| newref logger@0x55d093731bb8(0->1) (in main() at plutomain.c:1591) | delref logger@0x55d093731bb8(1->0) (in main() at plutomain.c:1592) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) NSS DB directory: sql:/var/lib/ipsec/nss Initializing NSS Opening NSS database "sql:/var/lib/ipsec/nss" read-only FIPS Mode: NO NSS crypto library initialized FIPS mode disabled for pluto daemon FIPS HMAC integrity support [disabled] libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v4.1-88-gf1d1933837ef-main IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LABELED_IPSEC (SELINUX) SECCOMP LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2074747 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: newref ptr-libevent@0x55d0937b57e8 size 40 | libevent_malloc: newref ptr-libevent@0x55d093743088 size 40 | libevent_malloc: newref ptr-libevent@0x55d0937b5cc8 size 40 | creating event base | libevent_malloc: newref ptr-libevent@0x55d0937b5fc8 size 56 | libevent_malloc: newref ptr-libevent@0x55d0937ac4b8 size 664 | libevent_malloc: newref ptr-libevent@0x55d0937e2d18 size 24 | libevent_malloc: newref ptr-libevent@0x55d0937e2d68 size 384 | libevent_malloc: newref ptr-libevent@0x55d0937e2f18 size 16 | libevent_malloc: newref ptr-libevent@0x55d0937b5c48 size 40 | libevent_malloc: newref ptr-libevent@0x55d0937b54a8 size 48 | libevent_realloc: newref ptr-libevent@0x55d0937e2f58 size 256 | libevent_malloc: newref ptr-libevent@0x55d0937e3088 size 16 | libevent_free: delref ptr-libevent@0x55d0937b5fc8 | libevent initialized | libevent_realloc: newref ptr-libevent@0x55d0937b5fc8 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA; flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD (main_inI1_outR1) | MAIN_I1: category: half-open IKE SA; flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT (main_inR1_outI2) | MAIN_R1: category: open IKE SA; flags: 0: | -> MAIN_R2 EVENT_RETRANSMIT (main_inI2_outR2) | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) | -> MAIN_R1 EVENT_RETRANSMIT (unexpected) | MAIN_I2: category: open IKE SA; flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT (main_inR2_outI3) | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) | -> MAIN_I2 EVENT_RETRANSMIT (unexpected) | MAIN_R2: category: open IKE SA; flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) | -> MAIN_R3 EVENT_SA_REPLACE (main_inI3_outR3) | -> MAIN_R2 EVENT_SA_REPLACE (unexpected) | MAIN_I3: category: open IKE SA; flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) | -> MAIN_I4 EVENT_SA_REPLACE (main_inR3) | -> MAIN_I3 EVENT_SA_REPLACE (unexpected) | MAIN_R3: category: established IKE SA; flags: 0: | -> MAIN_R3 EVENT_NULL (unexpected) | MAIN_I4: category: established IKE SA; flags: 0: | -> MAIN_I4 EVENT_NULL (unexpected) | AGGR_R0: category: half-open IKE SA; flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD (aggr_inI1_outR1) | AGGR_I1: category: half-open IKE SA; flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) | -> AGGR_I2 EVENT_SA_REPLACE (aggr_inR1_outI2) | AGGR_R1: category: open IKE SA; flags: 0: | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) | -> AGGR_R2 EVENT_SA_REPLACE (aggr_inI2) | AGGR_I2: category: established IKE SA; flags: 0: | -> AGGR_I2 EVENT_NULL (unexpected) | AGGR_R2: category: established IKE SA; flags: 0: | -> AGGR_R2 EVENT_NULL (unexpected) | QUICK_R0: category: established CHILD SA; flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT (quick_inI1_outR1) | QUICK_I1: category: established CHILD SA; flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE (quick_inR1_outI2) | QUICK_R1: category: established CHILD SA; flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE (quick_inI2) | QUICK_I2: category: established CHILD SA; flags: 0: | -> QUICK_I2 EVENT_NULL (unexpected) | QUICK_R2: category: established CHILD SA; flags: 0: | -> QUICK_R2 EVENT_NULL (unexpected) | INFO: category: informational; flags: 0: | -> INFO EVENT_NULL (informational) | INFO_PROTECTED: category: informational; flags: 0: | -> INFO_PROTECTED EVENT_NULL (informational) | XAUTH_R0: category: established IKE SA; flags: 0: | -> XAUTH_R1 EVENT_NULL (xauth_inR0) | XAUTH_R1: category: established IKE SA; flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE (xauth_inR1) | MODE_CFG_R0: category: informational; flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE (modecfg_inR0) | MODE_CFG_R1: category: established IKE SA; flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE (modecfg_inR1) | MODE_CFG_R2: category: established IKE SA; flags: 0: | -> MODE_CFG_R2 EVENT_NULL (unexpected) | MODE_CFG_I1: category: established IKE SA; flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE (modecfg_inR1) | XAUTH_I0: category: established IKE SA; flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT (xauth_inI0) | XAUTH_I1: category: established IKE SA; flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT (xauth_inI1) | checking IKEv2 state table | V2_REKEY_IKE_I0: category: established IKE SA; flags: 0: | -> V2_REKEY_IKE_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_I0: category: established IKE SA; flags: 0: | -> V2_REKEY_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_NEW_CHILD_I0: category: established IKE SA; flags: 0: | -> V2_NEW_CHILD_I1 EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | PARENT_I0: category: ignore; flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA; flags: 0: | -> PARENT_I0 EVENT_SO_DISCARD (received anti-DDOS COOKIE notify response; resending IKE_SA_INIT request with cookie payload added) | -> PARENT_I0 EVENT_SO_DISCARD (received IKE_SA_INIT INVALID_KE_PAYLOAD notify response; resending IKE_SA_INIT with new KE payload) | -> IKESA_DEL EVENT_v2_REDIRECT (received REDIRECT notify response; resending IKE_SA_INIT request to new destination) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE) | PARENT_I2: category: open IKE SA; flags: 0: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE) | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_R0: category: half-open IKE SA; flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-response (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA; flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request (no SKEYSEED)) | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (no SKEYSEED)) | -> PARENT_R1 EVENT_SA_REPLACE send-response (Responder: process IKE_INTERMEDIATE request (with SKEYSEED)) | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Responder: process IKE_AUTH request) | V2_REKEY_IKE_R0: category: established IKE SA; flags: 0: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I1: category: established IKE SA; flags: 0: | -> ESTABLISHED_IKE_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_NEW_CHILD_I1: category: established IKE SA; flags: 0: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_CHILD_R0: category: established IKE SA; flags: 0: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA rekey CHILD SA request) | V2_NEW_CHILD_R0: category: established IKE SA; flags: 0: | -> ESTABLISHED_CHILD_SA EVENT_SA_REPLACE send-response (Respond to CREATE_CHILD_SA IPsec SA Request) | ESTABLISHED_IKE_SA: category: established IKE SA; flags: 0: | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request (liveness probe)) | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response (liveness probe)) | -> ESTABLISHED_IKE_SA EVENT_RETAIN send-response (Informational Request) | -> ESTABLISHED_IKE_SA EVENT_RETAIN (Informational Response) | IKESA_DEL: category: established IKE SA; flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational; flags: 0: | -> CHILDSA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac NULL [] IKEv1: ESP IKEv2: ESP CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: NSS SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 helper threads started thread for helper 0 | starting helper thread 1 seccomp security disabled for crypto helper 1 | status value returned by setting the priority of this helper thread 1: 22 started thread for helper 1 | helper thread 1 has nothing to do | starting helper thread 2 seccomp security disabled for crypto helper 2 | status value returned by setting the priority of this helper thread 2: 22 | helper thread 2 has nothing to do started thread for helper 2 | starting helper thread 3 seccomp security disabled for crypto helper 3 | status value returned by setting the priority of this helper thread 3: 22 | helper thread 3 has nothing to do started thread for helper 3 | starting helper thread 4 seccomp security disabled for crypto helper 4 | status value returned by setting the priority of this helper thread 4: 22 | helper thread 4 has nothing to do started thread for helper 4 | starting helper thread 5 seccomp security disabled for crypto helper 5 | status value returned by setting the priority of this helper thread 5: 22 | helper thread 5 has nothing to do started thread for helper 5 | starting helper thread 6 seccomp security disabled for crypto helper 6 | status value returned by setting the priority of this helper thread 6: 22 | helper thread 6 has nothing to do started thread for helper 6 | starting helper thread 7 seccomp security disabled for crypto helper 7 | status value returned by setting the priority of this helper thread 7: 22 | helper thread 7 has nothing to do Using Linux XFRM/NETKEY IPsec kernel support code on 5.8.15-201.fc32.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: newref KERNEL_XRM_FD-pe@0x55d0937ee178 | libevent_malloc: newref ptr-libevent@0x55d0937b3758 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937e6e88 size 16 | add_fd_read_event_handler: newref KERNEL_ROUTE_FD-pe@0x55d0937f0198 | libevent_malloc: newref ptr-libevent@0x55d0937b3808 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937e6848 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized SELinux support is enabled in PERMISSIVE mode. