Mar 27 18:08:51.696532: | logger: newref @0x560a737b2928(0->1) (main() +1575 pro

1. Mar 27 18:08:51.696532: | logger: newref @0x560a737b2928(0->1) (main() +1575 programs/pluto/plutomain.c)
2. Mar 27 18:08:51.696608: | /usr/libexec/ipsec/pluto: releasing whack (but there are none) (main() +1576 programs/pluto/plutomain.c)
3. Mar 27 18:08:51.696619: | logger: delref @0x560a737b2928(1->0) (main() +1576 programs/pluto/plutomain.c)
4. Mar 27 18:08:51.696646: | checking IKEv1 state table
5. Mar 27 18:08:51.696656: | MAIN_R0: category: half-open IKE SA; v1.flags: 0:
6. Mar 27 18:08:51.696664: | -> MAIN_R1 DISCARD (main_inI1_outR1)
7. Mar 27 18:08:51.696673: | MAIN_I1: category: half-open IKE SA; v1.flags: 0:
8. Mar 27 18:08:51.696681: | -> MAIN_I2 RETRANSMIT (main_inR1_outI2)
9. Mar 27 18:08:51.696690: | MAIN_R1: category: open IKE SA; v1.flags: 0:
10. Mar 27 18:08:51.696697: | -> MAIN_R2 RETRANSMIT (main_inI2_outR2)
11. Mar 27 18:08:51.696705: | -> MAIN_R1 RETRANSMIT (unexpected)
12. Mar 27 18:08:51.696713: | -> MAIN_R1 RETRANSMIT (unexpected)
13. Mar 27 18:08:51.696722: | MAIN_I2: category: open IKE SA; v1.flags: 0:
14. Mar 27 18:08:51.696729: | -> MAIN_I3 RETRANSMIT (main_inR2_outI3)
15. Mar 27 18:08:51.696737: | -> MAIN_I2 RETRANSMIT (unexpected)
16. Mar 27 18:08:51.696745: | -> MAIN_I2 RETRANSMIT (unexpected)
17. Mar 27 18:08:51.696754: | MAIN_R2: category: open IKE SA; v1.flags: 0:
18. Mar 27 18:08:51.696761: | -> MAIN_R3 REPLACE (main_inI3_outR3)
19. Mar 27 18:08:51.696769: | -> MAIN_R3 REPLACE (main_inI3_outR3)
20. Mar 27 18:08:51.696777: | -> MAIN_R2 REPLACE (unexpected)
21. Mar 27 18:08:51.696785: | MAIN_I3: category: open IKE SA; v1.flags: 0:
22. Mar 27 18:08:51.696793: | -> MAIN_I4 REPLACE (main_inR3)
23. Mar 27 18:08:51.696801: | -> MAIN_I4 REPLACE (main_inR3)
24. Mar 27 18:08:51.696809: | -> MAIN_I3 REPLACE (unexpected)
25. Mar 27 18:08:51.696817: | MAIN_R3: category: established IKE SA; v1.flags: 0:
26. Mar 27 18:08:51.696825: | -> MAIN_R3 NULL (unexpected)
27. Mar 27 18:08:51.696834: | MAIN_I4: category: established IKE SA; v1.flags: 0:
28. Mar 27 18:08:51.696842: | -> MAIN_I4 NULL (unexpected)
29. Mar 27 18:08:51.696850: | AGGR_R0: category: half-open IKE SA; v1.flags: 0:
30. Mar 27 18:08:51.696858: | -> AGGR_R1 DISCARD (aggr_inI1_outR1)
31. Mar 27 18:08:51.696866: | AGGR_I1: category: half-open IKE SA; v1.flags: 0:
32. Mar 27 18:08:51.696874: | -> AGGR_I2 REPLACE (aggr_inR1_outI2)
33. Mar 27 18:08:51.696882: | -> AGGR_I2 REPLACE (aggr_inR1_outI2)
34. Mar 27 18:08:51.696891: | AGGR_R1: category: open IKE SA; v1.flags: 0:
35. Mar 27 18:08:51.696898: | -> AGGR_R2 REPLACE (aggr_inI2)
36. Mar 27 18:08:51.696906: | -> AGGR_R2 REPLACE (aggr_inI2)
37. Mar 27 18:08:51.696915: | AGGR_I2: category: established IKE SA; v1.flags: 0:
38. Mar 27 18:08:51.696922: | -> AGGR_I2 NULL (unexpected)
39. Mar 27 18:08:51.696931: | AGGR_R2: category: established IKE SA; v1.flags: 0:
40. Mar 27 18:08:51.696939: | -> AGGR_R2 NULL (unexpected)
41. Mar 27 18:08:51.696947: | QUICK_R0: category: established CHILD SA; v1.flags: 0:
42. Mar 27 18:08:51.696996: | -> QUICK_R1 RETRANSMIT (quick_inI1_outR1)
43. Mar 27 18:08:51.697106: | QUICK_I1: category: established CHILD SA; v1.flags: 0:
44. Mar 27 18:08:51.697115: | -> QUICK_I2 REPLACE (quick_inR1_outI2)
45. Mar 27 18:08:51.697133: | QUICK_R1: category: established CHILD SA; v1.flags: 0:
46. Mar 27 18:08:51.697141: | -> QUICK_R2 REPLACE (quick_inI2)
47. Mar 27 18:08:51.697150: | QUICK_I2: category: established CHILD SA; v1.flags: 0:
48. Mar 27 18:08:51.697158: | -> QUICK_I2 NULL (unexpected)
49. Mar 27 18:08:51.697166: | QUICK_R2: category: established CHILD SA; v1.flags: 0:
50. Mar 27 18:08:51.697174: | -> QUICK_R2 NULL (unexpected)
51. Mar 27 18:08:51.697183: | INFO: category: informational; v1.flags: 0:
52. Mar 27 18:08:51.697190: | -> INFO NULL (informational)
53. Mar 27 18:08:51.697199: | INFO_PROTECTED: category: informational; v1.flags: 0:
54. Mar 27 18:08:51.697207: | -> INFO_PROTECTED NULL (informational)
55. Mar 27 18:08:51.697215: | XAUTH_R0: category: established IKE SA; v1.flags: 0:
56. Mar 27 18:08:51.697223: | -> XAUTH_R1 NULL (xauth_inR0)
57. Mar 27 18:08:51.697232: | XAUTH_R1: category: established IKE SA; v1.flags: 0:
58. Mar 27 18:08:51.697252: | -> MAIN_R3 REPLACE (xauth_inR1)
59. Mar 27 18:08:51.697261: | MODE_CFG_R0: category: informational; v1.flags: 0:
60. Mar 27 18:08:51.697269: | -> MODE_CFG_R1 REPLACE (modecfg_inR0)
61. Mar 27 18:08:51.697277: | MODE_CFG_R1: category: established IKE SA; v1.flags: 0:
62. Mar 27 18:08:51.697285: | -> MODE_CFG_R2 REPLACE (modecfg_inR1)
63. Mar 27 18:08:51.697294: | MODE_CFG_R2: category: established IKE SA; v1.flags: 0:
64. Mar 27 18:08:51.697302: | -> MODE_CFG_R2 NULL (unexpected)
65. Mar 27 18:08:51.697310: | MODE_CFG_I1: category: established IKE SA; v1.flags: 0:
66. Mar 27 18:08:51.697318: | -> MAIN_I4 REPLACE (modecfg_inR1)
67. Mar 27 18:08:51.697326: | XAUTH_I0: category: established IKE SA; v1.flags: 0:
68. Mar 27 18:08:51.697334: | -> XAUTH_I1 RETRANSMIT (xauth_inI0)
69. Mar 27 18:08:51.697343: | XAUTH_I1: category: established IKE SA; v1.flags: 0:
70. Mar 27 18:08:51.697351: | -> MAIN_I4 RETRANSMIT (xauth_inI1)
71. Mar 27 18:08:51.697366: | checking IKEv2 state table
72. Mar 27 18:08:51.697376: | PARENT_I0: category: ignore; v2.secured: no
73. Mar 27 18:08:51.697384: | -> PARENT_I1; RETRANSMIT; send-request
74. Mar 27 18:08:51.697392: | IKE_SA_INIT no-message; payloads:
75. Mar 27 18:08:51.697399: | initiating IKE_SA_INIT
76. Mar 27 18:08:51.697407: | 1 transitions
77. Mar 27 18:08:51.697415: | PARENT_I1: category: half-open IKE SA; v2.secured: no
78. Mar 27 18:08:51.697423: | -> PARENT_I0; DISCARD
79. Mar 27 18:08:51.697433: | IKE_SA_INIT response; payloads: N N(COOKIE)
80. Mar 27 18:08:51.697440: | received anti-DDOS COOKIE response; resending IKE_SA_INIT request with cookie payload added
81. Mar 27 18:08:51.697456: | -> PARENT_I0; DISCARD
82. Mar 27 18:08:51.697465: | IKE_SA_INIT response; payloads: N N(INVALID_KE_PAYLOAD)
83. Mar 27 18:08:51.697472: | received INVALID_KE_PAYLOAD response; resending IKE_SA_INIT with new KE payload
84. Mar 27 18:08:51.697480: | -> PARENT_I0; DISCARD
85. Mar 27 18:08:51.697489: | IKE_SA_INIT response; payloads: N N(REDIRECT)
86. Mar 27 18:08:51.697497: | received REDIRECT response; resending IKE_SA_INIT request to new destination
87. Mar 27 18:08:51.697505: | -> PARENT_I2; RETRANSMIT; send-request
88. Mar 27 18:08:51.697515: | IKE_SA_INIT response; payloads: SA KE Ni [CERTREQ]
89. Mar 27 18:08:51.697523: | Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH or IKE_INTERMEDIATE
90. Mar 27 18:08:51.697530: | 4 transitions
91. Mar 27 18:08:51.697539: | PARENT_I2: category: open IKE SA; v2.secured: yes
92. Mar 27 18:08:51.697547: | -> PARENT_I2; RETRANSMIT; send-request
93. Mar 27 18:08:51.697555: | IKE_INTERMEDIATE response; payloads: SK
94. Mar 27 18:08:51.697562: | Initiator: process IKE_INTERMEDIATE reply, initiate IKE_AUTH or IKE_INTERMEDIATE
95. Mar 27 18:08:51.697570: | -> ESTABLISHED_IKE_SA; REPLACE
96. Mar 27 18:08:51.697582: | IKE_AUTH response; payloads: SK {IDr AUTH [SA] [CERT] [TSi] [TSr] [CP]}
97. Mar 27 18:08:51.697590: | Initiator: process IKE_AUTH response
98. Mar 27 18:08:51.697598: | -> PARENT_I2; NULL
99. Mar 27 18:08:51.697606: | IKE_AUTH response; payloads: SK
100. Mar 27 18:08:51.697613: | Initiator: processing IKE_AUTH failure response
101. Mar 27 18:08:51.697621: | 3 transitions
102. Mar 27 18:08:51.697629: | PARENT_R0: category: half-open IKE SA; v2.secured: no
103. Mar 27 18:08:51.697637: | -> PARENT_R1; DISCARD; send-response
104. Mar 27 18:08:51.697646: | IKE_SA_INIT request; payloads: SA KE Ni
105. Mar 27 18:08:51.697653: | Respond to IKE_SA_INIT
106. Mar 27 18:08:51.697661: | 1 transitions
107. Mar 27 18:08:51.697669: | PARENT_R1: category: half-open IKE SA; v2.secured: yes
108. Mar 27 18:08:51.697677: | -> PARENT_R1; DISCARD; send-response
109. Mar 27 18:08:51.697685: | IKE_INTERMEDIATE request; payloads: SK
110. Mar 27 18:08:51.697693: | Responder: process IKE_INTERMEDIATE request
111. Mar 27 18:08:51.697700: | -> ESTABLISHED_IKE_SA; REPLACE; send-response
112. Mar 27 18:08:51.697713: | IKE_AUTH request; payloads: SK {IDi AUTH [SA] [IDr] [CERT] [CERTREQ] [TSi] [TSr] [CP]}
113. Mar 27 18:08:51.697720: | Responder: process IKE_AUTH request
114. Mar 27 18:08:51.697736: | -> PARENT_R_EAP; DISCARD; send-response
115. Mar 27 18:08:51.697748: | IKE_AUTH request; payloads: SK {IDi [SA] [IDr] [CERTREQ] [TSi] [TSr] [CP]}
116. Mar 27 18:08:51.697755: | Responder: process IKE_AUTH request, initiate EAP
117. Mar 27 18:08:51.697763: | 3 transitions
118. Mar 27 18:08:51.697771: | PARENT_R_EAP: category: open IKE SA; v2.secured: yes
119. Mar 27 18:08:51.697779: | -> PARENT_R_EAP; DISCARD; send-response
120. Mar 27 18:08:51.697788: | IKE_AUTH request; payloads: SK {EAP}
121. Mar 27 18:08:51.697796: | Responder: process IKE_AUTH/EAP, continue EAP
122. Mar 27 18:08:51.697804: | -> ESTABLISHED_IKE_SA; REPLACE; send-response
123. Mar 27 18:08:51.697813: | IKE_AUTH request; payloads: SK {AUTH}
124. Mar 27 18:08:51.697820: | Responder: process final IKE_AUTH/EAP
125. Mar 27 18:08:51.697828: | 2 transitions
126. Mar 27 18:08:51.697836: | IKE_AUTH_CHILD_I0: category: ignore; v2.secured: no
127. Mar 27 18:08:51.697844: | -> ESTABLISHED_CHILD_SA; REPLACE
128. Mar 27 18:08:51.697852: | IKE_AUTH no-message; payloads:
129. Mar 27 18:08:51.697859: | Child SA created by initiator during IKE_AUTH
130. Mar 27 18:08:51.697866: | 1 transitions
131. Mar 27 18:08:51.697875: | IKE_AUTH_CHILD_R0: category: ignore; v2.secured: no
132. Mar 27 18:08:51.697883: | -> ESTABLISHED_CHILD_SA; REPLACE
133. Mar 27 18:08:51.697890: | IKE_AUTH no-message; payloads:
134. Mar 27 18:08:51.697897: | Child SA created by responder during IKE_AUTH
135. Mar 27 18:08:51.697905: | 1 transitions
136. Mar 27 18:08:51.697913: | REKEY_IKE_I0: category: established IKE SA; v2.secured: no
137. Mar 27 18:08:51.697921: | -> REKEY_IKE_I1; RETRANSMIT; send-request
138. Mar 27 18:08:51.697929: | CREATE_CHILD_SA no-message; payloads:
139. Mar 27 18:08:51.698043: | initiate rekey IKE_SA (CREATE_CHILD_SA)
140. Mar 27 18:08:51.698115: | 1 transitions
141. Mar 27 18:08:51.698128: | REKEY_IKE_R0: category: established IKE SA; v2.secured: yes
142. Mar 27 18:08:51.698145: | -> ESTABLISHED_IKE_SA; REPLACE; send-response
143. Mar 27 18:08:51.698157: | CREATE_CHILD_SA request; payloads: SK {SA KE Ni [N]}
144. Mar 27 18:08:51.698164: | process rekey IKE SA request (CREATE_CHILD_SA)
145. Mar 27 18:08:51.698172: | 1 transitions
146. Mar 27 18:08:51.698180: | REKEY_IKE_I1: category: established IKE SA; v2.secured: yes
147. Mar 27 18:08:51.698188: | -> ESTABLISHED_IKE_SA; REPLACE
148. Mar 27 18:08:51.698202: | CREATE_CHILD_SA response; payloads: SK {SA KE Ni [N]}
149. Mar 27 18:08:51.698209: | process rekey IKE SA response (CREATE_CHILD_SA)
150. Mar 27 18:08:51.698217: | -> IKE_SA_DELETE; RETAIN
151. Mar 27 18:08:51.698226: | CREATE_CHILD_SA response; payloads: SK
152. Mar 27 18:08:51.698288: | process rekey IKE SA failure response (CREATE_CHILD_SA)
153. Mar 27 18:08:51.698296: | 2 transitions
154. Mar 27 18:08:51.698305: | REKEY_CHILD_I0: category: established IKE SA; v2.secured: no
155. Mar 27 18:08:51.698313: | -> REKEY_CHILD_I1; RETRANSMIT; send-request
156. Mar 27 18:08:51.698321: | CREATE_CHILD_SA no-message; payloads:
157. Mar 27 18:08:51.698329: | initiate rekey Child SA (CREATE_CHILD_SA)
158. Mar 27 18:08:51.698336: | 1 transitions
159. Mar 27 18:08:51.698354: | REKEY_CHILD_R0: category: established IKE SA; v2.secured: yes
160. Mar 27 18:08:51.698362: | -> ESTABLISHED_CHILD_SA; REPLACE; send-response
161. Mar 27 18:08:51.698375: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP] N(REKEY_SA)}
162. Mar 27 18:08:51.698383: | process rekey Child SA request (CREATE_CHILD_SA)
163. Mar 27 18:08:51.698390: | 1 transitions
164. Mar 27 18:08:51.698399: | REKEY_CHILD_I1: category: established IKE SA; v2.secured: yes
165. Mar 27 18:08:51.698406: | -> ESTABLISHED_CHILD_SA; REPLACE
166. Mar 27 18:08:51.698418: | CREATE_CHILD_SA response; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
167. Mar 27 18:08:51.698426: | process rekey Child SA response (CREATE_CHILD_SA)
168. Mar 27 18:08:51.698434: | -> CHILD_SA_DELETE; RETAIN
169. Mar 27 18:08:51.698442: | CREATE_CHILD_SA response; payloads: SK
170. Mar 27 18:08:51.698458: | process rekey Child SA failure response (CREATE_CHILD_SA)
171. Mar 27 18:08:51.698465: | 2 transitions
172. Mar 27 18:08:51.698474: | NEW_CHILD_I0: category: established IKE SA; v2.secured: no
173. Mar 27 18:08:51.698482: | -> NEW_CHILD_I1; RETRANSMIT; send-request
174. Mar 27 18:08:51.698489: | CREATE_CHILD_SA no-message; payloads:
175. Mar 27 18:08:51.698497: | initiate create Child SA (CREATE_CHILD_SA)
176. Mar 27 18:08:51.698504: | 1 transitions
177. Mar 27 18:08:51.698512: | NEW_CHILD_R0: category: established IKE SA; v2.secured: yes
178. Mar 27 18:08:51.698520: | -> ESTABLISHED_CHILD_SA; REPLACE; send-response
179. Mar 27 18:08:51.698532: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
180. Mar 27 18:08:51.698540: | process create Child SA request (CREATE_CHILD_SA)
181. Mar 27 18:08:51.698547: | 1 transitions
182. Mar 27 18:08:51.698556: | NEW_CHILD_I1: category: established IKE SA; v2.secured: yes
183. Mar 27 18:08:51.698563: | -> ESTABLISHED_CHILD_SA; REPLACE
184. Mar 27 18:08:51.698575: | CREATE_CHILD_SA response; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
185. Mar 27 18:08:51.698583: | process create Child SA response (CREATE_CHILD_SA)
186. Mar 27 18:08:51.698590: | -> CHILD_SA_DELETE; RETAIN
187. Mar 27 18:08:51.698599: | CREATE_CHILD_SA response; payloads: SK
188. Mar 27 18:08:51.698606: | process create Child SA failure response (CREATE_CHILD_SA)
189. Mar 27 18:08:51.698613: | 2 transitions
190. Mar 27 18:08:51.698622: | ESTABLISHED_IKE_SA: category: established IKE SA; v2.secured: yes
191. Mar 27 18:08:51.698630: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
192. Mar 27 18:08:51.698641: | CREATE_CHILD_SA request; payloads: SK {SA KE Ni [N]}
193. Mar 27 18:08:51.698648: | process rekey IKE SA request (CREATE_CHILD_SA)
194. Mar 27 18:08:51.698656: | -> ESTABLISHED_IKE_SA; RETAIN
195. Mar 27 18:08:51.698667: | CREATE_CHILD_SA response; payloads: SK {SA KE Ni [N]}
196. Mar 27 18:08:51.698674: | process rekey IKE SA response (CREATE_CHILD_SA)
197. Mar 27 18:08:51.698682: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
198. Mar 27 18:08:51.698695: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP] N(REKEY_SA)}
199. Mar 27 18:08:51.698702: | process rekey Child SA request (CREATE_CHILD_SA)
200. Mar 27 18:08:51.698710: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
201. Mar 27 18:08:51.698722: | CREATE_CHILD_SA request; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
202. Mar 27 18:08:51.698729: | process create Child SA request (CREATE_CHILD_SA)
203. Mar 27 18:08:51.698737: | -> ESTABLISHED_IKE_SA; RETAIN
204. Mar 27 18:08:51.698749: | CREATE_CHILD_SA response; payloads: SK {SA Ni TSi TSr [KE] [N] [CP]}
205. Mar 27 18:08:51.698756: | process Child SA response (new or rekey) (CREATE_CHILD_SA)
206. Mar 27 18:08:51.698764: | -> ESTABLISHED_IKE_SA; RETAIN
207. Mar 27 18:08:51.698773: | CREATE_CHILD_SA response; payloads: SK
208. Mar 27 18:08:51.698780: | process CREATE_CHILD_SA failure response (new or rekey Child SA, rekey IKE SA)
209. Mar 27 18:08:51.698788: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
210. Mar 27 18:08:51.698796: | INFORMATIONAL request; payloads: SK
211. Mar 27 18:08:51.698803: | Informational Request (liveness probe)
212. Mar 27 18:08:51.698811: | -> ESTABLISHED_IKE_SA; RETAIN
213. Mar 27 18:08:51.698819: | INFORMATIONAL response; payloads: SK
214. Mar 27 18:08:51.698827: | Informational Response (liveness probe)
215. Mar 27 18:08:51.698835: | -> ESTABLISHED_IKE_SA; RETAIN; send-response
216. Mar 27 18:08:51.698845: | INFORMATIONAL request; payloads: SK {[N] [D] [CP]}
217. Mar 27 18:08:51.698853: | Informational Request
218. Mar 27 18:08:51.698860: | -> ESTABLISHED_IKE_SA; RETAIN
219. Mar 27 18:08:51.698871: | INFORMATIONAL response; payloads: SK {[N] [D] [CP]}
220. Mar 27 18:08:51.698878: | Informational Response
221. Mar 27 18:08:51.698885: | 10 transitions
222. Mar 27 18:08:51.698894: | IKE_SA_DELETE: category: established IKE SA; v2.secured: yes
223. Mar 27 18:08:51.698902: | -> IKE_SA_DELETE; RETAIN
224. Mar 27 18:08:51.698960: | INFORMATIONAL response; payloads: SK {[N] [D] [CP]}
225. Mar 27 18:08:51.698969: | IKE_SA_DEL: process INFORMATIONAL response
226. Mar 27 18:08:51.698977: | 1 transitions
227. Mar 27 18:08:51.698993: | initialize state state_db_entries.clonedfrom hash table
228. Mar 27 18:08:51.699014: | initialize state state_db_entries.serialno hash table
229. Mar 27 18:08:51.699040: | initialize state state_db_entries.connection_serialno hash table
230. Mar 27 18:08:51.699060: | initialize state state_db_entries.reqid hash table
231. Mar 27 18:08:51.699080: | initialize state state_db_entries.ike_initiator_spi hash table
232. Mar 27 18:08:51.699100: | initialize state state_db_entries.ike_spis hash table
233. Mar 27 18:08:51.699124: | initialize connection connection_db_entries.clonedfrom hash table
234. Mar 27 18:08:51.699154: | initialize connection connection_db_entries.serialno hash table
235. Mar 27 18:08:51.699176: | initialize connection connection_db_entries.that_id hash table
236. Mar 27 18:08:51.699196: | initialize connection connection_db_entries.host_pair hash table
237. Mar 27 18:08:51.699220: | initialize spd spd_db_entries.remote_client hash table
238. Mar 27 18:08:51.699243: Initializing NSS using read-write database "sql:/var/lib/ipsec/nss"
239. Mar 27 18:08:51.707284: FIPS Mode: OFF
240. Mar 27 18:08:51.707303: NSS crypto library initialized
241. Mar 27 18:08:51.707373: FIPS mode disabled for pluto daemon
242. Mar 27 18:08:51.707381: FIPS HMAC integrity support [not required]
243. Mar 27 18:08:51.707597: libcap-ng support [enabled]
244. Mar 27 18:08:51.707615: Linux audit support [enabled]
245. Mar 27 18:08:51.707642: Linux audit activated
246. Mar 27 18:08:51.707652: Starting Pluto (Libreswan Version 5.0~rc2 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-KDF) DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) LIBCAP_NG LINUX_AUDIT AUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS) NFTABLES CAT NFLOG) pid:1301452
247. Mar 27 18:08:51.707663: core dump dir: /run/pluto
248. Mar 27 18:08:51.707670: secrets file: /etc/ipsec.secrets
249. Mar 27 18:08:51.707677: leak-detective enabled
250. Mar 27 18:08:51.707694: NSS crypto [enabled]
251. Mar 27 18:08:51.707736: XAUTH PAM support [enabled]
252. Mar 27 18:08:51.707747: | initialize pid_entry pid_entry_db_entries.pid hash table
253. Mar 27 18:08:51.707851: | libevent is using pluto's memory allocator
254. Mar 27 18:08:51.707866: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
255. Mar 27 18:08:51.707879: | libevent: newref @0x560a7381a578(0->1) (libevent_malloc() +959 programs/pluto/server.c)
256. Mar 27 18:08:51.707889: | libevent: newref @0x560a7381b008(0->1) (libevent_malloc() +959 programs/pluto/server.c)
257. Mar 27 18:08:51.707899: | libevent: newref @0x560a7381c9e8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
258. Mar 27 18:08:51.707907: | creating event base
259. Mar 27 18:08:51.707916: | libevent: newref @0x560a7381b598(0->1) (libevent_malloc() +959 programs/pluto/server.c)
260. Mar 27 18:08:51.707926: | libevent: newref @0x560a7383f608(0->1) (libevent_malloc() +959 programs/pluto/server.c)
261. Mar 27 18:08:51.707947: | libevent: newref @0x560a737b3df8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
262. Mar 27 18:08:51.707956: | libevent: newref @0x560a7383f8d8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
263. Mar 27 18:08:51.707978: | libevent: newref @0x560a7383f5c8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
264. Mar 27 18:08:51.707988: | libevent: newref @0x560a73819c58(0->1) (libevent_malloc() +959 programs/pluto/server.c)
265. Mar 27 18:08:51.707997: | libevent: newref @0x560a7381a098(0->1) (libevent_malloc() +959 programs/pluto/server.c)
266. Mar 27 18:08:51.708011: | libevent: newref @0x560a7381fcf8(0->1) (libevent_realloc() +969 programs/pluto/server.c)
267. Mar 27 18:08:51.708021: | libevent: newref @0x560a7383fa88(0->1) (libevent_malloc() +959 programs/pluto/server.c)
268. Mar 27 18:08:51.708035: | libevent: delref @0x560a7381b598(1->0) (libevent_free() +975 programs/pluto/server.c)
269. Mar 27 18:08:51.708042: | libevent initialized
270. Mar 27 18:08:51.708053: | libevent: newref @0x560a7381b598(0->1) (libevent_realloc() +969 programs/pluto/server.c)
271. Mar 27 18:08:51.708071: | global periodic timer EVENT_RESET_LOG_LIMITER enabled with interval of 3600 seconds
272. Mar 27 18:08:51.708079: | init_nat_traversal_timer() initialized with keep_alive=0s
273. Mar 27 18:08:51.708087: NAT-Traversal support [enabled]
274. Mar 27 18:08:51.708094: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
275. Mar 27 18:08:51.708103: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
276. Mar 27 18:08:51.708143: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized
277. Mar 27 18:08:51.708155: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
278. Mar 27 18:08:51.708401: Encryption algorithms:
279. Mar 27 18:08:51.708417: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
280. Mar 27 18:08:51.708430: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
281. Mar 27 18:08:51.708442: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
282. Mar 27 18:08:51.708454: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
283. Mar 27 18:08:51.708466: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
284. Mar 27 18:08:51.708479: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
285. Mar 27 18:08:51.708493: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
286. Mar 27 18:08:51.708505: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
287. Mar 27 18:08:51.708518: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
288. Mar 27 18:08:51.708530: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
289. Mar 27 18:08:51.708543: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
290. Mar 27 18:08:51.708556: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
291. Mar 27 18:08:51.708566: NULL [] IKEv1: ESP IKEv2: ESP NULL
292. Mar 27 18:08:51.708578: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
293. Mar 27 18:08:51.708586: Hash algorithms:
294. Mar 27 18:08:51.708595: MD5 IKEv1: IKE IKEv2: NSS
295. Mar 27 18:08:51.708605: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
296. Mar 27 18:08:51.708616: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
297. Mar 27 18:08:51.708626: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
298. Mar 27 18:08:51.708636: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
299. Mar 27 18:08:51.708646: IDENTITY IKEv1: IKEv2: FIPS
300. Mar 27 18:08:51.708653: PRF algorithms:
301. Mar 27 18:08:51.708701: HMAC_MD5 IKEv1: IKE IKEv2: IKE NSS md5
302. Mar 27 18:08:51.708764: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
303. Mar 27 18:08:51.708789: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
304. Mar 27 18:08:51.708801: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
305. Mar 27 18:08:51.708813: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
306. Mar 27 18:08:51.708823: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
307. Mar 27 18:08:51.708831: Integrity algorithms:
308. Mar 27 18:08:51.708859: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS md5, hmac_md5
309. Mar 27 18:08:51.708872: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
310. Mar 27 18:08:51.708886: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
311. Mar 27 18:08:51.708899: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
312. Mar 27 18:08:51.708913: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
313. Mar 27 18:08:51.708923: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
314. Mar 27 18:08:51.708935: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
315. Mar 27 18:08:51.708945: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
316. Mar 27 18:08:51.708956: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
317. Mar 27 18:08:51.708963: DH algorithms:
318. Mar 27 18:08:51.708974: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
319. Mar 27 18:08:51.708984: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
320. Mar 27 18:08:51.708994: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
321. Mar 27 18:08:51.709004: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
322. Mar 27 18:08:51.709014: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
323. Mar 27 18:08:51.709025: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
324. Mar 27 18:08:51.709035: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
325. Mar 27 18:08:51.709045: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
326. Mar 27 18:08:51.709056: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
327. Mar 27 18:08:51.709067: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
328. Mar 27 18:08:51.709078: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
329. Mar 27 18:08:51.709088: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
330. Mar 27 18:08:51.709095: IPCOMP algorithms:
331. Mar 27 18:08:51.709105: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
332. Mar 27 18:08:51.709114: LZS IKEv1: IKEv2: ESP AH FIPS
333. Mar 27 18:08:51.709123: LZJH IKEv1: IKEv2: ESP AH FIPS
334. Mar 27 18:08:51.709131: testing CAMELLIA_CBC:
335. Mar 27 18:08:51.709138: Camellia: 16 bytes with 128-bit key
336. Mar 27 18:08:51.709220: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
337. Mar 27 18:08:51.709250: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
338. Mar 27 18:08:51.709258: | symkey: delref tmp-key@0x560a73841460
339. Mar 27 18:08:51.709312: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
340. Mar 27 18:08:51.709324: Camellia: 16 bytes with 128-bit key
341. Mar 27 18:08:51.709381: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
342. Mar 27 18:08:51.709409: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
343. Mar 27 18:08:51.709425: | symkey: delref tmp-key@0x560a73841460
344. Mar 27 18:08:51.709468: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
345. Mar 27 18:08:51.709479: Camellia: 16 bytes with 256-bit key
346. Mar 27 18:08:51.709538: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
347. Mar 27 18:08:51.709567: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
348. Mar 27 18:08:51.709575: | symkey: delref tmp-key@0x560a73841460
349. Mar 27 18:08:51.709618: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
350. Mar 27 18:08:51.709629: Camellia: 16 bytes with 256-bit key
351. Mar 27 18:08:51.709865: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
352. Mar 27 18:08:51.709945: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, CAMELLIA_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
353. Mar 27 18:08:51.709967: | symkey: delref tmp-key@0x560a73841460
354. Mar 27 18:08:51.710032: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
355. Mar 27 18:08:51.710043: testing AES_GCM_16:
356. Mar 27 18:08:51.710051: empty string
357. Mar 27 18:08:51.710113: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
358. Mar 27 18:08:51.710145: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
359. Mar 27 18:08:51.710153: | symkey: delref tmp-key@0x560a73841460
360. Mar 27 18:08:51.710194: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
361. Mar 27 18:08:51.710206: one block
362. Mar 27 18:08:51.710266: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
363. Mar 27 18:08:51.710297: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
364. Mar 27 18:08:51.710306: | symkey: delref tmp-key@0x560a73841460
365. Mar 27 18:08:51.710341: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
366. Mar 27 18:08:51.710354: two blocks
367. Mar 27 18:08:51.710413: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
368. Mar 27 18:08:51.710444: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
369. Mar 27 18:08:51.710454: | symkey: delref tmp-key@0x560a73841460
370. Mar 27 18:08:51.710492: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
371. Mar 27 18:08:51.710503: two blocks with associated data
372. Mar 27 18:08:51.710563: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
373. Mar 27 18:08:51.710594: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_GCM)(decode_to_key() +120 lib/libswan/test_buffer.c)
374. Mar 27 18:08:51.710603: | symkey: delref tmp-key@0x560a73841460
375. Mar 27 18:08:51.710738: | test_gcm_vector: delref sym_key-key@0x560a7383fbf0
376. Mar 27 18:08:51.710763: testing AES_CTR:
377. Mar 27 18:08:51.710772: Encrypting 16 octets using AES-CTR with 128-bit key
378. Mar 27 18:08:51.710838: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
379. Mar 27 18:08:51.710868: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
380. Mar 27 18:08:51.710876: | symkey: delref tmp-key@0x560a73841460
381. Mar 27 18:08:51.710916: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
382. Mar 27 18:08:51.710927: Encrypting 32 octets using AES-CTR with 128-bit key
383. Mar 27 18:08:51.710983: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
384. Mar 27 18:08:51.711012: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
385. Mar 27 18:08:51.711028: | symkey: delref tmp-key@0x560a73841460
386. Mar 27 18:08:51.711074: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
387. Mar 27 18:08:51.711085: Encrypting 36 octets using AES-CTR with 128-bit key
388. Mar 27 18:08:51.711150: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
