule: newref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c91e8 Oct 31 15:25:11.195713: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Oct 31 15:25:11.195717: | libevent_malloc: newref ptr-libevent@0x7feda0006108 size 128 Oct 31 15:25:11.195728: | #5 spent 0.16 (0.16) milliseconds in ikev2_parent_outI1() Oct 31 15:25:11.195733: | RESET processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in ikev2_parent_outI1() at ikev2_parent.c:640) Oct 31 15:25:11.195738: | spent 0.179 (0.179) milliseconds in global timer EVENT_REVIVE_CONNS Oct 31 15:25:11.195739: | job 6 for #5: ikev2_outI1 KE (build KE and nonce): helper 5 starting job Oct 31 15:25:11.195742: | processing signal PLUTO_SIGCHLD Oct 31 15:25:11.195757: | waitpid returned ECHILD (no child processes left) Oct 31 15:25:11.195762: | spent 0.00533 (0.00532) milliseconds in signal handler PLUTO_SIGCHLD Oct 31 15:25:11.197687: | "northnet-eastnet/0x2" #5: spent 1.81 (1.95) milliseconds in helper 5 processing job 6 for state #5: ikev2_outI1 KE (pcr) Oct 31 15:25:11.197704: | job 6 for #5: ikev2_outI1 KE (build KE and nonce): helper thread 5 sending result back to state Oct 31 15:25:11.197714: | scheduling resume sending helper answer back to state for #5 Oct 31 15:25:11.197718: | libevent_malloc: newref ptr-libevent@0x7fed94006108 size 128 Oct 31 15:25:11.197730: | helper thread 5 has nothing to do Oct 31 15:25:11.197740: | processing resume sending helper answer back to state for #5 Oct 31 15:25:11.197753: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:641) Oct 31 15:25:11.197757: | unsuspending #5 MD (nil) Oct 31 15:25:11.197759: | job 6 for #5: ikev2_outI1 KE (build KE and nonce): processing response from helper 5 Oct 31 15:25:11.197761: | job 6 for #5: ikev2_outI1 KE (build KE and nonce): calling continuation function 0x563af7accfe7 Oct 31 15:25:11.197763: | ikev2_parent_outI1_continue() for #5 STATE_PARENT_I0 Oct 31 15:25:11.197766: | DH secret MODP2048@0x7fed94006ba8: transferring ownership from helper KE to state #5 Oct 31 15:25:11.197770: | opening output PBS reply packet Oct 31 15:25:11.197772: | **emit ISAKMP Message: Oct 31 15:25:11.197775: | initiator SPI: cf a3 af 58 f8 08 07 8b Oct 31 15:25:11.197778: | responder SPI: 00 00 00 00 00 00 00 00 Oct 31 15:25:11.197780: | next payload type: ISAKMP_NEXT_NONE (0x0) Oct 31 15:25:11.197781: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20) Oct 31 15:25:11.197783: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22) Oct 31 15:25:11.197785: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8) Oct 31 15:25:11.197788: | Message ID: 0 (00 00 00 00) Oct 31 15:25:11.197790: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Oct 31 15:25:11.197802: | using existing local IKE proposals for connection northnet-eastnet/0x2 (IKE SA initiator emitting local proposals): 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 3:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 4:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Oct 31 15:25:11.197804: | Emitting ikev2_proposals ... Oct 31 15:25:11.197806: | ***emit IKEv2 Security Association Payload: Oct 31 15:25:11.197808: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.197810: | flags: none (0x0) Oct 31 15:25:11.197812: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA) Oct 31 15:25:11.197814: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'reply packet' Oct 31 15:25:11.197817: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:11.197819: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:11.197821: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:11.197824: | prop #: 1 (01) Oct 31 15:25:11.197827: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:11.197829: | spi size: 0 (00) Oct 31 15:25:11.197832: | # transforms: 11 (0b) Oct 31 15:25:11.197834: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:11.197837: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197840: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197842: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:11.197844: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:11.197846: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197849: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:11.197852: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:11.197858: | length/value: 256 (01 00) Oct 31 15:25:11.197862: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:11.197864: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197867: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197868: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.197870: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:11.197871: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197873: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197875: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197876: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197878: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197879: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.197880: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:11.197882: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197883: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197885: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197887: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:11.197888: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197890: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197891: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197893: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:11.197894: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197896: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197897: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197899: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197900: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197901: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197903: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:11.197904: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197906: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197907: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197909: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197910: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197911: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197913: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:11.197919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197924: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197928: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197931: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197936: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197938: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197941: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:11.197944: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197946: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197949: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197952: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197954: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197957: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197959: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:11.197962: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197965: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197968: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197971: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197973: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197976: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197977: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:11.197979: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197980: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197982: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197984: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197985: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197986: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197988: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:11.197989: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.197991: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.197992: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.197994: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.197995: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:11.197997: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.197998: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:11.198000: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198001: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198003: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198004: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:11.198006: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:11.198008: | discard INTEG=NONE when counting transforms (multiple 0; allow single 0) Oct 31 15:25:11.198010: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:11.198013: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:11.198015: | prop #: 2 (02) Oct 31 15:25:11.198017: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:11.198018: | spi size: 0 (00) Oct 31 15:25:11.198020: | # transforms: 11 (0b) Oct 31 15:25:11.198022: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:11.198023: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:11.198025: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198027: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198028: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:11.198029: | IKEv2 transform ID: AES_GCM_C (0x14) Oct 31 15:25:11.198031: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198032: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:11.198034: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:11.198036: | length/value: 128 (00 80) Oct 31 15:25:11.198038: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:11.198039: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198040: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198042: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.198043: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:11.198045: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198046: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198048: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198049: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198051: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198052: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.198053: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:11.198055: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198056: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198058: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198059: | discard INTEG=NONE when emitting proposal (multiple 0; allow single 0) Oct 31 15:25:11.198061: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198062: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198064: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198065: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:11.198067: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198068: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198069: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198071: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198072: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198074: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198075: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:11.198077: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198079: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198080: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198082: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198083: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198084: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198086: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:11.198087: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198089: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198090: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198092: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198093: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198094: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198096: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:11.198097: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198099: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198100: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198102: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198104: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198109: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198112: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:11.198114: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198117: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198120: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198123: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198125: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198127: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198130: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:11.198132: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198135: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198137: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198139: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198142: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198144: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198147: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:11.198150: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198152: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198155: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198158: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198161: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:11.198163: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198165: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:11.198168: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198170: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198173: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198175: | emitting length of IKEv2 Proposal Substructure Payload: 100 Oct 31 15:25:11.198178: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:11.198183: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:11.198185: | last proposal: v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:11.198189: | prop #: 3 (03) Oct 31 15:25:11.198191: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:11.198194: | spi size: 0 (00) Oct 31 15:25:11.198197: | # transforms: 13 (0d) Oct 31 