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | loading dnssec root key from:/var/lib/unbound/root.key | no additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: newref PLUTO_CTL_FD-pe@0x55d0937f3778 | libevent_malloc: newref ptr-libevent@0x55d0937f02b8 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937e7268 size 16 | libevent_realloc: newref ptr-libevent@0x55d0937f37e8 size 256 | libevent_malloc: newref ptr-libevent@0x55d0937e6ec8 size 8 | libevent_realloc: newref ptr-libevent@0x55d0937e6508 size 144 | libevent_malloc: newref ptr-libevent@0x55d093746308 size 152 | libevent_malloc: newref ptr-libevent@0x55d0937e7078 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: newref ptr-libevent@0x55d0937f3918 size 8 | libevent_malloc: newref ptr-libevent@0x55d093746068 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: newref ptr-libevent@0x55d0937f3958 size 8 | libevent_malloc: newref ptr-libevent@0x55d0937f3998 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: newref ptr-libevent@0x55d0937f3a68 size 8 | libevent_realloc: delref ptr-libevent@0x55d0937e6508 | libevent_realloc: newref ptr-libevent@0x55d0937f3aa8 size 256 | libevent_malloc: newref ptr-libevent@0x55d0937f3bd8 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:2074837) using fork+execve | forked child 2074837 seccomp security disabled | newref struct fd@0x55d0937f3d38(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937f3d38 (in whack_handle_cb() at rcv_whack.c:869) | whack: listen listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | newref struct iface_dev@0x55d0937f41d8(0->1) (in add_iface_dev() at iface.c:67) Kernel supports NIC esp-hw-offload | iface: marking eth1 add | newref struct iface_dev@0x55d0937f4308(0->1) (in add_iface_dev() at iface.c:67) | iface: marking eth0 add | newref struct iface_dev@0x55d0937f43d8(0->1) (in add_iface_dev() at iface.c:67) | iface: marking lo add | no interfaces to sort | MSG_ERRQUEUE enabled on fd 18 | addref ifd@0x55d0937f41d8(1->2) (in bind_iface_port() at iface.c:237) adding UDP interface eth1 192.1.2.45:500 | MSG_ERRQUEUE enabled on fd 19 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 | addref ifd@0x55d0937f41d8(2->3) (in bind_iface_port() at iface.c:237) adding UDP interface eth1 192.1.2.45:4500 | MSG_ERRQUEUE enabled on fd 20 | addref ifd@0x55d0937f4308(1->2) (in bind_iface_port() at iface.c:237) adding UDP interface eth0 192.0.1.254:500 | MSG_ERRQUEUE enabled on fd 21 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 | addref ifd@0x55d0937f4308(2->3) (in bind_iface_port() at iface.c:237) adding UDP interface eth0 192.0.1.254:4500 | MSG_ERRQUEUE enabled on fd 22 | addref ifd@0x55d0937f43d8(1->2) (in bind_iface_port() at iface.c:237) adding UDP interface lo 127.0.0.1:500 | MSG_ERRQUEUE enabled on fd 23 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 | addref ifd@0x55d0937f43d8(2->3) (in bind_iface_port() at iface.c:237) adding UDP interface lo 127.0.0.1:4500 | updating interfaces - listing interfaces that are going down | updating interfaces - checking orientation | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_malloc: newref ptr-libevent@0x55d0937f0208 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937f4d88 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 23 on UDP | libevent_malloc: newref ptr-libevent@0x55d0937b3908 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937f4dc8 size 16 | setup callback for interface lo 127.0.0.1:500 fd 22 on UDP | libevent_malloc: newref ptr-libevent@0x55d0937a8bc8 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937f4e08 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 21 on UDP | libevent_malloc: newref ptr-libevent@0x55d0937b3a08 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937f4e48 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 20 on UDP | libevent_malloc: newref ptr-libevent@0x55d0937b0428 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937f4e88 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 19 on UDP | libevent_malloc: newref ptr-libevent@0x55d0937b0378 size 128 | libevent_malloc: newref ptr-libevent@0x55d0937f4ec8 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 18 on UDP | no stale xfrmi interface 'ipsec1' found | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" no secrets filename matched "/etc/ipsec.d/*.secrets" | old food groups: | new food groups: | delref fd@0x55d0937f3d38(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937f3d38 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.681 (2.23) milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 2074837 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0196 (0.0195) milliseconds in signal handler PLUTO_SIGCHLD | newref struct fd@0x55d0937f42a8(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937f42a8 (in whack_handle_cb() at rcv_whack.c:869) | whack: options (impair|debug) | old debugging base+cpu-usage + none | new debugging = base+cpu-usage | delref fd@0x55d0937f42a8(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937f42a8 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.0692 (0.0688) milliseconds in whack | newref struct fd@0x55d0937f3d78(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937f3d78 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'default-implicit-authby' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'default-implicit-authby' | addref fd@0x55d0937f3d78(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937e7628(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "default-implicit-authby" $1 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection default-implicit-authby with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting default-implicit-authby | default-implicit-authby doesn't match 127.0.0.1:4500 at all | default-implicit-authby doesn't match 127.0.0.1:500 at all | default-implicit-authby doesn't match 192.0.1.254:4500 at all | default-implicit-authby doesn't match 192.0.1.254:500 at all | default-implicit-authby doesn't match 192.1.2.45:4500 at all | default-implicit-authby doesn't match 192.1.2.45:500 at all added IKEv2 connection "default-implicit-authby" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937e7628(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d0937f3d78(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d0937f3d78(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937f3d78 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.35 (0.361) milliseconds in whack | newref struct fd@0x55d0937f4f48(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937f4f48 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'default-specified-authby' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'default-specified-authby' | addref fd@0x55d0937f4f48(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937f3ea8(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "default-specified-authby" $2 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection default-specified-authby with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting default-specified-authby | default-specified-authby doesn't match 127.0.0.1:4500 at all | default-specified-authby doesn't match 127.0.0.1:500 at all | default-specified-authby doesn't match 192.0.1.254:4500 at all | default-specified-authby doesn't match 192.0.1.254:500 at all | default-specified-authby doesn't match 192.1.2.45:4500 at all | default-specified-authby doesn't match 192.1.2.45:500 at all added IKEv2 connection "default-specified-authby" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937f3ea8(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d0937f4f48(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d0937f4f48(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937f4f48 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.332 (0.336) milliseconds in whack | newref struct fd@0x55d0937f6da8(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937f6da8 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'ecdsa-rsa' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'ecdsa-rsa' | addref fd@0x55d0937f6da8(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937f4fe8(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "ecdsa-rsa" $3 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection ecdsa-rsa with policy RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting ecdsa-rsa | ecdsa-rsa doesn't match 127.0.0.1:4500 at all | ecdsa-rsa doesn't match 127.0.0.1:500 at all | ecdsa-rsa doesn't match 192.0.1.254:4500 at all | ecdsa-rsa doesn't match 192.0.1.254:500 at all | ecdsa-rsa doesn't match 192.1.2.45:4500 at all | ecdsa-rsa doesn't match 192.1.2.45:500 at all added IKEv2 connection "ecdsa-rsa" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937f4fe8(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d0937f6da8(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d0937f6da8(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937f6da8 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.195 (0.194) milliseconds in whack | newref struct fd@0x55d0937f8d48(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937f8d48 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'ecdsa' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'ecdsa' | addref fd@0x55d0937f8d48(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937f6e48(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "ecdsa" $4 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection ecdsa with policy ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting ecdsa | ecdsa doesn't match 127.0.0.1:4500 at all | ecdsa doesn't match 127.0.0.1:500 at all | ecdsa doesn't match 192.0.1.254:4500 at all | ecdsa doesn't