389. Mar 27 18:08:51.711180: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
390. Mar 27 18:08:51.711189: | symkey: delref tmp-key@0x560a73841460
391. Mar 27 18:08:51.711238: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
392. Mar 27 18:08:51.711249: Encrypting 16 octets using AES-CTR with 192-bit key
393. Mar 27 18:08:51.711307: | result: newref symkey-key@0x560a73841460 (40-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
394. Mar 27 18:08:51.711337: | result: newref symkey-key@0x560a7383fbf0 (24-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
395. Mar 27 18:08:51.711346: | symkey: delref tmp-key@0x560a73841460
396. Mar 27 18:08:51.711386: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
397. Mar 27 18:08:51.711397: Encrypting 32 octets using AES-CTR with 192-bit key
398. Mar 27 18:08:51.711456: | result: newref symkey-key@0x560a73841460 (40-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
399. Mar 27 18:08:51.711485: | result: newref symkey-key@0x560a7383fbf0 (24-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
400. Mar 27 18:08:51.711494: | symkey: delref tmp-key@0x560a73841460
401. Mar 27 18:08:51.711541: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
402. Mar 27 18:08:51.711552: Encrypting 36 octets using AES-CTR with 192-bit key
403. Mar 27 18:08:51.711694: | result: newref symkey-key@0x560a73841460 (40-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
404. Mar 27 18:08:51.711730: | result: newref symkey-key@0x560a7383fbf0 (24-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
405. Mar 27 18:08:51.711738: | symkey: delref tmp-key@0x560a73841460
406. Mar 27 18:08:51.711789: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
407. Mar 27 18:08:51.711800: Encrypting 16 octets using AES-CTR with 256-bit key
408. Mar 27 18:08:51.711860: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
409. Mar 27 18:08:51.711890: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
410. Mar 27 18:08:51.711899: | symkey: delref tmp-key@0x560a73841460
411. Mar 27 18:08:51.711939: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
412. Mar 27 18:08:51.711950: Encrypting 32 octets using AES-CTR with 256-bit key
413. Mar 27 18:08:51.712010: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
414. Mar 27 18:08:51.712039: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
415. Mar 27 18:08:51.712048: | symkey: delref tmp-key@0x560a73841460
416. Mar 27 18:08:51.712095: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
417. Mar 27 18:08:51.712106: Encrypting 36 octets using AES-CTR with 256-bit key
418. Mar 27 18:08:51.712165: | result: newref symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
419. Mar 27 18:08:51.712195: | result: newref symkey-key@0x560a7383fbf0 (32-bytes, AES_CTR)(decode_to_key() +120 lib/libswan/test_buffer.c)
420. Mar 27 18:08:51.712203: | symkey: delref tmp-key@0x560a73841460
421. Mar 27 18:08:51.712252: | test_ctr_vector: delref sym_key-key@0x560a7383fbf0
422. Mar 27 18:08:51.712263: testing AES_CBC:
423. Mar 27 18:08:51.712271: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
424. Mar 27 18:08:51.712329: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
425. Mar 27 18:08:51.712358: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
426. Mar 27 18:08:51.712378: | symkey: delref tmp-key@0x560a73841460
427. Mar 27 18:08:51.712419: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
428. Mar 27 18:08:51.712430: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
429. Mar 27 18:08:51.712489: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
430. Mar 27 18:08:51.712518: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
431. Mar 27 18:08:51.712527: | symkey: delref tmp-key@0x560a73841460
432. Mar 27 18:08:51.712595: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
433. Mar 27 18:08:51.712610: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
434. Mar 27 18:08:51.712713: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
435. Mar 27 18:08:51.712757: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
436. Mar 27 18:08:51.712766: | symkey: delref tmp-key@0x560a73841460
437. Mar 27 18:08:51.712867: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
438. Mar 27 18:08:51.712883: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
439. Mar 27 18:08:51.712943: | result: newref symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
440. Mar 27 18:08:51.712973: | result: newref symkey-key@0x560a7383fbf0 (16-bytes, AES_CBC)(decode_to_key() +120 lib/libswan/test_buffer.c)
441. Mar 27 18:08:51.712981: | symkey: delref tmp-key@0x560a73841460
442. Mar 27 18:08:51.713056: | test_cbc_vector: delref sym_key-key@0x560a7383fbf0
443. Mar 27 18:08:51.713068: testing AES_XCBC:
444. Mar 27 18:08:51.713078: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
445. Mar 27 18:08:51.713143: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
446. Mar 27 18:08:51.713175: | result: newref key-key@0x560a7383fbf0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
447. Mar 27 18:08:51.713184: | key: delref tmp-key@0x560a73841460
448. Mar 27 18:08:51.713218: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
449. Mar 27 18:08:51.713227: | PRF chunk interface: delref clone-key@0x560a7383fbf0
450. Mar 27 18:08:51.713306: | result: newref k1-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
451. Mar 27 18:08:51.713339: | result: newref k1-key@0x560a7383fbf0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
452. Mar 27 18:08:51.713348: | k1: delref tmp-key@0x560a73842eb0
453. Mar 27 18:08:51.713373: | xcbc: delref k1-key@0x560a7383fbf0
454. Mar 27 18:08:51.713385: | PRF chunk interface: delref key-key@0x560a73841460
455. Mar 27 18:08:51.713449: | result: newref key symkey-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
456. Mar 27 18:08:51.713481: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
457. Mar 27 18:08:51.713490: | key symkey: delref tmp-key@0x560a7383fbf0
458. Mar 27 18:08:51.713524: | result: newref key symkey-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
459. Mar 27 18:08:51.713691: | result: newref k1-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
460. Mar 27 18:08:51.713725: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
461. Mar 27 18:08:51.713734: | k1: delref tmp-key@0x560a73846a10
462. Mar 27 18:08:51.713758: | xcbc: delref k1-key@0x560a73842eb0
463. Mar 27 18:08:51.713817: | result: newref xcbc-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
464. Mar 27 18:08:51.713856: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
465. Mar 27 18:08:51.713865: | xcbc: delref tmp-key@0x560a73846a10
466. Mar 27 18:08:51.713877: | PRF symkey interface: delref key-key@0x560a7383fbf0
467. Mar 27 18:08:51.713910: | RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
468. Mar 27 18:08:51.713935: | RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input: delref slot-key-key@0x560a73848340
469. Mar 27 18:08:51.713948: | test_prf_vector: delref message-key@NULL
470. Mar 27 18:08:51.713956: | test_prf_vector: delref key-key@0x560a73841460
471. Mar 27 18:08:51.713967: | test_prf_vector: delref output-key@0x560a73842eb0
472. Mar 27 18:08:51.713978: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
473. Mar 27 18:08:51.714039: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
474. Mar 27 18:08:51.714068: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
475. Mar 27 18:08:51.714077: | key: delref tmp-key@0x560a73841460
476. Mar 27 18:08:51.714108: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
477. Mar 27 18:08:51.714117: | PRF chunk interface: delref clone-key@0x560a73842eb0
478. Mar 27 18:08:51.714181: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
479. Mar 27 18:08:51.714211: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
480. Mar 27 18:08:51.714220: | k1: delref tmp-key@0x560a7383fbf0
481. Mar 27 18:08:51.714242: | xcbc: delref k1-key@0x560a73842eb0
482. Mar 27 18:08:51.714254: | PRF chunk interface: delref key-key@0x560a73841460
483. Mar 27 18:08:51.714313: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
484. Mar 27 18:08:51.714343: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
485. Mar 27 18:08:51.714351: | key symkey: delref tmp-key@0x560a73842eb0
486. Mar 27 18:08:51.714383: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
487. Mar 27 18:08:51.714439: | result: newref message symkey-key@0x560a73846a10 (19-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
488. Mar 27 18:08:51.714469: | result: newref message symkey-key@0x560a7383fbf0 (3-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
489. Mar 27 18:08:51.714477: | message symkey: delref tmp-key@0x560a73846a10
490. Mar 27 18:08:51.714508: | symkey message: newref slot-key@0x560a73848340 (3-bytes, EXTRACT_KEY_FROM_KEY)
491. Mar 27 18:08:51.714556: | symkey message: delref slot-key-key@0x560a73848340
492. Mar 27 18:08:51.714699: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
493. Mar 27 18:08:51.714742: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
494. Mar 27 18:08:51.714751: | k1: delref tmp-key@0x560a73848480
495. Mar 27 18:08:51.714778: | xcbc: delref k1-key@0x560a73846a10
496. Mar 27 18:08:51.714838: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
497. Mar 27 18:08:51.714867: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
498. Mar 27 18:08:51.714876: | xcbc: delref tmp-key@0x560a73848480
499. Mar 27 18:08:51.714887: | PRF symkey interface: delref key-key@0x560a73842eb0
500. Mar 27 18:08:51.714918: | RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
501. Mar 27 18:08:51.714955: | RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input: delref slot-key-key@0x560a73848340
502. Mar 27 18:08:51.714968: | test_prf_vector: delref message-key@0x560a7383fbf0
503. Mar 27 18:08:51.714979: | test_prf_vector: delref key-key@0x560a73841460
504. Mar 27 18:08:51.714990: | test_prf_vector: delref output-key@0x560a73846a10
505. Mar 27 18:08:51.715001: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
506. Mar 27 18:08:51.715063: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
507. Mar 27 18:08:51.715093: | result: newref key-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
508. Mar 27 18:08:51.715101: | key: delref tmp-key@0x560a73841460
509. Mar 27 18:08:51.715133: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
510. Mar 27 18:08:51.715144: | PRF chunk interface: delref clone-key@0x560a73846a10
511. Mar 27 18:08:51.715214: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
512. Mar 27 18:08:51.715246: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
513. Mar 27 18:08:51.715255: | k1: delref tmp-key@0x560a7383fbf0
514. Mar 27 18:08:51.715280: | xcbc: delref k1-key@0x560a73846a10
515. Mar 27 18:08:51.715292: | PRF chunk interface: delref key-key@0x560a73841460
516. Mar 27 18:08:51.715355: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
517. Mar 27 18:08:51.715388: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
518. Mar 27 18:08:51.715396: | key symkey: delref tmp-key@0x560a73846a10
519. Mar 27 18:08:51.715430: | result: newref key symkey-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
520. Mar 27 18:08:51.715491: | result: newref message symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
521. Mar 27 18:08:51.715538: | result: newref message symkey-key@0x560a7383fbf0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
522. Mar 27 18:08:51.715592: | message symkey: delref tmp-key@0x560a73842eb0
523. Mar 27 18:08:51.715626: | symkey message: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
524. Mar 27 18:08:51.715649: | symkey message: delref slot-key-key@0x560a73848340
525. Mar 27 18:08:51.715715: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
526. Mar 27 18:08:51.715745: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
527. Mar 27 18:08:51.715753: | k1: delref tmp-key@0x560a73848480
528. Mar 27 18:08:51.715776: | xcbc: delref k1-key@0x560a73842eb0
529. Mar 27 18:08:51.715838: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
530. Mar 27 18:08:51.715870: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
531. Mar 27 18:08:51.715881: | xcbc: delref tmp-key@0x560a73848480
532. Mar 27 18:08:51.715893: | PRF symkey interface: delref key-key@0x560a73846a10
533. Mar 27 18:08:51.715926: | RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
534. Mar 27 18:08:51.715951: | RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input: delref slot-key-key@0x560a73848340
535. Mar 27 18:08:51.715964: | test_prf_vector: delref message-key@0x560a7383fbf0
536. Mar 27 18:08:51.715977: | test_prf_vector: delref key-key@0x560a73841460
537. Mar 27 18:08:51.715988: | test_prf_vector: delref output-key@0x560a73842eb0
538. Mar 27 18:08:51.716011: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
539. Mar 27 18:08:51.716079: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
540. Mar 27 18:08:51.716111: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
541. Mar 27 18:08:51.716120: | key: delref tmp-key@0x560a73841460
542. Mar 27 18:08:51.716154: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
543. Mar 27 18:08:51.716163: | PRF chunk interface: delref clone-key@0x560a73842eb0
544. Mar 27 18:08:51.716232: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
545. Mar 27 18:08:51.716264: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
546. Mar 27 18:08:51.716275: | k1: delref tmp-key@0x560a7383fbf0
547. Mar 27 18:08:51.716305: | xcbc: delref k1-key@0x560a73842eb0
548. Mar 27 18:08:51.716317: | PRF chunk interface: delref key-key@0x560a73841460
549. Mar 27 18:08:51.716380: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
550. Mar 27 18:08:51.716412: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
551. Mar 27 18:08:51.716421: | key symkey: delref tmp-key@0x560a73842eb0
552. Mar 27 18:08:51.716455: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
553. Mar 27 18:08:51.716546: | result: newref message symkey-key@0x560a73846a10 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
554. Mar 27 18:08:51.716581: | result: newref message symkey-key@0x560a7383fbf0 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
555. Mar 27 18:08:51.716591: | message symkey: delref tmp-key@0x560a73846a10
556. Mar 27 18:08:51.716653: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
557. Mar 27 18:08:51.716677: | symkey message: delref slot-key-key@0x560a73848340
558. Mar 27 18:08:51.716742: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
559. Mar 27 18:08:51.716772: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
560. Mar 27 18:08:51.716781: | k1: delref tmp-key@0x560a73848480
561. Mar 27 18:08:51.716808: | xcbc: delref k1-key@0x560a73846a10
562. Mar 27 18:08:51.716867: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
563. Mar 27 18:08:51.716897: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
564. Mar 27 18:08:51.716905: | xcbc: delref tmp-key@0x560a73848480
565. Mar 27 18:08:51.716916: | PRF symkey interface: delref key-key@0x560a73842eb0
566. Mar 27 18:08:51.716948: | RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
567. Mar 27 18:08:51.716972: | RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input: delref slot-key-key@0x560a73848340
568. Mar 27 18:08:51.716985: | test_prf_vector: delref message-key@0x560a7383fbf0
569. Mar 27 18:08:51.716998: | test_prf_vector: delref key-key@0x560a73841460
570. Mar 27 18:08:51.717009: | test_prf_vector: delref output-key@0x560a73846a10
571. Mar 27 18:08:51.717020: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
572. Mar 27 18:08:51.717091: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
573. Mar 27 18:08:51.717123: | result: newref key-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
574. Mar 27 18:08:51.717131: | key: delref tmp-key@0x560a73841460
575. Mar 27 18:08:51.717175: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
576. Mar 27 18:08:51.717186: | PRF chunk interface: delref clone-key@0x560a73846a10
577. Mar 27 18:08:51.717256: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
578. Mar 27 18:08:51.717288: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
579. Mar 27 18:08:51.717297: | k1: delref tmp-key@0x560a7383fbf0
580. Mar 27 18:08:51.717326: | xcbc: delref k1-key@0x560a73846a10
581. Mar 27 18:08:51.717338: | PRF chunk interface: delref key-key@0x560a73841460
582. Mar 27 18:08:51.717402: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
583. Mar 27 18:08:51.717434: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
584. Mar 27 18:08:51.717442: | key symkey: delref tmp-key@0x560a73846a10
585. Mar 27 18:08:51.717491: | result: newref key symkey-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
586. Mar 27 18:08:51.717602: | result: newref message symkey-key@0x560a73842eb0 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
587. Mar 27 18:08:51.717637: | result: newref message symkey-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
588. Mar 27 18:08:51.717646: | message symkey: delref tmp-key@0x560a73842eb0
589. Mar 27 18:08:51.717677: | symkey message: newref slot-key@0x560a73848340 (32-bytes, EXTRACT_KEY_FROM_KEY)
590. Mar 27 18:08:51.717699: | symkey message: delref slot-key-key@0x560a73848340
591. Mar 27 18:08:51.717765: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
592. Mar 27 18:08:51.717794: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
593. Mar 27 18:08:51.717803: | k1: delref tmp-key@0x560a73848480
594. Mar 27 18:08:51.717830: | xcbc: delref k1-key@0x560a73842eb0
595. Mar 27 18:08:51.717889: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
596. Mar 27 18:08:51.717919: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
597. Mar 27 18:08:51.717927: | xcbc: delref tmp-key@0x560a73848480
598. Mar 27 18:08:51.717938: | PRF symkey interface: delref key-key@0x560a73846a10
599. Mar 27 18:08:51.717972: | RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
600. Mar 27 18:08:51.717996: | RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input: delref slot-key-key@0x560a73848340
601. Mar 27 18:08:51.718009: | test_prf_vector: delref message-key@0x560a7383fbf0
602. Mar 27 18:08:51.718023: | test_prf_vector: delref key-key@0x560a73841460
603. Mar 27 18:08:51.718034: | test_prf_vector: delref output-key@0x560a73842eb0
604. Mar 27 18:08:51.718045: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
605. Mar 27 18:08:51.718116: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
606. Mar 27 18:08:51.718148: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
607. Mar 27 18:08:51.718157: | key: delref tmp-key@0x560a73841460
608. Mar 27 18:08:51.718190: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
609. Mar 27 18:08:51.718199: | PRF chunk interface: delref clone-key@0x560a73842eb0
610. Mar 27 18:08:51.718269: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
611. Mar 27 18:08:51.718312: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
612. Mar 27 18:08:51.718321: | k1: delref tmp-key@0x560a7383fbf0
613. Mar 27 18:08:51.718356: | xcbc: delref k1-key@0x560a73842eb0
614. Mar 27 18:08:51.718368: | PRF chunk interface: delref key-key@0x560a73841460
615. Mar 27 18:08:51.718432: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
616. Mar 27 18:08:51.718498: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
617. Mar 27 18:08:51.718511: | key symkey: delref tmp-key@0x560a73842eb0
618. Mar 27 18:08:51.718599: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
619. Mar 27 18:08:51.718710: | result: newref message symkey-key@0x560a73846a10 (50-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
620. Mar 27 18:08:51.718744: | result: newref message symkey-key@0x560a7383fbf0 (34-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
621. Mar 27 18:08:51.718753: | message symkey: delref tmp-key@0x560a73846a10
622. Mar 27 18:08:51.718784: | symkey message: newref slot-key@0x560a73848340 (34-bytes, EXTRACT_KEY_FROM_KEY)
623. Mar 27 18:08:51.718807: | symkey message: delref slot-key-key@0x560a73848340
624. Mar 27 18:08:51.718872: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
625. Mar 27 18:08:51.718902: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
626. Mar 27 18:08:51.718910: | k1: delref tmp-key@0x560a73848480
627. Mar 27 18:08:51.718942: | xcbc: delref k1-key@0x560a73846a10
628. Mar 27 18:08:51.719001: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
629. Mar 27 18:08:51.719031: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
630. Mar 27 18:08:51.719039: | xcbc: delref tmp-key@0x560a73848480
631. Mar 27 18:08:51.719050: | PRF symkey interface: delref key-key@0x560a73842eb0
632. Mar 27 18:08:51.719081: | RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
633. Mar 27 18:08:51.719103: | RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input: delref slot-key-key@0x560a73848340
634. Mar 27 18:08:51.719115: | test_prf_vector: delref message-key@0x560a7383fbf0
635. Mar 27 18:08:51.719127: | test_prf_vector: delref key-key@0x560a73841460
636. Mar 27 18:08:51.719141: | test_prf_vector: delref output-key@0x560a73846a10
637. Mar 27 18:08:51.719153: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
638. Mar 27 18:08:51.719258: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
639. Mar 27 18:08:51.719292: | result: newref key-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
640. Mar 27 18:08:51.719300: | key: delref tmp-key@0x560a73841460
641. Mar 27 18:08:51.719332: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
642. Mar 27 18:08:51.719341: | PRF chunk interface: delref clone-key@0x560a73846a10
643. Mar 27 18:08:51.719407: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
644. Mar 27 18:08:51.719474: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
645. Mar 27 18:08:51.719492: | k1: delref tmp-key@0x560a7383fbf0
646. Mar 27 18:08:51.719815: | xcbc: delref k1-key@0x560a73846a10
647. Mar 27 18:08:51.719830: | PRF chunk interface: delref key-key@0x560a73841460
648. Mar 27 18:08:51.719894: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
649. Mar 27 18:08:51.719935: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
650. Mar 27 18:08:51.719945: | key symkey: delref tmp-key@0x560a73846a10
651. Mar 27 18:08:51.719979: | result: newref key symkey-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
652. Mar 27 18:08:51.720040: | result: newref message symkey-key@0x560a73842eb0 (1016-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
653. Mar 27 18:08:51.720077: | result: newref message symkey-key@0x560a7383fbf0 (1000-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
654. Mar 27 18:08:51.720088: | message symkey: delref tmp-key@0x560a73842eb0
655. Mar 27 18:08:51.720126: | symkey message: newref slot-key@0x560a73848340 (1000-bytes, EXTRACT_KEY_FROM_KEY)
656. Mar 27 18:08:51.720156: | symkey message: delref slot-key-key@0x560a73848340
657. Mar 27 18:08:51.720226: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
658. Mar 27 18:08:51.720259: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
659. Mar 27 18:08:51.720267: | k1: delref tmp-key@0x560a73848480
660. Mar 27 18:08:51.720673: | xcbc: delref k1-key@0x560a73842eb0
661. Mar 27 18:08:51.720738: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
662. Mar 27 18:08:51.720768: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
663. Mar 27 18:08:51.720777: | xcbc: delref tmp-key@0x560a73848480
664. Mar 27 18:08:51.720788: | PRF symkey interface: delref key-key@0x560a73846a10
665. Mar 27 18:08:51.720819: | RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
666. Mar 27 18:08:51.720841: | RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input: delref slot-key-key@0x560a73848340
667. Mar 27 18:08:51.720854: | test_prf_vector: delref message-key@0x560a7383fbf0
668. Mar 27 18:08:51.720865: | test_prf_vector: delref key-key@0x560a73841460
669. Mar 27 18:08:51.720876: | test_prf_vector: delref output-key@0x560a73842eb0
670. Mar 27 18:08:51.720887: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
671. Mar 27 18:08:51.720955: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
672. Mar 27 18:08:51.720988: | result: newref key-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
673. Mar 27 18:08:51.720996: | key: delref tmp-key@0x560a73841460
674. Mar 27 18:08:51.721030: | result: newref key-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
675. Mar 27 18:08:51.721039: | PRF chunk interface: delref clone-key@0x560a73842eb0
676. Mar 27 18:08:51.721118: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
677. Mar 27 18:08:51.721149: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
678. Mar 27 18:08:51.721158: | k1: delref tmp-key@0x560a7383fbf0
679. Mar 27 18:08:51.721187: | xcbc: delref k1-key@0x560a73842eb0
680. Mar 27 18:08:51.721198: | PRF chunk interface: delref key-key@0x560a73841460
681. Mar 27 18:08:51.721260: | result: newref key symkey-key@0x560a73842eb0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
682. Mar 27 18:08:51.721291: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
683. Mar 27 18:08:51.721300: | key symkey: delref tmp-key@0x560a73842eb0
684. Mar 27 18:08:51.721332: | result: newref key symkey-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +231 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
685. Mar 27 18:08:51.721472: | result: newref message symkey-key@0x560a73846a10 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
686. Mar 27 18:08:51.721545: | result: newref message symkey-key@0x560a7383fbf0 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
687. Mar 27 18:08:51.721563: | message symkey: delref tmp-key@0x560a73846a10
688. Mar 27 18:08:51.721594: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
689. Mar 27 18:08:51.721616: | symkey message: delref slot-key-key@0x560a73848340
690. Mar 27 18:08:51.721679: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
691. Mar 27 18:08:51.721708: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
692. Mar 27 18:08:51.721717: | k1: delref tmp-key@0x560a73848480
693. Mar 27 18:08:51.721743: | xcbc: delref k1-key@0x560a73846a10
694. Mar 27 18:08:51.721800: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
695. Mar 27 18:08:51.721829: | result: newref xcbc-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
696. Mar 27 18:08:51.721837: | xcbc: delref tmp-key@0x560a73848480
697. Mar 27 18:08:51.721848: | PRF symkey interface: delref key-key@0x560a73842eb0
698. Mar 27 18:08:51.721878: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
699. Mar 27 18:08:51.721899: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16): delref slot-key-key@0x560a73848340
700. Mar 27 18:08:51.721911: | test_prf_vector: delref message-key@0x560a7383fbf0
701. Mar 27 18:08:51.721922: | test_prf_vector: delref key-key@0x560a73841460
702. Mar 27 18:08:51.721933: | test_prf_vector: delref output-key@0x560a73846a10
703. Mar 27 18:08:51.721943: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
704. Mar 27 18:08:51.722003: | result: newref key-key@0x560a73841460 (26-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
705. Mar 27 18:08:51.722032: | result: newref key-key@0x560a73846a10 (10-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
706. Mar 27 18:08:51.722040: | key: delref tmp-key@0x560a73841460
707. Mar 27 18:08:51.722051: | xcbc: addref local_draft_key-key@0x560a73846a10
708. Mar 27 18:08:51.722084: | result: newref local_draft_key+=0-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
709. Mar 27 18:08:51.722092: | append_symkey_bytes: delref lhs-key@0x560a73846a10
710. Mar 27 18:08:51.722120: | result: newref PRF chunk interface-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +205 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
711. Mar 27 18:08:51.722129: | PRF chunk interface: delref local_draft_key-key@0x560a73841460
712. Mar 27 18:08:51.722143: | PRF chunk interface: delref clone-key@0x560a73846a10
713. Mar 27 18:08:51.722263: | result: newref k1-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
714. Mar 27 18:08:51.722296: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
715. Mar 27 18:08:51.722304: | k1: delref tmp-key@0x560a73841460
716. Mar 27 18:08:51.722370: | xcbc: delref k1-key@0x560a73846a10
717. Mar 27 18:08:51.722386: | PRF chunk interface: delref key-key@0x560a7383fbf0
718. Mar 27 18:08:51.722453: | result: newref key symkey-key@0x560a73846a10 (26-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
719. Mar 27 18:08:51.722482: | result: newref key symkey-key@0x560a7383fbf0 (10-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
720. Mar 27 18:08:51.722491: | key symkey: delref tmp-key@0x560a73846a10
721. Mar 27 18:08:51.722511: | xcbc: addref local_draft_key-key@0x560a7383fbf0
722. Mar 27 18:08:51.722544: | result: newref local_draft_key+=0-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
723. Mar 27 18:08:51.722553: | append_symkey_bytes: delref lhs-key@0x560a7383fbf0
724. Mar 27 18:08:51.722580: | result: newref PRF symkey interface-key@0x560a73841460 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +205 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
725. Mar 27 18:08:51.722589: | PRF symkey interface: delref local_draft_key-key@0x560a73846a10
726. Mar 27 18:08:51.722646: | result: newref message symkey-key@0x560a73842eb0 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
727. Mar 27 18:08:51.722675: | result: newref message symkey-key@0x560a73846a10 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
728. Mar 27 18:08:51.722684: | message symkey: delref tmp-key@0x560a73842eb0
729. Mar 27 18:08:51.722716: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
730. Mar 27 18:08:51.722740: | symkey message: delref slot-key-key@0x560a73848340
731. Mar 27 18:08:51.722808: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
732. Mar 27 18:08:51.722839: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
