On Mon, Feb 22, 2021 at 03:59:53PM +0100, Riccardo Giuntoli wrote: > Ok. In the log you can appreciate. > > UK-HOST one OpenBSD machine connected to three openbsd, one mikrotik and > one VyOS. The VyOS is CAT-HOST > > Kind regards
The log looks fine but it doesn't seem to contain the error message you sent earlier. Can you try reproducing the bug and then send a log containing the error message and everything that happened before? > > > On Mon, Feb 22, 2021 at 12:02 PM Stuart Henderson <s...@spacehopper.org> > wrote: > > > On 2021-02-22, Riccardo Giuntoli <tag...@gmail.com> wrote: > > > Ok I've got the same error on three different OpenBSD, tell me what error > > > do you want or if you want an access. > > > > It would be a good start to run iked in the foreground with iked -vvd and > > show the log from there. > > > > > > > > -- > Name: Riccardo Giuntoli > Email: tag...@gmail.com > Location: sant Pere de Ribes, BCN, Spain > PGP Key: 0x67123739 > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739 > Key server: hkp://wwwkeys.eu.pgp.net > create_ike: using signature for peer --FR-- > create_ike: using signature for peer > ikev2 "--CAT-HOST--" passive transport esp proto gre inet from --UK-- to > --CAT-- local --UK-- peer any ikesa enc aes-256 prf > hmac-sha2-256,hmac-sha2-384,hmac-sha2-512,hmac-sha1 auth hmac-sha2-256 group > ecp256 childsa enc aes-256 auth hmac-sha2-256 group ecp256 esn,noesn srcid > --UK-ID-- ikelifetime 86400 lifetime 3600 bytes 536870912 signature > /etc/iked.conf: loaded 4 configuration rules > ca_privkey_serialize: type RSA_KEY length 1191 > ca_pubkey_serialize: type RSA_KEY length 270 > ca_privkey_to_method: type RSA_KEY method RSA_SIG > ca_getkey: received private key type RSA_KEY length 1191 > ca_getkey: received public key type RSA_KEY length 270 > ca_dispatch_parent: config reset > ca_reload: loaded ca file ca.crt > ca_reload: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--CA-HOST-- > ca_reload: loaded 1 ca certificate > ca_reload: loaded cert file --FR-HOST--.crt > ca_reload: loaded cert file --UK-HOST--.crt > config_getpolicy: received policy > config_getpolicy: received policy > config_getpolicy: received policy > config_getpolicy: received policy > config_getpfkey: received pfkey fd 3 > config_getcompile: compilation done > config_getsocket: received socket fd 4 > config_getsocket: received socket fd 5 > config_getsocket: received socket fd 6 > config_getsocket: received socket fd 7 > config_getstatic: dpd_check_interval 15 > config_getstatic: no enforcesingleikesa > config_getstatic: no fragmentation > config_getstatic: mobike > config_getstatic: nattport 4500 > ca_validate_cert: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--FR-HOST-- ok > ca_validate_cert: /C=UK/ST=England/L=London/O=Telecom > Lobby/OU=VPNC/CN=--UK-HOST-- ok > ca_reload: local cert type X509_CERT > config_getocsp: ocsp_url none tolerate 0 maxage -1 > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20 > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20 > policy_lookup: setting policy '--CAT-HOST--' > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e > ikev2_init_recv: unknown SA > ikev2_init_ike_sa: initiating "--FR-HOST--" > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_add_proposals: length 68 > ikev2_next_payload: length 72 nextpayload KE > ikev2_next_payload: length 104 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0xf2043da59221143f 0x0000000000000000 > --UK--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0xf2043da59221143f 0x0000000000000000 > --FR--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_next_payload: length 14 nextpayload NONE > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 310 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 72 > ikev2_pld_sa: more 0 reserved 0 length 68 proposal #1 protoid IKE spisize 0 > xforms 7 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 104 > ikev2_pld_ke: dh group ECP_384 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > spi=0xf2043da59221143f: send IKE_SA_INIT req 0 peer --FR--:500 local > --UK--:500, 310 bytes > spi=0xf2043da59221143f: sa_state: INIT -> SA_INIT > ikev2_init_ike_sa: initiating "--US-HOST--" > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_add_proposals: length 36 > ikev2_next_payload: length 40 nextpayload KE > ikev2_next_payload: length 136 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0x22cd85777285bb53 0x0000000000000000 > --UK--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0x22cd85777285bb53 0x0000000000000000 > --US-IP--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_next_payload: length 14 nextpayload NONE > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 310 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40 > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 > xforms 3 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136 > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > spi=0x22cd85777285bb53: send IKE_SA_INIT req 0 peer --US-IP--:500 local > --UK--:500, 310 bytes > spi=0x22cd85777285bb53: sa_state: INIT -> SA_INIT > ikev2_init_ike_sa: initiating "--JP-HOST--" > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_add_proposals: length 36 > ikev2_next_payload: length 40 nextpayload KE > ikev2_next_payload: length 136 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0x67cb9c572ac8b67e 0x0000000000000000 > --UK--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0x67cb9c572ac8b67e 0x0000000000000000 > --JP-IP--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_next_payload: length 14 nextpayload NONE > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 310 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40 > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 > xforms 3 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136 > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > spi=0x67cb9c572ac8b67e: send IKE_SA_INIT req 0 peer --JP-IP--:500 local > --UK--:500, 310 bytes > spi=0x67cb9c572ac8b67e: sa_state: INIT -> SA_INIT > spi=0xf2043da59221143f: recv IKE_SA_INIT res 0 peer --FR--:500 local > --UK--:500, 213 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length > 213 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_384 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 104 > ikev2_pld_ke: dh group ECP_384 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 5 > ikev2_pld_certreq: type X509_CERT length 0 > ikev2_pld_certreq: invalid length 0 > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth) > proposals_negotiate: score 4 > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth > spi=0xf2043da59221143f: ikev2_sa_keys: DHSECRET with 48 bytes > ikev2_sa_keys: SKEYSEED with 32 bytes > spi=0xf2043da59221143f: ikev2_sa_keys: S with 72 bytes > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: T5 with 32 bytes > ikev2_prfplus: T6 with 32 bytes > ikev2_prfplus: T7 with 32 bytes > ikev2_prfplus: Tn with 224 bytes > ikev2_sa_keys: SK_d with 32 bytes > ikev2_sa_keys: SK_ai with 32 bytes > ikev2_sa_keys: SK_ar with 32 bytes > ikev2_sa_keys: SK_ei with 32 bytes > ikev2_sa_keys: SK_er with 32 bytes > ikev2_sa_keys: SK_pi with 32 bytes > ikev2_sa_keys: SK_pr with 32 bytes > ikev2_msg_auth: initiator auth data length 366 > ca_setauth: switching SIG to RSA_SIG(*) > ca_setauth: auth length 366 > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth > config_free_proposals: free 0x3c27ccfe800 > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--CA-HOST-- > ca_x509_subjectaltname_do: did not find subjectAltName in certificate > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom > Lobby/OU=VPNC/CN=--UK-HOST-- > ca_setauth: auth length 256 > ikev2_getimsgdata: imsg 22 rspi 0x1f43bd64d771a4e5 ispi 0xf2043da59221143f > initiator 1 sa valid type 4 data length 1064 > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009 cert,auth) > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth > ikev2_getimsgdata: imsg 28 rspi 0x1f43bd64d771a4e5 ispi 0xf2043da59221143f > initiator 1 sa valid type 1 data length 256 > ikev2_dispatch_cert: AUTH type 1 len 256 > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009 cert,auth) > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth > ikev2_next_payload: length 35 nextpayload CERT > ikev2_next_payload: length 1069 nextpayload CERTREQ > ikev2_add_certreq: type X509_CERT length 21 > ikev2_next_payload: length 25 nextpayload AUTH > ikev2_next_payload: length 264 nextpayload NOTIFY > ikev2_add_notify: done > ikev2_next_payload: length 8 nextpayload SA > pfkey_sa_getspi: spi 0x8f3bad08 > pfkey_sa_init: new spi 0x8f3bad08 > ikev2_add_proposals: length 48 > ikev2_next_payload: length 52 nextpayload TSi > ikev2_next_payload: length 24 nextpayload TSr > ikev2_next_payload: length 24 nextpayload NONE > ikev2_next_payload: length 1540 nextpayload IDi > ikev2_msg_encrypt: decrypted length 1501 > ikev2_msg_encrypt: padded length 1504 > ikev2_msg_encrypt: length 1502, padding 2, output length 1536 > ikev2_msg_integr: message length 1568 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1568 > response 0 > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1540 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 1504 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 2 > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 > length 35 > ikev2_pld_id: id UFQDN/--UK-ID-- length 31 > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ critical 0x00 > length 1069 > ikev2_pld_cert: type X509_CERT length 1064 > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 > length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 > length 264 > ikev2_pld_auth: method RSA_SIG length 256 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 52 > ikev2_pld_sa: more 0 reserved 0 length 48 proposal #1 protoid ESP spisize 4 > xforms 4 spi 0x8f3bad08 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --FR-- end --FR-- > spi=0xf2043da59221143f: send IKE_AUTH req 1 peer --FR--:500 local --UK--:500, > 1568 bytes > spi=0xf2043da59221143f: recv IKE_AUTH res 1 peer --FR--:500 local --UK--:500, > 1552 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1552 > response 1 > ikev2_pld_payloads: payload SK nextpayload CERT critical 0x00 length 1524 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 1488 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 1488/1488 padding 8 > ikev2_pld_payloads: decrypted payload CERT nextpayload IDr