match 192.0.1.254:500 at all | ecdsa doesn't match 192.1.2.45:4500 at all | ecdsa doesn't match 192.1.2.45:500 at all added IKEv2 connection "ecdsa" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937f6e48(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d0937f8d48(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d0937f8d48(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937f8d48 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.357 (0.357) milliseconds in whack | newref struct fd@0x55d0937fad28(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937fad28 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'ecdsa-sha2' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'ecdsa-sha2' | addref fd@0x55d0937fad28(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937f8de8(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "ecdsa-sha2" $5 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection ecdsa-sha2 with policy ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting ecdsa-sha2 | ecdsa-sha2 doesn't match 127.0.0.1:4500 at all | ecdsa-sha2 doesn't match 127.0.0.1:500 at all | ecdsa-sha2 doesn't match 192.0.1.254:4500 at all | ecdsa-sha2 doesn't match 192.0.1.254:500 at all | ecdsa-sha2 doesn't match 192.1.2.45:4500 at all | ecdsa-sha2 doesn't match 192.1.2.45:500 at all added IKEv2 connection "ecdsa-sha2" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937f8de8(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d0937fad28(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d0937fad28(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937fad28 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.279 (0.278) milliseconds in whack | newref struct fd@0x55d0937fccb8(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937fccb8 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'ecdsa-sha2_256' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'ecdsa-sha2_256' | addref fd@0x55d0937fccb8(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937fadc8(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "ecdsa-sha2_256" $6 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection ecdsa-sha2_256 with policy ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting ecdsa-sha2_256 | ecdsa-sha2_256 doesn't match 127.0.0.1:4500 at all | ecdsa-sha2_256 doesn't match 127.0.0.1:500 at all | ecdsa-sha2_256 doesn't match 192.0.1.254:4500 at all | ecdsa-sha2_256 doesn't match 192.0.1.254:500 at all | ecdsa-sha2_256 doesn't match 192.1.2.45:4500 at all | ecdsa-sha2_256 doesn't match 192.1.2.45:500 at all added IKEv2 connection "ecdsa-sha2_256" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937fadc8(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d0937fccb8(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d0937fccb8(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937fccb8 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.341 (0.357) milliseconds in whack | newref struct fd@0x55d0937fec48(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d0937fec48 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'ecdsa-sha2_384' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'ecdsa-sha2_384' | addref fd@0x55d0937fec48(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937fcd58(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "ecdsa-sha2_384" $7 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection ecdsa-sha2_384 with policy ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting ecdsa-sha2_384 | ecdsa-sha2_384 doesn't match 127.0.0.1:4500 at all | ecdsa-sha2_384 doesn't match 127.0.0.1:500 at all | ecdsa-sha2_384 doesn't match 192.0.1.254:4500 at all | ecdsa-sha2_384 doesn't match 192.0.1.254:500 at all | ecdsa-sha2_384 doesn't match 192.1.2.45:4500 at all | ecdsa-sha2_384 doesn't match 192.1.2.45:500 at all added IKEv2 connection "ecdsa-sha2_384" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937fcd58(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d0937fec48(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d0937fec48(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d0937fec48 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.311 (0.32) milliseconds in whack | newref struct fd@0x55d093800bd8(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d093800bd8 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'ecdsa-sha2_512' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'ecdsa-sha2_512' | addref fd@0x55d093800bd8(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d0937fece8(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "ecdsa-sha2_512" $8 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection ecdsa-sha2_512 with policy ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting ecdsa-sha2_512 | ecdsa-sha2_512 doesn't match 127.0.0.1:4500 at all | ecdsa-sha2_512 doesn't match 127.0.0.1:500 at all | ecdsa-sha2_512 doesn't match 