733. Mar 27 18:08:51.722848: | k1: delref tmp-key@0x560a73848480
734. Mar 27 18:08:51.722876: | xcbc: delref k1-key@0x560a73842eb0
735. Mar 27 18:08:51.722938: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
736. Mar 27 18:08:51.722969: | result: newref xcbc-key@0x560a73842eb0 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
737. Mar 27 18:08:51.722977: | xcbc: delref tmp-key@0x560a73848480
738. Mar 27 18:08:51.722990: | PRF symkey interface: delref key-key@0x560a73841460
739. Mar 27 18:08:51.723023: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
740. Mar 27 18:08:51.723044: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10): delref slot-key-key@0x560a73848340
741. Mar 27 18:08:51.723058: | test_prf_vector: delref message-key@0x560a73846a10
742. Mar 27 18:08:51.723069: | test_prf_vector: delref key-key@0x560a7383fbf0
743. Mar 27 18:08:51.723080: | test_prf_vector: delref output-key@0x560a73842eb0
744. Mar 27 18:08:51.723093: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
745. Mar 27 18:08:51.723158: | result: newref key-key@0x560a7383fbf0 (34-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
746. Mar 27 18:08:51.723189: | result: newref key-key@0x560a73842eb0 (18-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
747. Mar 27 18:08:51.723198: | key: delref tmp-key@0x560a7383fbf0
748. Mar 27 18:08:51.723259: | result: newref zero_key-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
749. Mar 27 18:08:51.723290: | result: newref zero_key-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +216 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
750. Mar 27 18:08:51.723299: | zero_key: delref tmp-key@0x560a73846a10
751. Mar 27 18:08:51.723384: | draft_chunk: newref slot-key@0x560a73848340 (18-bytes, EXTRACT_KEY_FROM_KEY)
752. Mar 27 18:08:51.723449: | draft_chunk: delref slot-key-key@0x560a73848340
753. Mar 27 18:08:51.723530: | result: newref k1-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
754. Mar 27 18:08:51.723559: | result: newref k1-key@0x560a73846a10 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
755. Mar 27 18:08:51.723568: | k1: delref tmp-key@0x560a73841460
756. Mar 27 18:08:51.723594: | xcbc: delref k1-key@0x560a73846a10
757. Mar 27 18:08:51.723651: | result: newref key-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
758. Mar 27 18:08:51.723688: | result: newref key-key@0x560a73846a10 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +220 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
759. Mar 27 18:08:51.723697: | key: delref tmp-key@0x560a73841460
760. Mar 27 18:08:51.723708: | PRF chunk interface: delref zero_key-key@0x560a7383fbf0
761. Mar 27 18:08:51.723719: | PRF chunk interface: delref clone-key@0x560a73842eb0
762. Mar 27 18:08:51.723782: | result: newref k1-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
763. Mar 27 18:08:51.723811: | result: newref k1-key@0x560a73842eb0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
764. Mar 27 18:08:51.723820: | k1: delref tmp-key@0x560a7383fbf0
765. Mar 27 18:08:51.723846: | xcbc: delref k1-key@0x560a73842eb0
766. Mar 27 18:08:51.723857: | PRF chunk interface: delref key-key@0x560a73846a10
767. Mar 27 18:08:51.723914: | result: newref key symkey-key@0x560a73842eb0 (34-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
768. Mar 27 18:08:51.723943: | result: newref key symkey-key@0x560a73846a10 (18-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
769. Mar 27 18:08:51.723951: | key symkey: delref tmp-key@0x560a73842eb0
770. Mar 27 18:08:51.724008: | result: newref zero_key-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
771. Mar 27 18:08:51.724040: | result: newref zero_key-key@0x560a73842eb0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +216 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
772. Mar 27 18:08:51.724050: | zero_key: delref tmp-key@0x560a7383fbf0
773. Mar 27 18:08:51.724082: | draft_chunk: newref slot-key@0x560a73848340 (18-bytes, EXTRACT_KEY_FROM_KEY)
774. Mar 27 18:08:51.724104: | draft_chunk: delref slot-key-key@0x560a73848340
775. Mar 27 18:08:51.724173: | result: newref k1-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
776. Mar 27 18:08:51.724202: | result: newref k1-key@0x560a7383fbf0 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
777. Mar 27 18:08:51.724213: | k1: delref tmp-key@0x560a73841460
778. Mar 27 18:08:51.724241: | xcbc: delref k1-key@0x560a7383fbf0
779. Mar 27 18:08:51.724404: | result: newref key symkey-key@0x560a73841460 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
780. Mar 27 18:08:51.724458: | result: newref key symkey-key@0x560a7383fbf0 (16-bytes, AES_ECB)(nss_xcbc_init_symkey() +220 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
781. Mar 27 18:08:51.724467: | key symkey: delref tmp-key@0x560a73841460
782. Mar 27 18:08:51.724478: | PRF symkey interface: delref zero_key-key@0x560a73842eb0
783. Mar 27 18:08:51.724536: | result: newref message symkey-key@0x560a73841460 (36-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
784. Mar 27 18:08:51.724565: | result: newref message symkey-key@0x560a73842eb0 (20-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
785. Mar 27 18:08:51.724574: | message symkey: delref tmp-key@0x560a73841460
786. Mar 27 18:08:51.724603: | symkey message: newref slot-key@0x560a73848340 (20-bytes, EXTRACT_KEY_FROM_KEY)
787. Mar 27 18:08:51.724625: | symkey message: delref slot-key-key@0x560a73848340
788. Mar 27 18:08:51.724688: | result: newref k1-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
789. Mar 27 18:08:51.724717: | result: newref k1-key@0x560a73841460 (16-bytes, AES_ECB)(xcbc_mac() +81 lib/libswan/ike_alg_prf_mac_xcbc_ops.c)
790. Mar 27 18:08:51.724725: | k1: delref tmp-key@0x560a73848480
791. Mar 27 18:08:51.724751: | xcbc: delref k1-key@0x560a73841460
792. Mar 27 18:08:51.724808: | result: newref xcbc-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
793. Mar 27 18:08:51.724837: | result: newref xcbc-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
794. Mar 27 18:08:51.724854: | xcbc: delref tmp-key@0x560a73848480
795. Mar 27 18:08:51.724865: | PRF symkey interface: delref key-key@0x560a7383fbf0
796. Mar 27 18:08:51.724896: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
797. Mar 27 18:08:51.724917: | RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18): delref slot-key-key@0x560a73848340
798. Mar 27 18:08:51.724929: | test_prf_vector: delref message-key@0x560a73842eb0
799. Mar 27 18:08:51.724940: | test_prf_vector: delref key-key@0x560a73846a10
800. Mar 27 18:08:51.724951: | test_prf_vector: delref output-key@0x560a73841460
801. Mar 27 18:08:51.724962: testing HMAC_MD5:
802. Mar 27 18:08:51.724969: RFC 2104: MD5_HMAC test 1
803. Mar 27 18:08:51.725028: | result: newref key-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
804. Mar 27 18:08:51.725057: | result: newref key-key@0x560a73841460 (16-bytes, MD5_HMAC)(init_bytes() +119 lib/libswan/ike_alg_prf_mac_nss_ops.c)
805. Mar 27 18:08:51.725065: | key: delref tmp-key@0x560a73846a10
806. Mar 27 18:08:51.725082: | PRF chunk interface: delref clone-key@0x560a73841460
807. Mar 27 18:08:51.725145: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
808. Mar 27 18:08:51.725174: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
809. Mar 27 18:08:51.725182: | key symkey: delref tmp-key@0x560a73846a10
810. Mar 27 18:08:51.725212: | result: newref clone-key@0x560a73846a10 (16-bytes, MD5_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
811. Mar 27 18:08:51.725226: | PRF symkey interface: delref clone-key@0x560a73846a10
812. Mar 27 18:08:51.725386: | result: newref message symkey-key@0x560a7383fbf0 (24-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
813. Mar 27 18:08:51.725422: | result: newref message symkey-key@0x560a73842eb0 (8-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
814. Mar 27 18:08:51.725431: | message symkey: delref tmp-key@0x560a7383fbf0
815. Mar 27 18:08:51.725470: | nss hmac digest hack: newref slot-key@0x560a73848340 (8-bytes, EXTRACT_KEY_FROM_KEY)
816. Mar 27 18:08:51.725493: | nss hmac digest hack: delref slot-key-key@0x560a73848340
817. Mar 27 18:08:51.725558: | result: newref final-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
818. Mar 27 18:08:51.725587: | result: newref final-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
819. Mar 27 18:08:51.725595: | final: delref tmp-key@0x560a7383fbf0
820. Mar 27 18:08:51.725625: | RFC 2104: MD5_HMAC test 1: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
821. Mar 27 18:08:51.725646: | RFC 2104: MD5_HMAC test 1: delref slot-key-key@0x560a73848340
822. Mar 27 18:08:51.725658: | test_prf_vector: delref message-key@0x560a73842eb0
823. Mar 27 18:08:51.725669: | test_prf_vector: delref key-key@0x560a73841460
824. Mar 27 18:08:51.725680: | test_prf_vector: delref output-key@0x560a73846a10
825. Mar 27 18:08:51.725690: RFC 2104: MD5_HMAC test 2
826. Mar 27 18:08:51.725747: | result: newref key-key@0x560a73841460 (20-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
827. Mar 27 18:08:51.725776: | result: newref key-key@0x560a73846a10 (4-bytes, MD5_HMAC)(init_bytes() +119 lib/libswan/ike_alg_prf_mac_nss_ops.c)
828. Mar 27 18:08:51.725784: | key: delref tmp-key@0x560a73841460
829. Mar 27 18:08:51.725800: | PRF chunk interface: delref clone-key@0x560a73846a10
830. Mar 27 18:08:51.725866: | result: newref key symkey-key@0x560a73841460 (20-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
831. Mar 27 18:08:51.725897: | result: newref key symkey-key@0x560a73846a10 (4-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
832. Mar 27 18:08:51.725906: | key symkey: delref tmp-key@0x560a73841460
833. Mar 27 18:08:51.725947: | result: newref clone-key@0x560a73841460 (4-bytes, MD5_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
834. Mar 27 18:08:51.725963: | PRF symkey interface: delref clone-key@0x560a73841460
835. Mar 27 18:08:51.726022: | result: newref message symkey-key@0x560a7383fbf0 (44-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
836. Mar 27 18:08:51.726053: | result: newref message symkey-key@0x560a73842eb0 (28-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
837. Mar 27 18:08:51.726062: | message symkey: delref tmp-key@0x560a7383fbf0
838. Mar 27 18:08:51.726094: | nss hmac digest hack: newref slot-key@0x560a73848340 (28-bytes, EXTRACT_KEY_FROM_KEY)
839. Mar 27 18:08:51.726118: | nss hmac digest hack: delref slot-key-key@0x560a73848340
840. Mar 27 18:08:51.726187: | result: newref final-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
841. Mar 27 18:08:51.726218: | result: newref final-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
842. Mar 27 18:08:51.726227: | final: delref tmp-key@0x560a7383fbf0
843. Mar 27 18:08:51.726393: | RFC 2104: MD5_HMAC test 2: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
844. Mar 27 18:08:51.726422: | RFC 2104: MD5_HMAC test 2: delref slot-key-key@0x560a73848340
845. Mar 27 18:08:51.726482: | test_prf_vector: delref message-key@0x560a73842eb0
846. Mar 27 18:08:51.726506: | test_prf_vector: delref key-key@0x560a73846a10
847. Mar 27 18:08:51.726526: | test_prf_vector: delref output-key@0x560a73841460
848. Mar 27 18:08:51.726537: RFC 2104: MD5_HMAC test 3
849. Mar 27 18:08:51.726601: | result: newref key-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
850. Mar 27 18:08:51.726630: | result: newref key-key@0x560a73841460 (16-bytes, MD5_HMAC)(init_bytes() +119 lib/libswan/ike_alg_prf_mac_nss_ops.c)
851. Mar 27 18:08:51.726638: | key: delref tmp-key@0x560a73846a10
852. Mar 27 18:08:51.726654: | PRF chunk interface: delref clone-key@0x560a73841460
853. Mar 27 18:08:51.726716: | result: newref key symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
854. Mar 27 18:08:51.726745: | result: newref key symkey-key@0x560a73841460 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
855. Mar 27 18:08:51.726753: | key symkey: delref tmp-key@0x560a73846a10
856. Mar 27 18:08:51.726784: | result: newref clone-key@0x560a73846a10 (16-bytes, MD5_HMAC)(init_symkey() +101 lib/libswan/ike_alg_prf_mac_nss_ops.c)
857. Mar 27 18:08:51.726797: | PRF symkey interface: delref clone-key@0x560a73846a10
858. Mar 27 18:08:51.726857: | result: newref message symkey-key@0x560a7383fbf0 (66-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
859. Mar 27 18:08:51.726889: | result: newref message symkey-key@0x560a73842eb0 (50-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
860. Mar 27 18:08:51.726898: | message symkey: delref tmp-key@0x560a7383fbf0
861. Mar 27 18:08:51.726930: | nss hmac digest hack: newref slot-key@0x560a73848340 (50-bytes, EXTRACT_KEY_FROM_KEY)
862. Mar 27 18:08:51.726954: | nss hmac digest hack: delref slot-key-key@0x560a73848340
863. Mar 27 18:08:51.727023: | result: newref final-key@0x560a7383fbf0 (32-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
864. Mar 27 18:08:51.727055: | result: newref final-key@0x560a73846a10 (16-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
865. Mar 27 18:08:51.727063: | final: delref tmp-key@0x560a7383fbf0
866. Mar 27 18:08:51.727095: | RFC 2104: MD5_HMAC test 3: newref slot-key@0x560a73848340 (16-bytes, EXTRACT_KEY_FROM_KEY)
867. Mar 27 18:08:51.727119: | RFC 2104: MD5_HMAC test 3: delref slot-key-key@0x560a73848340
868. Mar 27 18:08:51.727131: | test_prf_vector: delref message-key@0x560a73842eb0
869. Mar 27 18:08:51.727144: | test_prf_vector: delref key-key@0x560a73841460
870. Mar 27 18:08:51.727163: | test_prf_vector: delref output-key@0x560a73846a10
871. Mar 27 18:08:51.727177: testing HMAC_SHA1:
872. Mar 27 18:08:51.727185: CAVP: IKEv2 key derivation with HMAC-SHA1
873. Mar 27 18:08:51.727344: | result: newref gir symkey-key@0x560a73841460 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
874. Mar 27 18:08:51.727389: | result: newref gir symkey-key@0x560a73846a10 (32-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
875. Mar 27 18:08:51.727398: | gir symkey: delref tmp-key@0x560a73841460
876. Mar 27 18:08:51.727436: | result: newref skeyseed-key@0x560a73841460 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)(ike_sa_skeyseed() +106 lib/libswan/ike_alg_prf_ikev2_nss_ops.c)
877. Mar 27 18:08:51.727461: | CAVP: IKEv2 key derivation with HMAC-SHA1: newref slot-key@0x560a73848340 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)
878. Mar 27 18:08:51.727483: | CAVP: IKEv2 key derivation with HMAC-SHA1: delref slot-key-key@0x560a73848340
879. Mar 27 18:08:51.727528: | result: newref keymat-key@0x560a73842eb0 (132-bytes, EXTRACT_KEY_FROM_KEY)(prfplus_key_data() +61 lib/libswan/ike_alg_prf_ikev2_nss_ops.c)
880. Mar 27 18:08:51.727557: | CAVP: IKEv2 key derivation with HMAC-SHA1: newref slot-key@0x560a73848340 (132-bytes, EXTRACT_KEY_FROM_KEY)
881. Mar 27 18:08:51.727578: | CAVP: IKEv2 key derivation with HMAC-SHA1: delref slot-key-key@0x560a73848340
882. Mar 27 18:08:51.727611: | result: newref SK_d-key@0x560a7383fbf0 (20-bytes, EXTRACT_KEY_FROM_KEY)(test_kdf_vector() +311 lib/libswan/ike_alg_prf_test_vectors.c)
883. Mar 27 18:08:51.727675: | result: newref gir_new symkey-key@0x560a738440b0 (48-bytes, EXTRACT_KEY_FROM_KEY)(merge_symkey_bytes() +222 lib/libswan/crypt_symkey.c)
884. Mar 27 18:08:51.727707: | result: newref gir_new symkey-key@0x560a73848480 (32-bytes, EXTRACT_KEY_FROM_KEY)(symkey_from_bytes() +398 lib/libswan/crypt_symkey.c)
885. Mar 27 18:08:51.727715: | gir_new symkey: delref tmp-key@0x560a738440b0
886. Mar 27 18:08:51.727755: | result: newref skeyseed-key@0x560a738440b0 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)(ike_sa_rekey_skeyseed() +136 lib/libswan/ike_alg_prf_ikev2_nss_ops.c)
887. Mar 27 18:08:51.727787: | CAVP: IKEv2 key derivation with HMAC-SHA1: newref slot-key@0x560a73848340 (20-bytes, NSS_IKE_PRF_PLUS_DERIVE)
888. Mar 27 18:08:51.727820: | CAVP: IKEv2 key derivation with HMAC-SHA1: delref slot-key-key@0x560a73848340
889. Mar 27 18:08:51.727835: | test_kdf_vector: delref gir-key@0x560a73846a10
890. Mar 27 18:08:51.727845: | test_kdf_vector: delref gir_new-key@0x560a73848480
891. Mar 27 18:08:51.727856: | test_kdf_vector: delref skeyseed-key@0x560a73841460
892. Mar 27 18:08:51.727869: | test_kdf_vector: delref dkm-key@0x560a73842eb0
893. Mar 27 18:08:51.727880: | test_kdf_vector: delref skd-key@0x560a7383fbf0
894. Mar 27 18:08:51.727893: | test_kdf_vector: delref skeyseed_rekey-key@0x560a738440b0
895. Mar 27 18:08:51.727905: | building Vendor ID table
896. Mar 27 18:08:51.728757: | verifying VID lookup table
897. Mar 27 18:08:51.728772: | Vendor ID 'Openswan(project)' and 'Libreswan (3.6+)' clash
898. Mar 27 18:08:51.728780: | 64 Openswan(project) substring+match
899. Mar 27 18:08:51.728789: | 4f 45 [OE]
900. Mar 27 18:08:51.728796: | 68 Libreswan (3.6+) substring+hexa
901. Mar 27 18:08:51.728812: | 4f 45 2d 4c 69 62 72 65 73 77 61 6e 2d [OE-Libreswan-]
902. Mar 27 18:08:51.728820: | Vendor ID 'Openswan(project)' and 'Libreswan (this version)' clash
903. Mar 27 18:08:51.728827: | 64 Openswan(project) substring+match
904. Mar 27 18:08:51.728836: | 4f 45 [OE]
905. Mar 27 18:08:51.728843: | 67 Libreswan (this version)
906. Mar 27 18:08:51.728863: | 4f 45 2d 4c 69 62 72 65 73 77 61 6e 2d 35 2e 30 7e 72 63 32 [OE-Libreswan-5.0~rc2]
907. Mar 27 18:08:51.728871: | Vendor ID 'Openswan(project)' and 'FreeS/WAN 2.00' clash
908. Mar 27 18:08:51.728879: | 64 Openswan(project) substring+match
909. Mar 27 18:08:51.728887: | 4f 45 [OE]
910. Mar 27 18:08:51.728894: | 59 FreeS/WAN 2.00
911. Mar 27 18:08:51.728913: | 4f 45 44 76 5b 57 6b 40 45 41 74 47 [OEDv[Wk@EAtG]
912. Mar 27 18:08:51.728921: | Vendor ID 'Openswan(project)' and 'Openswan 2.2.0' clash
913. Mar 27 18:08:51.728928: | 64 Openswan(project) substring+match
914. Mar 27 18:08:51.729007: | 4f 45 [OE]
915. Mar 27 18:08:51.729051: | 62 Openswan 2.2.0
916. Mar 27 18:08:51.729067: | 4f 45 48 72 4b 6e 5e 68 55 7c 60 4f [OEHrKn^hU|`O]
917. Mar 27 18:08:51.729084: | Vendor ID 'Openswan(project)' and 'Libreswan 3.0 - 3.5' clash
918. Mar 27 18:08:51.729092: | 64 Openswan(project) substring+match
919. Mar 27 18:08:51.729101: | 4f 45 [OE]
920. Mar 27 18:08:51.729108: | 69 Libreswan 3.0 - 3.5 substring+match
921. Mar 27 18:08:51.729117: | 4f 45 4e [OEN]
922. Mar 27 18:08:51.729125: | Vendor ID 'Openswan(project)' and 'FreeS/WAN 2.00 (X.509-1.3.1 + LDAP)' clash
923. Mar 27 18:08:51.729132: | 64 Openswan(project) substring+match
924. Mar 27 18:08:51.729141: | 4f 45 [OE]
925. Mar 27 18:08:51.729148: | 61 FreeS/WAN 2.00 (X.509-1.3.1 + LDAP)
926. Mar 27 18:08:51.729174: | 4f 45 57 5d 6a 53 43 42 46 74 79 6e [OEW]jSCBFtyn]
927. Mar 27 18:08:51.729222: | Vendor ID 'Openswan(project)' and 'FreeS/WAN 2.00 (X.509-1.3.1)' clash
928. Mar 27 18:08:51.729290: | 64 Openswan(project) substring+match
929. Mar 27 18:08:51.729300: | 4f 45 [OE]
930. Mar 27 18:08:51.729307: | 60 FreeS/WAN 2.00 (X.509-1.3.1)
931. Mar 27 18:08:51.729323: | 4f 45 77 4e 4a 43 52 71 6e 45 48 6f [OEwNJCRqnEHo]
932. Mar 27 18:08:51.729360: 3 CPU cores online
933. Mar 27 18:08:51.729378: starting up 3 helper threads
934. Mar 27 18:08:51.729389: | string logger: newref @0x560a738451b8(0->1) (start_server_helpers() +526 programs/pluto/server_pool.c)
935. Mar 27 18:08:51.729466: started thread for helper 0
936. Mar 27 18:08:51.729479: | string logger: newref @0x560a73844838(0->1) (start_server_helpers() +526 programs/pluto/server_pool.c)
937. Mar 27 18:08:51.729523: | starting thread
938. Mar 27 18:08:51.729572: helper(1): seccomp security for helper not supported
939. Mar 27 18:08:51.729585: | starting thread
940. Mar 27 18:08:51.729524: started thread for helper 1
941. Mar 27 18:08:51.729669: | string logger: newref @0x560a7381b098(0->1) (start_server_helpers() +526 programs/pluto/server_pool.c)
942. Mar 27 18:08:51.729590: | status value returned by setting the priority of this thread: 22
943. Mar 27 18:08:51.729718: | helper 1: waiting for work
944. Mar 27 18:08:51.729749: started thread for helper 2
945. Mar 27 18:08:51.729767: | starting thread
946. Mar 27 18:08:51.729778: helper(3): seccomp security for helper not supported
947. Mar 27 18:08:51.729632: helper(2): seccomp security for helper not supported
948. Mar 27 18:08:51.729778: using Linux xfrm kernel support code on #20240227 SMP PREEMPT Tue Feb 27 08:58:35 UTC 2024
949. Mar 27 18:08:51.729786: | status value returned by setting the priority of this thread: 22
950. Mar 27 18:08:51.729823: | helper 3: waiting for work
951. Mar 27 18:08:51.729802: | status value returned by setting the priority of this thread: 22
952. Mar 27 18:08:51.729846: | helper 2: waiting for work
953. Mar 27 18:08:51.729891: | fdl: newref @0x560a7384f408(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
954. Mar 27 18:08:51.729903: | libevent: newref @0x560a738438c8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
955. Mar 27 18:08:51.729926: | fdl: newref @0x560a73850e68(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
956. Mar 27 18:08:51.729937: | libevent: newref @0x560a73843888(0->1) (libevent_malloc() +959 programs/pluto/server.c)
957. Mar 27 18:08:51.729947: | Hard-wiring algorithms
958. Mar 27 18:08:51.729955: | adding AES_CCM_16 to kernel algorithm db
959. Mar 27 18:08:51.729963: | adding AES_CCM_12 to kernel algorithm db
960. Mar 27 18:08:51.729970: | adding AES_CCM_8 to kernel algorithm db
961. Mar 27 18:08:51.729978: | adding 3DES_CBC to kernel algorithm db
962. Mar 27 18:08:51.729985: | adding CAMELLIA_CBC to kernel algorithm db
963. Mar 27 18:08:51.729993: | adding AES_GCM_16 to kernel algorithm db
964. Mar 27 18:08:51.730001: | adding AES_GCM_12 to kernel algorithm db
965. Mar 27 18:08:51.730008: | adding AES_GCM_8 to kernel algorithm db
966. Mar 27 18:08:51.730016: | adding AES_CTR to kernel algorithm db
967. Mar 27 18:08:51.730023: | adding AES_CBC to kernel algorithm db
968. Mar 27 18:08:51.730031: | adding NULL_AUTH_AES_GMAC to kernel algorithm db
969. Mar 27 18:08:51.730039: | adding NULL to kernel algorithm db
970. Mar 27 18:08:51.730047: | adding CHACHA20_POLY1305 to kernel algorithm db
971. Mar 27 18:08:51.730066: | adding HMAC_MD5_96 to kernel algorithm db
972. Mar 27 18:08:51.730073: | adding HMAC_SHA1_96 to kernel algorithm db
973. Mar 27 18:08:51.730081: | adding HMAC_SHA2_512_256 to kernel algorithm db
974. Mar 27 18:08:51.730089: | adding HMAC_SHA2_384_192 to kernel algorithm db
975. Mar 27 18:08:51.730096: | adding HMAC_SHA2_256_128 to kernel algorithm db
976. Mar 27 18:08:51.730104: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
977. Mar 27 18:08:51.730111: | adding AES_XCBC_96 to kernel algorithm db
978. Mar 27 18:08:51.730119: | adding AES_CMAC_96 to kernel algorithm db
979. Mar 27 18:08:51.730126: | adding NONE to kernel algorithm db
980. Mar 27 18:08:51.730150: | sendrecv_xfrm_msg() sending 29 flush policy
981. Mar 27 18:08:51.730280: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
982. Mar 27 18:08:51.730293: | sendrecv_xfrm_msg() sending 28 flush state
983. Mar 27 18:08:51.730317: | sendrecv_xfrm_msg() recvfrom() returned 36 bytes
984. Mar 27 18:08:51.730362: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
985. Mar 27 18:08:51.730373: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
986. Mar 27 18:08:51.730382: | global one-shot timer EVENT_CHECK_CRLS initialized
987. Mar 27 18:08:51.730389: | CRL: checking disabled
988. Mar 27 18:08:51.730397: selinux support is NOT enabled.
989. Mar 27 18:08:51.730435: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
990. Mar 27 18:08:51.730443: watchdog: sending probes every 100 secs
991. Mar 27 18:08:51.730452: | pluto_sd: executing action action: start(2), status 0
992. Mar 27 18:08:51.730512: | global periodic timer EVENT_SD_WATCHDOG enabled with interval of 100 seconds
993. Mar 27 18:08:51.732533: | unbound context created - setting debug level to 5
994. Mar 27 18:08:51.732590: | /etc/hosts lookups activated
995. Mar 27 18:08:51.732621: | /etc/resolv.conf usage activated
996. Mar 27 18:08:51.732910: | outgoing-port-avoid set 0-65535
997. Mar 27 18:08:51.733047: | outgoing-port-permit set 32768-60999
998. Mar 27 18:08:51.733056: | loading dnssec root key from:/usr/share/dns/root.key
999. Mar 27 18:08:51.733064: | no additional dnssec trust anchors defined via dnssec-trusted= option
1000. Mar 27 18:08:51.733101: | Setting up events, loop start
1001. Mar 27 18:08:51.733113: | fdl: newref @0x560a73854758(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1002. Mar 27 18:08:51.733127: | libevent: newref @0x560a7381b528(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1003. Mar 27 18:08:51.733152: | libevent: newref @0x560a73854828(0->1) (libevent_realloc() +969 programs/pluto/server.c)
1004. Mar 27 18:08:51.733180: | libevent: newref @0x560a73843988(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1005. Mar 27 18:08:51.733198: | libevent: newref @0x560a7384bed8(0->1) (libevent_realloc() +969 programs/pluto/server.c)
1006. Mar 27 18:08:51.733208: | libevent: newref @0x560a7381f1e8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1007. Mar 27 18:08:51.733230: | libevent: newref @0x560a73843208(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1008. Mar 27 18:08:51.733270: | signal event handler PLUTO_SIGCHLD installed
1009. Mar 27 18:08:51.733285: | libevent: newref @0x560a73843508(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1010. Mar 27 18:08:51.733296: | libevent: newref @0x560a737bad38(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1011. Mar 27 18:08:51.733306: | signal event handler PLUTO_SIGTERM installed
1012. Mar 27 18:08:51.733325: | libevent: newref @0x560a73849e68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1013. Mar 27 18:08:51.733335: | libevent: newref @0x560a737bab68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1014. Mar 27 18:08:51.733344: | signal event handler PLUTO_SIGHUP installed
1015. Mar 27 18:08:51.734204: | created addconn helper (pid:1301457) using fork+execve
1016. Mar 27 18:08:51.734233: | forked child addconn 1301457
1017. Mar 27 18:08:51.734274: | pid: newref @0x560a73854958(0->1) (add_pid() +135 programs/pluto/server_fork.c)
1018. Mar 27 18:08:51.734302: | clone logger: newref @0x560a7381a418(0->1) (add_pid() +143 programs/pluto/server_fork.c)
1019. Mar 27 18:08:51.734329: | fdl: newref @0x560a73854a28(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1020. Mar 27 18:08:51.734370: | libevent: newref @0x560a7384f4d8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1021. Mar 27 18:08:51.734394: seccomp security not supported
1022. Mar 27 18:08:51.741410: | struct fd: newref @0x560a7384f518(0->1) (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
1023. Mar 27 18:08:51.741436: | fd_accept: new fd@0x560a7384f518 (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
1024. Mar 27 18:08:51.741473: | processing message from addconn
1025. Mar 27 18:08:51.741484: | whack: addconn: start: 'tunnel1' (logger@0x7fffc3c01d50/fd@0x560a7384f518/fd@(nil))
1026. Mar 27 18:08:51.741494: | FOR_EACH_CONNECTION_.... in (whack_connections_by_name() +79 programs/pluto/whack_connection.c)
1027. Mar 27 18:08:51.741503: | matches: 0
1028. Mar 27 18:08:51.741521: | FOR_EACH_CONNECTION_.... in (whack_connections_by_alias() +115 programs/pluto/whack_connection.c)
1029. Mar 27 18:08:51.741529: | matches: 0
1030. Mar 27 18:08:51.741537: | FOR_EACH_CONNECTION_.... in (connection_with_name_exists() +210 programs/pluto/connections.c)
1031. Mar 27 18:08:51.741545: | matches: 0
1032. Mar 27 18:08:51.741557: | struct connection: newref @0x560a738554d8(0->1) (add_connection() +3578 programs/pluto/connections.c)
1033. Mar 27 18:08:51.741569: | alloc logger: newref @0x560a7381a508(0->1) (add_connection() +3578 programs/pluto/connections.c)
1034. Mar 27 18:08:51.741579: | struct fd: addref @0x560a7384f518(1->2) (alloc_connection() +2034 programs/pluto/connections.c)
1035. Mar 27 18:08:51.741588: | "tunnel1": attach whack fd@0x560a7384f518 to empty logger 0x560a7381a508 slot 0
1036. Mar 27 18:08:51.741598: | left connection is CK_TEMPLATE: unspecified right address yet policy negotiate
1037. Mar 27 18:08:51.741606: | right connection is CK_TEMPLATE: unspecified right address yet policy negotiate
1038. Mar 27 18:08:51.741623: | added new IKEv2 connection "tunnel1" with policy IKEv2+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
1039. Mar 27 18:08:51.741784: | ike (phase1) algorithm values: AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192, AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192
1040. Mar 27 18:08:51.741794: | constructing local IKE proposals for "tunnel1"
1041. Mar 27 18:08:51.741802: | generating IKEv2 IKE proposals
1042. Mar 27 18:08:51.741816: | converting IKE proposal AES_GCM_16_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
1043. Mar 27 18:08:51.741832: | ... ikev2_proposal: 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1044. Mar 27 18:08:51.741843: | converting IKE proposal AES_GCM_16_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
1045. Mar 27 18:08:51.741867: | ... ikev2_proposal: 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1046. Mar 27 18:08:51.741920: | converting IKE proposal CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
1047. Mar 27 18:08:51.741930: | omitting IKEv2 IKE CHACHA20_POLY1305 ENCRYPT transform key-length
1048. Mar 27 18:08:51.741952: | ... ikev2_proposal: 3:IKE=CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1049. Mar 27 18:08:51.741963: | converting IKE proposal AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
1050. Mar 27 18:08:51.741977: | ... ikev2_proposal: 4:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1051. Mar 27 18:08:51.741999: | converting IKE proposal AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-DH19+DH20+DH21+DH31+MODP4096+MODP3072+MODP2048+MODP8192 to ikev2 ...