15:25:11.198220: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:11.198224: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:11.198227: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198230: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198232: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:11.198235: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:11.198237: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198240: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:11.198243: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:11.198246: | length/value: 256 (01 00) Oct 31 15:25:11.198249: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:11.198252: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198255: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198257: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.198260: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:11.198263: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198266: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198269: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198271: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198274: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198276: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.198278: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:11.198281: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198283: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198286: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198289: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198291: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198296: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:11.198298: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:11.198301: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198584: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198591: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198595: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198597: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198600: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:11.198603: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:11.198606: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198609: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198611: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198614: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198616: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198618: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198619: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:11.198628: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198631: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198634: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198637: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198639: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198642: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198644: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:11.198647: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198649: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198652: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198654: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198657: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198659: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198662: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:11.198665: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198667: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198670: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198673: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198676: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198678: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198684: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:11.198687: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198692: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198695: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198697: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198699: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198701: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198703: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:11.198706: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198708: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198711: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198713: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198715: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198718: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198720: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:11.198723: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198725: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198728: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198731: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198733: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198739: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198742: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:11.198745: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198748: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198751: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198754: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198756: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:11.198759: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198762: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:11.198764: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198767: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198770: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198773: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:11.198775: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:11.198780: | ****emit IKEv2 Proposal Substructure Payload: Oct 31 15:25:11.198783: | last proposal: v2_PROPOSAL_LAST (0x0) Oct 31 15:25:11.198787: | prop #: 4 (04) Oct 31 15:25:11.198789: | proto ID: IKEv2_SEC_PROTO_IKE (0x1) Oct 31 15:25:11.198793: | spi size: 0 (00) Oct 31 15:25:11.198796: | # transforms: 13 (0d) Oct 31 15:25:11.198799: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' containing v2_PROPOSAL_NON_LAST (0x2) is v2_PROPOSAL_NON_LAST (0x2) Oct 31 15:25:11.198803: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' Oct 31 15:25:11.198806: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198809: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198811: | IKEv2 transform type: TRANS_TYPE_ENCR (0x1) Oct 31 15:25:11.198813: | IKEv2 transform ID: AES_CBC (0xc) Oct 31 15:25:11.198816: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198819: | ******emit IKEv2 Attribute Substructure Payload: Oct 31 15:25:11.198822: | af+type: AF+IKEv2_KEY_LENGTH (0x800e) Oct 31 15:25:11.198825: | length/value: 128 (00 80) Oct 31 15:25:11.198828: | emitting length of IKEv2 Transform Substructure Payload: 12 Oct 31 15:25:11.198831: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198834: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198836: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.198839: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7) Oct 31 15:25:11.198841: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198844: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198847: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198849: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198852: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198854: | IKEv2 transform type: TRANS_TYPE_PRF (0x2) Oct 31 15:25:11.198857: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5) Oct 31 15:25:11.198860: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198862: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198865: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198868: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198870: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198873: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:11.198875: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe) Oct 31 15:25:11.198878: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198880: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198883: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198886: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198889: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198891: | IKEv2 transform type: TRANS_TYPE_INTEG (0x3) Oct 31 15:25:11.198894: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc) Oct 31 15:25:11.198896: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198898: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198900: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198901: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198903: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198904: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198907: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:11.198909: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198910: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198912: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198913: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198915: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198916: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198918: | IKEv2 transform ID: OAKLEY_GROUP_MODP3072 (0xf) Oct 31 15:25:11.198919: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198921: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198922: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198924: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198925: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198926: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198928: | IKEv2 transform ID: OAKLEY_GROUP_MODP4096 (0x10) Oct 31 15:25:11.198929: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198931: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198932: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198934: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198935: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198937: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198938: | IKEv2 transform ID: OAKLEY_GROUP_MODP8192 (0x12) Oct 31 15:25:11.198939: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198941: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198942: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198944: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198945: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198947: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198948: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13) Oct 31 15:25:11.198950: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198952: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198956: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198960: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198963: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198966: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198968: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14) Oct 31 15:25:11.198971: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198975: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198979: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.198981: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.198984: | last transform: v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198986: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.198988: | IKEv2 transform ID: OAKLEY_GROUP_ECP_521 (0x15) Oct 31 15:25:11.198991: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.198994: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.198997: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.199000: | *****emit IKEv2 Transform Substructure Payload: Oct 31 15:25:11.199002: | last transform: v2_TRANSFORM_LAST (0x0) Oct 31 15:25:11.199005: | IKEv2 transform type: TRANS_TYPE_DH (0x4) Oct 31 15:25:11.199008: | IKEv2 transform ID: OAKLEY_GROUP_CURVE25519 (0x1f) Oct 31 15:25:11.199014: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3) Oct 31 15:25:11.199017: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' Oct 31 15:25:11.199020: | emitting length of IKEv2 Transform Substructure Payload: 8 Oct 31 15:25:11.199023: | emitting length of IKEv2 Proposal Substructure Payload: 116 Oct 31 15:25:11.199025: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0 Oct 31 15:25:11.199028: | emitting length of IKEv2 Security Association Payload: 436 Oct 31 15:25:11.199031: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0 Oct 31 15:25:11.199034: | ***emit IKEv2 Key Exchange Payload: Oct 31 15:25:11.199037: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.199039: | flags: none (0x0) Oct 31 15:25:11.199042: | DH group: OAKLEY_GROUP_MODP2048 (0xe) Oct 31 15:25:11.199045: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE) Oct 31 15:25:11.199048: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'reply packet' Oct 31 15:25:11.199052: | emitting 256 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload Oct 31 15:25:11.199055: | ikev2 g^x: Oct 31 15:25:11.199058: | 45 60 38 c8 dd c9 d7 43 a3 a1 47 f6 5c 73 01 21 Oct 31 15:25:11.199060: | 31 4e 79 b0 39 32 33 5e 02 d2 e5 5f 2c 5d 14 26 Oct 31 15:25:11.199061: | 1c 81 93 09 a3 81 13 ab d0 04 3a 42 4c 54 e5 c8 Oct 31 15:25:11.199063: | 9f 53 95 14 d2 6e 41 db c9 e1 97 1c 74 69 d7 65 Oct 31 15:25:11.199064: | cd 90 fd 20 af 82 f8 9c f5 f2 30 85 60 8e 4d d4 Oct 31 15:25:11.199066: | 56 bb 5e c7 92 b5 1c f2 69 7d dd 52 26 8c 9d 5b Oct 31 15:25:11.199067: | e7 86 61 8e f5 d1 d0 bd 54 fe e6 98 a5 dd b9 50 Oct 31 15:25:11.199068: | 51 e2 5d 6e 3e e7 c8 c9 52 4a 2a ca 3c 6b 78 67 Oct 31 15:25:11.199070: | 9a 78 a2 eb 5d ac 96 b7 a1 ae 17 24 7a be 38 15 Oct 31 15:25:11.199071: | 66 1a a1 69 eb 22 17 8e ec 67 ae 26 10 2f 75 14 Oct 31 15:25:11.199072: | 29 6d f1 c7 25 d3 b6 d4 35 8c e5 13 84 25 fc 95 Oct 31 15:25:11.199073: | cb c7 a0 8e 53 3a 8a 54 08 79 68 d9 e3 76 3e 57 Oct 31 15:25:11.199075: | cb b3 ac 1c ac b9 9f 73 bc 37 f5 42 54 a3 e9 e8 Oct 31 15:25:11.199076: | 00 f3 36 eb 3a a2 47 60 ee 29 80 e8 ea 4e ef f8 Oct 31 15:25:11.199077: | c5 53 c9 4d b5 52 79 ba 3b be 20 1d 4a 46 3c c7 Oct 31 15:25:11.199080: | 33 e2 b2 a2 62 cb de dd 4c dc 4d 1e 84 cf 45 21 Oct 31 15:25:11.199082: | emitting length of IKEv2 Key Exchange Payload: 264 Oct 31 15:25:11.199084: | ***emit IKEv2 Nonce Payload: Oct 31 15:25:11.199085: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.199087: | flags: none (0x0) Oct 31 15:25:11.199089: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni) Oct 31 15:25:11.199090: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'reply packet' Oct 31 15:25:11.199092: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload Oct 31 15:25:11.199093: | IKEv2 nonce: Oct 31 15:25:11.199095: | 10 2f 22 58 96 e8 57 aa 37 c4 9d 14 81 4d 8a 96 Oct 31 