192.0.1.254:4500 at all | ecdsa-sha2_512 doesn't match 192.0.1.254:500 at all | ecdsa-sha2_512 doesn't match 192.1.2.45:4500 at all | ecdsa-sha2_512 doesn't match 192.1.2.45:500 at all added IKEv2 connection "ecdsa-sha2_512" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: ECDSA+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d0937fece8(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d093800bd8(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d093800bd8(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d093800bd8 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.206 (0.205) milliseconds in whack | newref struct fd@0x55d093802b68(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d093802b68 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'rsa-sha1' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'rsa-sha1' | addref fd@0x55d093802b68(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d093800c78(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "rsa-sha1" $9 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection rsa-sha1 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting rsa-sha1 | rsa-sha1 doesn't match 127.0.0.1:4500 at all | rsa-sha1 doesn't match 127.0.0.1:500 at all | rsa-sha1 doesn't match 192.0.1.254:4500 at all | rsa-sha1 doesn't match 192.0.1.254:500 at all | rsa-sha1 doesn't match 192.1.2.45:4500 at all | rsa-sha1 doesn't match 192.1.2.45:500 at all added IKEv2 connection "rsa-sha1" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO+RSASIG_v1_5 | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d093800c78(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d093802b68(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d093802b68(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d093802b68 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.213 (0.212) milliseconds in whack | newref struct fd@0x55d093804af8(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d093804af8 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'rsa-sha2' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'rsa-sha2' | addref fd@0x55d093804af8(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d093802c08(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "rsa-sha2" $10 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection rsa-sha2 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting rsa-sha2 | rsa-sha2 doesn't match 127.0.0.1:4500 at all | rsa-sha2 doesn't match 127.0.0.1:500 at all | rsa-sha2 doesn't match 192.0.1.254:4500 at all | rsa-sha2 doesn't match 192.0.1.254:500 at all | rsa-sha2 doesn't match 192.1.2.45:4500 at all | rsa-sha2 doesn't match 192.1.2.45:500 at all added IKEv2 connection "rsa-sha2" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d093802c08(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d093804af8(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d093804af8(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d093804af8 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.27 (0.374) milliseconds in whack | newref struct fd@0x55d093806a88(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d093806a88 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'rsa-sha2_256' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'rsa-sha2_256' | addref fd@0x55d093806a88(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d093804b98(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "rsa-sha2_256" $11 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection rsa-sha2_256 with policy ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | no AUTH policy was set - defaulting to RSASIG | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting rsa-sha2_256 | rsa-sha2_256 doesn't match 127.0.0.1:4500 at all | rsa-sha2_256 doesn't match 127.0.0.1:500 at all | rsa-sha2_256 doesn't match 192.0.1.254:4500 at all | rsa-sha2_256 doesn't match 192.0.1.254:500 at all | rsa-sha2_256 doesn't match 192.1.2.45:4500 at all | rsa-sha2_256 doesn't match 192.1.2.45:500 at all added IKEv2 connection "rsa-sha2_256" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d093804b98(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d093806a88(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d093806a88(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d093806a88 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.244 (0.249) milliseconds in whack | newref struct fd@0x55d093808a18(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d093808a18 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'rsa-sha2_384' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'rsa-sha2_384' | addref fd@0x55d093808a18(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d093806b28(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "rsa-sha2_384" $12 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection rsa-sha2_384 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting rsa-sha2_384 | rsa-sha2_384 doesn't match 127.0.0.1:4500 at all | rsa-sha2_384 doesn't match 127.0.0.1:500 at all | rsa-sha2_384 doesn't match 192.0.1.254:4500 at all | rsa-sha2_384 doesn't match 192.0.1.254:500 at all | rsa-sha2_384 doesn't match 192.1.2.45:4500 at all | rsa-sha2_384 doesn't match 192.1.2.45:500 at all added IKEv2 connection "rsa-sha2_384" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d093806b28(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d093808a18(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d093808a18(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d093808a18 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.216 (0.216) milliseconds in whack | newref struct fd@0x55d09380a9a8(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d09380a9a8 (in whack_handle_cb() at rcv_whack.c:869) | whack: delete 'rsa-sha2_512' | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | whack: connection 'rsa-sha2_512' | addref fd@0x55d09380a9a8(1->2) (in string_logger() at log.c:838) | newref string logger@0x55d093808ab8(0->1) (in add_connection() at connections.c:1998) | Connection DB: adding connection "rsa-sha2_512" $13 | FOR_EACH_CONNECTION_... in conn_by_name | added new connection rsa-sha2_512 with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 | from whack: got --esp= | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 | counting wild cards for 1.2.3.4 is 0 | counting wild cards for 4.5.6.7 is 0 | updating connection from left.host_addr | right host_nexthop 1.2.3.4 | left host_port 500 | updating connection from right.host_addr | left host_nexthop 4.5.6.7 | right host_port 500 | orienting rsa-sha2_512 | rsa-sha2_512 doesn't match 127.0.0.1:4500 at all | rsa-sha2_512 doesn't match 127.0.0.1:500 at all | rsa-sha2_512 doesn't match 192.0.1.254:4500 at all | rsa-sha2_512 doesn't match 192.0.1.254:500 at all | rsa-sha2_512 doesn't match 192.1.2.45:4500 at all | rsa-sha2_512 doesn't match 192.1.2.45:500 at all added IKEv2 connection "rsa-sha2_512" | ike_life: 3600; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV2_ALLOW+IKE_FRAG_ALLOW+ESN_NO | 1.2.3.4<1.2.3.4>...4.5.6.7<4.5.6.7> | delref logger@0x55d093808ab8(1->0) (in add_connection() at connections.c:2026) | delref fd@0x55d09380a9a8(2->1) (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | delref fd@0x55d09380a9a8(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d09380a9a8 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.311 (0.372) milliseconds in whack | newref struct fd@0x55d09380c938(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d09380c938 (in whack_handle_cb() at rcv_whack.c:869) | whack: status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states (sort_states) | delref fd@0x55d09380c938(1->0) (in whack_handle_cb() at rcv_whack.c:903) | freeref fd-fd@0x55d09380c938 (in whack_handle_cb() at rcv_whack.c:903) | spent 0.89 (4.03) milliseconds in whack | newref struct fd@0x55d09380ca18(0->1) (in whack_handle_cb() at rcv_whack.c:869) | fd_accept: new fd-fd@0x55d09380ca18 (in whack_handle_cb() at rcv_whack.c:869) shutting down | leaking fd-fd@0x55d09380ca18's FD; will be closed when pluto exits (in whack_handle_cb() at rcv_whack.c:889) | delref fd@0x55d09380ca18(1->0) (in whack_handle_cb() at rcv_whack.c:895) | freeref fd-fd@0x55d09380ca18 (in whack_handle_cb() at rcv_whack.c:895) | shutting down helper thread 1 | helper thread 1 exited | shutting down helper thread 2 | helper thread 2 exited | shutting down helper thread 3 | helper thread 3 exited | shutting down helper thread 4 | helper thread 4 exited | shutting down helper thread 5 | helper thread 5 exited | shutting down helper thread 6 | helper thread 6 exited | shutting down helper thread 7 | helper thread 7 exited 7 helper threads shutdown | delref root_certs@NULL (in free_root_certs() at root_certs.c:127) | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'rsa-sha2_512' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $13 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'rsa-sha2_384' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $12 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'rsa-sha2_256' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $11 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'rsa-sha2' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $10 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'rsa-sha1' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $9 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'ecdsa-sha2_512' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $8 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'ecdsa-sha2_384' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $7 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'ecdsa-sha2_256' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $6 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'ecdsa-sha2' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $5 