1052. Mar 27 18:08:51.742013: | ... ikev2_proposal: 5:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1053. Mar 27 18:08:51.742022: "tunnel1": IKE SA proposals (connection add):
1054. Mar 27 18:08:51.742035: "tunnel1": 1:IKE=AES_GCM_C_256-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1055. Mar 27 18:08:51.742048: "tunnel1": 2:IKE=AES_GCM_C_128-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1056. Mar 27 18:08:51.742063: "tunnel1": 3:IKE=CHACHA20_POLY1305-HMAC_SHA2_512+HMAC_SHA2_256-NONE-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1057. Mar 27 18:08:51.742076: "tunnel1": 4:IKE=AES_CBC_256-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1058. Mar 27 18:08:51.742091: "tunnel1": 5:IKE=AES_CBC_128-HMAC_SHA2_512+HMAC_SHA2_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-ECP_256+ECP_384+ECP_521+CURVE25519+MODP4096+MODP3072+MODP2048+MODP8192
1059. Mar 27 18:08:51.742214: | ESP/AH string values: AES_GCM_16_256-NONE, AES_GCM_16_128-NONE, CHACHA20_POLY1305-NONE, AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128, AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128
1060. Mar 27 18:08:51.742225: | constructing ESP/AH proposals for loading config with strip_dh=yes ms_dh_downgrade=no default_dh=NONE
1061. Mar 27 18:08:51.742239: | converting proposal AES_GCM_16_256-NONE to ikev2 pass 1 ...
1062. Mar 27 18:08:51.742253: | ... ikev2_proposal: 1:ESP=AES_GCM_C_256-NONE-NONE-ESN:YES+NO
1063. Mar 27 18:08:51.742262: | converting proposal AES_GCM_16_128-NONE to ikev2 pass 1 ...
1064. Mar 27 18:08:51.742273: | ... ikev2_proposal: 2:ESP=AES_GCM_C_128-NONE-NONE-ESN:YES+NO
1065. Mar 27 18:08:51.742283: | converting proposal CHACHA20_POLY1305-NONE to ikev2 pass 1 ...
1066. Mar 27 18:08:51.742291: | omitting IKEv2 ESP CHACHA20_POLY1305 ENCRYPT transform key-length
1067. Mar 27 18:08:51.742302: | ... ikev2_proposal: 3:ESP=CHACHA20_POLY1305-NONE-NONE-ESN:YES+NO
1068. Mar 27 18:08:51.742311: | converting proposal AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 pass 1 ...
1069. Mar 27 18:08:51.742325: | ... ikev2_proposal: 4:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
1070. Mar 27 18:08:51.742334: | converting proposal AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128 to ikev2 pass 1 ...
1071. Mar 27 18:08:51.742347: | ... ikev2_proposal: 5:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
1072. Mar 27 18:08:51.742355: "tunnel1": Child SA proposals (connection add):
1073. Mar 27 18:08:51.742366: "tunnel1": 1:ESP=AES_GCM_C_256-NONE-NONE-ESN:YES+NO
1074. Mar 27 18:08:51.742378: "tunnel1": 2:ESP=AES_GCM_C_128-NONE-NONE-ESN:YES+NO
1075. Mar 27 18:08:51.742388: "tunnel1": 3:ESP=CHACHA20_POLY1305-NONE-NONE-ESN:YES+NO
1076. Mar 27 18:08:51.742399: "tunnel1": 4:ESP=AES_CBC_256-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
1077. Mar 27 18:08:51.742412: "tunnel1": 5:ESP=AES_CBC_128-HMAC_SHA2_512_256+HMAC_SHA2_256_128-NONE-ESN:YES+NO
1078. Mar 27 18:08:51.742421: | ikelifetime=whack (28800)
1079. Mar 27 18:08:51.742430: | ipsec-lifetime=whack (28800)
1080. Mar 27 18:08:51.742439: | c->sa_reqid=0 because wm->sa_reqid=0 and sec-label=n/a
1081. Mar 27 18:08:51.742456: | fake leftauth=secret leftauthby=PSK from whack authby PSK
1082. Mar 27 18:08:51.742468: | fake rightauth=secret rightauthby=PSK from whack authby PSK
1083. Mar 27 18:08:51.742481: | updating host ends from left.host.addr 192.168.1.10
1084. Mar 27 18:08:51.742489: | updated left.host_port from 0 to 500
1085. Mar 27 18:08:51.742501: | updated right.host_nexthop from 0.0.0.0 to 192.168.1.10
1086. Mar 27 18:08:51.742513: | updating host ends from right.host.addr 0.0.0.0
1087. Mar 27 18:08:51.742521: "tunnel1": warning: keyingtries=3 ignored, UP connection will attempt to establish until marked DOWN
1088. Mar 27 18:08:51.742555: | left child selectors from leftsubnet (selector); left.config.has_client=true
1089. Mar 27 18:08:51.742573: | ttoselectors_num() input: 192.168.10.0/24
1090. Mar 27 18:08:51.742631: | ttoselectors_num() nr tokens 1
1091. Mar 27 18:08:51.742659: | right child selectors unknown; probably derived from host?!?
1092. Mar 27 18:08:51.742672: | child.reqid=16388 because c->sa_reqid=0 (generate)
1093. Mar 27 18:08:51.742690: | set_connection_selector_proposals() left selector from 1 child.selectors
1094. Mar 27 18:08:51.742708: | left.child.has_client: no -> yes (set_connection_selector_proposals() +1625 programs/pluto/connections.c)
1095. Mar 27 18:08:51.742716: | set_connection_selector_proposals() right selector proposals from unset host family
1096. Mar 27 18:08:51.742726: | append_end_selector() right.child.selectors.proposed[0] <unset-selector> (set_connection_selector_proposals() +1665 programs/pluto/connections.c)
1097. Mar 27 18:08:51.742734: | adding connection spds using proposed
1098. Mar 27 18:08:51.742742: | left=1 right=1
1099. Mar 27 18:08:51.742750: | left[IPv4]=1 right[IPv4]=1
1100. Mar 27 18:08:51.742758: | left[IPv6]=0 right[IPv6]=0
1101. Mar 27 18:08:51.742765: | allocating 1 SPDs
1102. Mar 27 18:08:51.742774: | <unset-selectors>
1103. Mar 27 18:08:51.742786: | left child spd from selector 192.168.10.0/24 left.spd.has_client=yes virt=no
1104. Mar 27 18:08:51.742794: | right child spd from selector <unset-selector> right.spd.has_client=no virt=no
1105. Mar 27 18:08:51.742815: | "tunnel1": 192.168.1.10->0.0.0.0 oriented=no
1106. Mar 27 18:08:51.742823: | orienting "tunnel1"
1107. Mar 27 18:08:51.742845: | left host type=IPADDR address=192.168.1.10 port=500 ikeport=0 encap=no tcp=no
1108. Mar 27 18:08:51.742909: | right host type=ANY address=0.0.0.0 port=500 ikeport=0 encap=no tcp=no
1109. Mar 27 18:08:51.742919: "tunnel1": added IKEv2 connection
1110. Mar 27 18:08:51.742956: | ike_life: 28800; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; replay_window: 128; policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES ipsec_max_bytes: 9223372036854775808 ipsec_max_packets 9223372036854775808
1111. Mar 27 18:08:51.742968: | "tunnel1": detach whack fd@0x560a7384f518 from logger 0x560a7381a508 slot 0 (add_connection() +3616 programs/pluto/connections.c)
1112. Mar 27 18:08:51.743004: | delref @0x560a7384f518(2->1) (add_connection() +3616 programs/pluto/connections.c)
1113. Mar 27 18:08:51.743014: | whack: addconn: stop: 'tunnel1' (logger@0x7fffc3c01d50/fd@0x560a7384f518/fd@(nil))
1114. Mar 27 18:08:51.743024: | delref @0x560a7384f518(1->0) (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
1115. Mar 27 18:08:51.743045: | freeref fd@0x560a7384f518 (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
1116. Mar 27 18:08:51.743060: | spent 1.68 (1.68) milliseconds in whack
1117. Mar 27 18:08:51.743128: addconn: "tunnel1": warning: keyingtries=3 ignored, UP connection will attempt to establish until marked DOWN
1118. Mar 27 18:08:51.743150: addconn: "tunnel1": added IKEv2 connection
1119. Mar 27 18:08:51.743158: addconn:
1120. Mar 27 18:08:51.743190: | struct fd: newref @0x560a73854af8(0->1) (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
1121. Mar 27 18:08:51.743203: | fd_accept: new fd@0x560a73854af8 (whack_handle_cb() +767 programs/pluto/rcv_whack.c)
1122. Mar 27 18:08:51.743233: | processing message from addconn
1123. Mar 27 18:08:51.743245: | whack: listen: start: (logger@0x7fffc3c01d50/fd@0x560a73854af8/fd@(nil))
1124. Mar 27 18:08:51.743255: | pluto_sd: executing action action: reloading(4), status 0
1125. Mar 27 18:08:51.743351: listening for IKE messages
1126. Mar 27 18:08:51.743380: | finding raw interfaces of type IPv4
1127. Mar 27 18:08:51.743402: | allocated 2560 buffer for SIOCGIFCONF
1128. Mar 27 18:08:51.743421: | ioctl(SIOCGIFCONF) returned 280 bytes (roughly 7 IPv4 interfaces)
1129. Mar 27 18:08:51.743436: | found IPv4 interface lo with address 127.0.0.1
1130. Mar 27 18:08:51.743449: | found IPv4 interface enp0s3 with address 192.168.1.10
1131. Mar 27 18:08:51.743462: | found IPv4 interface enp0s8 with address 192.168.10.25
1132. Mar 27 18:08:51.743474: | found IPv4 interface enp0s8 with address 172.16.10.1
1133. Mar 27 18:08:51.743487: | found IPv4 interface enp0s8 with address 192.168.10.26
1134. Mar 27 18:08:51.743499: | found IPv4 interface enp0s9 with address 192.168.101.2
1135. Mar 27 18:08:51.743520: | found IPv4 interface enp0s10 with address 192.168.200.2
1136. Mar 27 18:08:51.743538: | struct iface: newref @0x560a73854de8(0->1) (add_iface() +85 programs/pluto/iface.c)
1137. Mar 27 18:08:51.743548: | kernel_ops_nic_detect_offload() enp0s10 ...
1138. Mar 27 18:08:51.743573: Kernel supports NIC esp-hw-offload
1139. Mar 27 18:08:51.743588: | kernel_ops_nic_detect_offload() ... no
1140. Mar 27 18:08:51.743597: | iface: marking enp0s10 add
1141. Mar 27 18:08:51.743607: | struct iface: newref @0x560a7385a648(0->1) (add_iface() +85 programs/pluto/iface.c)
1142. Mar 27 18:08:51.743616: | kernel_ops_nic_detect_offload() enp0s9 ...
1143. Mar 27 18:08:51.743626: | kernel_ops_nic_detect_offload() ... no
1144. Mar 27 18:08:51.743634: | iface: marking enp0s9 add
1145. Mar 27 18:08:51.743644: | struct iface: newref @0x560a7385a778(0->1) (add_iface() +85 programs/pluto/iface.c)
1146. Mar 27 18:08:51.743652: | kernel_ops_nic_detect_offload() enp0s8 ...
1147. Mar 27 18:08:51.743662: | kernel_ops_nic_detect_offload() ... no
1148. Mar 27 18:08:51.743670: | iface: marking enp0s8 add
1149. Mar 27 18:08:51.743681: | struct iface: newref @0x560a7385a848(0->1) (add_iface() +85 programs/pluto/iface.c)
1150. Mar 27 18:08:51.743689: | kernel_ops_nic_detect_offload() enp0s8 ...
1151. Mar 27 18:08:51.743699: | kernel_ops_nic_detect_offload() ... no
1152. Mar 27 18:08:51.743707: | iface: marking enp0s8 add
1153. Mar 27 18:08:51.743717: | struct iface: newref @0x560a7385a918(0->1) (add_iface() +85 programs/pluto/iface.c)
1154. Mar 27 18:08:51.743726: | kernel_ops_nic_detect_offload() enp0s8 ...
1155. Mar 27 18:08:51.743736: | kernel_ops_nic_detect_offload() ... no
1156. Mar 27 18:08:51.743743: | iface: marking enp0s8 add
1157. Mar 27 18:08:51.743754: | struct iface: newref @0x560a7385a9e8(0->1) (add_iface() +85 programs/pluto/iface.c)
1158. Mar 27 18:08:51.743762: | kernel_ops_nic_detect_offload() enp0s3 ...
1159. Mar 27 18:08:51.743772: | kernel_ops_nic_detect_offload() ... no
1160. Mar 27 18:08:51.743780: | iface: marking enp0s3 add
1161. Mar 27 18:08:51.743791: | struct iface: newref @0x560a7385aab8(0->1) (add_iface() +85 programs/pluto/iface.c)
1162. Mar 27 18:08:51.743799: | kernel_ops_nic_detect_offload() lo ...
1163. Mar 27 18:08:51.743844: | kernel_ops_nic_detect_offload() ... no
1164. Mar 27 18:08:51.743856: | iface: marking lo add
1165. Mar 27 18:08:51.743907: | no interfaces to sort
1166. Mar 27 18:08:51.743943: | struct iface_endpoint: newref @0x560a7385ab88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1167. Mar 27 18:08:51.743954: | struct iface: addref @0x560a73854de8(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1168. Mar 27 18:08:51.743966: adding UDP interface enp0s10 192.168.200.2:500
1169. Mar 27 18:08:51.743999: | struct iface_endpoint: newref @0x560a7385ac88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1170. Mar 27 18:08:51.744010: | struct iface: addref @0x560a73854de8(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1171. Mar 27 18:08:51.744019: | NAT-Traversal: Trying sockopt style NAT-T
1172. Mar 27 18:08:51.744129: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
1173. Mar 27 18:08:51.744142: adding UDP interface enp0s10 192.168.200.2:4500
1174. Mar 27 18:08:51.744175: | struct iface_endpoint: newref @0x560a7385ad88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1175. Mar 27 18:08:51.744187: | struct iface: addref @0x560a7385a648(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1176. Mar 27 18:08:51.744228: adding UDP interface enp0s9 192.168.101.2:500
1177. Mar 27 18:08:51.744268: | struct iface_endpoint: newref @0x560a7385ae88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1178. Mar 27 18:08:51.744279: | struct iface: addref @0x560a7385a648(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1179. Mar 27 18:08:51.744287: | NAT-Traversal: Trying sockopt style NAT-T
1180. Mar 27 18:08:51.744297: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
1181. Mar 27 18:08:51.744308: adding UDP interface enp0s9 192.168.101.2:4500
1182. Mar 27 18:08:51.744348: | struct iface_endpoint: newref @0x560a7385af88(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1183. Mar 27 18:08:51.744359: | struct iface: addref @0x560a7385a778(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1184. Mar 27 18:08:51.744379: adding UDP interface enp0s8 192.168.10.26:500
1185. Mar 27 18:08:51.744438: | struct iface_endpoint: newref @0x560a7385b088(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1186. Mar 27 18:08:51.744506: | struct iface: addref @0x560a7385a778(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1187. Mar 27 18:08:51.744517: | NAT-Traversal: Trying sockopt style NAT-T
1188. Mar 27 18:08:51.744527: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
1189. Mar 27 18:08:51.744538: adding UDP interface enp0s8 192.168.10.26:4500
1190. Mar 27 18:08:51.744591: | struct iface_endpoint: newref @0x560a7385b188(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1191. Mar 27 18:08:51.744603: | struct iface: addref @0x560a7385a848(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1192. Mar 27 18:08:51.744614: adding UDP interface enp0s8 172.16.10.1:500
1193. Mar 27 18:08:51.744672: | struct iface_endpoint: newref @0x560a7385b288(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1194. Mar 27 18:08:51.744683: | struct iface: addref @0x560a7385a848(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1195. Mar 27 18:08:51.744691: | NAT-Traversal: Trying sockopt style NAT-T
1196. Mar 27 18:08:51.744701: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
1197. Mar 27 18:08:51.744721: adding UDP interface enp0s8 172.16.10.1:4500
1198. Mar 27 18:08:51.744769: | struct iface_endpoint: newref @0x560a7385b388(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1199. Mar 27 18:08:51.744789: | struct iface: addref @0x560a7385a918(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1200. Mar 27 18:08:51.744830: adding UDP interface enp0s8 192.168.10.25:500
1201. Mar 27 18:08:51.744900: | struct iface_endpoint: newref @0x560a7385b488(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1202. Mar 27 18:08:51.744912: | struct iface: addref @0x560a7385a918(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1203. Mar 27 18:08:51.744920: | NAT-Traversal: Trying sockopt style NAT-T
1204. Mar 27 18:08:51.744929: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
1205. Mar 27 18:08:51.744940: adding UDP interface enp0s8 192.168.10.25:4500
1206. Mar 27 18:08:51.744997: | struct iface_endpoint: newref @0x560a7385b588(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1207. Mar 27 18:08:51.745008: | struct iface: addref @0x560a7385a9e8(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1208. Mar 27 18:08:51.745020: adding UDP interface enp0s3 192.168.1.10:500
1209. Mar 27 18:08:51.745076: | struct iface_endpoint: newref @0x560a7385b688(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1210. Mar 27 18:08:51.745087: | struct iface: addref @0x560a7385a9e8(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1211. Mar 27 18:08:51.745095: | NAT-Traversal: Trying sockopt style NAT-T
1212. Mar 27 18:08:51.745105: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
1213. Mar 27 18:08:51.745125: adding UDP interface enp0s3 192.168.1.10:4500
1214. Mar 27 18:08:51.745171: | struct iface_endpoint: newref @0x560a7385b788(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1215. Mar 27 18:08:51.745182: | struct iface: addref @0x560a7385aab8(1->2) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1216. Mar 27 18:08:51.745193: adding UDP interface lo 127.0.0.1:500
1217. Mar 27 18:08:51.745249: | struct iface_endpoint: newref @0x560a7385b888(0->1) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1218. Mar 27 18:08:51.745292: | struct iface: addref @0x560a7385aab8(2->3) (bind_iface_endpoint() +466 programs/pluto/iface.c)
1219. Mar 27 18:08:51.745317: | NAT-Traversal: Trying sockopt style NAT-T
1220. Mar 27 18:08:51.745328: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
1221. Mar 27 18:08:51.745339: adding UDP interface lo 127.0.0.1:4500
1222. Mar 27 18:08:51.745367: | updating interfaces - listing interfaces that are going down
1223. Mar 27 18:08:51.745387: | updating interfaces - checking orientation
1224. Mar 27 18:08:51.745405: | FOR_EACH_CONNECTION_.... in (check_orientations() +372 programs/pluto/orient.c)
1225. Mar 27 18:08:51.745421: | found "tunnel1"
1226. Mar 27 18:08:51.745429: | orienting "tunnel1"
1227. Mar 27 18:08:51.745441: | left host type=IPADDR address=192.168.1.10 port=500 ikeport=0 encap=no tcp=no
1228. Mar 27 18:08:51.745462: | right host type=ANY address=0.0.0.0 port=500 ikeport=0 encap=no tcp=no
1229. Mar 27 18:08:51.745472: | interface enp0s10 192.168.200.2 does not match left or right
1230. Mar 27 18:08:51.745481: | interface enp0s9 192.168.101.2 does not match left or right
1231. Mar 27 18:08:51.745491: | interface enp0s8 192.168.10.26 does not match left or right
1232. Mar 27 18:08:51.745501: | interface enp0s8 172.16.10.1 does not match left or right
1233. Mar 27 18:08:51.745510: | interface enp0s8 192.168.10.25 does not match left or right
1234. Mar 27 18:08:51.745520: | interface enp0s3 192.168.1.10 matches 'left'; orienting
1235. Mar 27 18:08:51.745530: | interface lo 127.0.0.1 does not match left or right
1236. Mar 27 18:08:51.745539: | struct iface: addref @0x560a7385a9e8(3->4) (orient() +324 programs/pluto/orient.c)
1237. Mar 27 18:08:51.745547: | orienting left=local right=remote
1238. Mar 27 18:08:51.745561: | "tunnel1": 192.168.1.10->0.0.0.0 oriented=yes
1239. Mar 27 18:08:51.745574: | skipping enp0s3 192.168.1.10; no custom UDP port
1240. Mar 27 18:08:51.745584: | skipping enp0s3 192.168.1.10; no custom TCP port
1241. Mar 27 18:08:51.745594: | struct fd: addref @0x560a73854af8(1->2) (check_orientations() +384 programs/pluto/orient.c)
1242. Mar 27 18:08:51.745603: | "tunnel1": attach whack fd@0x560a73854af8 to empty logger 0x560a7381a508 slot 0
1243. Mar 27 18:08:51.745614: "tunnel1": oriented IKEv2 connection (local: left=192.168.1.10 remote: right=0.0.0.0)
1244. Mar 27 18:08:51.745643: | "tunnel1": detach whack fd@0x560a73854af8 from logger 0x560a7381a508 slot 0 (check_orientations() +388 programs/pluto/orient.c)
1245. Mar 27 18:08:51.745654: | delref @0x560a73854af8(2->1) (check_orientations() +388 programs/pluto/orient.c)
1246. Mar 27 18:08:51.745662: | matches: 1
1247. Mar 27 18:08:51.745672: | fdl: newref @0x560a7385b988(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1248. Mar 27 18:08:51.745684: | libevent: newref @0x560a7385ba58(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1249. Mar 27 18:08:51.745709: | setup callback for interface lo 127.0.0.1:4500 fd 29 on UDP
1250. Mar 27 18:08:51.745719: | fdl: newref @0x560a7385ba98(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1251. Mar 27 18:08:51.745729: | libevent: newref @0x560a7385bb68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1252. Mar 27 18:08:51.745743: | setup callback for interface lo 127.0.0.1:500 fd 28 on UDP
1253. Mar 27 18:08:51.745752: | fdl: newref @0x560a7385bba8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1254. Mar 27 18:08:51.745798: | libevent: newref @0x560a7385bc78(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1255. Mar 27 18:08:51.745819: | setup callback for interface enp0s3 192.168.1.10:4500 fd 27 on UDP
1256. Mar 27 18:08:51.745830: | fdl: newref @0x560a7385bcb8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1257. Mar 27 18:08:51.745850: | libevent: newref @0x560a7385bd88(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1258. Mar 27 18:08:51.745864: | setup callback for interface enp0s3 192.168.1.10:500 fd 26 on UDP
1259. Mar 27 18:08:51.745874: | fdl: newref @0x560a7385bdc8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1260. Mar 27 18:08:51.745884: | libevent: newref @0x560a7385be98(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1261. Mar 27 18:08:51.745907: | setup callback for interface enp0s8 192.168.10.25:4500 fd 25 on UDP
1262. Mar 27 18:08:51.745917: | fdl: newref @0x560a7385bed8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1263. Mar 27 18:08:51.745927: | libevent: newref @0x560a7385bfa8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1264. Mar 27 18:08:51.745940: | setup callback for interface enp0s8 192.168.10.25:500 fd 24 on UDP
1265. Mar 27 18:08:51.745951: | fdl: newref @0x560a73854b48(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1266. Mar 27 18:08:51.745961: | libevent: newref @0x560a73854c18(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1267. Mar 27 18:08:51.745983: | setup callback for interface enp0s8 172.16.10.1:4500 fd 23 on UDP
1268. Mar 27 18:08:51.745993: | fdl: newref @0x560a73854c58(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1269. Mar 27 18:08:51.746003: | libevent: newref @0x560a73854d28(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1270. Mar 27 18:08:51.746017: | setup callback for interface enp0s8 172.16.10.1:500 fd 22 on UDP
1271. Mar 27 18:08:51.746035: | fdl: newref @0x560a7385bfe8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1272. Mar 27 18:08:51.746046: | libevent: newref @0x560a7385a718(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1273. Mar 27 18:08:51.746060: | setup callback for interface enp0s8 192.168.10.26:4500 fd 21 on UDP
1274. Mar 27 18:08:51.746070: | fdl: newref @0x560a7385c0b8(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1275. Mar 27 18:08:51.746080: | libevent: newref @0x560a73854f08(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1276. Mar 27 18:08:51.746093: | setup callback for interface enp0s8 192.168.10.26:500 fd 20 on UDP
1277. Mar 27 18:08:51.746103: | fdl: newref @0x560a7385c188(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1278. Mar 27 18:08:51.746113: | libevent: newref @0x560a73854d68(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1279. Mar 27 18:08:51.746127: | setup callback for interface enp0s9 192.168.101.2:4500 fd 19 on UDP
1280. Mar 27 18:08:51.746137: | fdl: newref @0x560a7385c258(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1281. Mar 27 18:08:51.746147: | libevent: newref @0x560a73854da8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1282. Mar 27 18:08:51.746160: | setup callback for interface enp0s9 192.168.101.2:500 fd 18 on UDP
1283. Mar 27 18:08:51.746170: | fdl: newref @0x560a7385c328(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1284. Mar 27 18:08:51.746180: | libevent: newref @0x560a7385c3f8(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1285. Mar 27 18:08:51.746194: | setup callback for interface enp0s10 192.168.200.2:4500 fd 17 on UDP
1286. Mar 27 18:08:51.746206: | fdl: newref @0x560a7385c438(0->1) (attach_fd_read_listener() +803 programs/pluto/server.c)
1287. Mar 27 18:08:51.746217: | libevent: newref @0x560a7385c508(0->1) (libevent_malloc() +959 programs/pluto/server.c)
1288. Mar 27 18:08:51.746230: | setup callback for interface enp0s10 192.168.200.2:500 fd 16 on UDP
1289. Mar 27 18:08:51.749983: | no stale xfrmi interface 'ipsec1' found
1290. Mar 27 18:08:51.750005: | certs and keys locked by 'free_preshared_secrets'
1291. Mar 27 18:08:51.750008: | certs and keys unlocked by 'free_preshared_secrets'
1292. Mar 27 18:08:51.750036: loading secrets from "/etc/ipsec.secrets"
1293. Mar 27 18:08:51.750139: loading secrets from "/etc/ipsec.d/con1.secrets"
1294. Mar 27 18:08:51.750189: | id type added to secret(0x560a7385f668) SECRET_PSK: 192.168.101.2
1295. Mar 27 18:08:51.750206: | id type added to secret(0x560a7385f668) SECRET_PSK: 192.168.102.1
1296. Mar 27 18:08:51.750257: | processing PSK at line 1: passed
1297. Mar 27 18:08:51.750267: | certs and keys locked by 'process_secret'
1298. Mar 27 18:08:51.750276: | certs and keys unlocked by 'process_secret'
1299. Mar 27 18:08:51.750292: | FOR_EACH_CONNECTION_.... in (load_groups() +342 programs/pluto/foodgroups.c)
1300. Mar 27 18:08:51.750309: | matches: 0
1301. Mar 27 18:08:51.750317: | old food groups:
1302. Mar 27 18:08:51.750324: | new food groups:
1303. Mar 27 18:08:51.750332: | pluto_sd: executing action action: ready(5), status 0
1304. Mar 27 18:08:51.750388: | whack: listen: stop: (logger@0x7fffc3c01d50/fd@0x560a73854af8/fd@(nil))
1305. Mar 27 18:08:51.750401: | delref @0x560a73854af8(1->0) (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
1306. Mar 27 18:08:51.750421: | freeref fd@0x560a73854af8 (whack_handle_cb() +787 programs/pluto/rcv_whack.c)
1307. Mar 27 18:08:51.750435: | spent 3.56 (7.26) milliseconds in whack
1308. Mar 27 18:08:51.750454: addconn: listening for IKE messages
1309. Mar 27 18:08:51.750466: addconn: Kernel supports NIC esp-hw-offload
1310. Mar 27 18:08:51.750479: addconn: adding UDP interface enp0s10 192.168.200.2:500
1311. Mar 27 18:08:51.750492: addconn: adding UDP interface enp0s10 192.168.200.2:4500
1312. Mar 27 18:08:51.750516: addconn: adding UDP interface enp0s9 192.168.101.2:500
1313. Mar 27 18:08:51.750530: addconn: adding UDP interface enp0s9 192.168.101.2:4500
1314. Mar 27 18:08:51.750543: addconn: adding UDP interface enp0s8 192.168.10.26:500
1315. Mar 27 18:08:51.750556: addconn: adding UDP interface enp0s8 192.168.10.26:4500
1316. Mar 27 18:08:51.750568: addconn: adding UDP interface enp0s8 172.16.10.1:500
1317. Mar 27 18:08:51.750581: addconn: adding UDP interface enp0s8 172.16.10.1:4500
1318. Mar 27 18:08:51.750594: addconn: adding UDP interface enp0s8 192.168.10.25:500
1319. Mar 27 18:08:51.750605: addconn: adding UDP interface enp0s8 192.16
1320. Mar 27 18:08:51.750629: addconn: 8.10.25:4500
1321. Mar 27 18:08:51.750656: addconn: adding UDP interface enp0s3 192.168.1.10:500
1322. Mar 27 18:08:51.750675: addconn: adding UDP interface enp0s3 192.168.1.10:4500
1323. Mar 27 18:08:51.750687: addconn: adding UDP interface lo 127.0.0.1:500
1324. Mar 27 18:08:51.750699: addconn: adding UDP interface lo 127.0.0.1:4500
1325. Mar 27 18:08:51.750718: addconn: "tunnel1": oriented IKEv2 connection (local: left=192.168.1.10 remote: right=0.0.0.0)
1326. Mar 27 18:08:51.750731: addconn: loading secrets from "/etc/ipsec.secrets"
1327. Mar 27 18:08:51.750744: addconn: loading secrets from "/etc/ipsec.d/con1.secrets"
1328. Mar 27 18:08:51.750752: addconn:
1329. Mar 27 18:08:51.751315: | addconn: reading fd 14 returned EOF
1330. Mar 27 18:08:51.751333: | fdl: delref @0x560a73854a28(1->0) (detach_fd_read_listener() +817 programs/pluto/server.c)
1331. Mar 27 18:08:51.751356: | processing signal PLUTO_SIGCHLD
1332. Mar 27 18:08:51.751374: | waitpid returned pid 1301457 (exited with status 0)
1333. Mar 27 18:08:51.751383: | reaped addconn helper child (status 0)
1334. Mar 27 18:08:51.751392: | releasing whack (but there are none) (free_pid_entry() +151 programs/pluto/server_fork.c)
1335. Mar 27 18:08:51.751402: | logger: delref @0x560a7381a418(1->0) (free_pid_entry() +151 programs/pluto/server_fork.c)
1336. Mar 27 18:08:51.751412: | pid: delref @0x560a73854958(1->0) (free_pid_entry() +152 programs/pluto/server_fork.c)
1337. Mar 27 18:08:51.751421: | waitpid returned ECHILD (no child processes left)
1338. Mar 27 18:08:51.751433: | spent 0.0644 (0.0643) milliseconds in signal handler PLUTO_SIGCHLD
1339. Mar 27 18:09:02.168396: | spent 0.00428 (0.00423) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
1340. Mar 27 18:09:02.168445: | struct msg_digest: newref @0x560a7385c548(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
1341. Mar 27 18:09:02.168456: | struct iface_endpoint: addref @0x560a7385b588(1->2) (udp_read_packet() +249 programs/pluto/iface_udp.c)
1342. Mar 27 18:09:02.168467: | alloc logger: newref @0x560a73858608(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