critical 0x00 > length 1084 > ikev2_pld_cert: type X509_CERT length 1079 > ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH critical 0x00 > length 31 > ikev2_pld_id: id UFQDN/uma@--CA-HOST-- length 27 > ikev2_pld_payloads: decrypted payload AUTH nextpayload TSi critical 0x00 > length 264 > ikev2_pld_auth: method RSA_SIG length 256 > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload TSr nextpayload SA critical 0x00 length > 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --FR-- end --FR-- > ikev2_pld_payloads: decrypted payload SA nextpayload NOTIFY critical 0x00 > length 44 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 > xforms 3 spi 0x066d9db6 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > spi=0xf2043da59221143f: sa_state: SA_INIT -> AUTH_REQUEST > proposals_negotiate: score 4 > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required 0x0032 > certvalid,authvalid,sa) > config_free_proposals: free 0x3c27ccfe580 > ca_validate_pubkey: could not open public key pubkeys/ufqdn/uma@--CA-HOST-- > ca_validate_cert: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--FR-HOST-- ok > ikev2_getimsgdata: imsg 23 rspi 0x1f43bd64d771a4e5 ispi 0xf2043da59221143f > initiator 1 sa valid type 4 data length 1079 > ikev2_msg_auth: responder auth data length 277 > ikev2_msg_authverify: method RSA_SIG keylen 1079 type X509_CERT > ikev2_msg_authverify: authentication successful > spi=0xf2043da59221143f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required > 0x0032 certvalid,authvalid,sa) > ikev2_dispatch_cert: peer certificate is valid > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa > (required 0x0032 certvalid,authvalid,sa) > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > spi=0xf2043da59221143f: sa_state: AUTH_SUCCESS -> VALID > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > ikev2_sa_tag: (0) > ikev2_childsa_negotiate: proposal 1 > ikev2_childsa_negotiate: key material length 128 > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: Tn with 128 bytes > pfkey_sa_add: add spi 0x066d9db6 > ikev2_childsa_enable: loaded CHILD SA spi 0x066d9db6 > pfkey_sa_add: update spi 0x8f3bad08 > ikev2_childsa_enable: loaded CHILD SA spi 0x8f3bad08 > ikev2_childsa_enable: loaded flow 0x3c27dfd9800 > ikev2_childsa_enable: loaded flow 0x3c27dfda000 > ikev2_childsa_enable: remember SA peer --FR--:500 > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded SPIs: 0x066d9db6, > 0x8f3bad08 > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded flows: > ESP---UK--/32=--FR--/32(47) > spi=0xf2043da59221143f: sa_state: VALID -> ESTABLISHED from --FR--:500 to > --UK--:500 policy '--FR-HOST--' > spi=0xf2043da59221143f: established peer --FR--:500[UFQDN/uma@--CA-HOST--] > local --UK--:500[UFQDN/--UK-ID--] policy '--FR-HOST--' as initiator > spi=0x22cd85777285bb53: recv IKE_SA_INIT res 0 peer --US-IP--:500 local > --UK--:500, 335 bytes, policy '--US-HOST--' > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500 > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length > 335 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40 > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 > xforms 3 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136 > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_nat_detection: peer source 0x22cd85777285bb53 0x84c59f1c8f60d03f > --US-IP--:500 > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_nat_detection: peer destination 0x22cd85777285bb53 0x84c59f1c8f60d03f > --UK--:500 > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > ikev2_pld_notify: signature hash SHA2_256 (2) > ikev2_pld_notify: signature hash SHA2_384 (3) > ikev2_pld_notify: signature hash SHA2_512 (4) > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth) > proposals_negotiate: score 3 > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth > spi=0x22cd85777285bb53: ikev2_sa_keys: DHSECRET with 64 bytes > ikev2_sa_keys: SKEYSEED with 64 bytes > spi=0x22cd85777285bb53: ikev2_sa_keys: S with 80 bytes > ikev2_prfplus: T1 with 64 bytes > ikev2_prfplus: T2 with 64 bytes > ikev2_prfplus: T3 with 64 bytes > ikev2_prfplus: T4 with 64 bytes > ikev2_prfplus: T5 with 64 bytes > ikev2_prfplus: Tn with 320 bytes > ikev2_sa_keys: SK_d with 64 bytes > ikev2_sa_keys: SK_ei with 36 bytes > ikev2_sa_keys: SK_er with 36 bytes > ikev2_sa_keys: SK_pi with 64 bytes > ikev2_sa_keys: SK_pr with 64 bytes > ikev2_msg_auth: initiator auth data length 406 > ca_setauth: switching SIG_ANY to SIG > ca_setauth: auth length 406 > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth > config_free_proposals: free 0x3c27dfd8300 > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--CA-HOST-- > ca_x509_subjectaltname_do: did not find subjectAltName in certificate > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom > Lobby/OU=VPNC/CN=--UK-HOST-- > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > ca_setauth: auth length 272 > ikev2_getimsgdata: imsg 22 rspi 0x84c59f1c8f60d03f ispi 0x22cd85777285bb53 > initiator 1 sa valid type 4 data length 1064 > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009 cert,auth) > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth > ikev2_getimsgdata: imsg 28 rspi 0x84c59f1c8f60d03f ispi 