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'ecdsa' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $4 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'ecdsa-rsa' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $3 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'default-specified-authby' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $2 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | addref fd@NULL (in clone_logger() at log.c:809) | addref fd@NULL (in clone_logger() at log.c:810) | newref clone logger@0x55d09380aa48(0->1) (in clone_logger() at log.c:817) | flush revival: connection 'default-implicit-authby' wasn't on the list | delref vip@NULL (in discard_connection() at connections.c:262) | delref vip@NULL (in discard_connection() at connections.c:263) | Connection DB: deleting connection $1 | delref logger@0x55d09380aa48(1->0) (in delete_connection() at connections.c:214) | delref fd@NULL (in free_logger() at log.c:853) | delref fd@NULL (in free_logger() at log.c:854) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' | iface: marking eth1 dead | iface: marking eth0 dead | iface: marking lo dead | updating interfaces - listing interfaces that are going down shutting down interface lo 127.0.0.1:4500 shutting down interface lo 127.0.0.1:500 shutting down interface eth0 192.0.1.254:4500 shutting down interface eth0 192.0.1.254:500 shutting down interface eth1 192.1.2.45:4500 shutting down interface eth1 192.1.2.45:500 | updating interfaces - deleting the dead | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: delref ptr-libevent@0x55d0937f0208 | delref id@0x55d0937f43d8(3->2) (in release_iface_dev() at iface.c:125) | libevent_free: delref ptr-libevent@0x55d0937b3908 | delref id@0x55d0937f43d8(2->1) (in release_iface_dev() at iface.c:125) | libevent_free: delref ptr-libevent@0x55d0937a8bc8 | delref id@0x55d0937f4308(3->2) (in release_iface_dev() at iface.c:125) | libevent_free: delref ptr-libevent@0x55d0937b3a08 | delref id@0x55d0937f4308(2->1) (in release_iface_dev() at iface.c:125) | libevent_free: delref ptr-libevent@0x55d0937b0428 | delref id@0x55d0937f41d8(3->2) (in release_iface_dev() at iface.c:125) | libevent_free: delref ptr-libevent@0x55d0937b0378 | delref id@0x55d0937f41d8(2->1) (in release_iface_dev() at iface.c:125) | delref id@0x55d0937f41d8(1->0) (in release_iface_dev() at iface.c:125) | delref id@0x55d0937f4308(1->0) (in release_iface_dev() at iface.c:125) | delref id@0x55d0937f43d8(1->0) (in release_iface_dev() at iface.c:125) | updating interfaces - checking orientation | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: delref ptr-libevent@0x55d0937f02b8 | free_event_entry: delref EVENT_NULL-pe@0x55d0937f3778 | libevent_free: delref ptr-libevent@0x55d0937b3808 | free_event_entry: delref EVENT_NULL-pe@0x55d0937f0198 | libevent_free: delref ptr-libevent@0x55d0937b3758 | free_event_entry: delref EVENT_NULL-pe@0x55d0937ee178 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: delref ptr-libevent@0x55d093746308 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: delref ptr-libevent@0x55d093746068 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: delref ptr-libevent@0x55d0937f3998 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: delref ptr-libevent@0x55d0937f3bd8 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: delref ptr-libevent@0x55d0937f3aa8 | libevent_free: delref ptr-libevent@0x55d0937e2d68 | libevent_free: delref ptr-libevent@0x55d0937e2d18 | libevent_free: delref ptr-libevent@0x55d0937b5fc8 | libevent_free: delref ptr-libevent@0x55d0937e2f18 | libevent_free: delref ptr-libevent@0x55d0937e7268 | libevent_free: delref ptr-libevent@0x55d0937e7078 | libevent_free: delref ptr-libevent@0x55d0937e3088 | libevent_free: delref ptr-libevent@0x55d0937e6e88 | libevent_free: delref ptr-libevent@0x55d0937e6848 | libevent_free: delref ptr-libevent@0x55d0937f4ec8 | libevent_free: delref ptr-libevent@0x55d0937f4e88 | libevent_free: delref ptr-libevent@0x55d0937f4e48 | libevent_free: delref ptr-libevent@0x55d0937f4e08 | libevent_free: delref ptr-libevent@0x55d0937f4dc8 | libevent_free: delref ptr-libevent@0x55d0937f4d88 | libevent_free: delref ptr-libevent@0x55d0937e2f58 | libevent_free: delref ptr-libevent@0x55d0937f3958 | libevent_free: delref ptr-libevent@0x55d0937f3918 | libevent_free: delref ptr-libevent@0x55d0937e6ec8 | libevent_free: delref ptr-libevent@0x55d0937f3a68 | libevent_free: delref ptr-libevent@0x55d0937f37e8 | libevent_free: delref ptr-libevent@0x55d0937b5c48 | libevent_free: delref ptr-libevent@0x55d0937b54a8 | libevent_free: delref ptr-libevent@0x55d0937ac4b8 | releasing global libevent data | libevent_free: delref ptr-libevent@0x55d0937b57e8 | libevent_free: delref ptr-libevent@0x55d093743088 | libevent_free: delref ptr-libevent@0x55d0937b5cc8 leak detective found no leaks