1343. Mar 27 18:09:02.168484: | *received 652 bytes from 192.168.1.126:57597 on enp0s3 192.168.1.10:500 using UDP
1344. Mar 27 18:09:02.168493: | 8a 39 43 fb 73 2f 1e 90 00 00 00 00 00 00 00 00 .9C.s/..........
1345. Mar 27 18:09:02.168502: | 21 20 22 08 00 00 00 00 00 00 02 8c 22 00 00 f4 ! "........."...
1346. Mar 27 18:09:02.168511: | 02 00 00 88 01 01 00 0f 03 00 00 0c 01 00 00 0c ................
1347. Mar 27 18:09:02.168519: | 80 0e 01 00 03 00 00 0c 01 00 00 0c 80 0e 00 80 ................
1348. Mar 27 18:09:02.168527: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0d ................
1349. Mar 27 18:09:02.168536: | 03 00 00 08 03 00 00 0c 03 00 00 08 03 00 00 02 ................
1350. Mar 27 18:09:02.168544: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 06 ................
1351. Mar 27 18:09:02.168553: | 03 00 00 08 02 00 00 05 03 00 00 08 02 00 00 02 ................
1352. Mar 27 18:09:02.168561: | 03 00 00 08 04 00 00 18 03 00 00 08 04 00 00 14 ................
1353. Mar 27 18:09:02.168570: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 0e ................
1354. Mar 27 18:09:02.168578: | 00 00 00 08 04 00 00 05 00 00 00 68 02 01 00 0b ...........h....
1355. Mar 27 18:09:02.168587: | 03 00 00 0c 01 00 00 14 80 0e 01 00 03 00 00 0c ................
1356. Mar 27 18:09:02.168595: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 ................
1357. Mar 27 18:09:02.168604: | 03 00 00 08 02 00 00 06 03 00 00 08 02 00 00 05 ................
1358. Mar 27 18:09:02.168625: | 03 00 00 08 02 00 00 02 03 00 00 08 04 00 00 18 ................
1359. Mar 27 18:09:02.168634: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 13 ................
1360. Mar 27 18:09:02.168643: | 03 00 00 08 04 00 00 0e 00 00 00 08 04 00 00 05 ................
1361. Mar 27 18:09:02.168651: | 28 00 01 08 00 18 00 00 85 7a 69 07 e4 a2 57 62 (........zi...Wb
1362. Mar 27 18:09:02.168660: | 98 7d 84 ae d8 15 40 00 ee 60 0f cb ab 62 6f 82 .}....@..`...bo.
1363. Mar 27 18:09:02.168668: | 3f 6e ae f3 ae 83 ce ab e5 a9 22 0e fc f4 76 0a ?n........"...v.
1364. Mar 27 18:09:02.168677: | fa 37 29 5b c2 7f 61 2b 74 52 ac 28 31 e6 19 c9 .7)[..a+tR.(1...
1365. Mar 27 18:09:02.168685: | 93 30 60 82 cb 23 e0 f5 78 e2 42 99 fb bd c8 63 .0`..#..x.B....c
1366. Mar 27 18:09:02.168693: | 35 bb 46 4a 2f 3e cd de fa af 85 41 ae 3a fa f2 5.FJ/>.....A.:..
1367. Mar 27 18:09:02.168702: | 8a 88 21 61 18 26 fe 0e 47 cd fe 58 03 3d 93 be ..!a.&..G..X.=..
1368. Mar 27 18:09:02.168710: | 5d 10 ee 8d 9d 2f 8f b5 87 b6 3b 0a 43 12 8f 57 ]..../....;.C..W
1369. Mar 27 18:09:02.168719: | 0e a6 58 70 8a ec a5 a9 a9 c9 d4 48 08 8c 64 d1 ..Xp.......H..d.
1370. Mar 27 18:09:02.168727: | e2 51 a6 9d d4 ca 9a ac 44 e1 47 a2 9d ce b5 2e .Q......D.G.....
1371. Mar 27 18:09:02.168736: | 0a 0e 1e 4f 3d 94 fe 50 a5 09 c4 fb 1a 29 07 a0 ...O=..P.....)..
1372. Mar 27 18:09:02.168744: | 06 86 7d 43 3b 17 21 40 bd c6 4b a6 d7 c2 bc 1e ..}C;.!@..K.....
1373. Mar 27 18:09:02.168753: | 60 c9 a4 12 02 20 b6 00 2f db cc fd e9 fe b7 c2 `.... ../.......
1374. Mar 27 18:09:02.168761: | 05 85 05 75 99 00 e0 97 11 66 8a 41 9d 8b 03 31 ...u.....f.A...1
1375. Mar 27 18:09:02.168770: | 12 cd 15 cd bc f2 f4 ec db 99 fb 44 da 8f e4 cc ...........D....
1376. Mar 27 18:09:02.168778: | a6 26 e9 69 04 81 91 57 5a cd bd 87 7d 35 7e b3 .&.i...WZ...}5~.
1377. Mar 27 18:09:02.168787: | 2b 7e 8d 51 11 af f0 0d 29 00 00 24 55 c3 b1 28 +~.Q....)..$U..(
1378. Mar 27 18:09:02.168795: | 57 37 f7 b2 b9 31 f1 80 ca ac ee 89 9a e1 2d 3e W7...1........->
1379. Mar 27 18:09:02.168804: | ac 22 6f 0d 99 ea 31 29 44 26 6a 7e 29 00 00 1c ."o...1)D&j~)...
1380. Mar 27 18:09:02.168812: | 00 00 40 04 09 9d 72 d6 50 46 f2 db 45 b7 8c 7a ..@...r.PF..E..z
1381. Mar 27 18:09:02.168820: | 12 67 41 ee 64 68 37 5f 29 00 00 1c 00 00 40 05 .gA.dh7_).....@.
1382. Mar 27 18:09:02.168829: | 8c b9 ab 3d 10 ef c9 fa 39 45 f4 a2 aa 4d c3 c8 ...=....9E...M..
1383. Mar 27 18:09:02.168837: | 89 bb 8c 96 29 00 00 10 00 00 40 2f 00 02 00 03 ....).....@/....
1384. Mar 27 18:09:02.168846: | 00 04 00 05 00 00 00 08 00 00 40 16 ..........@.
1385. Mar 27 18:09:02.168861: | **parse ISAKMP Message:
1386. Mar 27 18:09:02.168874: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
1387. Mar 27 18:09:02.168887: | responder SPI: 00 00 00 00 00 00 00 00
1388. Mar 27 18:09:02.168896: | next payload type: ISAKMP_NEXT_v2SA (0x21)
1389. Mar 27 18:09:02.168905: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
1390. Mar 27 18:09:02.168913: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
1391. Mar 27 18:09:02.168922: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
1392. Mar 27 18:09:02.168934: | Message ID: 0 (00 00 00 00)
1393. Mar 27 18:09:02.168945: | length: 652 (00 00 02 8c)
1394. Mar 27 18:09:02.168954: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
1395. Mar 27 18:09:02.168964: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request
1396. Mar 27 18:09:02.168974: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
1397. Mar 27 18:09:02.168983: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
1398. Mar 27 18:09:02.168991: | ***parse IKEv2 Security Association Payload:
1399. Mar 27 18:09:02.169000: | next payload type: ISAKMP_NEXT_v2KE (0x22)
1400. Mar 27 18:09:02.169009: | flags: none (0x0)
1401. Mar 27 18:09:02.169019: | length: 244 (00 f4)
1402. Mar 27 18:09:02.169045: | processing payload: ISAKMP_NEXT_v2SA (len=240)
1403. Mar 27 18:09:02.169056: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
1404. Mar 27 18:09:02.169065: | ***parse IKEv2 Key Exchange Payload:
1405. Mar 27 18:09:02.169083: | next payload type: ISAKMP_NEXT_v2Ni (0x28)
1406. Mar 27 18:09:02.169092: | flags: none (0x0)
1407. Mar 27 18:09:02.169102: | length: 264 (01 08)
1408. Mar 27 18:09:02.169110: | DH group: OAKLEY_GROUP_DH24 (0x18)
1409. Mar 27 18:09:02.169119: | processing payload: ISAKMP_NEXT_v2KE (len=256)
1410. Mar 27 18:09:02.169126: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
1411. Mar 27 18:09:02.169135: | ***parse IKEv2 Nonce Payload:
1412. Mar 27 18:09:02.169143: | next payload type: ISAKMP_NEXT_v2N (0x29)
1413. Mar 27 18:09:02.169152: | flags: none (0x0)
1414. Mar 27 18:09:02.169161: | length: 36 (00 24)
1415. Mar 27 18:09:02.169170: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
1416. Mar 27 18:09:02.169178: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1417. Mar 27 18:09:02.169189: | ***parse IKEv2 Notify Payload:
1418. Mar 27 18:09:02.169231: | next payload type: ISAKMP_NEXT_v2N (0x29)
1419. Mar 27 18:09:02.169240: | flags: none (0x0)
1420. Mar 27 18:09:02.169250: | length: 28 (00 1c)
1421. Mar 27 18:09:02.169258: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1422. Mar 27 18:09:02.169267: | SPI size: 0 (00)
1423. Mar 27 18:09:02.169276: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
1424. Mar 27 18:09:02.169285: | processing payload: ISAKMP_NEXT_v2N (len=20)
1425. Mar 27 18:09:02.169293: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1426. Mar 27 18:09:02.169302: | ***parse IKEv2 Notify Payload:
1427. Mar 27 18:09:02.169310: | next payload type: ISAKMP_NEXT_v2N (0x29)
1428. Mar 27 18:09:02.169319: | flags: none (0x0)
1429. Mar 27 18:09:02.169328: | length: 28 (00 1c)
1430. Mar 27 18:09:02.169336: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1431. Mar 27 18:09:02.169346: | SPI size: 0 (00)
1432. Mar 27 18:09:02.169354: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
1433. Mar 27 18:09:02.169362: | processing payload: ISAKMP_NEXT_v2N (len=20)
1434. Mar 27 18:09:02.169370: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1435. Mar 27 18:09:02.169379: | ***parse IKEv2 Notify Payload:
1436. Mar 27 18:09:02.169387: | next payload type: ISAKMP_NEXT_v2N (0x29)
1437. Mar 27 18:09:02.169396: | flags: none (0x0)
1438. Mar 27 18:09:02.169405: | length: 16 (00 10)
1439. Mar 27 18:09:02.169414: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1440. Mar 27 18:09:02.169423: | SPI size: 0 (00)
1441. Mar 27 18:09:02.169431: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
1442. Mar 27 18:09:02.169440: | processing payload: ISAKMP_NEXT_v2N (len=8)
1443. Mar 27 18:09:02.169448: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1444. Mar 27 18:09:02.169456: | ***parse IKEv2 Notify Payload:
1445. Mar 27 18:09:02.169464: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
1446. Mar 27 18:09:02.169473: | flags: none (0x0)
1447. Mar 27 18:09:02.169483: | length: 8 (00 08)
1448. Mar 27 18:09:02.169491: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1449. Mar 27 18:09:02.169500: | SPI size: 0 (00)
1450. Mar 27 18:09:02.169509: | Notify Message Type: v2N_REDIRECT_SUPPORTED (0x4016)
1451. Mar 27 18:09:02.169517: | processing payload: ISAKMP_NEXT_v2N (len=0)
1452. Mar 27 18:09:02.169526: | DDOS disabled and no cookie sent, continuing
1453. Mar 27 18:09:02.169541: | looking for transition from PARENT_R0 matching IKE_SA_INIT request: SA,KE,Ni,N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),N(SIGNATURE_HASH_ALGORITHMS),N(REDIRECT_SUPPORTED)
1454. Mar 27 18:09:02.169549: | trying: Respond to IKE_SA_INIT
1455. Mar 27 18:09:02.169557: | unsecured message matched
1456. Mar 27 18:09:02.169572: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=ECDSA
1457. Mar 27 18:09:02.169586: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
1458. Mar 27 18:09:02.169596: | matches: 0
1459. Mar 27 18:09:02.169607: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
1460. Mar 27 18:09:02.169616: | found "tunnel1"
1461. Mar 27 18:09:02.169626: | skipping "tunnel1", PSK missing required authby ECDSA
1462. Mar 27 18:09:02.169634: | matches: 1
1463. Mar 27 18:09:02.169646: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy ECDSA, sending reject response
1464. Mar 27 18:09:02.169669: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG
1465. Mar 27 18:09:02.169683: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
1466. Mar 27 18:09:02.169691: | matches: 0
1467. Mar 27 18:09:02.169703: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
1468. Mar 27 18:09:02.169711: | found "tunnel1"
1469. Mar 27 18:09:02.169720: | skipping "tunnel1", PSK missing required authby RSASIG
1470. Mar 27 18:09:02.169728: | matches: 1
1471. Mar 27 18:09:02.169739: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG, sending reject response
1472. Mar 27 18:09:02.169753: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG_v1_5
1473. Mar 27 18:09:02.169767: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
1474. Mar 27 18:09:02.169776: | matches: 0
1475. Mar 27 18:09:02.169787: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
1476. Mar 27 18:09:02.169795: | found "tunnel1"
1477. Mar 27 18:09:02.169804: | skipping "tunnel1", PSK missing required authby RSASIG_v1_5
1478. Mar 27 18:09:02.169812: | matches: 1
1479. Mar 27 18:09:02.169823: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG_v1_5, sending reject response
1480. Mar 27 18:09:02.169837: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=PSK
1481. Mar 27 18:09:02.169851: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
1482. Mar 27 18:09:02.169859: | matches: 0
1483. Mar 27 18:09:02.169871: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
1484. Mar 27 18:09:02.169879: | found "tunnel1"
1485. Mar 27 18:09:02.169888: | instant winner with non-opportunistic template "tunnel1"
1486. Mar 27 18:09:02.169896: | instantiate roadwarrior winner "tunnel1"
1487. Mar 27 18:09:02.169911: | "tunnel1": rw_responder_instantiate: remote=192.168.1.126 id=<null-id> kind=TEMPLATE sec_label= (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
1488. Mar 27 18:09:02.169920: | connection $1: "tunnel1"
1489. Mar 27 18:09:02.169928: | routing+kind: UNROUTED TEMPLATE
1490. Mar 27 18:09:02.169941: | host: 192.168.1.10->0.0.0.0
1491. Mar 27 18:09:02.169952: | selectors: 192.168.10.0/24 -> <unset-selector>
1492. Mar 27 18:09:02.169960: | spds: <unset-selectors>
1493. Mar 27 18:09:02.169971: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
1494. Mar 27 18:09:02.169982: | struct connection: newref @0x560a7385e018(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
1495. Mar 27 18:09:02.169995: | alloc logger: newref @0x560a738584e8(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
1496. Mar 27 18:09:02.170021: | "tunnel1"[1]: no whack to attach
1497. Mar 27 18:09:02.170033: | "tunnel1": template .instance_serial_next updated to 2; instance 1
1498. Mar 27 18:09:02.170046: | "tunnel1": addref @0x560a738554d8(1->2) "tunnel1"[1] <unset-address>: (alloc_connection() +2100 programs/pluto/connections.c)
1499. Mar 27 18:09:02.170056: | struct iface: addref @0x560a7385a9e8(4->5) (duplicate_connection() +78 programs/pluto/instantiate.c)
1500. Mar 27 18:09:02.170066: | left.child.has_client: no -> yes (duplicate_connection() +87 programs/pluto/instantiate.c)
1501. Mar 27 18:09:02.170075: | right.child.has_client: no -> no (duplicate_connection() +87 programs/pluto/instantiate.c)
1502. Mar 27 18:09:02.170087: | updating host ends from right.host.addr 192.168.1.126
1503. Mar 27 18:09:02.170096: | updated right.host_port from 0 to 500
1504. Mar 27 18:09:02.170123: | updated left.host_nexthop from 0.0.0.0 to 192.168.1.126
1505. Mar 27 18:09:02.170189: | "tunnel1"[1] 192.168.1.126: tunnel1 .child.reqid=16392 because t.config.sa_requid=0 (generate)
1506. Mar 27 18:09:02.170215: | "tunnel1"[1] 192.168.1.126: 192.168.1.10->192.168.1.126 oriented=yes
1507. Mar 27 18:09:02.170226: | update_selectors() left selectors from 1 child.selectors
1508. Mar 27 18:09:02.170234: | update_selectors() right.child selector formed from host address+protoport
1509. Mar 27 18:09:02.170248: | append_end_selector() right.child.selectors.proposed[0] 192.168.1.126/32 (update_selectors() +397 programs/pluto/instantiate.c)
1510. Mar 27 18:09:02.170257: | adding connection spds using proposed
1511. Mar 27 18:09:02.170265: | left=1 right=1
1512. Mar 27 18:09:02.170274: | left[IPv4]=1 right[IPv4]=1
1513. Mar 27 18:09:02.170283: | left[IPv6]=0 right[IPv6]=0
1514. Mar 27 18:09:02.170291: | allocating 1 SPDs
1515. Mar 27 18:09:02.170306: | 192.168.10.0/24===192.168.1.126/32
1516. Mar 27 18:09:02.170318: | left child spd from selector 192.168.10.0/24 left.spd.has_client=yes virt=no
1517. Mar 27 18:09:02.170330: | right child spd from selector 192.168.1.126/32 right.spd.has_client=no virt=no
1518. Mar 27 18:09:02.170345: | "tunnel1"[1] 192.168.1.126: rw_responder_instantiate: from "tunnel1" (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
1519. Mar 27 18:09:02.170356: | connection $2 clonedfrom $1: "tunnel1"[1] 192.168.1.126
1520. Mar 27 18:09:02.170365: | routing+kind: UNROUTED INSTANCE
1521. Mar 27 18:09:02.170378: | host: 192.168.1.10->192.168.1.126
1522. Mar 27 18:09:02.170391: | selectors: 192.168.10.0/24 -> 192.168.1.126/32
1523. Mar 27 18:09:02.170405: | spds: 192.168.10.0/24===192.168.1.126/32
1524. Mar 27 18:09:02.170414: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
1525. Mar 27 18:09:02.170426: | found connection: "tunnel1"[1] 192.168.1.126 with remote authby PSK
1526. Mar 27 18:09:02.170436: | struct iface_endpoint: addref @0x560a7385b588(2->3) (get_responder_endpoints() +610 programs/pluto/state.c)
1527. Mar 27 18:09:02.170487: | alloc logger: newref @0x560a73856be8(0->1) (new_v2_ike_sa() +666 programs/pluto/state.c)
1528. Mar 27 18:09:02.170497: | #0: no whack to attach
1529. Mar 27 18:09:02.170510: | "tunnel1"[1] 192.168.1.126: addref @0x560a7385e018(1->2) #1: (new_state() +491 programs/pluto/state.c)
1530. Mar 27 18:09:02.170520: | creating state object #1 at 0x560a7385e5c8
1531. Mar 27 18:09:02.170537: | pstats #1 ikev2.ike started
1532. Mar 27 18:09:02.170547: | parent state #1: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
1533. Mar 27 18:09:02.170558: | #1.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (new_v2_ike_sa() +669 programs/pluto/state.c)
1534. Mar 27 18:09:02.170585: | Message ID: IKE #1 initializing (initiator: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.286391 .last_recv=0->33396.286391 responder: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.286391 .last_recv=0->33396.286391)
1535. Mar 27 18:09:02.170597: | event_schedule_where: newref EVENT_v2_DISCARD-pe@0x560a7385a358 timeout in 200 seconds for #1
1536. Mar 27 18:09:02.170608: | tt: newref @0x560a7385a3d8(0->1) (schedule_timeout() +557 programs/pluto/server.c)
1537. Mar 27 18:09:02.170623: | #1 spent 2.22 (2.25) milliseconds
1538. Mar 27 18:09:02.170634: | #1.st_v2_transition PARENT_R0->PARENT_R1 -> PARENT_R0->PARENT_R1 (v2_dispatch() +2308 programs/pluto/ikev2.c)
1539. Mar 27 18:09:02.170656: | Message ID: IKE #1 responder starting message request 0 (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.286391 .last_recv=33396.286391 responder: .sent=-1 .recv=-1 .recv_frags=0 .wip=0 .last_sent=33396.286391 .last_recv=33396.286391)
1540. Mar 27 18:09:02.170664: | calling processor Respond to IKE_SA_INIT
1541. Mar 27 18:09:02.170675: | #1 spent 2.28 (2.3) milliseconds
1542. Mar 27 18:09:02.170691: | #1 updating local interface from 192.168.1.10:500 to 192.168.1.10:500 using md->iface (update_ike_endpoints() +1714 programs/pluto/state.c)
1543. Mar 27 18:09:02.170702: | delref @0x560a7385b588(3->2) (update_ike_endpoints() +1719 programs/pluto/state.c)
1544. Mar 27 18:09:02.170712: | struct iface_endpoint: addref @0x560a7385b588(2->3) (update_ike_endpoints() +1720 programs/pluto/state.c)
1545. Mar 27 18:09:02.170730: | comparing remote proposals against IKE responder 5 local proposals
1546. Mar 27 18:09:02.170741: | local proposal 1 type ENCR has 1 transforms
1547. Mar 27 18:09:02.170750: | local proposal 1 type PRF has 2 transforms
1548. Mar 27 18:09:02.170758: | local proposal 1 type INTEG has 1 transforms
1549. Mar 27 18:09:02.170767: | local proposal 1 type DH has 8 transforms
1550. Mar 27 18:09:02.170775: | local proposal 1 type ESN has 0 transforms
1551. Mar 27 18:09:02.170785: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
1552. Mar 27 18:09:02.170794: | local proposal 2 type ENCR has 1 transforms
1553. Mar 27 18:09:02.170802: | local proposal 2 type PRF has 2 transforms
1554. Mar 27 18:09:02.170811: | local proposal 2 type INTEG has 1 transforms
1555. Mar 27 18:09:02.170820: | local proposal 2 type DH has 8 transforms
1556. Mar 27 18:09:02.170828: | local proposal 2 type ESN has 0 transforms
1557. Mar 27 18:09:02.170838: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
1558. Mar 27 18:09:02.170846: | local proposal 3 type ENCR has 1 transforms
1559. Mar 27 18:09:02.170855: | local proposal 3 type PRF has 2 transforms
1560. Mar 27 18:09:02.170863: | local proposal 3 type INTEG has 1 transforms
1561. Mar 27 18:09:02.170872: | local proposal 3 type DH has 8 transforms
1562. Mar 27 18:09:02.170880: | local proposal 3 type ESN has 0 transforms
1563. Mar 27 18:09:02.170890: | local proposal 3 transforms: required: ENCR+PRF+DH; optional: INTEG
1564. Mar 27 18:09:02.170899: | local proposal 4 type ENCR has 1 transforms
1565. Mar 27 18:09:02.170907: | local proposal 4 type PRF has 2 transforms
1566. Mar 27 18:09:02.170916: | local proposal 4 type INTEG has 2 transforms
1567. Mar 27 18:09:02.170924: | local proposal 4 type DH has 8 transforms
1568. Mar 27 18:09:02.170933: | local proposal 4 type ESN has 0 transforms
1569. Mar 27 18:09:02.170943: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
1570. Mar 27 18:09:02.170951: | local proposal 5 type ENCR has 1 transforms
1571. Mar 27 18:09:02.170960: | local proposal 5 type PRF has 2 transforms
1572. Mar 27 18:09:02.170968: | local proposal 5 type INTEG has 2 transforms
1573. Mar 27 18:09:02.171004: | local proposal 5 type DH has 8 transforms
1574. Mar 27 18:09:02.171020: | local proposal 5 type ESN has 0 transforms
1575. Mar 27 18:09:02.171030: | local proposal 5 transforms: required: ENCR+PRF+INTEG+DH; optional: none
1576. Mar 27 18:09:02.171039: | ****parse IKEv2 Proposal Substructure Payload:
1577. Mar 27 18:09:02.171048: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
1578. Mar 27 18:09:02.171058: | length: 136 (00 88)
1579. Mar 27 18:09:02.171067: | prop #: 1 (01)
1580. Mar 27 18:09:02.171076: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
1581. Mar 27 18:09:02.171085: | spi size: 0 (00)
1582. Mar 27 18:09:02.171094: | # transforms: 15 (0f)
1583. Mar 27 18:09:02.171104: | Comparing remote proposal 1 containing 15 transforms against local proposal [1..5] of 5 local proposals
1584. Mar 27 18:09:02.171113: | *****parse IKEv2 Transform Substructure Payload:
1585. Mar 27 18:09:02.171121: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1586. Mar 27 18:09:02.171131: | length: 12 (00 0c)
1587. Mar 27 18:09:02.171140: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
1588. Mar 27 18:09:02.171148: | IKEv2 transform ID: AES_CBC (0xc)
1589. Mar 27 18:09:02.171157: | ******parse IKEv2 Attribute Substructure Payload:
1590. Mar 27 18:09:02.171165: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
1591. Mar 27 18:09:02.171175: | length/value: 256 (01 00)
1592. Mar 27 18:09:02.171187: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 4 type 1 (ENCR) transform 0
1593. Mar 27 18:09:02.171196: | *****parse IKEv2 Transform Substructure Payload:
1594. Mar 27 18:09:02.171204: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1595. Mar 27 18:09:02.171214: | length: 12 (00 0c)
1596. Mar 27 18:09:02.171222: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
1597. Mar 27 18:09:02.171231: | IKEv2 transform ID: AES_CBC (0xc)
1598. Mar 27 18:09:02.171239: | ******parse IKEv2 Attribute Substructure Payload:
1599. Mar 27 18:09:02.171248: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
1600. Mar 27 18:09:02.171257: | length/value: 128 (00 80)
1601. Mar 27 18:09:02.171278: | remote proposal 1 transform 1 (ENCR=AES_CBC_128) matches local proposal 5 type 1 (ENCR) transform 0
1602. Mar 27 18:09:02.171287: | *****parse IKEv2 Transform Substructure Payload:
1603. Mar 27 18:09:02.171295: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1604. Mar 27 18:09:02.171305: | length: 8 (00 08)
1605. Mar 27 18:09:02.171313: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
1606. Mar 27 18:09:02.171322: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
1607. Mar 27 18:09:02.171332: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 4 type 3 (INTEG) transform 0
1608. Mar 27 18:09:02.171343: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 5 type 3 (INTEG) transform 0
1609. Mar 27 18:09:02.171351: | *****parse IKEv2 Transform Substructure Payload:
1610. Mar 27 18:09:02.171360: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1611. Mar 27 18:09:02.171369: | length: 8 (00 08)
1612. Mar 27 18:09:02.171378: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
1613. Mar 27 18:09:02.171386: | IKEv2 transform ID: AUTH_HMAC_SHA2_384_192 (0xd)
1614. Mar 27 18:09:02.171395: | *****parse IKEv2 Transform Substructure Payload:
1615. Mar 27 18:09:02.171403: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1616. Mar 27 18:09:02.171413: | length: 8 (00 08)
1617. Mar 27 18:09:02.171421: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
1618. Mar 27 18:09:02.171430: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
1619. Mar 27 18:09:02.171439: | *****parse IKEv2 Transform Substructure Payload:
1620. Mar 27 18:09:02.171447: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1621. Mar 27 18:09:02.171457: | length: 8 (00 08)
1622. Mar 27 18:09:02.171465: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
1623. Mar 27 18:09:02.171474: | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2)
1624. Mar 27 18:09:02.171483: | *****parse IKEv2 Transform Substructure Payload:
1625. Mar 27 18:09:02.171491: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1626. Mar 27 18:09:02.171501: | length: 8 (00 08)
1627. Mar 27 18:09:02.171509: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1628. Mar 27 18:09:02.171518: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
1629. Mar 27 18:09:02.171528: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