0x22cd85777285bb53 > initiator 1 sa valid type 14 data length 272 > ikev2_dispatch_cert: AUTH type 14 len 272 > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009 cert,auth) > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth > ikev2_next_payload: length 35 nextpayload CERT > ikev2_next_payload: length 1069 nextpayload CERTREQ > ikev2_add_certreq: type X509_CERT length 21 > ikev2_next_payload: length 25 nextpayload AUTH > ikev2_next_payload: length 280 nextpayload NOTIFY > ikev2_add_notify: done > ikev2_next_payload: length 8 nextpayload SA > pfkey_sa_getspi: spi 0xfc41aa70 > pfkey_sa_init: new spi 0xfc41aa70 > ikev2_add_proposals: length 40 > ikev2_next_payload: length 44 nextpayload TSi > ikev2_next_payload: length 24 nextpayload TSr > ikev2_next_payload: length 24 nextpayload NONE > ikev2_next_payload: length 1534 nextpayload IDi > ikev2_msg_encrypt: decrypted length 1509 > ikev2_msg_encrypt: padded length 1510 > ikev2_msg_encrypt: length 1510, padding 0, output length 1530 > ikev2_msg_integr: message length 1562 > ikev2_msg_integr: integrity checksum length 12 > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562 > response 0 > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1534 > ikev2_msg_decrypt: IV length 8 > ikev2_msg_decrypt: encrypted payload length 1510 > ikev2_msg_decrypt: integrity checksum length 12 > ikev2_msg_decrypt: AAD length 32 > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0 > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 > length 35 > ikev2_pld_id: id UFQDN/--UK-ID-- length 31 > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ critical 0x00 > length 1069 > ikev2_pld_cert: type X509_CERT length 1064 > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 > length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 44 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 > xforms 3 spi 0xfc41aa70 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --US-IP-- end --US-IP-- > spi=0x22cd85777285bb53: send IKE_AUTH req 1 peer --US-IP--:500 local > --UK--:500, 1562 bytes > spi=0x22cd85777285bb53: recv IKE_AUTH res 1 peer --US-IP--:500 local > --UK--:500, 1532 bytes, policy '--US-HOST--' > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1532 > response 1 > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1504 > ikev2_msg_decrypt: IV length 8 > ikev2_msg_decrypt: encrypted payload length 1480 > ikev2_msg_decrypt: integrity checksum length 12 > ikev2_msg_decrypt: AAD length 32 > ikev2_msg_decrypt: decrypted payload length 1480/1480 padding 0 > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 > length 37 > ikev2_pld_id: id UFQDN/saraswati@--CA-HOST-- length 33 > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 > length 1070 > ikev2_pld_cert: type X509_CERT length 1065 > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 36 > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid ESP spisize 4 > xforms 2 spi 0xd1bfd520 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --US-IP-- end --US-IP-- > spi=0x22cd85777285bb53: sa_state: SA_INIT -> AUTH_REQUEST > proposals_negotiate: score 2 > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required 0x0032 > certvalid,authvalid,sa) > config_free_proposals: free 0x3c27dfd8980 > ca_validate_pubkey: could not open public key > pubkeys/ufqdn/saraswati@--CA-HOST-- > ca_validate_cert: /C=US/ST=Texas/L=Dallas/O=Telecom > Lobby/OU=VPNC/CN=--US-HOST-- ok > ikev2_getimsgdata: imsg 23 rspi 0x84c59f1c8f60d03f ispi 0x22cd85777285bb53 > initiator 1 sa valid type 4 data length 1065 > ikev2_msg_auth: responder auth data length 431 > ikev2_msg_authverify: method SIG keylen 1065 type X509_CERT > _dsa_verify_init: signature scheme 0 selected > ikev2_msg_authverify: authentication successful > spi=0x22cd85777285bb53: sa_state: AUTH_REQUEST -> AUTH_SUCCESS > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required > 0x0032 certvalid,authvalid,sa) > ikev2_dispatch_cert: peer certificate is valid > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa > (required 0x0032 certvalid,authvalid,sa) > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > spi=0x22cd85777285bb53: sa_state: AUTH_SUCCESS -> VALID > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > ikev2_sa_tag: (0) > ikev2_childsa_negotiate: proposal 1 > ikev2_childsa_negotiate: key material length 72 > ikev2_prfplus: T1 with 64 bytes > ikev2_prfplus: T2 with 64 bytes > ikev2_prfplus: Tn with 128 bytes > pfkey_sa_add: add spi 0xd1bfd520 > ikev2_childsa_enable: loaded CHILD SA spi 0xd1bfd520 > pfkey_sa_add: update spi 0xfc41aa70 > ikev2_childsa_enable: loaded CHILD SA spi 0xfc41aa70 > ikev2_childsa_enable: loaded flow 0x3c2c0b8f800 > ikev2_childsa_enable: loaded flow 0x3c27dfda400 > ikev2_childsa_enable: remember SA peer --US-IP--:500 > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded SPIs: 0xd1bfd520, > 0xfc41aa70 > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded flows: > ESP---UK--/32=--US-IP--/32(47) > spi=0x22cd85777285bb53: sa_state: VALID -> ESTABLISHED from --US-IP--:500 to > --UK--:500 policy '--US-HOST--' > spi=0x22cd85777285bb53: established peer > --US-IP--:500[UFQDN/saraswati@--CA-HOST--] local --UK--:500[UFQDN/--UK-ID--] > policy '--US-HOST--' as initiator > spi=0x67cb9c572ac8b67e: recv IKE_SA_INIT res 0 peer --JP-IP--:500 local > --UK--:500, 335 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500 > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length > 335 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40 > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 > xforms 3 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136 > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_nat_detection: peer source 0x67cb9c572ac8b67e 0x2c3aab6ceed004e7 > --JP-IP--:500 > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_nat_detection: peer destination 0x67cb9c572ac8b67e 0x2c3aab6ceed004e7 > --UK--:500 > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > ikev2_pld_notify: signature hash SHA2_256 (2) > ikev2_pld_notify: signature hash SHA2_384 (3) > ikev2_pld_notify: signature hash SHA2_512 (4) > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth) > proposals_negotiate: score 3 > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: DHSECRET with 64 bytes > ikev2_sa_keys: SKEYSEED with 64 bytes > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: S with 80 bytes > ikev2_prfplus: T1 with 64 bytes > ikev2_prfplus: T2 with 64 bytes > ikev2_prfplus: T3 with 64 bytes > ikev2_prfplus: T4 with 64 bytes > ikev2_prfplus: T5 with 64 bytes > ikev2_prfplus: Tn with 320 bytes > ikev2_sa_keys: SK_d with 64 bytes > ikev2_sa_keys: SK_ei with 36 bytes > ikev2_sa_keys: SK_er with 36 bytes > ikev2_sa_keys: SK_pi with 64 bytes > ikev2_sa_keys: SK_pr with 64 bytes > ikev2_msg_auth: initiator auth data length 406 > ca_setauth: switching SIG_ANY to SIG > ca_setauth: auth length 406 > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth > config_free_proposals: free 0x3c2a56dad00 > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--CA-HOST-- > ca_x509_subjectaltname_do: did not find subjectAltName in certificate > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom > Lobby/OU=VPNC/CN=--UK-HOST-- > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > ca_setauth: auth length 272 > ikev2_getimsgdata: imsg 22 rspi 0x2c3aab6ceed004e7 ispi 0x67cb9c572ac8b67e > initiator 1 sa valid type 4 data length 1064 > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009 cert,auth) > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth > ikev2_getimsgdata: imsg 28 rspi 0x2c3aab6ceed004e7 ispi 0x67cb9c572ac8b67e > initiator 1 sa valid type 14 data length 272 > ikev2_dispatch_cert: AUTH type 14 len 272 > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009 cert,auth) > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth > ikev2_next_payload: length 35 nextpayload CERT > ikev2_next_payload: length 1069 nextpayload CERTREQ > ikev2_add_certreq: type X509_CERT length 21 > ikev2_next_payload: length 25 nextpayload AUTH > ikev2_next_payload: length 280 nextpayload NOTIFY > ikev2_add_notify: done > ikev2_next_payload: length 8 nextpayload SA > pfkey_sa_getspi: spi 0x4701e9b5 > pfkey_sa_init: new spi 0x4701e9b5 > ikev2_add_proposals: length 40 > ikev2_next_payload: length 44 nextpayload TSi > ikev2_next_payload: length 24 nextpayload TSr > ikev2_next_payload: length 24 nextpayload NONE > ikev2_next_payload: length 1534 nextpayload IDi > ikev2_msg_encrypt: decrypted length 1509 > ikev2_msg_encrypt: padded length 1510 > ikev2_msg_encrypt: length 1510, padding 0, output length 1530 > ikev2_msg_integr: message length 1562 > ikev2_msg_integr: integrity checksum length 12 > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562 > response 0 > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1534 > ikev2_msg_decrypt: IV length 8 > ikev2_msg_decrypt: encrypted payload length 1510 > ikev2_msg_decrypt: integrity checksum length 12 > ikev2_msg_decrypt: AAD length 32 > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0 > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 > length 35 > ikev2_pld_id: id UFQDN/--UK-ID-- length 31 > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ critical 0x00 > length 1069 > ikev2_pld_cert: type X509_CERT length 1064 > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 > length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 44 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 > xforms 3 spi 0x4701e9b5 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --JP-IP-- end --JP-IP-- > spi=0x67cb9c572ac8b67e: send IKE_AUTH req 1 peer --JP-IP--:500 local > --UK--:500, 1562 bytes > spi=0x67cb9c572ac8b67e: recv IKE_AUTH res 1 peer --JP-IP--:500 local > --UK--:500, 1527 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1527 > response 1 > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1499 > ikev2_msg_decrypt: IV length 8 > ikev2_msg_decrypt: encrypted payload length 1475 > ikev2_msg_decrypt: integrity checksum length 12 > ikev2_msg_decrypt: AAD length 32 > ikev2_msg_decrypt: decrypted payload length 1475/1475 padding 0 > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 > length 33 > ikev2_pld_id: id UFQDN/shiva@--CA-HOST-- length 29 > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 > length 1069 > ikev2_pld_cert: type X509_CERT length 1064 > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 36 > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid ESP spisize 