15:25:11.199096: | ed 66 48 ba 3a 2d ae e0 98 9b 13 aa f7 f3 96 a8 Oct 31 15:25:11.199098: | emitting length of IKEv2 Nonce Payload: 36 Oct 31 15:25:11.199099: | adding a v2N Payload Oct 31 15:25:11.199101: | ***emit IKEv2 Notify Payload: Oct 31 15:25:11.199102: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.199104: | flags: none (0x0) Oct 31 15:25:11.199105: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:11.199107: | SPI size: 0 (00) Oct 31 15:25:11.199109: | Notify Message Type: v2N_IKEV2_FRAGMENTATION_SUPPORTED (0x402e) Oct 31 15:25:11.199111: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:11.199113: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:11.199114: | emitting length of IKEv2 Notify Payload: 8 Oct 31 15:25:11.199117: | NAT-Traversal support [enabled] add v2N payloads. Oct 31 15:25:11.199118: | nat: IKE.SPIr is zero Oct 31 15:25:11.199135: | natd_hash: hasher=0x563af7bbef80(20) Oct 31 15:25:11.199136: | natd_hash: icookie= Oct 31 15:25:11.199138: | cf a3 af 58 f8 08 07 8b Oct 31 15:25:11.199139: | natd_hash: rcookie= Oct 31 15:25:11.199140: | 00 00 00 00 00 00 00 00 Oct 31 15:25:11.199142: | natd_hash: ip= Oct 31 15:25:11.199143: | c0 01 03 21 Oct 31 15:25:11.199144: | natd_hash: port= Oct 31 15:25:11.199146: | 01 f4 Oct 31 15:25:11.199147: | natd_hash: hash= Oct 31 15:25:11.199148: | 3b f3 74 c6 6d eb 11 31 4b 1a 2b 29 b9 31 81 bd Oct 31 15:25:11.199150: | 32 d6 cb f0 Oct 31 15:25:11.199151: | adding a v2N Payload Oct 31 15:25:11.199153: | ***emit IKEv2 Notify Payload: Oct 31 15:25:11.199154: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.199155: | flags: none (0x0) Oct 31 15:25:11.199157: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:11.199159: | SPI size: 0 (00) Oct 31 15:25:11.199160: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004) Oct 31 15:25:11.199162: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:11.199163: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:11.199165: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:11.199167: | Notify data: Oct 31 15:25:11.199170: | 3b f3 74 c6 6d eb 11 31 4b 1a 2b 29 b9 31 81 bd Oct 31 15:25:11.199174: | 32 d6 cb f0 Oct 31 15:25:11.199177: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:11.199179: | nat: IKE.SPIr is zero Oct 31 15:25:11.199187: | natd_hash: hasher=0x563af7bbef80(20) Oct 31 15:25:11.199189: | natd_hash: icookie= Oct 31 15:25:11.199192: | cf a3 af 58 f8 08 07 8b Oct 31 15:25:11.199193: | natd_hash: rcookie= Oct 31 15:25:11.199195: | 00 00 00 00 00 00 00 00 Oct 31 15:25:11.199196: | natd_hash: ip= Oct 31 15:25:11.199202: | c0 01 02 17 Oct 31 15:25:11.199209: | natd_hash: port= Oct 31 15:25:11.199211: | 01 f4 Oct 31 15:25:11.199213: | natd_hash: hash= Oct 31 15:25:11.199215: | 4b b5 ff e5 84 45 b6 7c a4 5b cd 2b 23 9e 7d 1a Oct 31 15:25:11.199219: | 42 40 73 e7 Oct 31 15:25:11.199221: | adding a v2N Payload Oct 31 15:25:11.199223: | ***emit IKEv2 Notify Payload: Oct 31 15:25:11.199226: | next payload type: ISAKMP_NEXT_v2NONE (0x0) Oct 31 15:25:11.199228: | flags: none (0x0) Oct 31 15:25:11.199230: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0) Oct 31 15:25:11.199233: | SPI size: 0 (00) Oct 31 15:25:11.199235: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005) Oct 31 15:25:11.199238: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N) Oct 31 15:25:11.199240: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'reply packet' Oct 31 15:25:11.199242: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload Oct 31 15:25:11.199244: | Notify data: Oct 31 15:25:11.199247: | 4b b5 ff e5 84 45 b6 7c a4 5b cd 2b 23 9e 7d 1a Oct 31 15:25:11.199249: | 42 40 73 e7 Oct 31 15:25:11.199251: | emitting length of IKEv2 Notify Payload: 28 Oct 31 15:25:11.199253: | emitting length of ISAKMP Message: 828 Oct 31 15:25:11.199261: | [RE]START processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in complete_v2_state_transition() at ikev2.c:3364) Oct 31 15:25:11.199264: | #5 complete_v2_state_transition() PARENT_I0->PARENT_I1 with status STF_OK Oct 31 15:25:11.199266: | transitioning from state STATE_PARENT_I0 to state STATE_PARENT_I1 Oct 31 15:25:11.199267: | Message ID: updating counters for #5 Oct 31 15:25:11.199270: | Message ID: IKE #5 skipping update_recv as MD is fake Oct 31 15:25:11.199274: | Message ID: IKE #5 scheduling EVENT_RETRANSMIT: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744585.62841 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744585.62841 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:11.199277: "northnet-eastnet/0x2" #5: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds Oct 31 15:25:11.199281: | event_schedule: newref EVENT_RETRANSMIT-pe@0x563af96c5f48 Oct 31 15:25:11.199282: | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #5 Oct 31 15:25:11.199285: | libevent_malloc: newref ptr-libevent@0x563af96c3ca8 size 128 Oct 31 15:25:11.199288: | #5 STATE_PARENT_I0: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 744585.632076 Oct 31 15:25:11.199292: | Message ID: IKE #5 updating initiator sent message request 0: ike.initiator.sent=-1->0 ike.initiator.recv=-1 ike.initiator.last_contact=744585.62841 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744585.62841 ike.wip.initiator=-1->0 ike.wip.responder=-1 Oct 31 15:25:11.199296: | Message ID: IKE #5 no pending message initiators to schedule: ike.initiator.sent=0 ike.initiator.recv=-1 ike.initiator.last_contact=744585.62841 ike.responder.sent=-1 ike.responder.recv=-1 ike.responder.last_contact=744585.62841 ike.wip.initiator=0 ike.wip.responder=-1 Oct 31 15:25:11.199298: | parent state #5: PARENT_I0(ignore) => PARENT_I1(half-open IKE SA) Oct 31 15:25:11.199300: | announcing the state transition Oct 31 15:25:11.199302: "northnet-eastnet/0x2" #5: sent IKE_SA_INIT request Oct 31 15:25:11.199307: | sending 828 bytes for STATE_PARENT_I0 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 using UDP (for #5) Oct 31 15:25:11.199309: | cf a3 af 58 f8 08 07 8b 00 00 00 00 00 00 00 00 Oct 31 15:25:11.199310: | 21 20 22 08 00 00 00 00 00 00 03 3c 22 00 01 b4 Oct 31 15:25:11.199311: | 02 00 00 64 01 01 00 0b 03 00 00 0c 01 00 00 14 Oct 31 15:25:11.199313: | 80 0e 01 00 03 00 00 08 02 00 00 07 03 00 00 08 Oct 31 15:25:11.199314: | 02 00 00 05 03 00 00 08 04 00 00 0e 03 00 00 08 Oct 31 15:25:11.199315: | 04 00 00 0f 03 00 00 08 04 00 00 10 03 00 00 08 Oct 31 15:25:11.199317: | 04 00 00 12 03 00 00 08 04 00 00 13 03 00 00 08 Oct 31 15:25:11.199319: | 04 00 00 14 03 00 00 08 04 00 00 15 00 00 00 08 Oct 31 15:25:11.199320: | 04 00 00 1f 02 00 00 64 02 01 00 0b 03 00 00 0c Oct 31 15:25:11.199325: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 Oct 31 15:25:11.199327: | 03 00 00 08 02 00 00 05 03 00 00 08 04 00 00 0e Oct 31 15:25:11.199329: | 03 00 00 08 04 00 00 0f 03 00 00 08 04 00 00 10 Oct 31 15:25:11.199330: | 03 00 00 08 04 00 00 12 03 00 00 08 04 00 00 13 Oct 31 15:25:11.199332: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 15 Oct 31 15:25:11.199334: | 00 00 00 08 04 00 00 1f 02 00 00 74 03 01 00 0d Oct 31 15:25:11.199336: | 03 00 00 0c 01 00 00 0c 80 0e 01 00 03 00 00 08 Oct 31 15:25:11.199338: | 02 00 00 07 03 00 00 08 02 00 00 05 03 00 00 08 Oct 31 15:25:11.199340: | 03 00 00 0e 03 00 00 08 03 00 00 0c 03 00 00 08 Oct 31 15:25:11.199342: | 04 00 00 0e 03 00 00 08 04 00 00 0f 03 00 00 08 Oct 31 15:25:11.199344: | 04 00 00 10 03 00 00 08 04 00 00 12 03 00 00 08 Oct 31 15:25:11.199346: | 04 00 00 13 03 00 00 