1630. Mar 27 18:09:02.171538: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
1631. Mar 27 18:09:02.171548: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
1632. Mar 27 18:09:02.171558: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
1633. Mar 27 18:09:02.171569: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 5 type 2 (PRF) transform 0
1634. Mar 27 18:09:02.171577: | *****parse IKEv2 Transform Substructure Payload:
1635. Mar 27 18:09:02.171585: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1636. Mar 27 18:09:02.171595: | length: 8 (00 08)
1637. Mar 27 18:09:02.171604: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1638. Mar 27 18:09:02.171612: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
1639. Mar 27 18:09:02.171621: | *****parse IKEv2 Transform Substructure Payload:
1640. Mar 27 18:09:02.171629: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1641. Mar 27 18:09:02.171639: | length: 8 (00 08)
1642. Mar 27 18:09:02.171648: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1643. Mar 27 18:09:02.171656: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
1644. Mar 27 18:09:02.171665: | *****parse IKEv2 Transform Substructure Payload:
1645. Mar 27 18:09:02.171673: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1646. Mar 27 18:09:02.171683: | length: 8 (00 08)
1647. Mar 27 18:09:02.171691: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1648. Mar 27 18:09:02.171700: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
1649. Mar 27 18:09:02.171709: | *****parse IKEv2 Transform Substructure Payload:
1650. Mar 27 18:09:02.171717: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1651. Mar 27 18:09:02.171727: | length: 8 (00 08)
1652. Mar 27 18:09:02.171735: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1653. Mar 27 18:09:02.171744: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
1654. Mar 27 18:09:02.171760: | *****parse IKEv2 Transform Substructure Payload:
1655. Mar 27 18:09:02.171769: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1656. Mar 27 18:09:02.171779: | length: 8 (00 08)
1657. Mar 27 18:09:02.171787: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1658. Mar 27 18:09:02.171795: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
1659. Mar 27 18:09:02.171806: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 1 type 4 (DH) transform 1
1660. Mar 27 18:09:02.171816: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 2 type 4 (DH) transform 1
1661. Mar 27 18:09:02.171826: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 3 type 4 (DH) transform 1
1662. Mar 27 18:09:02.171836: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 4 type 4 (DH) transform 1
1663. Mar 27 18:09:02.171846: | remote proposal 1 transform 11 (DH=ECP_384) matches local proposal 5 type 4 (DH) transform 1
1664. Mar 27 18:09:02.171855: | *****parse IKEv2 Transform Substructure Payload:
1665. Mar 27 18:09:02.171863: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1666. Mar 27 18:09:02.171873: | length: 8 (00 08)
1667. Mar 27 18:09:02.171881: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1668. Mar 27 18:09:02.171890: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
1669. Mar 27 18:09:02.171900: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
1670. Mar 27 18:09:02.171910: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
1671. Mar 27 18:09:02.171920: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
1672. Mar 27 18:09:02.171930: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 4 type 4 (DH) transform 0
1673. Mar 27 18:09:02.171940: | remote proposal 1 transform 12 (DH=ECP_256) matches local proposal 5 type 4 (DH) transform 0
1674. Mar 27 18:09:02.171949: | *****parse IKEv2 Transform Substructure Payload:
1675. Mar 27 18:09:02.172125: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1676. Mar 27 18:09:02.172138: | length: 8 (00 08)
1677. Mar 27 18:09:02.172147: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1678. Mar 27 18:09:02.172155: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
1679. Mar 27 18:09:02.172165: | *****parse IKEv2 Transform Substructure Payload:
1680. Mar 27 18:09:02.172174: | last transform: v2_TRANSFORM_LAST (0x0)
1681. Mar 27 18:09:02.172183: | length: 8 (00 08)
1682. Mar 27 18:09:02.172192: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1683. Mar 27 18:09:02.172200: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
1684. Mar 27 18:09:02.172212: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none
1685. Mar 27 18:09:02.172225: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
1686. Mar 27 18:09:02.172235: | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
1687. Mar 27 18:09:02.172247: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
1688. Mar 27 18:09:02.172257: | remote proposal 1 does not match local proposal 2; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
1689. Mar 27 18:09:02.172269: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 3; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
1690. Mar 27 18:09:02.172279: | remote proposal 1 does not match local proposal 3; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
1691. Mar 27 18:09:02.172292: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 4; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH
1692. Mar 27 18:09:02.172301: | remote proposal 1 matches local proposal 4
1693. Mar 27 18:09:02.172309: | ****parse IKEv2 Proposal Substructure Payload:
1694. Mar 27 18:09:02.172318: | last proposal: v2_PROPOSAL_LAST (0x0)
1695. Mar 27 18:09:02.172328: | length: 104 (00 68)
1696. Mar 27 18:09:02.172343: | prop #: 2 (02)
1697. Mar 27 18:09:02.172352: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
1698. Mar 27 18:09:02.172361: | spi size: 0 (00)
1699. Mar 27 18:09:02.172370: | # transforms: 11 (0b)
1700. Mar 27 18:09:02.172380: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..3] of 5 local proposals
1701. Mar 27 18:09:02.172389: | *****parse IKEv2 Transform Substructure Payload:
1702. Mar 27 18:09:02.172397: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1703. Mar 27 18:09:02.172407: | length: 12 (00 0c)
1704. Mar 27 18:09:02.172415: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
1705. Mar 27 18:09:02.172424: | IKEv2 transform ID: AES_GCM_C (0x14)
1706. Mar 27 18:09:02.172432: | ******parse IKEv2 Attribute Substructure Payload:
1707. Mar 27 18:09:02.172441: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
1708. Mar 27 18:09:02.172450: | length/value: 256 (01 00)
1709. Mar 27 18:09:02.172462: | remote proposal 2 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
1710. Mar 27 18:09:02.172471: | *****parse IKEv2 Transform Substructure Payload:
1711. Mar 27 18:09:02.172479: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1712. Mar 27 18:09:02.172489: | length: 12 (00 0c)
1713. Mar 27 18:09:02.172497: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
1714. Mar 27 18:09:02.172506: | IKEv2 transform ID: AES_GCM_C (0x14)
1715. Mar 27 18:09:02.172514: | ******parse IKEv2 Attribute Substructure Payload:
1716. Mar 27 18:09:02.172522: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
1717. Mar 27 18:09:02.172532: | length/value: 128 (00 80)
1718. Mar 27 18:09:02.172543: | remote proposal 2 transform 1 (ENCR=AES_GCM_C_128) matches local proposal 2 type 1 (ENCR) transform 0
1719. Mar 27 18:09:02.172552: | *****parse IKEv2 Transform Substructure Payload:
1720. Mar 27 18:09:02.172560: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1721. Mar 27 18:09:02.172570: | length: 8 (00 08)
1722. Mar 27 18:09:02.172579: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1723. Mar 27 18:09:02.172587: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
1724. Mar 27 18:09:02.172597: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
1725. Mar 27 18:09:02.172608: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
1726. Mar 27 18:09:02.172618: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
1727. Mar 27 18:09:02.172626: | *****parse IKEv2 Transform Substructure Payload:
1728. Mar 27 18:09:02.172635: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1729. Mar 27 18:09:02.172644: | length: 8 (00 08)
1730. Mar 27 18:09:02.172653: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1731. Mar 27 18:09:02.172661: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
1732. Mar 27 18:09:02.172670: | *****parse IKEv2 Transform Substructure Payload:
1733. Mar 27 18:09:02.172679: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1734. Mar 27 18:09:02.172688: | length: 8 (00 08)
1735. Mar 27 18:09:02.172697: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1736. Mar 27 18:09:02.172705: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
1737. Mar 27 18:09:02.172714: | *****parse IKEv2 Transform Substructure Payload:
1738. Mar 27 18:09:02.172723: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1739. Mar 27 18:09:02.172732: | length: 8 (00 08)
1740. Mar 27 18:09:02.172741: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
1741. Mar 27 18:09:02.172749: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
1742. Mar 27 18:09:02.172758: | *****parse IKEv2 Transform Substructure Payload:
1743. Mar 27 18:09:02.172767: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1744. Mar 27 18:09:02.172776: | length: 8 (00 08)
1745. Mar 27 18:09:02.172785: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1746. Mar 27 18:09:02.172793: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
1747. Mar 27 18:09:02.172802: | *****parse IKEv2 Transform Substructure Payload:
1748. Mar 27 18:09:02.172811: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1749. Mar 27 18:09:02.172821: | length: 8 (00 08)
1750. Mar 27 18:09:02.172829: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1751. Mar 27 18:09:02.172837: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
1752. Mar 27 18:09:02.172856: | remote proposal 2 transform 7 (DH=ECP_384) matches local proposal 1 type 4 (DH) transform 1
1753. Mar 27 18:09:02.172866: | remote proposal 2 transform 7 (DH=ECP_384) matches local proposal 2 type 4 (DH) transform 1
1754. Mar 27 18:09:02.172876: | remote proposal 2 transform 7 (DH=ECP_384) matches local proposal 3 type 4 (DH) transform 1
1755. Mar 27 18:09:02.172885: | *****parse IKEv2 Transform Substructure Payload:
1756. Mar 27 18:09:02.172893: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1757. Mar 27 18:09:02.172903: | length: 8 (00 08)
1758. Mar 27 18:09:02.172911: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1759. Mar 27 18:09:02.172920: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
1760. Mar 27 18:09:02.172957: | remote proposal 2 transform 8 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
1761. Mar 27 18:09:02.172973: | remote proposal 2 transform 8 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
1762. Mar 27 18:09:02.172984: | remote proposal 2 transform 8 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
1763. Mar 27 18:09:02.172993: | *****parse IKEv2 Transform Substructure Payload:
1764. Mar 27 18:09:02.173001: | last transform: v2_TRANSFORM_NON_LAST (0x3)
1765. Mar 27 18:09:02.173011: | length: 8 (00 08)
1766. Mar 27 18:09:02.173019: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1767. Mar 27 18:09:02.173028: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
1768. Mar 27 18:09:02.173037: | *****parse IKEv2 Transform Substructure Payload:
1769. Mar 27 18:09:02.173045: | last transform: v2_TRANSFORM_LAST (0x0)
1770. Mar 27 18:09:02.173055: | length: 8 (00 08)
1771. Mar 27 18:09:02.173064: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
1772. Mar 27 18:09:02.173072: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
1773. Mar 27 18:09:02.173083: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
1774. Mar 27 18:09:02.173096: | comparing remote proposal 2 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
1775. Mar 27 18:09:02.173104: | remote proposal 2 matches local proposal 1
1776. Mar 27 18:09:02.173120: "tunnel1"[1] 192.168.1.126 #1: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=DH24;DH=ECP_384;DH=ECP_256;DH=MODP2048;DH=MODP1536[better-match]
1777. Mar 27 18:09:02.173136: | accepted IKE proposal ikev2_proposal: 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256
1778. Mar 27 18:09:02.173144: | converting proposal to internal trans attrs
1779. Mar 27 18:09:02.173159: "tunnel1"[1] 192.168.1.126 #1: initiator guessed wrong keying material group (DH24); responding with INVALID_KE_PAYLOAD requesting DH19
1780. Mar 27 18:09:02.173168: | opening output PBS v2N response
1781. Mar 27 18:09:02.173177: | **emit ISAKMP Message:
1782. Mar 27 18:09:02.173190: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
1783. Mar 27 18:09:02.173202: | responder SPI: 09 80 e8 d6 f4 ae 42 c2
1784. Mar 27 18:09:02.173211: | next payload type: ISAKMP_NEXT_NONE (0x0)
1785. Mar 27 18:09:02.173220: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
1786. Mar 27 18:09:02.173228: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
1787. Mar 27 18:09:02.173237: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
1788. Mar 27 18:09:02.173248: | Message ID: 0 (00 00 00 00)
1789. Mar 27 18:09:02.173257: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
1790. Mar 27 18:09:02.173274: "tunnel1"[1] 192.168.1.126 #1: responding to IKE_SA_INIT message (ID 0) from 192.168.1.126:57597 with unencrypted notification INVALID_KE_PAYLOAD
1791. Mar 27 18:09:02.173282: | adding a v2N Payload
1792. Mar 27 18:09:02.173290: | ***emit IKEv2 Notify Payload:
1793. Mar 27 18:09:02.173299: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
1794. Mar 27 18:09:02.173323: | flags: none (0x0)
1795. Mar 27 18:09:02.173331: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1796. Mar 27 18:09:02.173341: | SPI size: 0 (00)
1797. Mar 27 18:09:02.173349: | Notify Message Type: v2N_INVALID_KE_PAYLOAD (0x11)
1798. Mar 27 18:09:02.173358: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
1799. Mar 27 18:09:02.173367: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'v2N response'
1800. Mar 27 18:09:02.173376: | emitting 2 raw bytes of Notify data into IKEv2 Notify Payload
1801. Mar 27 18:09:02.173386: | Notify data: 00 13
1802. Mar 27 18:09:02.173394: | emitting length of IKEv2 Notify Payload: 10
1803. Mar 27 18:09:02.173402: | emitting length of ISAKMP Message: 38
1804. Mar 27 18:09:02.173414: | #1 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_FATAL
1805. Mar 27 18:09:02.173426: "tunnel1"[1] 192.168.1.126 #1: encountered fatal error in state STATE_V2_PARENT_R0
1806. Mar 27 18:09:02.173447: | Message ID: IKE #1 responding with recorded fatal message (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.286391 .last_recv=33396.286391 responder: .sent=-1 .recv=-1 .recv_frags=0 .wip=0 .last_sent=33396.286391 .last_recv=33396.286391)
1807. Mar 27 18:09:02.173463: | Message ID: IKE #1 updating responder received message request 0 (initiator: responder: .recv=-1->0 .wip=0->-1 .last_recv=33396.286391->33396.28928)
1808. Mar 27 18:09:02.173478: | Message ID: IKE #1 updating responder sent message response 0 (initiator: responder: .sent=-1->0 .last_sent=33396.286391->33396.289296)
1809. Mar 27 18:09:02.173495: | sending 38 bytes for STF_FATAL through enp0s3 from 192.168.1.10:500 to 192.168.1.126:57597 using UDP (for #1)
1810. Mar 27 18:09:02.173504: | 8a 39 43 fb 73 2f 1e 90 09 80 e8 d6 f4 ae 42 c2 .9C.s/........B.
1811. Mar 27 18:09:02.173512: | 29 20 22 20 00 00 00 00 00 00 00 26 00 00 00 0a ) " .......&....
1812. Mar 27 18:09:02.173521: | 00 00 00 11 00 13 ......
1813. Mar 27 18:09:02.173604: | sent 1 messages
1814. Mar 27 18:09:02.173624: | "tunnel1"[1] 192.168.1.126 #1: .st_on_delete.skip_send_delete no->true (complete_v2_state_transition() +2822 programs/pluto/ikev2.c)
1815. Mar 27 18:09:02.173639: | "tunnel1"[1] 192.168.1.126 #1: routing: connection_zap_ike_family()
1816. Mar 27 18:09:02.173648: | IKE SA is no longer viable
1817. Mar 27 18:09:02.173663: | "tunnel1"[1] 192.168.1.126 #1: routing: IKE SA's connection has no Child SA #0
1818. Mar 27 18:09:02.173674: | FOR_EACH_STATE[clonedfrom=#1]... in (connection_zap_ike_family() +568 programs/pluto/terminate.c)
1819. Mar 27 18:09:02.173684: | matches: 0
1820. Mar 27 18:09:02.173701: | clone logger: newref @0x560a73856708(0->1) (teardown_ike() +1278 programs/pluto/routing.c)
1821. Mar 27 18:09:02.173718: | "tunnel1"[1] 192.168.1.126: addref @0x560a7385e018(2->3) "tunnel1"[1] 192.168.1.126 #1: (dispatch() +2436 programs/pluto/routing.c)
1822. Mar 27 18:09:02.173867: | "tunnel1"[1] 192.168.1.126 #1: routing: start TEARDOWN_IKE, UNROUTED, INSTANCE; IKE #1 (PARENT_R0) by=UNKNOWN; $2@0x560a7385e018 (complete_v2_state_transition() +2823 programs/pluto/ikev2.c)
1823. Mar 27 18:09:02.173882: | "tunnel1"[1] 192.168.1.126 #1: routing: IKE SA does not match .routing_sa #0
1824. Mar 27 18:09:02.173895: | "tunnel1"[1] 192.168.1.126 #1: .st_on_delete.skip_send_delete yes->true (delete_ike_sa() +771 programs/pluto/state.c)
1825. Mar 27 18:09:02.173921: | "tunnel1"[1] 192.168.1.126 #1: delete_state() skipping log_message:no
1826. Mar 27 18:09:02.173935: | FOR_EACH_STATE[clonedfrom=#1]... in (delete_state() +866 programs/pluto/state.c)
1827. Mar 27 18:09:02.173943: | matches: 0
1828. Mar 27 18:09:02.173955: "tunnel1"[1] 192.168.1.126 #1: deleting IKE SA (processing IKE_SA_INIT request)
1829. Mar 27 18:09:02.173967: | "tunnel1"[1] 192.168.1.126 #1: .st_on_delete.skip_log_message no->true (delete_state() +885 programs/pluto/state.c)
1830. Mar 27 18:09:02.173976: | pstats #1 ikev2.ike deleted other
1831. Mar 27 18:09:02.173988: | #1 main thread spent 0 (0) milliseconds helper thread spent 0 (0) milliseconds in total
1832. Mar 27 18:09:02.174146: | suspend: no MD saved in state #1 (delete_state() +972 programs/pluto/state.c)
1833. Mar 27 18:09:02.174158: | #1 deleting EVENT_v2_DISCARD
1834. Mar 27 18:09:02.174171: | tt: delref @0x560a7385a3d8(1->0) (destroy_timeout() +575 programs/pluto/server.c)
1835. Mar 27 18:09:02.174181: | state-event: delref @0x560a7385a358(1->0) (delete_state() +979 programs/pluto/state.c)
1836. Mar 27 18:09:02.174233: | #1 STATE_V2_PARENT_R0: retransmits: cleared
1837. Mar 27 18:09:02.174243: | pending: flush_pending_by_state() ike 0x560a7385e5c8 pending (nil)
1838. Mar 27 18:09:02.174252: | FOR_EACH_STATE[clonedfrom=#1]... in (flush_incomplete_children() +729 programs/pluto/state.c)
1839. Mar 27 18:09:02.174260: | matches: 0
1840. Mar 27 18:09:02.174270: | delref @0x560a7385b588(3->2) (delete_state() +1032 programs/pluto/state.c)
1841. Mar 27 18:09:02.174287: | "tunnel1"[1] 192.168.1.126: delref @0x560a7385e018(3->2) #1: (delete_state() +1072 programs/pluto/state.c)
1842. Mar 27 18:09:02.174297: | parent state #1: PARENT_R0(half-open IKE SA) => UNDEFINED(ignore)
1843. Mar 27 18:09:02.174307: | #1: releasing whack (but there are none) (delete_state() +1078 programs/pluto/state.c)
1844. Mar 27 18:09:02.174330: | delete_state: delref st->st_dh_shared_secret-key@NULL
1845. Mar 27 18:09:02.174339: | delete_state: delref st->st_skeyid_nss-key@NULL
1846. Mar 27 18:09:02.174347: | delete_state: delref st->st_skey_d_nss-key@NULL
1847. Mar 27 18:09:02.174355: | delete_state: delref st->st_skey_ai_nss-key@NULL
1848. Mar 27 18:09:02.174363: | delete_state: delref st->st_skey_ar_nss-key@NULL
1849. Mar 27 18:09:02.174371: | delete_state: delref st->st_skey_ei_nss-key@NULL
1850. Mar 27 18:09:02.174379: | delete_state: delref st->st_skey_er_nss-key@NULL
1851. Mar 27 18:09:02.174387: | delete_state: delref st->st_skey_pi_nss-key@NULL
1852. Mar 27 18:09:02.174396: | delete_state: delref st->st_skey_pr_nss-key@NULL
1853. Mar 27 18:09:02.174404: | delete_state: delref st->st_enc_key_nss-key@NULL
1854. Mar 27 18:09:02.174412: | delete_state: delref st->st_sk_d_no_ppk-key@NULL
1855. Mar 27 18:09:02.174420: | delete_state: delref st->st_sk_pi_no_ppk-key@NULL
1856. Mar 27 18:09:02.174428: | delete_state: delref st->st_sk_pr_no_ppk-key@NULL
1857. Mar 27 18:09:02.174437: | #1: releasing whack (but there are none) (delete_state() +1171 programs/pluto/state.c)
1858. Mar 27 18:09:02.174447: | logger: delref @0x560a73856be8(1->0) (delete_state() +1171 programs/pluto/state.c)
1859. Mar 27 18:09:02.174459: | "tunnel1"[1] 192.168.1.126 #1: routing: stop TEARDOWN_IKE, UNROUTED, INSTANCE; ok=yes (complete_v2_state_transition() +2823 programs/pluto/ikev2.c)
1860. Mar 27 18:09:02.174472: | "tunnel1"[1] 192.168.1.126: delref @0x560a7385e018(2->1) "tunnel1"[1] 192.168.1.126 #1: (dispatch() +2450 programs/pluto/routing.c)
1861. Mar 27 18:09:02.174481: | "tunnel1"[1] 192.168.1.126 #1: releasing whack (but there are none) (teardown_ike() +1290 programs/pluto/routing.c)
1862. Mar 27 18:09:02.174491: | logger: delref @0x560a73856708(1->0) (teardown_ike() +1290 programs/pluto/routing.c)
1863. Mar 27 18:09:02.174500: | in statetime_stop() and could not find #1
1864. Mar 27 18:09:02.174509: | in statetime_stop() and could not find #1
1865. Mar 27 18:09:02.174525: | "tunnel1"[1] 192.168.1.126: delref @0x560a7385e018(1->0) packet from 192.168.1.126:57597: (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
1866. Mar 27 18:09:02.174539: "tunnel1"[1] 192.168.1.126: deleting connection instance with peer 192.168.1.126
1867. Mar 27 18:09:02.174552: | clone logger: newref @0x560a73856708(0->1) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
1868. Mar 27 18:09:02.174561: | discard_connection() tunnel1 $2 [0x560a7385e018] cloned from $1
1869. Mar 27 18:09:02.174574: | "tunnel1"[1] 192.168.1.126: peekref @0x560a7385e018(0->0) (connection_ok_to_delete() +311 programs/pluto/connections.c)
1870. Mar 27 18:09:02.174583: | FOR_EACH_CONNECTION[clonedfrom=$2].... in (connection_ok_to_delete() +345 programs/pluto/connections.c)
1871. Mar 27 18:09:02.174592: | matches: 0
1872. Mar 27 18:09:02.174600: | FOR_EACH_STATE[connection_serialno=$2]... in (connection_ok_to_delete() +364 programs/pluto/connections.c)
1873. Mar 27 18:09:02.174608: | matches: 0
1874. Mar 27 18:09:02.174628: | delref @0x560a7385a9e8(5->4) (disorient() +49 programs/pluto/orient.c)
1875. Mar 27 18:09:02.174645: | "tunnel1"[1] 192.168.1.126: 192.168.1.10->192.168.1.126 oriented=no
1876. Mar 27 18:09:02.174658: | "tunnel1"[1] 192.168.1.126: releasing whack (but there are none) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
1877. Mar 27 18:09:02.174668: | logger: delref @0x560a738584e8(1->0) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
1878. Mar 27 18:09:02.174680: | "tunnel1": delref @0x560a738554d8(2->1) "tunnel1"[1] 192.168.1.126: (discard_connection() +454 programs/pluto/connections.c)
1879. Mar 27 18:09:02.174689: | "tunnel1"[1] 192.168.1.126: releasing whack (but there are none) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
1880. Mar 27 18:09:02.174699: | logger: delref @0x560a73856708(1->0) (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
1881. Mar 27 18:09:02.174713: | packet from 192.168.1.126:57597: delref @0x560a7385c548(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
1882. Mar 27 18:09:02.174726: | packet from 192.168.1.126:57597: releasing whack (but there are none) (process_iface_packet() +296 programs/pluto/demux.c)
1883. Mar 27 18:09:02.174736: | logger: delref @0x560a73858608(1->0) (process_iface_packet() +296 programs/pluto/demux.c)
1884. Mar 27 18:09:02.174746: | delref @0x560a7385b588(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
1885. Mar 27 18:09:02.174759: | spent 6.3 (6.39) milliseconds in process_iface_packet() reading and processing packet
1886. Mar 27 18:09:02.207061: | spent 0.00404 (0.00404) milliseconds in udp_read_packet() calling check_incoming_msg_errqueue()
1887. Mar 27 18:09:02.207120: | struct msg_digest: newref @0x560a7385c548(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
1888. Mar 27 18:09:02.207136: | struct iface_endpoint: addref @0x560a7385b588(1->2) (udp_read_packet() +249 programs/pluto/iface_udp.c)
1889. Mar 27 18:09:02.207147: | alloc logger: newref @0x560a73856708(0->1) (udp_read_packet() +249 programs/pluto/iface_udp.c)