4 > xforms 2 spi 0xb1bffe2d > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --JP-IP-- end --JP-IP-- > spi=0x67cb9c572ac8b67e: sa_state: SA_INIT -> AUTH_REQUEST > proposals_negotiate: score 2 > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required 0x0032 > certvalid,authvalid,sa) > config_free_proposals: free 0x3c31292ac00 > ca_validate_pubkey: could not open public key pubkeys/ufqdn/shiva@--CA-HOST-- > ca_validate_cert: /C=JP/ST=Tokyo/L=Heiwajima/O=Telecom > Lobby/OU=VPNC/CN=--JP-HOST-- ok > ikev2_getimsgdata: imsg 23 rspi 0x2c3aab6ceed004e7 ispi 0x67cb9c572ac8b67e > initiator 1 sa valid type 4 data length 1064 > ikev2_msg_auth: responder auth data length 431 > ikev2_msg_authverify: method SIG keylen 1064 type X509_CERT > _dsa_verify_init: signature scheme 0 selected > ikev2_msg_authverify: authentication successful > spi=0x67cb9c572ac8b67e: sa_state: AUTH_REQUEST -> AUTH_SUCCESS > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required > 0x0032 certvalid,authvalid,sa) > ikev2_dispatch_cert: peer certificate is valid > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa > (required 0x0032 certvalid,authvalid,sa) > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > spi=0x67cb9c572ac8b67e: sa_state: AUTH_SUCCESS -> VALID > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa > ikev2_sa_tag: (0) > ikev2_childsa_negotiate: proposal 1 > ikev2_childsa_negotiate: key material length 72 > ikev2_prfplus: T1 with 64 bytes > ikev2_prfplus: T2 with 64 bytes > ikev2_prfplus: Tn with 128 bytes > pfkey_sa_add: add spi 0xb1bffe2d > ikev2_childsa_enable: loaded CHILD SA spi 0xb1bffe2d > pfkey_sa_add: update spi 0x4701e9b5 > ikev2_childsa_enable: loaded CHILD SA spi 0x4701e9b5 > ikev2_childsa_enable: loaded flow 0x3c2eec20c00 > ikev2_childsa_enable: loaded flow 0x3c324182000 > ikev2_childsa_enable: remember SA peer --JP-IP--:500 > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded SPIs: 0xb1bffe2d, > 0x4701e9b5 > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded flows: > ESP---UK--/32=--JP-IP--/32(47) > spi=0x67cb9c572ac8b67e: sa_state: VALID -> ESTABLISHED from --JP-IP--:500 to > --UK--:500 policy '--JP-HOST--' > spi=0x67cb9c572ac8b67e: established peer > --JP-IP--:500[UFQDN/shiva@--CA-HOST--] local --UK--:500[UFQDN/--UK-ID--] > policy '--JP-HOST--' as initiator > policy_lookup: setting policy '--CAT-HOST--' > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e > ikev2_init_recv: unknown SA > policy_lookup: setting policy '--CAT-HOST--' > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e > ikev2_init_recv: unknown SA > policy_lookup: setting policy '--CAT-HOST--' > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e > ikev2_init_recv: unknown SA > spi=0xf2043da59221143f: recv INFORMATIONAL req 0 peer --FR--:500 local > --UK--:500, 112 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 0 length > 112 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 48 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 0 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 0 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003184 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003184 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003183 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 3 second(s) ago > pfkey_sa_lookup: last_used 1614003183 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 3 second(s) ago > policy_lookup: setting policy '--CAT-HOST--' > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14 > policy_lookup: setting policy '--CAT-HOST--' > spi=0xf94ce3fc2e48f7f2: recv IKE_SA_INIT req 0 peer --CAT--:500 local > --UK--:500, 1056 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x0000000000000000 > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 1056 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832 > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE spisize 0 > xforms 37 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE spisize 0 > xforms 45 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 > ikev2_pld_ke: dh group ECP_256 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_nat_detection: peer source 0xf94ce3fc2e48f7f2 0x0000000000000000 > --CAT--:500 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_nat_detection: peer destination 0xf94ce3fc2e48f7f2 0x0000000000000000 > --UK--:500 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > ikev2_pld_notify: signature hash SHA2_256 (2) > ikev2_pld_notify: signature hash SHA2_384 (3) > ikev2_pld_notify: signature hash SHA2_512 (4) > ikev2_pld_notify: signature hash <UNKNOWN:5> (5) > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED > proposals_negotiate: score 4 > proposals_negotiate: score 0 > policy_lookup: setting policy '--CAT-HOST--' > spi=0xf94ce3fc2e48f7f2: sa_state: INIT -> SA_INIT > proposals_negotiate: score 4 > proposals_negotiate: score 0 > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: DHSECRET with 32 bytes > ikev2_sa_keys: SKEYSEED with 32 bytes > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: S with 80 bytes > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: T5 with 32 bytes > ikev2_prfplus: T6 with 32 bytes > ikev2_prfplus: T7 with 32 bytes > ikev2_prfplus: Tn with 