08 04 00 00 14 03 00 00 08 Oct 31 15:25:11.199348: | 04 00 00 15 00 00 00 08 04 00 00 1f 00 00 00 74 Oct 31 15:25:11.199349: | 04 01 00 0d 03 00 00 0c 01 00 00 0c 80 0e 00 80 Oct 31 15:25:11.199350: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 05 Oct 31 15:25:11.199352: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0c Oct 31 15:25:11.199353: | 03 00 00 08 04 00 00 0e 03 00 00 08 04 00 00 0f Oct 31 15:25:11.199354: | 03 00 00 08 04 00 00 10 03 00 00 08 04 00 00 12 Oct 31 15:25:11.199356: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 14 Oct 31 15:25:11.199357: | 03 00 00 08 04 00 00 15 00 00 00 08 04 00 00 1f Oct 31 15:25:11.199358: | 28 00 01 08 00 0e 00 00 45 60 38 c8 dd c9 d7 43 Oct 31 15:25:11.199360: | a3 a1 47 f6 5c 73 01 21 31 4e 79 b0 39 32 33 5e Oct 31 15:25:11.199361: | 02 d2 e5 5f 2c 5d 14 26 1c 81 93 09 a3 81 13 ab Oct 31 15:25:11.199362: | d0 04 3a 42 4c 54 e5 c8 9f 53 95 14 d2 6e 41 db Oct 31 15:25:11.199364: | c9 e1 97 1c 74 69 d7 65 cd 90 fd 20 af 82 f8 9c Oct 31 15:25:11.199365: | f5 f2 30 85 60 8e 4d d4 56 bb 5e c7 92 b5 1c f2 Oct 31 15:25:11.199366: | 69 7d dd 52 26 8c 9d 5b e7 86 61 8e f5 d1 d0 bd Oct 31 15:25:11.199368: | 54 fe e6 98 a5 dd b9 50 51 e2 5d 6e 3e e7 c8 c9 Oct 31 15:25:11.199369: | 52 4a 2a ca 3c 6b 78 67 9a 78 a2 eb 5d ac 96 b7 Oct 31 15:25:11.199370: | a1 ae 17 24 7a be 38 15 66 1a a1 69 eb 22 17 8e Oct 31 15:25:11.199372: | ec 67 ae 26 10 2f 75 14 29 6d f1 c7 25 d3 b6 d4 Oct 31 15:25:11.199373: | 35 8c e5 13 84 25 fc 95 cb c7 a0 8e 53 3a 8a 54 Oct 31 15:25:11.199374: | 08 79 68 d9 e3 76 3e 57 cb b3 ac 1c ac b9 9f 73 Oct 31 15:25:11.199376: | bc 37 f5 42 54 a3 e9 e8 00 f3 36 eb 3a a2 47 60 Oct 31 15:25:11.199377: | ee 29 80 e8 ea 4e ef f8 c5 53 c9 4d b5 52 79 ba Oct 31 15:25:11.199378: | 3b be 20 1d 4a 46 3c c7 33 e2 b2 a2 62 cb de dd Oct 31 15:25:11.199380: | 4c dc 4d 1e 84 cf 45 21 29 00 00 24 10 2f 22 58 Oct 31 15:25:11.199381: | 96 e8 57 aa 37 c4 9d 14 81 4d 8a 96 ed 66 48 ba Oct 31 15:25:11.199382: | 3a 2d ae e0 98 9b 13 aa f7 f3 96 a8 29 00 00 08 Oct 31 15:25:11.199384: | 00 00 40 2e 29 00 00 1c 00 00 40 04 3b f3 74 c6 Oct 31 15:25:11.199385: | 6d eb 11 31 4b 1a 2b 29 b9 31 81 bd 32 d6 cb f0 Oct 31 15:25:11.199386: | 00 00 00 1c 00 00 40 05 4b b5 ff e5 84 45 b6 7c Oct 31 15:25:11.199388: | a4 5b cd 2b 23 9e 7d 1a 42 40 73 e7 Oct 31 15:25:11.199422: | sent 1 messages Oct 31 15:25:11.199425: | checking that a retransmit timeout_event was already Oct 31 15:25:11.199427: | state #5 deleting .st_event EVENT_CRYPTO_TIMEOUT Oct 31 15:25:11.199430: | libevent_free: delref ptr-libevent@0x7feda0006108 Oct 31 15:25:11.199432: | free_event_entry: delref EVENT_CRYPTO_TIMEOUT-pe@0x563af96c91e8 Oct 31 15:25:11.199435: | delref logger@0x563af960f068(1->0) (in handle_helper_answer() at pluto_crypt.c:658) Oct 31 15:25:11.199437: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.199438: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.199441: | resume sending helper answer back to state for #5 suppresed complete_v2_state_transition() Oct 31 15:25:11.199446: | delref mdp@NULL (in resume_handler() at server.c:743) Oct 31 15:25:11.199452: | #5 spent 1.37 (1.69) milliseconds in resume sending helper answer back to state Oct 31 15:25:11.199455: | stop processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in resume_handler() at server.c:745) Oct 31 15:25:11.199457: | libevent_free: delref ptr-libevent@0x7fed94006108 Oct 31 15:25:11.583851: | newref struct fd@0x563af96c9748(0->1) (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:11.583871: | fd_accept: new fd-fd@0x563af96c9748 (in whack_handle_cb() at rcv_whack.c:869) Oct 31 15:25:11.583898: shutting down Oct 31 15:25:11.583909: | leaking fd-fd@0x563af96c9748's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) Oct 31 15:25:11.583913: | delref fd@0x563af96c9748(1->0) (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:11.583917: | freeref fd-fd@0x563af96c9748 (in whack_handle_cb() at rcv_whack.c:895) Oct 31 15:25:11.583967: | shutting down helper thread 7 Oct 31 15:25:11.583984: | helper thread 7 exited Oct 31 15:25:11.584000: | shutting down helper thread 1 Oct 31 15:25:11.584010: | helper thread 1 exited Oct 31 15:25:11.584022: | shutting down helper thread 2 Oct 31 15:25:11.584033: | helper thread 2 exited Oct 31 15:25:11.584041: | shutting down helper thread 4 Oct 31 15:25:11.584048: | helper thread 4 exited Oct 31 15:25:11.584056: | shutting down helper thread 3 Oct 31 15:25:11.584065: | helper thread 3 exited Oct 31 15:25:11.584072: | shutting down helper thread 6 Oct 31 15:25:11.584079: | helper thread 6 exited Oct 31 15:25:11.584089: | shutting down helper thread 5 Oct 31 15:25:11.584102: | helper thread 5 exited Oct 31 15:25:11.584105: 7 helper threads shutdown Oct 31 15:25:11.584108: | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) Oct 31 15:25:11.584111: | certs and keys locked by 'free_preshared_secrets' Oct 31 15:25:11.584113: forgetting secrets Oct 31 15:25:11.584117: | certs and keys unlocked by 'free_preshared_secrets' Oct 31 15:25:11.584121: | delref fd@NULL (in delete_pending() at pending.c:218) Oct 31 15:25:11.584124: | removing pending policy for no connection {0x563af96cb3d8} Oct 31 15:25:11.584126: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:11.584129: | pass 0 Oct 31 15:25:11.584131: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:11.584133: | state #5 Oct 31 15:25:11.584140: | start processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1406) Oct 31 15:25:11.584143: | delref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1408) Oct 31 15:25:11.584145: | addref fd@NULL (in foreach_state_by_connection_func_delete() at state.c:1409) Oct 31 15:25:11.584147: | pstats #5 ikev2.ike deleted other Oct 31 15:25:11.584153: | #5 main thread spent 1.53 (1.85) milliseconds helper thread spent 1.81 (1.95) milliseconds in total Oct 31 15:25:11.584158: | [RE]START processing: state #5 connection "northnet-eastnet/0x2" from 192.1.2.23:500 (in delete_state() at state.c:935) Oct 31 15:25:11.584160: | should_send_delete: no, not established Oct 31 15:25:11.584165: "northnet-eastnet/0x2" #5: deleting state (STATE_PARENT_I1) aged 0.388582s and NOT sending notification Oct 31 15:25:11.584168: | parent state #5: PARENT_I1(half-open IKE SA) => delete Oct 31 15:25:11.584171: | unsuspending #5 MD (nil) Oct 31 15:25:11.584173: | should_send_delete: no, not established Oct 31 15:25:11.584176: | state #5 has no .st_event to delete Oct 31 15:25:11.584179: | #5 requesting EVENT_RETRANSMIT-pe@0x563af96c5f48 be deleted Oct 31 15:25:11.584183: | libevent_free: delref ptr-libevent@0x563af96c3ca8 Oct 31 15:25:11.584185: | free_event_entry: delref EVENT_RETRANSMIT-pe@0x563af96c5f48 Oct 31 15:25:11.584188: | #5 STATE_PARENT_I1: retransmits: cleared Oct 31 15:25:11.584191: | State DB: IKEv2 state not found (flush_incomplete_children) Oct 31 15:25:11.584197: | picked newest_isakmp_sa #0 for #5 Oct 31 15:25:11.584211: "northnet-eastnet/0x2" #5: deleting IKE SA but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Oct 31 15:25:11.584215: | add revival: connection 'northnet-eastnet/0x2' added to the list and scheduled for 5 seconds Oct 31 15:25:11.584218: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds Oct 31 15:25:11.584223: | in connection_discard for connection northnet-eastnet/0x2 Oct 31 15:25:11.584226: | State DB: deleting IKEv2 state #5 in PARENT_I1 Oct 31 15:25:11.584230: | parent state #5: PARENT_I1(half-open IKE SA) => UNDEFINED(ignore) Oct 31 15:25:11.584233: | releasing #5's fd-fd@(nil) because deleting state Oct 31 15:25:11.584235: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.584237: | delref fd@NULL (in delete_state() at state.c:1195) Oct 31 15:25:11.584240: | delref pkp@NULL (in delete_state() at state.c:1202) Oct 31 15:25:11.584257: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1239) Oct 31 15:25:11.584262: | delref logger@0x563af96c5e98(1->0) (in delete_state() at state.c:1306) Oct 31 15:25:11.584264: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.584266: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.584269: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1411) Oct 31 15:25:11.584271: | pass 1 Oct 31 15:25:11.584273: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:11.584283: | shunt_eroute() called for connection 'northnet-eastnet/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:11.584288: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:11.584291: | priority calculation of connection "northnet-eastnet/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:11.584330: | priority calculation of connection "northnet-eastnet/0x2" is 2084814 (0x1fcfce) Oct 31 15:25:11.584342: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:11.584345: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:11.584348: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 Oct 31 15:25:11.584350: | conn northnet-eastnet/0x2 mark 0/00000000, 0/00000000 vs Oct 31 15:25:11.584353: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:11.584357: | route owner of "northnet-eastnet/0x2" unrouted: "northnet-eastnet/0x1" prospective erouted Oct 31 15:25:11.584360: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:11.584362: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:11.584366: | newref clone logger@0x563af96c1a48(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:11.584372: | flush revival: connection 'northnet-eastnet/0x2' revival flushed Oct 31 15:25:11.584376: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:11.584378: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:11.584388: | Connection DB: deleting connection $2 Oct 31 15:25:11.584392: | delref logger@0x563af96c1a48(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:11.584394: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.584396: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.584399: | deleting states for connection - including all other IPsec SA's of this IKE SA Oct 31 15:25:11.584401: | pass 0 Oct 31 15:25:11.584403: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:11.584405: | pass 1 Oct 31 15:25:11.584407: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Oct 31 15:25:11.584412: | shunt_eroute() called for connection 'northnet-eastnet/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Oct 31 15:25:11.584418: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Oct 31 15:25:11.584420: | priority calculation of connection "northnet-eastnet/0x1" is 2084814 (0x1fcfce) Oct 31 15:25:11.584434: ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete included errno 2: No such file or directory Oct 31 15:25:11.584436: | FOR_EACH_CONNECTION_... in route_owner Oct 31 15:25:11.584439: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 vs Oct 31 15:25:11.584441: | conn northnet-eastnet/0x1 mark 0/00000000, 0/00000000 Oct 31 15:25:11.584444: | route owner of "northnet-eastnet/0x1" unrouted: NULL Oct 31 15:25:11.584447: | running updown command "ipsec _updown" for verb unroute Oct 31 15:25:11.584449: | command executing unroute-client Oct 31 15:25:11.584477: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI... Oct 31 15:25:11.584480: | popen cmd is 1077 chars long Oct 31 15:25:11.584482: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Oct 31 15:25:11.584485: | cmd( 80):et/0x1' PLUTO_VIRT_INTERFACE='NULL' PLUTO_INTERFACE='eth1' PLUTO_XFRMI_ROUTE='' : Oct 31 15:25:11.584487: | cmd( 160):PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='@north' PLUTO_MY_: Oct 31 15:25:11.584489: | cmd( 240):CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.: Oct 31 15:25:11.584491: | cmd( 320):255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_: Oct 31 15:25:11.584493: | cmd( 400):SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT=': Oct 31 15:25:11.584496: | cmd( 480):192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.: Oct 31 15:25:11.584498: | cmd( 560):255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK=: Oct 31 15:25:11.584500: | cmd( 640):'xfrm' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+OVERLAPIP+: Oct 31 15:25:11.584502: | cmd( 720):IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Oct 31 15:25:11.584504: | cmd( 800):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Oct 31 15:25:11.584506: | cmd( 880):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Oct 31 15:25:11.584509: | cmd( 960):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Oct 31 15:25:11.584511: | cmd(1040):IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Oct 31 15:25:11.595790: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595806: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595809: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595813: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595821: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595831: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595841: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595856: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595874: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595889: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595903: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595918: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595929: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595938: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595948: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595957: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595968: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595977: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595986: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.595995: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596005: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596015: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596025: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596035: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596044: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596053: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596063: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596074: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596083: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596092: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596102: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596112: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596450: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596458: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596467: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596484: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596552: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596567: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596623: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596628: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596630: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.596633: unroute-client output: Error: Peer netns reference is invalid. Oct 31 15:25:11.605821: | addref fd@NULL (in clone_logger() at log.c:809) Oct 31 15:25:11.605831: | addref fd@NULL (in clone_logger() at log.c:810) Oct 31 15:25:11.605835: | newref clone logger@0x563af96c1a48(0->1) (in clone_logger() at log.c:817) Oct 31 15:25:11.605839: | delref hp@0x563af96c3aa8(1->0) (in delete_oriented_hp() at hostpair.c:360) Oct 31 15:25:11.605841: | flush revival: connection 'northnet-eastnet/0x1' wasn't on the list Oct 31 15:25:11.605843: | delref vip@NULL (in discard_connection() at connections.c:262) Oct 31 15:25:11.605845: | delref vip@NULL (in discard_connection() at connections.c:263) Oct 31 15:25:11.605856: | Connection DB: deleting connection $1 Oct 31 15:25:11.605861: | delref logger@0x563af96c1a48(1->0) (in delete_connection() at connections.c:214) Oct 31 15:25:11.605864: | delref fd@NULL (in free_logger() at log.c:853) Oct 31 15:25:11.605867: | delref fd@NULL (in free_logger() at log.c:854) Oct 31 15:25:11.605870: | crl fetch request list locked by 'free_crl_fetch' Oct 31 15:25:11.605872: | crl fetch request list unlocked by 'free_crl_fetch' Oct 31 15:25:11.605881: | iface: marking eth1 dead Oct 31 15:25:11.605883: | iface: marking eth0 dead Oct 31 15:25:11.605886: | iface: marking lo dead Oct 31 15:25:11.605887: | updating interfaces - listing interfaces that are going down Oct 31 15:25:11.605892: shutting down interface lo 127.0.0.1:4500 Oct 31 15:25:11.605894: shutting down interface lo 127.0.0.1:500 Oct 31 15:25:11.605896: shutting down interface eth0 192.0.3.254:4500 Oct 31 15:25:11.605898: shutting down interface eth0 192.0.3.254:500 Oct 31 15:25:11.605901: shutting down interface eth1 192.1.3.33:4500 Oct 31 15:25:11.605903: shutting down interface eth1 192.1.3.33:500 Oct 31 15:25:11.605904: | updating interfaces - deleting the dead Oct 31 15:25:11.605908: | FOR_EACH_STATE_... in delete_states_dead_interfaces Oct 31 15:25:11.605914: | libevent_free: delref ptr-libevent@0x563af96bcd28 Oct 31 15:25:11.605916: | delref id@0x563af96c0df8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605924: | libevent_free: delref ptr-libevent@0x563af96801a8 Oct 31 15:25:11.605926: | delref id@0x563af96c0df8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605935: | libevent_free: delref ptr-libevent@0x563af9675468 Oct 31 15:25:11.605940: | delref id@0x563af96c0d28(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605947: | libevent_free: delref ptr-libevent@0x563af96802a8 Oct 31 15:25:11.605951: | delref id@0x563af96c0d28(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605958: | libevent_free: delref ptr-libevent@0x563af967ccc8 Oct 31 15:25:11.605961: | delref id@0x563af96c0bf8(3->2) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605967: | libevent_free: delref ptr-libevent@0x563af967cc18 Oct 31 15:25:11.605970: | delref id@0x563af96c0bf8(2->1) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605976: | delref id@0x563af96c0bf8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605980: | delref id@0x563af96c0d28(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605984: | delref id@0x563af96c0df8(1->0) (in release_iface_dev() at iface.c:125) Oct 31 15:25:11.605987: | updating interfaces - checking orientation Oct 31 15:25:11.605989: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Oct 31 15:25:11.608475: | libevent_free: delref ptr-libevent@0x563af96bcdd8 Oct 31 15:25:11.608489: | free_event_entry: delref EVENT_NULL-pe@0x563af96c0198 Oct 31 15:25:11.608497: | libevent_free: delref ptr-libevent@0x563af96800a8 Oct 31 15:25:11.608500: | free_event_entry: delref EVENT_NULL-pe@0x563af96bab28 Oct 31 15:25:11.608504: | libevent_free: delref ptr-libevent@0x563af967fff8 Oct 31 15:25:11.608507: | free_event_entry: delref EVENT_NULL-pe@0x563af96b4298 Oct 31 15:25:11.608510: | global timer EVENT_REINIT_SECRET uninitialized Oct 31 15:25:11.608513: | global timer EVENT_SHUNT_SCAN uninitialized Oct 31 15:25:11.608515: | global timer EVENT_PENDING_DDNS uninitialized Oct 31 15:25:11.608518: | global timer EVENT_PENDING_PHASE2 uninitialized Oct 31 15:25:11.608520: | global timer EVENT_CHECK_CRLS uninitialized Oct 31 15:25:11.608522: | global timer EVENT_REVIVE_CONNS uninitialized Oct 31 15:25:11.608525: | global timer EVENT_FREE_ROOT_CERTS uninitialized Oct 31 15:25:11.608527: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Oct 31 15:25:11.608529: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Oct 31 15:25:11.608533: | libevent_free: delref ptr-libevent@0x563af9612af8 Oct 31 15:25:11.608536: | signal event handler PLUTO_SIGCHLD uninstalled Oct 31 15:25:11.608538: | libevent_free: delref ptr-libevent@0x563af96114d8 Oct 31 15:25:11.608541: | signal event handler PLUTO_SIGTERM uninstalled Oct 31 15:25:11.608544: | libevent_free: delref ptr-libevent@0x563af96c03b8 Oct 31 15:25:11.608552: | signal event handler PLUTO_SIGHUP uninstalled Oct 31 15:25:11.608555: | libevent_free: delref ptr-libevent@0x563af96c05f8 Oct 31 15:25:11.608558: | signal event handler PLUTO_SIGSYS uninstalled Oct 31 15:25:11.608560: | releasing event base Oct 31 15:25:11.608575: | libevent_free: delref ptr-libevent@0x563af96c04c8 Oct 31 15:25:11.608579: | libevent_free: delref ptr-libevent@0x563af96af748 Oct 31 15:25:11.608582: | libevent_free: delref ptr-libevent@0x563af96af6f8 Oct 31 15:25:11.608587: | libevent_free: delref ptr-libevent@0x563af960efb8 Oct 31 15:25:11.608590: | libevent_free: delref ptr-libevent@0x563af96af8f8 Oct 31 15:25:11.608593: | libevent_free: delref ptr-libevent@0x563af96b3b18 Oct 31 15:25:11.608595: | libevent_free: delref ptr-libevent@0x563af96b3928 Oct 31 15:25:11.608597: | libevent_free: delref ptr-libevent@0x563af96af938 Oct 31 15:25:11.608599: | libevent_free: delref ptr-libevent@0x563af96b3738 Oct 31 15:25:11.608601: | libevent_free: delref ptr-libevent@0x563af96b30f8 Oct 31 15:25:11.608603: | libevent_free: delref ptr-libevent@0x563af96c18e8 Oct 31 15:25:11.608605: | libevent_free: delref ptr-libevent@0x563af96c18a8 Oct 31 15:25:11.608607: | libevent_free: delref ptr-libevent@0x563af96c1868 Oct 31 15:25:11.608610: | libevent_free: delref ptr-libevent@0x563af96c1828 Oct 31 15:25:11.608612: | libevent_free: delref ptr-libevent@0x563af96c17e8 Oct 31 15:25:11.608614: | libevent_free: delref ptr-libevent@0x563af96c17a8 Oct 31 15:25:11.608616: | libevent_free: delref ptr-libevent@0x563af96a5ec8 Oct 31 15:25:11.608618: | libevent_free: delref ptr-libevent@0x563af96c0378 Oct 31 15:25:11.608620: | libevent_free: delref ptr-libevent@0x563af96c0338 Oct 31 15:25:11.608622: | libevent_free: delref ptr-libevent@0x563af96b3778 Oct 31 15:25:11.608624: | libevent_free: delref ptr-libevent@0x563af96c0488 Oct 31 15:25:11.608627: | libevent_free: delref ptr-libevent@0x563af96c0208 Oct 31 15:25:11.608629: | libevent_free: delref ptr-libevent@0x563af96824e8 Oct 31 15:25:11.608631: | libevent_free: delref ptr-libevent@0x563af9681d48 Oct 31 15:25:11.608634: | libevent_free: delref ptr-libevent@0x563af9678d68 Oct 31 15:25:11.608636: | releasing global libevent data Oct 31 15:25:11.608639: | libevent_free: delref ptr-libevent@0x563af9682088 Oct 31 15:25:11.608641: | libevent_free: delref ptr-libevent@0x563af9611478 Oct 31 15:25:11.608644: | libevent_free: delref ptr-libevent@0x563af9682568 Oct 31 15:25:11.608688: leak detective found no leaks