1890. Mar 27 18:09:02.207164: | *received 460 bytes from 192.168.1.126:57597 on enp0s3 192.168.1.10:500 using UDP
1891. Mar 27 18:09:02.207173: | 8a 39 43 fb 73 2f 1e 90 00 00 00 00 00 00 00 00 .9C.s/..........
1892. Mar 27 18:09:02.207185: | 21 20 22 08 00 00 00 00 00 00 01 cc 22 00 00 f4 ! "........."...
1893. Mar 27 18:09:02.207194: | 02 00 00 88 01 01 00 0f 03 00 00 0c 01 00 00 0c ................
1894. Mar 27 18:09:02.207202: | 80 0e 01 00 03 00 00 0c 01 00 00 0c 80 0e 00 80 ................
1895. Mar 27 18:09:02.207213: | 03 00 00 08 03 00 00 0e 03 00 00 08 03 00 00 0d ................
1896. Mar 27 18:09:02.207221: | 03 00 00 08 03 00 00 0c 03 00 00 08 03 00 00 02 ................
1897. Mar 27 18:09:02.207230: | 03 00 00 08 02 00 00 07 03 00 00 08 02 00 00 06 ................
1898. Mar 27 18:09:02.207238: | 03 00 00 08 02 00 00 05 03 00 00 08 02 00 00 02 ................
1899. Mar 27 18:09:02.207287: | 03 00 00 08 04 00 00 13 03 00 00 08 04 00 00 18 ................
1900. Mar 27 18:09:02.207300: | 03 00 00 08 04 00 00 14 03 00 00 08 04 00 00 0e ................
1901. Mar 27 18:09:02.207308: | 00 00 00 08 04 00 00 05 00 00 00 68 02 01 00 0b ...........h....
1902. Mar 27 18:09:02.207317: | 03 00 00 0c 01 00 00 14 80 0e 01 00 03 00 00 0c ................
1903. Mar 27 18:09:02.207325: | 01 00 00 14 80 0e 00 80 03 00 00 08 02 00 00 07 ................
1904. Mar 27 18:09:02.207333: | 03 00 00 08 02 00 00 06 03 00 00 08 02 00 00 05 ................
1905. Mar 27 18:09:02.207342: | 03 00 00 08 02 00 00 02 03 00 00 08 04 00 00 13 ................
1906. Mar 27 18:09:02.207350: | 03 00 00 08 04 00 00 18 03 00 00 08 04 00 00 14 ................
1907. Mar 27 18:09:02.207359: | 03 00 00 08 04 00 00 0e 00 00 00 08 04 00 00 05 ................
1908. Mar 27 18:09:02.207367: | 28 00 00 48 00 13 00 00 f4 d8 f3 51 5c 7e cb a5 (..H.......Q\~..
1909. Mar 27 18:09:02.207376: | a9 ef 8d 9f bd db 4c 48 34 e0 bb d3 48 86 44 9a ......LH4...H.D.
1910. Mar 27 18:09:02.207384: | 90 84 91 df 78 f9 70 9f d6 62 8c 7d 6e 8a 05 83 ....x.p..b.}n...
1911. Mar 27 18:09:02.207407: | 8d 5b 32 94 b1 bf c9 1f c9 34 13 5a f6 b7 3d 81 .[2......4.Z..=.
1912. Mar 27 18:09:02.207416: | cc ca 3b 2e b9 fe a4 73 29 00 00 24 55 c3 b1 28 ..;....s)..$U..(
1913. Mar 27 18:09:02.207425: | 57 37 f7 b2 b9 31 f1 80 ca ac ee 89 9a e1 2d 3e W7...1........->
1914. Mar 27 18:09:02.207433: | ac 22 6f 0d 99 ea 31 29 44 26 6a 7e 29 00 00 1c ."o...1)D&j~)...
1915. Mar 27 18:09:02.207442: | 00 00 40 04 09 9d 72 d6 50 46 f2 db 45 b7 8c 7a ..@...r.PF..E..z
1916. Mar 27 18:09:02.207450: | 12 67 41 ee 64 68 37 5f 29 00 00 1c 00 00 40 05 .gA.dh7_).....@.
1917. Mar 27 18:09:02.207459: | 8c b9 ab 3d 10 ef c9 fa 39 45 f4 a2 aa 4d c3 c8 ...=....9E...M..
1918. Mar 27 18:09:02.207467: | 89 bb 8c 96 29 00 00 10 00 00 40 2f 00 02 00 03 ....).....@/....
1919. Mar 27 18:09:02.207476: | 00 04 00 05 00 00 00 08 00 00 40 16 ..........@.
1920. Mar 27 18:09:02.207487: | **parse ISAKMP Message:
1921. Mar 27 18:09:02.207501: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
1922. Mar 27 18:09:02.207514: | responder SPI: 00 00 00 00 00 00 00 00
1923. Mar 27 18:09:02.207523: | next payload type: ISAKMP_NEXT_v2SA (0x21)
1924. Mar 27 18:09:02.207531: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
1925. Mar 27 18:09:02.207540: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
1926. Mar 27 18:09:02.207549: | flags: ISAKMP_FLAG_v2_IKE_INIT (0x8)
1927. Mar 27 18:09:02.207560: | Message ID: 0 (00 00 00 00)
1928. Mar 27 18:09:02.207572: | length: 460 (00 00 01 cc)
1929. Mar 27 18:09:02.207581: | processing version=2.0 packet with exchange type=ISAKMP_v2_IKE_SA_INIT (34)
1930. Mar 27 18:09:02.207590: | I am the IKE SA Original Responder receiving an IKEv2 IKE_SA_INIT request
1931. Mar 27 18:09:02.207600: | State DB: IKEv2 state not found (find_v2_ike_sa_by_initiator_spi)
1932. Mar 27 18:09:02.207609: | Now let's proceed with payload (ISAKMP_NEXT_v2SA)
1933. Mar 27 18:09:02.207618: | ***parse IKEv2 Security Association Payload:
1934. Mar 27 18:09:02.207627: | next payload type: ISAKMP_NEXT_v2KE (0x22)
1935. Mar 27 18:09:02.207635: | flags: none (0x0)
1936. Mar 27 18:09:02.207645: | length: 244 (00 f4)
1937. Mar 27 18:09:02.207654: | processing payload: ISAKMP_NEXT_v2SA (len=240)
1938. Mar 27 18:09:02.207662: | Now let's proceed with payload (ISAKMP_NEXT_v2KE)
1939. Mar 27 18:09:02.207670: | ***parse IKEv2 Key Exchange Payload:
1940. Mar 27 18:09:02.207679: | next payload type: ISAKMP_NEXT_v2Ni (0x28)
1941. Mar 27 18:09:02.207687: | flags: none (0x0)
1942. Mar 27 18:09:02.207697: | length: 72 (00 48)
1943. Mar 27 18:09:02.207706: | DH group: OAKLEY_GROUP_ECP_256 (0x13)
1944. Mar 27 18:09:02.207714: | processing payload: ISAKMP_NEXT_v2KE (len=64)
1945. Mar 27 18:09:02.207722: | Now let's proceed with payload (ISAKMP_NEXT_v2Ni)
1946. Mar 27 18:09:02.207730: | ***parse IKEv2 Nonce Payload:
1947. Mar 27 18:09:02.207739: | next payload type: ISAKMP_NEXT_v2N (0x29)
1948. Mar 27 18:09:02.207747: | flags: none (0x0)
1949. Mar 27 18:09:02.207757: | length: 36 (00 24)
1950. Mar 27 18:09:02.207765: | processing payload: ISAKMP_NEXT_v2Ni (len=32)
1951. Mar 27 18:09:02.207773: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1952. Mar 27 18:09:02.207782: | ***parse IKEv2 Notify Payload:
1953. Mar 27 18:09:02.207790: | next payload type: ISAKMP_NEXT_v2N (0x29)
1954. Mar 27 18:09:02.207799: | flags: none (0x0)
1955. Mar 27 18:09:02.207808: | length: 28 (00 1c)
1956. Mar 27 18:09:02.207817: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1957. Mar 27 18:09:02.207826: | SPI size: 0 (00)
1958. Mar 27 18:09:02.207835: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
1959. Mar 27 18:09:02.207843: | processing payload: ISAKMP_NEXT_v2N (len=20)
1960. Mar 27 18:09:02.207852: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1961. Mar 27 18:09:02.207860: | ***parse IKEv2 Notify Payload:
1962. Mar 27 18:09:02.207868: | next payload type: ISAKMP_NEXT_v2N (0x29)
1963. Mar 27 18:09:02.207877: | flags: none (0x0)
1964. Mar 27 18:09:02.207887: | length: 28 (00 1c)
1965. Mar 27 18:09:02.207895: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1966. Mar 27 18:09:02.207904: | SPI size: 0 (00)
1967. Mar 27 18:09:02.207913: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
1968. Mar 27 18:09:02.207921: | processing payload: ISAKMP_NEXT_v2N (len=20)
1969. Mar 27 18:09:02.207937: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1970. Mar 27 18:09:02.207946: | ***parse IKEv2 Notify Payload:
1971. Mar 27 18:09:02.207954: | next payload type: ISAKMP_NEXT_v2N (0x29)
1972. Mar 27 18:09:02.207963: | flags: none (0x0)
1973. Mar 27 18:09:02.207973: | length: 16 (00 10)
1974. Mar 27 18:09:02.207981: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1975. Mar 27 18:09:02.207990: | SPI size: 0 (00)
1976. Mar 27 18:09:02.207999: | Notify Message Type: v2N_SIGNATURE_HASH_ALGORITHMS (0x402f)
1977. Mar 27 18:09:02.208007: | processing payload: ISAKMP_NEXT_v2N (len=8)
1978. Mar 27 18:09:02.208015: | Now let's proceed with payload (ISAKMP_NEXT_v2N)
1979. Mar 27 18:09:02.208023: | ***parse IKEv2 Notify Payload:
1980. Mar 27 18:09:02.208032: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
1981. Mar 27 18:09:02.208040: | flags: none (0x0)
1982. Mar 27 18:09:02.208050: | length: 8 (00 08)
1983. Mar 27 18:09:02.208059: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
1984. Mar 27 18:09:02.208068: | SPI size: 0 (00)
1985. Mar 27 18:09:02.208076: | Notify Message Type: v2N_REDIRECT_SUPPORTED (0x4016)
1986. Mar 27 18:09:02.208209: | processing payload: ISAKMP_NEXT_v2N (len=0)
1987. Mar 27 18:09:02.208223: | DDOS disabled and no cookie sent, continuing
1988. Mar 27 18:09:02.208267: | looking for transition from PARENT_R0 matching IKE_SA_INIT request: SA,KE,Ni,N(NAT_DETECTION_SOURCE_IP),N(NAT_DETECTION_DESTINATION_IP),N(SIGNATURE_HASH_ALGORITHMS),N(REDIRECT_SUPPORTED)
1989. Mar 27 18:09:02.208277: | trying: Respond to IKE_SA_INIT
1990. Mar 27 18:09:02.208285: | unsecured message matched
1991. Mar 27 18:09:02.208300: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=ECDSA
1992. Mar 27 18:09:02.208315: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
1993. Mar 27 18:09:02.208324: | matches: 0
1994. Mar 27 18:09:02.208335: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
1995. Mar 27 18:09:02.208344: | found "tunnel1"
1996. Mar 27 18:09:02.208354: | skipping "tunnel1", PSK missing required authby ECDSA
1997. Mar 27 18:09:02.208362: | matches: 1
1998. Mar 27 18:09:02.208374: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy ECDSA, sending reject response
1999. Mar 27 18:09:02.208388: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG
2000. Mar 27 18:09:02.208402: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
2001. Mar 27 18:09:02.208410: | matches: 0
2002. Mar 27 18:09:02.208422: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
2003. Mar 27 18:09:02.208430: | found "tunnel1"
2004. Mar 27 18:09:02.208439: | skipping "tunnel1", PSK missing required authby RSASIG
2005. Mar 27 18:09:02.208447: | matches: 1
2006. Mar 27 18:09:02.208458: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG, sending reject response
2007. Mar 27 18:09:02.208472: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=RSASIG_v1_5
2008. Mar 27 18:09:02.208486: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
2009. Mar 27 18:09:02.208494: | matches: 0
2010. Mar 27 18:09:02.208505: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
2011. Mar 27 18:09:02.208514: | found "tunnel1"
2012. Mar 27 18:09:02.208523: | skipping "tunnel1", PSK missing required authby RSASIG_v1_5
2013. Mar 27 18:09:02.208531: | matches: 1
2014. Mar 27 18:09:02.208542: | ISAKMP_v2_IKE_SA_INIT message received on 192.168.1.10:500 but no connection has been authorized with policy RSASIG_v1_5, sending reject response
2015. Mar 27 18:09:02.208556: | ikev2_find_host_connection() 192.168.1.126->192.168.1.10 remote_authby=PSK
2016. Mar 27 18:09:02.208579: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=192.168.1.126].... in (ikev2_find_host_connection() +139 programs/pluto/ikev2_host_pair.c)
2017. Mar 27 18:09:02.208588: | matches: 0
2018. Mar 27 18:09:02.208599: | FOR_EACH_CONNECTION[local=192.168.1.10,remote=<unset-address>].... in (ikev2_find_host_connection() +214 programs/pluto/ikev2_host_pair.c)
2019. Mar 27 18:09:02.208607: | found "tunnel1"
2020. Mar 27 18:09:02.208616: | instant winner with non-opportunistic template "tunnel1"
2021. Mar 27 18:09:02.208627: | instantiate roadwarrior winner "tunnel1"
2022. Mar 27 18:09:02.208642: | "tunnel1": rw_responder_instantiate: remote=192.168.1.126 id=<null-id> kind=TEMPLATE sec_label= (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
2023. Mar 27 18:09:02.208653: | connection $1: "tunnel1"
2024. Mar 27 18:09:02.208662: | routing+kind: UNROUTED TEMPLATE
2025. Mar 27 18:09:02.208674: | host: 192.168.1.10->0.0.0.0
2026. Mar 27 18:09:02.208688: | selectors: 192.168.10.0/24 -> <unset-selector>
2027. Mar 27 18:09:02.208696: | spds: <unset-selectors>
2028. Mar 27 18:09:02.208707: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
2029. Mar 27 18:09:02.208721: | struct connection: newref @0x560a7385df58(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
2030. Mar 27 18:09:02.208733: | alloc logger: newref @0x560a738584e8(0->1) (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
2031. Mar 27 18:09:02.208742: | "tunnel1"[2]: no whack to attach
2032. Mar 27 18:09:02.208753: | "tunnel1": template .instance_serial_next updated to 3; instance 2
2033. Mar 27 18:09:02.208766: | "tunnel1": addref @0x560a738554d8(1->2) "tunnel1"[2] <unset-address>: (alloc_connection() +2100 programs/pluto/connections.c)
2034. Mar 27 18:09:02.208776: | struct iface: addref @0x560a7385a9e8(4->5) (duplicate_connection() +78 programs/pluto/instantiate.c)
2035. Mar 27 18:09:02.208788: | left.child.has_client: no -> yes (duplicate_connection() +87 programs/pluto/instantiate.c)
2036. Mar 27 18:09:02.208798: | right.child.has_client: no -> no (duplicate_connection() +87 programs/pluto/instantiate.c)
2037. Mar 27 18:09:02.208810: | updating host ends from right.host.addr 192.168.1.126
2038. Mar 27 18:09:02.208821: | updated right.host_port from 0 to 500
2039. Mar 27 18:09:02.208834: | updated left.host_nexthop from 0.0.0.0 to 192.168.1.126
2040. Mar 27 18:09:02.208846: | "tunnel1"[2] 192.168.1.126: tunnel1 .child.reqid=16396 because t.config.sa_requid=0 (generate)
2041. Mar 27 18:09:02.208866: | "tunnel1"[2] 192.168.1.126: 192.168.1.10->192.168.1.126 oriented=yes
2042. Mar 27 18:09:02.208875: | update_selectors() left selectors from 1 child.selectors
2043. Mar 27 18:09:02.208886: | update_selectors() right.child selector formed from host address+protoport
2044. Mar 27 18:09:02.208899: | append_end_selector() right.child.selectors.proposed[0] 192.168.1.126/32 (update_selectors() +397 programs/pluto/instantiate.c)
2045. Mar 27 18:09:02.208908: | adding connection spds using proposed
2046. Mar 27 18:09:02.208918: | left=1 right=1
2047. Mar 27 18:09:02.208927: | left[IPv4]=1 right[IPv4]=1
2048. Mar 27 18:09:02.208936: | left[IPv6]=0 right[IPv6]=0
2049. Mar 27 18:09:02.208946: | allocating 1 SPDs
2050. Mar 27 18:09:02.208961: | 192.168.10.0/24===192.168.1.126/32
2051. Mar 27 18:09:02.208973: | left child spd from selector 192.168.10.0/24 left.spd.has_client=yes virt=no
2052. Mar 27 18:09:02.208987: | right child spd from selector 192.168.1.126/32 right.spd.has_client=no virt=no
2053. Mar 27 18:09:02.209000: | "tunnel1"[2] 192.168.1.126: rw_responder_instantiate: from "tunnel1" (ikev2_find_host_connection() +319 programs/pluto/ikev2_host_pair.c)
2054. Mar 27 18:09:02.209014: | connection $3 clonedfrom $1: "tunnel1"[2] 192.168.1.126
2055. Mar 27 18:09:02.209023: | routing+kind: UNROUTED INSTANCE
2056. Mar 27 18:09:02.209035: | host: 192.168.1.10->192.168.1.126
2057. Mar 27 18:09:02.209051: | selectors: 192.168.10.0/24 -> 192.168.1.126/32
2058. Mar 27 18:09:02.209082: | spds: 192.168.10.0/24===192.168.1.126/32
2059. Mar 27 18:09:02.209093: | policy: IKEv2+PSK+ENCRYPT+TUNNEL+PFS+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
2060. Mar 27 18:09:02.209104: | found connection: "tunnel1"[2] 192.168.1.126 with remote authby PSK
2061. Mar 27 18:09:02.209125: | struct iface_endpoint: addref @0x560a7385b588(2->3) (get_responder_endpoints() +610 programs/pluto/state.c)
2062. Mar 27 18:09:02.209165: | alloc logger: newref @0x560a73856be8(0->1) (new_v2_ike_sa() +666 programs/pluto/state.c)
2063. Mar 27 18:09:02.209175: | #0: no whack to attach
2064. Mar 27 18:09:02.209188: | "tunnel1"[2] 192.168.1.126: addref @0x560a7385df58(1->2) #2: (new_state() +491 programs/pluto/state.c)
2065. Mar 27 18:09:02.209198: | creating state object #2 at 0x560a7385e508
2066. Mar 27 18:09:02.209217: | pstats #2 ikev2.ike started
2067. Mar 27 18:09:02.209227: | parent state #2: UNDEFINED(ignore) => PARENT_R0(half-open IKE SA)
2068. Mar 27 18:09:02.209239: | #2.st_v2_transition NULL -> PARENT_R0->PARENT_R1 (new_v2_ike_sa() +669 programs/pluto/state.c)
2069. Mar 27 18:09:02.209265: | Message ID: IKE #2 initializing (initiator: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.325071 .last_recv=0->33396.325071 responder: .sent=0->-1 .recv=0->-1 .wip=0->-1 .last_sent=0->33396.325071 .last_recv=0->33396.325071)
2070. Mar 27 18:09:02.209277: | event_schedule_where: newref EVENT_v2_DISCARD-pe@0x560a7385a358 timeout in 200 seconds for #2
2071. Mar 27 18:09:02.209288: | tt: newref @0x560a7385a518(0->1) (schedule_timeout() +557 programs/pluto/server.c)
2072. Mar 27 18:09:02.209303: | #2 spent 2.23 (2.26) milliseconds
2073. Mar 27 18:09:02.209314: | #2.st_v2_transition PARENT_R0->PARENT_R1 -> PARENT_R0->PARENT_R1 (v2_dispatch() +2308 programs/pluto/ikev2.c)
2074. Mar 27 18:09:02.209335: | Message ID: IKE #2 responder starting message request 0 (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.325071 .last_recv=33396.325071 responder: .sent=-1 .recv=-1 .recv_frags=0 .wip=0 .last_sent=33396.325071 .last_recv=33396.325071)
2075. Mar 27 18:09:02.209344: | calling processor Respond to IKE_SA_INIT
2076. Mar 27 18:09:02.209355: | #2 spent 2.28 (2.31) milliseconds
2077. Mar 27 18:09:02.210098: | #2 updating local interface from 192.168.1.10:500 to 192.168.1.10:500 using md->iface (update_ike_endpoints() +1714 programs/pluto/state.c)
2078. Mar 27 18:09:02.210120: | delref @0x560a7385b588(3->2) (update_ike_endpoints() +1719 programs/pluto/state.c)
2079. Mar 27 18:09:02.210133: | struct iface_endpoint: addref @0x560a7385b588(2->3) (update_ike_endpoints() +1720 programs/pluto/state.c)
2080. Mar 27 18:09:02.210153: | comparing remote proposals against IKE responder 5 local proposals
2081. Mar 27 18:09:02.210171: | local proposal 1 type ENCR has 1 transforms
2082. Mar 27 18:09:02.210180: | local proposal 1 type PRF has 2 transforms
2083. Mar 27 18:09:02.210189: | local proposal 1 type INTEG has 1 transforms
2084. Mar 27 18:09:02.210198: | local proposal 1 type DH has 8 transforms
2085. Mar 27 18:09:02.210206: | local proposal 1 type ESN has 0 transforms
2086. Mar 27 18:09:02.210216: | local proposal 1 transforms: required: ENCR+PRF+DH; optional: INTEG
2087. Mar 27 18:09:02.210225: | local proposal 2 type ENCR has 1 transforms
2088. Mar 27 18:09:02.210233: | local proposal 2 type PRF has 2 transforms
2089. Mar 27 18:09:02.210242: | local proposal 2 type INTEG has 1 transforms
2090. Mar 27 18:09:02.210251: | local proposal 2 type DH has 8 transforms
2091. Mar 27 18:09:02.210259: | local proposal 2 type ESN has 0 transforms
2092. Mar 27 18:09:02.210268: | local proposal 2 transforms: required: ENCR+PRF+DH; optional: INTEG
2093. Mar 27 18:09:02.210277: | local proposal 3 type ENCR has 1 transforms
2094. Mar 27 18:09:02.210286: | local proposal 3 type PRF has 2 transforms
2095. Mar 27 18:09:02.210294: | local proposal 3 type INTEG has 1 transforms
2096. Mar 27 18:09:02.210303: | local proposal 3 type DH has 8 transforms
2097. Mar 27 18:09:02.210311: | local proposal 3 type ESN has 0 transforms
2098. Mar 27 18:09:02.210321: | local proposal 3 transforms: required: ENCR+PRF+DH; optional: INTEG
2099. Mar 27 18:09:02.210329: | local proposal 4 type ENCR has 1 transforms
2100. Mar 27 18:09:02.210338: | local proposal 4 type PRF has 2 transforms
2101. Mar 27 18:09:02.210346: | local proposal 4 type INTEG has 2 transforms
2102. Mar 27 18:09:02.210355: | local proposal 4 type DH has 8 transforms
2103. Mar 27 18:09:02.210363: | local proposal 4 type ESN has 0 transforms
2104. Mar 27 18:09:02.210373: | local proposal 4 transforms: required: ENCR+PRF+INTEG+DH; optional: none
2105. Mar 27 18:09:02.210392: | local proposal 5 type ENCR has 1 transforms
2106. Mar 27 18:09:02.210401: | local proposal 5 type PRF has 2 transforms
2107. Mar 27 18:09:02.210410: | local proposal 5 type INTEG has 2 transforms
2108. Mar 27 18:09:02.210418: | local proposal 5 type DH has 8 transforms
2109. Mar 27 18:09:02.210427: | local proposal 5 type ESN has 0 transforms
2110. Mar 27 18:09:02.210436: | local proposal 5 transforms: required: ENCR+PRF+INTEG+DH; optional: none
2111. Mar 27 18:09:02.210446: | ****parse IKEv2 Proposal Substructure Payload:
2112. Mar 27 18:09:02.210455: | last proposal: v2_PROPOSAL_NON_LAST (0x2)
2113. Mar 27 18:09:02.210465: | length: 136 (00 88)
2114. Mar 27 18:09:02.210475: | prop #: 1 (01)
2115. Mar 27 18:09:02.210483: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
2116. Mar 27 18:09:02.210492: | spi size: 0 (00)
2117. Mar 27 18:09:02.210501: | # transforms: 15 (0f)
2118. Mar 27 18:09:02.210512: | Comparing remote proposal 1 containing 15 transforms against local proposal [1..5] of 5 local proposals
2119. Mar 27 18:09:02.210521: | *****parse IKEv2 Transform Substructure Payload:
2120. Mar 27 18:09:02.210529: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2121. Mar 27 18:09:02.210539: | length: 12 (00 0c)
2122. Mar 27 18:09:02.210547: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
2123. Mar 27 18:09:02.210556: | IKEv2 transform ID: AES_CBC (0xc)
2124. Mar 27 18:09:02.210565: | ******parse IKEv2 Attribute Substructure Payload:
2125. Mar 27 18:09:02.210573: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
2126. Mar 27 18:09:02.210583: | length/value: 256 (01 00)
2127. Mar 27 18:09:02.210595: | remote proposal 1 transform 0 (ENCR=AES_CBC_256) matches local proposal 4 type 1 (ENCR) transform 0
2128. Mar 27 18:09:02.210604: | *****parse IKEv2 Transform Substructure Payload:
2129. Mar 27 18:09:02.210612: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2130. Mar 27 18:09:02.210622: | length: 12 (00 0c)
2131. Mar 27 18:09:02.210631: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
2132. Mar 27 18:09:02.210639: | IKEv2 transform ID: AES_CBC (0xc)
2133. Mar 27 18:09:02.210647: | ******parse IKEv2 Attribute Substructure Payload:
2134. Mar 27 18:09:02.210656: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
2135. Mar 27 18:09:02.210666: | length/value: 128 (00 80)
2136. Mar 27 18:09:02.210677: | remote proposal 1 transform 1 (ENCR=AES_CBC_128) matches local proposal 5 type 1 (ENCR) transform 0
2137. Mar 27 18:09:02.210686: | *****parse IKEv2 Transform Substructure Payload:
2138. Mar 27 18:09:02.210694: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2139. Mar 27 18:09:02.210704: | length: 8 (00 08)
2140. Mar 27 18:09:02.210712: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
2141. Mar 27 18:09:02.210721: | IKEv2 transform ID: AUTH_HMAC_SHA2_512_256 (0xe)
2142. Mar 27 18:09:02.210732: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 4 type 3 (INTEG) transform 0
2143. Mar 27 18:09:02.210742: | remote proposal 1 transform 2 (INTEG=HMAC_SHA2_512_256) matches local proposal 5 type 3 (INTEG) transform 0
2144. Mar 27 18:09:02.210750: | *****parse IKEv2 Transform Substructure Payload:
2145. Mar 27 18:09:02.210759: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2146. Mar 27 18:09:02.210769: | length: 8 (00 08)
2147. Mar 27 18:09:02.210777: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
2148. Mar 27 18:09:02.210785: | IKEv2 transform ID: AUTH_HMAC_SHA2_384_192 (0xd)
2149. Mar 27 18:09:02.210795: | *****parse IKEv2 Transform Substructure Payload:
2150. Mar 27 18:09:02.210803: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2151. Mar 27 18:09:02.210813: | length: 8 (00 08)
2152. Mar 27 18:09:02.210821: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
2153. Mar 27 18:09:02.210829: | IKEv2 transform ID: AUTH_HMAC_SHA2_256_128 (0xc)
2154. Mar 27 18:09:02.210839: | *****parse IKEv2 Transform Substructure Payload:
2155. Mar 27 18:09:02.210847: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2156. Mar 27 18:09:02.210857: | length: 8 (00 08)
2157. Mar 27 18:09:02.210865: | IKEv2 transform type: IKEv2_TRANS_TYPE_INTEG (0x3)
2158. Mar 27 18:09:02.210873: | IKEv2 transform ID: AUTH_HMAC_SHA1_96 (0x2)
2159. Mar 27 18:09:02.210883: | *****parse IKEv2 Transform Substructure Payload:
2160. Mar 27 18:09:02.210905: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2161. Mar 27 18:09:02.210915: | length: 8 (00 08)
2162. Mar 27 18:09:02.210924: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2163. Mar 27 18:09:02.210932: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
2164. Mar 27 18:09:02.210943: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
2165. Mar 27 18:09:02.210953: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
2166. Mar 27 18:09:02.210963: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
2167. Mar 27 18:09:02.210973: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 4 type 2 (PRF) transform 0
2168. Mar 27 18:09:02.210983: | remote proposal 1 transform 6 (PRF=HMAC_SHA2_512) matches local proposal 5 type 2 (PRF) transform 0
2169. Mar 27 18:09:02.210992: | *****parse IKEv2 Transform Substructure Payload:
2170. Mar 27 18:09:02.211000: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2171. Mar 27 18:09:02.211520: | length: 8 (00 08)
2172. Mar 27 18:09:02.211536: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2173. Mar 27 18:09:02.211544: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
2174. Mar 27 18:09:02.211554: | *****parse IKEv2 Transform Substructure Payload:
2175. Mar 27 18:09:02.211563: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2176. Mar 27 18:09:02.211573: | length: 8 (00 08)
2177. Mar 27 18:09:02.211581: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2178. Mar 27 18:09:02.211589: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
2179. Mar 27 18:09:02.211598: | *****parse IKEv2 Transform Substructure Payload:
2180. Mar 27 18:09:02.211607: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2181. Mar 27 18:09:02.211617: | length: 8 (00 08)
2182. Mar 27 18:09:02.211625: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2183. Mar 27 18:09:02.211633: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
2184. Mar 27 18:09:02.211642: | *****parse IKEv2 Transform Substructure Payload:
2185. Mar 27 18:09:02.211651: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2186. Mar 27 18:09:02.211661: | length: 8 (00 08)
2187. Mar 27 18:09:02.211669: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2188. Mar 27 18:09:02.211678: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
2189. Mar 27 18:09:02.211688: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
2190. Mar 27 18:09:02.211698: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
2191. Mar 27 18:09:02.211709: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
2192. Mar 27 18:09:02.211719: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 4 type 4 (DH) transform 0
2193. Mar 27 18:09:02.211729: | remote proposal 1 transform 10 (DH=ECP_256) matches local proposal 5 type 4 (DH) transform 0
2194. Mar 27 18:09:02.211737: | *****parse IKEv2 Transform Substructure Payload:
2195. Mar 27 18:09:02.211746: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2196. Mar 27 18:09:02.211755: | length: 8 (00 08)
2197. Mar 27 18:09:02.211764: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2198. Mar 27 18:09:02.211772: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
2199. Mar 27 18:09:02.211781: | *****parse IKEv2 Transform Substructure Payload:
2200. Mar 27 18:09:02.211790: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2201. Mar 27 18:09:02.211800: | length: 8 (00 08)
2202. Mar 27 18:09:02.211808: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2203. Mar 27 18:09:02.211816: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
2204. Mar 27 18:09:02.211825: | *****parse IKEv2 Transform Substructure Payload:
2205. Mar 27 18:09:02.211834: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2206. Mar 27 18:09:02.211844: | length: 8 (00 08)
2207. Mar 27 18:09:02.211852: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2208. Mar 27 18:09:02.211860: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
2209. Mar 27 18:09:02.211869: | *****parse IKEv2 Transform Substructure Payload:
2210. Mar 27 18:09:02.211878: | last transform: v2_TRANSFORM_LAST (0x0)
2211. Mar 27 18:09:02.211898: | length: 8 (00 08)
2212. Mar 27 18:09:02.211907: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2213. Mar 27 18:09:02.211916: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
2214. Mar 27 18:09:02.211928: | remote proposal 1 proposed transforms: ENCR+PRF+INTEG+DH; matched: ENCR+PRF+INTEG+DH; unmatched: none
2215. Mar 27 18:09:02.211940: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
2216. Mar 27 18:09:02.211950: | remote proposal 1 does not match local proposal 1; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
2217. Mar 27 18:09:02.211963: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 2; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
2218. Mar 27 18:09:02.211972: | remote proposal 1 does not match local proposal 2; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
2219. Mar 27 18:09:02.211999: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 3; required: ENCR+PRF+DH; optional: INTEG; matched: PRF+DH
2220. Mar 27 18:09:02.212035: | remote proposal 1 does not match local proposal 3; unmatched transforms: ENCR+INTEG; missing transforms: ENCR
2221. Mar 27 18:09:02.212049: | comparing remote proposal 1 containing ENCR+PRF+INTEG+DH transforms to local proposal 4; required: ENCR+PRF+INTEG+DH; optional: none; matched: ENCR+PRF+INTEG+DH
2222. Mar 27 18:09:02.212058: | remote proposal 1 matches local proposal 4
2223. Mar 27 18:09:02.212067: | ****parse IKEv2 Proposal Substructure Payload:
2224. Mar 27 18:09:02.212076: | last proposal: v2_PROPOSAL_LAST (0x0)
2225. Mar 27 18:09:02.212086: | length: 104 (00 68)
2226. Mar 27 18:09:02.212095: | prop #: 2 (02)
2227. Mar 27 18:09:02.212103: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
2228. Mar 27 18:09:02.212113: | spi size: 0 (00)
2229. Mar 27 18:09:02.212122: | # transforms: 11 (0b)
2230. Mar 27 18:09:02.212132: | Comparing remote proposal 2 containing 11 transforms against local proposal [1..3] of 5 local proposals
2231. Mar 27 18:09:02.212140: | *****parse IKEv2 Transform Substructure Payload:
2232. Mar 27 18:09:02.212149: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2233. Mar 27 18:09:02.212159: | length: 12 (00 0c)
2234. Mar 27 18:09:02.212167: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
2235. Mar 27 18:09:02.212176: | IKEv2 transform ID: AES_GCM_C (0x14)
2236. Mar 27 18:09:02.212184: | ******parse IKEv2 Attribute Substructure Payload:
2237. Mar 27 18:09:02.212192: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
2238. Mar 27 18:09:02.212202: | length/value: 256 (01 00)
2239. Mar 27 18:09:02.212214: | remote proposal 2 transform 0 (ENCR=AES_GCM_C_256) matches local proposal 1 type 1 (ENCR) transform 0
2240. Mar 27 18:09:02.212223: | *****parse IKEv2 Transform Substructure Payload:
2241. Mar 27 18:09:02.212231: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2242. Mar 27 18:09:02.212241: | length: 12 (00 0c)
2243. Mar 27 18:09:02.212249: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
2244. Mar 27 18:09:02.212258: | IKEv2 transform ID: AES_GCM_C (0x14)
2245. Mar 27 18:09:02.212266: | ******parse IKEv2 Attribute Substructure Payload:
2246. Mar 27 18:09:02.212274: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
2247. Mar 27 18:09:02.212284: | length/value: 128 (00 80)
2248. Mar 27 18:09:02.212296: | remote proposal 2 transform 1 (ENCR=AES_GCM_C_128) matches local proposal 2 type 1 (ENCR) transform 0
2249. Mar 27 18:09:02.212304: | *****parse IKEv2 Transform Substructure Payload:
2250. Mar 27 18:09:02.212313: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2251. Mar 27 18:09:02.212323: | length: 8 (00 08)
2252. Mar 27 18:09:02.212331: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2253. Mar 27 18:09:02.212339: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
2254. Mar 27 18:09:02.212350: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 1 type 2 (PRF) transform 0
2255. Mar 27 18:09:02.212360: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 2 type 2 (PRF) transform 0
2256. Mar 27 18:09:02.212370: | remote proposal 2 transform 2 (PRF=HMAC_SHA2_512) matches local proposal 3 type 2 (PRF) transform 0
2257. Mar 27 18:09:02.212388: | *****parse IKEv2 Transform Substructure Payload:
2258. Mar 27 18:09:02.212397: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2259. Mar 27 18:09:02.212406: | length: 8 (00 08)
2260. Mar 27 18:09:02.212415: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2261. Mar 27 18:09:02.212423: | IKEv2 transform ID: PRF_HMAC_SHA2_384 (0x6)
2262. Mar 27 18:09:02.212432: | *****parse IKEv2 Transform Substructure Payload:
2263. Mar 27 18:09:02.212441: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2264. Mar 27 18:09:02.212451: | length: 8 (00 08)
2265. Mar 27 18:09:02.212459: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2266. Mar 27 18:09:02.212467: | IKEv2 transform ID: PRF_HMAC_SHA2_256 (0x5)
2267. Mar 27 18:09:02.212476: | *****parse IKEv2 Transform Substructure Payload:
2268. Mar 27 18:09:02.212485: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2269. Mar 27 18:09:02.212495: | length: 8 (00 08)
2270. Mar 27 18:09:02.212503: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2271. Mar 27 18:09:02.212511: | IKEv2 transform ID: PRF_HMAC_SHA1 (0x2)
2272. Mar 27 18:09:02.212520: | *****parse IKEv2 Transform Substructure Payload:
2273. Mar 27 18:09:02.212529: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2274. Mar 27 18:09:02.212539: | length: 8 (00 08)
2275. Mar 27 18:09:02.212547: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2276. Mar 27 18:09:02.212555: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
2277. Mar 27 18:09:02.212566: | remote proposal 2 transform 6 (DH=ECP_256) matches local proposal 1 type 4 (DH) transform 0
2278. Mar 27 18:09:02.212576: | remote proposal 2 transform 6 (DH=ECP_256) matches local proposal 2 type 4 (DH) transform 0
2279. Mar 27 18:09:02.212586: | remote proposal 2 transform 6 (DH=ECP_256) matches local proposal 3 type 4 (DH) transform 0
2280. Mar 27 18:09:02.212595: | *****parse IKEv2 Transform Substructure Payload:
2281. Mar 27 18:09:02.212603: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2282. Mar 27 18:09:02.212613: | length: 8 (00 08)
2283. Mar 27 18:09:02.212621: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2284. Mar 27 18:09:02.212630: | IKEv2 transform ID: OAKLEY_GROUP_DH24 (0x18)
2285. Mar 27 18:09:02.212639: | *****parse IKEv2 Transform Substructure Payload:
2286. Mar 27 18:09:02.212647: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2287. Mar 27 18:09:02.212657: | length: 8 (00 08)
2288. Mar 27 18:09:02.212665: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2289. Mar 27 18:09:02.212674: | IKEv2 transform ID: OAKLEY_GROUP_ECP_384 (0x14)
2290. Mar 27 18:09:02.212683: | *****parse IKEv2 Transform Substructure Payload:
2291. Mar 27 18:09:02.212691: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2292. Mar 27 18:09:02.212701: | length: 8 (00 08)
2293. Mar 27 18:09:02.212709: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2294. Mar 27 18:09:02.212718: | IKEv2 transform ID: OAKLEY_GROUP_MODP2048 (0xe)
2295. Mar 27 18:09:02.212727: | *****parse IKEv2 Transform Substructure Payload:
2296. Mar 27 18:09:02.212735: | last transform: v2_TRANSFORM_LAST (0x0)
2297. Mar 27 18:09:02.212745: | length: 8 (00 08)
2298. Mar 27 18:09:02.212753: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2299. Mar 27 18:09:02.212762: | IKEv2 transform ID: OAKLEY_GROUP_MODP1536 (0x5)
2300. Mar 27 18:09:02.212773: | remote proposal 2 proposed transforms: ENCR+PRF+DH; matched: ENCR+PRF+DH; unmatched: none
2301. Mar 27 18:09:02.212785: | comparing remote proposal 2 containing ENCR+PRF+DH transforms to local proposal 1; required: ENCR+PRF+DH; optional: INTEG; matched: ENCR+PRF+DH
2302. Mar 27 18:09:02.212794: | remote proposal 2 matches local proposal 1
2303. Mar 27 18:09:02.212811: "tunnel1"[2] 192.168.1.126 #2: proposal 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;ENCR=AES_CBC_128;INTEG=HMAC_SHA2_512_256;INTEG=HMAC_SHA2_384_192;INTEG=HMAC_SHA2_256_128;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=ECP_256;DH=DH24;DH=ECP_384;DH=MODP2048;DH=MODP1536[first-match] 2:IKE:ENCR=AES_GCM_C_256;ENCR=AES_GCM_C_128;PRF=HMAC_SHA2_512;PRF=HMAC_SHA2_384;PRF=HMAC_SHA2_256;PRF=HMAC_SHA1;DH=ECP_256;DH=DH24;DH=ECP_384;DH=MODP2048;DH=MODP1536[better-match]