224 bytes > ikev2_sa_keys: SK_d with 32 bytes > ikev2_sa_keys: SK_ai with 32 bytes > ikev2_sa_keys: SK_ar with 32 bytes > ikev2_sa_keys: SK_ei with 32 bytes > ikev2_sa_keys: SK_er with 32 bytes > ikev2_sa_keys: SK_pi with 32 bytes > ikev2_sa_keys: SK_pr with 32 bytes > ikev2_add_proposals: length 44 > ikev2_next_payload: length 48 nextpayload KE > ikev2_next_payload: length 72 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0xf94ce3fc2e48f7f2 0x1d51ac7d723a726d > --UK--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0xf94ce3fc2e48f7f2 0x1d51ac7d723a726d > --CAT--:500 > ikev2_next_payload: length 28 nextpayload CERTREQ > ikev2_add_certreq: type X509_CERT length 21 > ikev2_next_payload: length 25 nextpayload NOTIFY > ikev2_next_payload: length 14 nextpayload NONE > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length > 279 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 > ikev2_pld_ke: dh group ECP_256 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > spi=0xf94ce3fc2e48f7f2: send IKE_SA_INIT res 0 peer --CAT--:500 local > --UK--:500, 279 bytes > config_free_proposals: free 0x3c31292ae80 > config_free_proposals: free 0x3c31292a880 > spi=0xf94ce3fc2e48f7f2: recv IKE_AUTH req 1 peer --CAT--:4500 local > --UK--:4500, 1792 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500 > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792 > response 0 > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 1728 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11 > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 > length 33 > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29 > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical 0x00 > length 1090 > ikev2_pld_cert: type X509_CERT length 1085 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ critical > 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 > length 85 > ikev2_pld_certreq: type X509_CERT length 80 > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 > length 16 > ikev2_pld_cp: type REQUEST length 8 > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0 > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 100 > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP spisize 4 > xforms 9 spi 0xc9f9084d > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 24 > ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type IKEV2_MESSAGE_ID_SYNC_SUPPORTED > ikev2_handle_notifies: mobike enabled > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > spi=0xf94ce3fc2e48f7f2: sa_state: SA_INIT -> AUTH_REQUEST > policy_lookup: peerid 'indra@--CA-HOST--' > proposals_negotiate: score 4 > policy_lookup: setting policy '--CAT-HOST--' > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > ikev2_msg_auth: responder auth data length 343 > ca_setauth: switching SIG_ANY to SIG > ca_setauth: auth length 343 > proposals_negotiate: score 4 > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > config_free_proposals: free 0x3c31292a480 > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--CA-HOST-- > ca_x509_subjectaltname_do: did not find subjectAltName in certificate > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom > Lobby/OU=VPNC/CN=--UK-HOST-- > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > ca_setauth: auth length 272 > ca_validate_pubkey: could not open public key pubkeys/ufqdn/indra@--CA-HOST-- > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom > Lobby/OU=VPNC/CN=--CAT-HOST-- ok > ikev2_getimsgdata: imsg 22 rspi 0x1d51ac7d723a726d ispi 0xf94ce3fc2e48f7f2 > initiator 0 sa valid type 4 data length 1064 > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > ikev2_getimsgdata: imsg 28 rspi 0x1d51ac7d723a726d ispi 0xf94ce3fc2e48f7f2 > initiator 0 sa valid type 14 data length 272 > ikev2_dispatch_cert: AUTH type 14 len 272 > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > ikev2_getimsgdata: imsg 23 rspi 0x1d51ac7d723a726d ispi 0xf94ce3fc2e48f7f2 > initiator 0 sa valid type 4 data length 1085 > ikev2_msg_auth: initiator auth data length 1120 > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT > _dsa_verify_init: signature scheme 0 selected > ikev2_msg_authverify: authentication successful > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_REQUEST -> AUTH_SUCCESS > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required > 0x003b cert,certvalid,auth,authvalid,sa) > ikev2_dispatch_cert: peer certificate is valid > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa > (required 0x003b cert,certvalid,auth,authvalid,sa) > sa_stateok: VALID flags 0x003b, require 0x003b > cert,certvalid,auth,authvalid,sa > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_SUCCESS -> VALID > sa_stateok: VALID flags 0x003b, require 0x003b > cert,certvalid,auth,authvalid,sa > sa_stateok: VALID flags 0x003b, require 0x003b > cert,certvalid,auth,authvalid,sa > ikev2_sa_tag: (0) > ikev2_childsa_negotiate: proposal 1 > ikev2_childsa_negotiate: key material length 128 > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: Tn with 128 bytes > pfkey_sa_getspi: spi 0xba75d84f > pfkey_sa_init: new spi 0xba75d84f > ikev2_next_payload: length 35 nextpayload CERT > ikev2_next_payload: length 1069 nextpayload AUTH > ikev2_next_payload: length 280 