2304. Mar 27 18:09:02.212824: | accepted IKE proposal ikev2_proposal: 2:IKE=AES_GCM_C_256-HMAC_SHA2_512-ECP_256
2305. Mar 27 18:09:02.212840: | converting proposal to internal trans attrs
2306. Mar 27 18:09:02.212853: | IKEV2_FRAGMENTATION_SUPPORTED neither requested nor accepted
2307. Mar 27 18:09:02.212861: | USE_PPK neither requested nor accepted
2308. Mar 27 18:09:02.212869: | nat: IKE.SPIr is zero
2309. Mar 27 18:09:02.212903: | natd_hash: hasher=0x560a71c0dc40(20)
2310. Mar 27 18:09:02.212912: | natd_hash: icookie=
2311. Mar 27 18:09:02.212921: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
2312. Mar 27 18:09:02.212929: | natd_hash: rcookie=
2313. Mar 27 18:09:02.212937: | 00 00 00 00 00 00 00 00 ........
2314. Mar 27 18:09:02.212945: | natd_hash: ip=
2315. Mar 27 18:09:02.212953: | c0 a8 01 0a ....
2316. Mar 27 18:09:02.226663: | natd_hash: port=
2317. Mar 27 18:09:02.226692: | 01 f4 ..
2318. Mar 27 18:09:02.226700: | natd_hash: hash=
2319. Mar 27 18:09:02.226708: | 8c b9 ab 3d 10 ef c9 fa 39 45 f4 a2 aa 4d c3 c8 ...=....9E...M..
2320. Mar 27 18:09:02.226717: | 89 bb 8c 96 ....
2321. Mar 27 18:09:02.226726: | nat: IKE.SPIr is zero
2322. Mar 27 18:09:02.226767: | natd_hash: hasher=0x560a71c0dc40(20)
2323. Mar 27 18:09:02.226776: | natd_hash: icookie=
2324. Mar 27 18:09:02.226784: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
2325. Mar 27 18:09:02.226792: | natd_hash: rcookie=
2326. Mar 27 18:09:02.226801: | 00 00 00 00 00 00 00 00 ........
2327. Mar 27 18:09:02.226809: | natd_hash: ip=
2328. Mar 27 18:09:02.226817: | c0 a8 01 7e ...~
2329. Mar 27 18:09:02.226825: | natd_hash: port=
2330. Mar 27 18:09:02.226833: | e0 fd ..
2331. Mar 27 18:09:02.226841: | natd_hash: hash=
2332. Mar 27 18:09:02.226849: | 4b 97 41 67 d1 80 cd 03 f4 e2 a6 cd 13 78 cc 8a K.Ag.........x..
2333. Mar 27 18:09:02.226858: | d6 c5 fb 8a ....
2334. Mar 27 18:09:02.226867: | NAT_TRAVERSAL encaps using auto-detect
2335. Mar 27 18:09:02.226874: | NAT_TRAVERSAL this end is NOT behind NAT
2336. Mar 27 18:09:02.226886: | NAT_TRAVERSAL that end is behind NAT 192.168.1.126:57597
2337. Mar 27 18:09:02.226897: | NAT_TRAVERSAL nat-keepalive enabled 192.168.1.126:57597
2338. Mar 27 18:09:02.226905: | NAT: responder so initiator gets to switch ports
2339. Mar 27 18:09:02.226915: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
2340. Mar 27 18:09:02.226923: | 00 02 ..
2341. Mar 27 18:09:02.226933: | digsig: received and ignored unacceptable hash algorithm SHA2_256
2342. Mar 27 18:09:02.226942: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
2343. Mar 27 18:09:02.226950: | 00 03 ..
2344. Mar 27 18:09:02.226958: | digsig: received and ignored unacceptable hash algorithm SHA2_384
2345. Mar 27 18:09:02.226967: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
2346. Mar 27 18:09:02.226975: | 00 04 ..
2347. Mar 27 18:09:02.226983: | digsig: received and ignored unacceptable hash algorithm SHA2_512
2348. Mar 27 18:09:02.226992: | parsing 2 raw bytes of IKEv2 Notify Payload into hash algorithm identifier (network ordered)
2349. Mar 27 18:09:02.227000: | 00 05 ..
2350. Mar 27 18:09:02.227009: | digsig: received and ignored unacceptable hash algorithm IDENTITY
2351. Mar 27 18:09:02.227021: | job: newref @0x560a738601e8(0->1) (submit_task() +331 programs/pluto/server_pool.c)
2352. Mar 27 18:09:02.227037: | clone logger: newref @0x560a73855e58(0->1) (submit_task() +358 programs/pluto/server_pool.c)
2353. Mar 27 18:09:02.227046: | job 1 helper 0 #2 process_v2_IKE_SA_INIT_request (dh): added to pending queue
2354. Mar 27 18:09:02.227055: | #2 deleting EVENT_v2_DISCARD
2355. Mar 27 18:09:02.227068: | tt: delref @0x560a7385a518(1->0) (destroy_timeout() +575 programs/pluto/server.c)
2356. Mar 27 18:09:02.227079: | state-event: delref @0x560a7385a358(1->0) (delete_event() +534 programs/pluto/timer.c)
2357. Mar 27 18:09:02.227105: | event_schedule_where: newref EVENT_CRYPTO_TIMEOUT-pe@0x560a7385a358 timeout in 60 seconds for #2
2358. Mar 27 18:09:02.227116: | tt: newref @0x560a73860288(0->1) (schedule_timeout() +557 programs/pluto/server.c)
2359. Mar 27 18:09:02.227137: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_SUSPEND
2360. Mar 27 18:09:02.227207: | suspend: saving MD@0x560a7385c548 in state #2 (complete_v2_state_transition() +2702 programs/pluto/ikev2.c)
2361. Mar 27 18:09:02.227221: | struct msg_digest: addref @0x560a7385c548(1->2) (complete_v2_state_transition() +2702 programs/pluto/ikev2.c)
2362. Mar 27 18:09:02.227224: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): started
2363. Mar 27 18:09:02.230951: | struct dh_local_secret: newref @0x7f49e80016f8(0->1) (calc_dh_local_secret() +85 programs/pluto/crypt_dh.c)
2364. Mar 27 18:09:02.230975: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): finished
2365. Mar 27 18:09:02.230991: | "tunnel1"[2] 192.168.1.126 #2: spent 3.77 (3.77) milliseconds in job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh)
2366. Mar 27 18:09:02.231001: | scheduling resume sending job back to main thread for #2
2367. Mar 27 18:09:02.231012: | tt: newref @0x7f49e8004278(0->1) (schedule_timeout() +557 programs/pluto/server.c)
2368. Mar 27 18:09:02.231026: | helper 1: waiting for work
2369. Mar 27 18:09:02.227230: | #2 is busy; has suspended MD 0x560a7385c548
2370. Mar 27 18:09:02.232548: | #2 spent 3.12 (23.2) milliseconds in processing: Respond to IKE_SA_INIT in v2_dispatch()
2371. Mar 27 18:09:02.232562: | #2 spent 5.42 (25.5) milliseconds in process_v2_IKE_SA_INIT()
2372. Mar 27 18:09:02.232581: | "tunnel1"[2] 192.168.1.126: delref @0x560a7385df58(2->1) packet from 192.168.1.126:57597: (process_v2_IKE_SA_INIT() +449 programs/pluto/ikev2_ike_sa_init.c)
2373. Mar 27 18:09:02.232596: | packet from 192.168.1.126:57597: delref @0x560a7385c548(2->1) (process_iface_packet() +296 programs/pluto/demux.c)
2374. Mar 27 18:09:02.232608: | spent 5.46 (25.6) milliseconds in process_iface_packet() reading and processing packet
2375. Mar 27 18:09:02.232630: | processing resume sending job back to main thread for #2
2376. Mar 27 18:09:02.232641: | suspend: restoring MD@0x560a7385c548 from state #2 (resume_handler() +641 programs/pluto/server.c)
2377. Mar 27 18:09:02.232651: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): calling state's callback function
2378. Mar 27 18:09:02.232660: | process_v2_IKE_SA_INIT_request_continue() for #2 STATE_V2_PARENT_R0: calculated ke+nonce, sending R1
2379. Mar 27 18:09:02.232721: | opening output PBS IKE_SA_INIT response
2380. Mar 27 18:09:02.232730: | **emit ISAKMP Message:
2381. Mar 27 18:09:02.232743: | initiator SPI: 8a 39 43 fb 73 2f 1e 90
2382. Mar 27 18:09:02.232756: | responder SPI: d4 6c 1e 33 4e f8 a5 ba
2383. Mar 27 18:09:02.232765: | next payload type: ISAKMP_NEXT_NONE (0x0)
2384. Mar 27 18:09:02.232774: | ISAKMP version: IKEv2 version 2.0 (rfc4306/rfc5996) (0x20)
2385. Mar 27 18:09:02.232782: | exchange type: ISAKMP_v2_IKE_SA_INIT (0x22)
2386. Mar 27 18:09:02.232791: | flags: ISAKMP_FLAG_v2_MSG_RESPONSE (0x20)
2387. Mar 27 18:09:02.232803: | Message ID: 0 (00 00 00 00)
2388. Mar 27 18:09:02.232812: | next payload chain: saving message location 'ISAKMP Message'.'next payload type'
2389. Mar 27 18:09:02.232821: | emitting ikev2_proposal ...
2390. Mar 27 18:09:02.232829: | ***emit IKEv2 Security Association Payload:
2391. Mar 27 18:09:02.232838: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
2392. Mar 27 18:09:02.232847: | flags: none (0x0)
2393. Mar 27 18:09:02.232856: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current IKEv2 Security Association Payload (33:ISAKMP_NEXT_v2SA)
2394. Mar 27 18:09:02.232865: | next payload chain: saving location 'IKEv2 Security Association Payload'.'next payload type' in 'IKE_SA_INIT response'
2395. Mar 27 18:09:02.232875: | ****emit IKEv2 Proposal Substructure Payload:
2396. Mar 27 18:09:02.232884: | last proposal: v2_PROPOSAL_LAST (0x0)
2397. Mar 27 18:09:02.232893: | prop #: 2 (02)
2398. Mar 27 18:09:02.232902: | proto ID: IKEv2_SEC_PROTO_IKE (0x1)
2399. Mar 27 18:09:02.232911: | spi size: 0 (00)
2400. Mar 27 18:09:02.232930: | # transforms: 3 (03)
2401. Mar 27 18:09:02.232938: | last substructure: saving location 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal'
2402. Mar 27 18:09:02.232948: | *****emit IKEv2 Transform Substructure Payload:
2403. Mar 27 18:09:02.232956: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2404. Mar 27 18:09:02.232964: | IKEv2 transform type: IKEv2_TRANS_TYPE_ENCR (0x1)
2405. Mar 27 18:09:02.232973: | IKEv2 transform ID: AES_GCM_C (0x14)
2406. Mar 27 18:09:02.232981: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
2407. Mar 27 18:09:02.232990: | ******emit IKEv2 Attribute Substructure Payload:
2408. Mar 27 18:09:02.232999: | af+type: AF+IKEv2_KEY_LENGTH (0x800e)
2409. Mar 27 18:09:02.233009: | length/value: 256 (01 00)
2410. Mar 27 18:09:02.233018: | emitting length of IKEv2 Transform Substructure Payload: 12
2411. Mar 27 18:09:02.233026: | *****emit IKEv2 Transform Substructure Payload:
2412. Mar 27 18:09:02.233034: | last transform: v2_TRANSFORM_NON_LAST (0x3)
2413. Mar 27 18:09:02.233043: | IKEv2 transform type: IKEv2_TRANS_TYPE_PRF (0x2)
2414. Mar 27 18:09:02.233051: | IKEv2 transform ID: PRF_HMAC_SHA2_512 (0x7)
2415. Mar 27 18:09:02.233061: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
2416. Mar 27 18:09:02.233070: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
2417. Mar 27 18:09:02.233078: | emitting length of IKEv2 Transform Substructure Payload: 8
2418. Mar 27 18:09:02.233087: | *****emit IKEv2 Transform Substructure Payload:
2419. Mar 27 18:09:02.233095: | last transform: v2_TRANSFORM_LAST (0x0)
2420. Mar 27 18:09:02.233104: | IKEv2 transform type: IKEv2_TRANS_TYPE_DH (0x4)
2421. Mar 27 18:09:02.233112: | IKEv2 transform ID: OAKLEY_GROUP_ECP_256 (0x13)
2422. Mar 27 18:09:02.233122: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' containing v2_TRANSFORM_NON_LAST (0x3) is v2_TRANSFORM_NON_LAST (0x3)
2423. Mar 27 18:09:02.233130: | last substructure: saving location 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform'
2424. Mar 27 18:09:02.233139: | emitting length of IKEv2 Transform Substructure Payload: 8
2425. Mar 27 18:09:02.233147: | emitting length of IKEv2 Proposal Substructure Payload: 36
2426. Mar 27 18:09:02.233156: | last substructure: checking 'IKEv2 Proposal Substructure Payload'.'IKEv2 Transform Substructure Payload'.'last transform' is 0
2427. Mar 27 18:09:02.233164: | emitting length of IKEv2 Security Association Payload: 40
2428. Mar 27 18:09:02.233173: | last substructure: checking 'IKEv2 Security Association Payload'.'IKEv2 Proposal Substructure Payload'.'last proposal' is 0
2429. Mar 27 18:09:02.233185: | struct dh_local_secret: addref @0x7f49e80016f8(1->2) (unpack_KE_from_helper() +155 programs/pluto/crypt_ke.c)
2430. Mar 27 18:09:02.233194: | ***emit IKEv2 Key Exchange Payload:
2431. Mar 27 18:09:02.233202: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
2432. Mar 27 18:09:02.233211: | flags: none (0x0)
2433. Mar 27 18:09:02.233219: | DH group: OAKLEY_GROUP_ECP_256 (0x13)
2434. Mar 27 18:09:02.233228: | next payload chain: setting previous 'IKEv2 Security Association Payload'.'next payload type' to current IKEv2 Key Exchange Payload (34:ISAKMP_NEXT_v2KE)
2435. Mar 27 18:09:02.233237: | next payload chain: saving location 'IKEv2 Key Exchange Payload'.'next payload type' in 'IKE_SA_INIT response'
2436. Mar 27 18:09:02.233246: | emitting 64 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
2437. Mar 27 18:09:02.233255: | ba f6 7f e8 ef 30 b4 53 6b 10 8f 52 24 50 97 47 .....0.Sk..R$P.G
2438. Mar 27 18:09:02.233263: | 16 1a 0e 52 c1 64 c7 7a 93 10 01 be b4 c1 8a f4 ...R.d.z........
2439. Mar 27 18:09:02.233272: | a3 a2 86 8a a3 5c 7e ad db 85 92 55 dc 9f ae 2e .....\~....U....
2440. Mar 27 18:09:02.233280: | a0 50 ee 16 5a b0 6b 44 bb 17 25 03 68 83 3a 14 .P..Z.kD..%.h.:.
2441. Mar 27 18:09:02.233296: | emitting length of IKEv2 Key Exchange Payload: 72
2442. Mar 27 18:09:02.233305: | ***emit IKEv2 Nonce Payload:
2443. Mar 27 18:09:02.233314: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
2444. Mar 27 18:09:02.233323: | flags: none (0x0)
2445. Mar 27 18:09:02.233331: | next payload chain: setting previous 'IKEv2 Key Exchange Payload'.'next payload type' to current IKEv2 Nonce Payload (40:ISAKMP_NEXT_v2Ni)
2446. Mar 27 18:09:02.233340: | next payload chain: saving location 'IKEv2 Nonce Payload'.'next payload type' in 'IKE_SA_INIT response'
2447. Mar 27 18:09:02.233349: | emitting 32 raw bytes of IKEv2 nonce into IKEv2 Nonce Payload
2448. Mar 27 18:09:02.233358: | 64 9f a3 db de 22 b2 ce b5 4f 56 da 33 d7 bf 6c d...."...OV.3..l
2449. Mar 27 18:09:02.233366: | 8b 2a f4 84 dd fd fa 56 2c 95 d5 10 35 ca 1f 4e .*.....V,...5..N
2450. Mar 27 18:09:02.233375: | emitting length of IKEv2 Nonce Payload: 36
2451. Mar 27 18:09:02.233384: | INTERMEDIATE_EXCHANGE_SUPPORTED neither requested nor accepted
2452. Mar 27 18:09:02.233393: | NAT-Traversal support [enabled] add v2N payloads.
2453. Mar 27 18:09:02.233415: | natd_hash: hasher=0x560a71c0dc40(20)
2454. Mar 27 18:09:02.233424: | natd_hash: icookie=
2455. Mar 27 18:09:02.233433: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
2456. Mar 27 18:09:02.233441: | natd_hash: rcookie=
2457. Mar 27 18:09:02.233449: | d4 6c 1e 33 4e f8 a5 ba .l.3N...
2458. Mar 27 18:09:02.233457: | natd_hash: ip=
2459. Mar 27 18:09:02.237260: | c0 a8 01 0a ....
2460. Mar 27 18:09:02.237283: | natd_hash: port=
2461. Mar 27 18:09:02.237292: | 01 f4 ..
2462. Mar 27 18:09:02.237300: | natd_hash: hash=
2463. Mar 27 18:09:02.237308: | bf 11 12 55 30 b0 71 a9 62 6c f8 04 6b 4a f3 04 ...U0.q.bl..kJ..
2464. Mar 27 18:09:02.237317: | 95 df a0 bd ....
2465. Mar 27 18:09:02.237326: | adding a v2N Payload
2466. Mar 27 18:09:02.237335: | ***emit IKEv2 Notify Payload:
2467. Mar 27 18:09:02.237344: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
2468. Mar 27 18:09:02.237353: | flags: none (0x0)
2469. Mar 27 18:09:02.237361: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
2470. Mar 27 18:09:02.237387: | SPI size: 0 (00)
2471. Mar 27 18:09:02.237400: | Notify Message Type: v2N_NAT_DETECTION_SOURCE_IP (0x4004)
2472. Mar 27 18:09:02.237410: | next payload chain: setting previous 'IKEv2 Nonce Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
2473. Mar 27 18:09:02.237419: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'IKE_SA_INIT response'
2474. Mar 27 18:09:02.237429: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
2475. Mar 27 18:09:02.237438: | bf 11 12 55 30 b0 71 a9 62 6c f8 04 6b 4a f3 04 ...U0.q.bl..kJ..
2476. Mar 27 18:09:02.237446: | 95 df a0 bd ....
2477. Mar 27 18:09:02.237455: | emitting length of IKEv2 Notify Payload: 28
2478. Mar 27 18:09:02.237488: | natd_hash: hasher=0x560a71c0dc40(20)
2479. Mar 27 18:09:02.237497: | natd_hash: icookie=
2480. Mar 27 18:09:02.237505: | 8a 39 43 fb 73 2f 1e 90 .9C.s/..
2481. Mar 27 18:09:02.237513: | natd_hash: rcookie=
2482. Mar 27 18:09:02.237522: | d4 6c 1e 33 4e f8 a5 ba .l.3N...
2483. Mar 27 18:09:02.237529: | natd_hash: ip=
2484. Mar 27 18:09:02.237538: | c0 a8 01 7e ...~
2485. Mar 27 18:09:02.237546: | natd_hash: port=
2486. Mar 27 18:09:02.237554: | e0 fd ..
2487. Mar 27 18:09:02.237562: | natd_hash: hash=
2488. Mar 27 18:09:02.237570: | 86 65 76 17 6e 2b 48 56 7e 3e 37 b5 b4 c4 a4 89 .ev.n+HV~>7.....
2489. Mar 27 18:09:02.237579: | 9d 9f f6 b9 ....
2490. Mar 27 18:09:02.237587: | adding a v2N Payload
2491. Mar 27 18:09:02.237595: | ***emit IKEv2 Notify Payload:
2492. Mar 27 18:09:02.237603: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
2493. Mar 27 18:09:02.237612: | flags: none (0x0)
2494. Mar 27 18:09:02.237620: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
2495. Mar 27 18:09:02.237644: | SPI size: 0 (00)
2496. Mar 27 18:09:02.237652: | Notify Message Type: v2N_NAT_DETECTION_DESTINATION_IP (0x4005)
2497. Mar 27 18:09:02.237662: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
2498. Mar 27 18:09:02.237670: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'IKE_SA_INIT response'
2499. Mar 27 18:09:02.237680: | emitting 20 raw bytes of Notify data into IKEv2 Notify Payload
2500. Mar 27 18:09:02.237688: | 86 65 76 17 6e 2b 48 56 7e 3e 37 b5 b4 c4 a4 89 .ev.n+HV~>7.....
2501. Mar 27 18:09:02.237697: | 9d 9f f6 b9 ....
2502. Mar 27 18:09:02.237705: | emitting length of IKEv2 Notify Payload: 28
2503. Mar 27 18:09:02.237713: | adding a v2N Payload
2504. Mar 27 18:09:02.237721: | ***emit IKEv2 Notify Payload:
2505. Mar 27 18:09:02.237730: | next payload type: ISAKMP_NEXT_v2NONE (0x0)
2506. Mar 27 18:09:02.237738: | flags: none (0x0)
2507. Mar 27 18:09:02.237747: | Protocol ID: IKEv2_SEC_PROTO_NONE (0x0)
2508. Mar 27 18:09:02.237756: | SPI size: 0 (00)
2509. Mar 27 18:09:02.237764: | Notify Message Type: v2N_CHILDLESS_IKEV2_SUPPORTED (0x4022)
2510. Mar 27 18:09:02.237773: | next payload chain: setting previous 'IKEv2 Notify Payload'.'next payload type' to current IKEv2 Notify Payload (41:ISAKMP_NEXT_v2N)
2511. Mar 27 18:09:02.237782: | next payload chain: saving location 'IKEv2 Notify Payload'.'next payload type' in 'IKE_SA_INIT response'
2512. Mar 27 18:09:02.237791: | emitting 0 raw bytes of Notify data into IKEv2 Notify Payload
2513. Mar 27 18:09:02.237799: | Notify data:
2514. Mar 27 18:09:02.237807: | emitting length of IKEv2 Notify Payload: 8
2515. Mar 27 18:09:02.237817: | emitting length of ISAKMP Message: 240
2516. Mar 27 18:09:02.237828: | job 1 helper 1 #2 process_v2_IKE_SA_INIT_request (dh): final status STF_OK; cleaning up
2517. Mar 27 18:09:02.237840: | delref @0x7f49e80016f8(2->1) (cleanup_ke_and_nonce() +83 programs/pluto/crypt_ke.c)
2518. Mar 27 18:09:02.237850: | "tunnel1"[2] 192.168.1.126 #2: releasing whack (but there are none) (free_job() +430 programs/pluto/server_pool.c)
2519. Mar 27 18:09:02.237860: | logger: delref @0x560a73855e58(1->0) (free_job() +430 programs/pluto/server_pool.c)
2520. Mar 27 18:09:02.237871: | job: delref @0x560a738601e8(1->0) (free_job() +431 programs/pluto/server_pool.c)
2521. Mar 27 18:09:02.237882: | #2 complete_v2_state_transition() PARENT_R0->PARENT_R1 with status STF_OK
2522. Mar 27 18:09:02.237891: | transitioning from state STATE_V2_PARENT_R0 to state STATE_V2_PARENT_R1
2523. Mar 27 18:09:02.237899: | Message ID: updating counters for #2
2524. Mar 27 18:09:02.237915: | Message ID: IKE #2 updating responder received message request 0 (initiator: responder: .recv=-1->0 .wip=0->-1 .last_recv=33396.325071->33396.353731)
2525. Mar 27 18:09:02.237929: | Message ID: IKE #2 updating responder sent message response 0 (initiator: responder: .sent=-1->0 .last_sent=33396.325071->33396.353747)
2526. Mar 27 18:09:02.237940: | parent state #2: PARENT_R0(half-open IKE SA) => PARENT_R1(half-open IKE SA)
2527. Mar 27 18:09:02.237961: | Message ID: IKE #2 no pending message initiators to schedule (initiator: .sent=-1 .recv=-1 .recv_frags=0 .wip=-1 .last_sent=33396.325071 .last_recv=33396.325071 responder: .sent=0 .recv=0 .recv_frags=0 .wip=-1 .last_sent=33396.353747 .last_recv=33396.353731)
2528. Mar 27 18:09:02.237971: | #2 deleting EVENT_CRYPTO_TIMEOUT
2529. Mar 27 18:09:02.237984: | tt: delref @0x560a73860288(1->0) (destroy_timeout() +575 programs/pluto/server.c)
2530. Mar 27 18:09:02.237994: | state-event: delref @0x560a7385a358(1->0) (delete_event() +534 programs/pluto/timer.c)
2531. Mar 27 18:09:02.238005: | event_schedule_where: newref EVENT_v2_DISCARD-pe@0x560a7385a358 timeout in 200 seconds for #2
2532. Mar 27 18:09:02.238016: | tt: newref @0x560a73860688(0->1) (schedule_timeout() +557 programs/pluto/server.c)
2533. Mar 27 18:09:02.238035: | sending 240 bytes for Respond to IKE_SA_INIT through enp0s3 from 192.168.1.10:500 to 192.168.1.126:57597 using UDP (for #2)
2534. Mar 27 18:09:02.238044: | 8a 39 43 fb 73 2f 1e 90 d4 6c 1e 33 4e f8 a5 ba .9C.s/...l.3N...
2535. Mar 27 18:09:02.238052: | 21 20 22 20 00 00 00 00 00 00 00 f0 22 00 00 28 ! " ........"..(
2536. Mar 27 18:09:02.238069: | 00 00 00 24 02 01 00 03 03 00 00 0c 01 00 00 14 ...$............
2537. Mar 27 18:09:02.238078: | 80 0e 01 00 03 00 00 08 02 00 00 07 00 00 00 08 ................
2538. Mar 27 18:09:02.238086: | 04 00 00 13 28 00 00 48 00 13 00 00 ba f6 7f e8 ....(..H........
2539. Mar 27 18:09:02.238095: | ef 30 b4 53 6b 10 8f 52 24 50 97 47 16 1a 0e 52 .0.Sk..R$P.G...R
2540. Mar 27 18:09:02.238103: | c1 64 c7 7a 93 10 01 be b4 c1 8a f4 a3 a2 86 8a .d.z............
2541. Mar 27 18:09:02.238112: | a3 5c 7e ad db 85 92 55 dc 9f ae 2e a0 50 ee 16 .\~....U.....P..
2542. Mar 27 18:09:02.238120: | 5a b0 6b 44 bb 17 25 03 68 83 3a 14 29 00 00 24 Z.kD..%.h.:.)..$
2543. Mar 27 18:09:02.238129: | 64 9f a3 db de 22 b2 ce b5 4f 56 da 33 d7 bf 6c d...."...OV.3..l
2544. Mar 27 18:09:02.238137: | 8b 2a f4 84 dd fd fa 56 2c 95 d5 10 35 ca 1f 4e .*.....V,...5..N
2545. Mar 27 18:09:02.238146: | 29 00 00 1c 00 00 40 04 bf 11 12 55 30 b0 71 a9 ).....@....U0.q.
2546. Mar 27 18:09:02.238154: | 62 6c f8 04 6b 4a f3 04 95 df a0 bd 29 00 00 1c bl..kJ......)...
2547. Mar 27 18:09:02.238163: | 00 00 40 05 86 65 76 17 6e 2b 48 56 7e 3e 37 b5 ..@..ev.n+HV~>7.
2548. Mar 27 18:09:02.238171: | b4 c4 a4 89 9d 9f f6 b9 00 00 00 08 00 00 40 22 ..............@"
2549. Mar 27 18:09:02.238325: | sent 1 messages
2550. Mar 27 18:09:02.238363: "tunnel1"[2] 192.168.1.126 #2: processed IKE_SA_INIT request from 192.168.1.126:UDP/57597 {cipher=AES_GCM_16_256 integ=n/a prf=HMAC_SHA2_512 group=DH19}
2551. Mar 27 18:09:02.238381: | packet from 192.168.1.126:57597: delref @0x560a7385c548(1->0) (resume_handler() +687 programs/pluto/server.c)
2552. Mar 27 18:09:02.238393: | packet from 192.168.1.126:57597: releasing whack (but there are none) (resume_handler() +687 programs/pluto/server.c)
2553. Mar 27 18:09:02.238403: | logger: delref @0x560a73856708(1->0) (resume_handler() +687 programs/pluto/server.c)
2554. Mar 27 18:09:02.238446: | delref @0x560a7385b588(3->2) (resume_handler() +687 programs/pluto/server.c)
2555. Mar 27 18:09:02.238468: | #2 spent 2.07 (5.82) milliseconds in resume sending job back to main thread
2556. Mar 27 18:09:02.238480: | tt: delref @0x7f49e8004278(1->0) (destroy_timeout() +575 programs/pluto/server.c)