nextpayload CP > ikev2_next_payload: length 8 nextpayload NOTIFY > ikev2_add_notify: done > ikev2_next_payload: length 8 nextpayload NOTIFY > ikev2_add_notify: done > ikev2_next_payload: length 8 nextpayload SA > ikev2_add_proposals: length 40 > ikev2_next_payload: length 44 nextpayload TSi > ikev2_next_payload: length 24 nextpayload TSr > ikev2_next_payload: length 24 nextpayload NONE > ikev2_next_payload: length 1540 nextpayload IDr > ikev2_msg_encrypt: decrypted length 1500 > ikev2_msg_encrypt: padded length 1504 > ikev2_msg_encrypt: length 1501, padding 3, output length 1536 > ikev2_msg_integr: message length 1568 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568 > response 1 > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 1504 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3 > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 > length 35 > ikev2_pld_id: id UFQDN/--UK-ID-- length 31 > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 > length 1069 > ikev2_pld_cert: type X509_CERT length 1064 > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_cp: type REPLY length 0 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 44 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 > xforms 3 spi 0xba75d84f > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --CAT-- end --CAT-- > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > spi=0xf94ce3fc2e48f7f2: send IKE_AUTH res 1 peer --CAT--:4500 local > --UK--:4500, 1568 bytes, NAT-T > pfkey_sa_add: update spi 0xba75d84f > ikev2_childsa_enable: loaded CHILD SA spi 0xba75d84f > pfkey_sa_add: add spi 0xc9f9084d > ikev2_childsa_enable: loaded CHILD SA spi 0xc9f9084d > ikev2_childsa_enable: loaded flow 0x3c324182800 > ikev2_childsa_enable: loaded flow 0x3c2eec20400 > ikev2_childsa_enable: remember SA peer --CAT--:4500 > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded SPIs: 0xba75d84f, > 0xc9f9084d > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded flows: > ESP---UK--/32=--CAT--/32(47) > spi=0xf94ce3fc2e48f7f2: sa_state: VALID -> ESTABLISHED from --CAT--:4500 to > --UK--:4500 policy '--CAT-HOST--' > spi=0xf94ce3fc2e48f7f2: established peer > --CAT--:4500[UFQDN/indra@--CA-HOST--] local --UK--:4500[UFQDN/--UK-ID--] > policy '--CAT-HOST--' as responder > pfkey_sa_lookup: last_used 1614003186 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003186 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago > policy_lookup: setting policy '--CAT-HOST--' > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e > ikev2_init_recv: unknown SA > policy_lookup: setting policy '--CAT-HOST--' > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14 > policy_lookup: setting policy '--CAT-HOST--' > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4429 peer --FR--:500 local > --UK--:500, 240 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e > ikev2_init_recv: unknown SA > policy_lookup: setting policy '--CAT-HOST--' > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14 > spi=0xf2043da59221143f: recv INFORMATIONAL req 1 peer --FR--:500 local > --UK--:500, 128 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 1 length > 128 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 100 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 64 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 1 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 1 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003199 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003199 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003198 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 3 second(s) ago > pfkey_sa_lookup: last_used 1614003198 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 3 second(s) ago > pfkey_sa_lookup: last_used 1614003201 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003201 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003201 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago > policy_lookup: setting policy '--CAT-HOST--' > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14 > spi=0xf2043da59221143f: recv INFORMATIONAL req 2 peer --FR--:500 local > --UK--:500, 144 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 2 length > 144 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 116 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 80 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 2 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 2 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003214 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003214 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003216 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003216 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003216 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003216 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003216 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago > ikev2_init_ike_sa: "--FR-HOST--" is already active > ikev2_init_ike_sa: "--US-HOST--" is already active > ikev2_init_ike_sa: "--JP-HOST--" is already active > spi=0xf2043da59221143f: recv INFORMATIONAL req 3 peer --FR--:500 local > --UK--:500, 112 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 3 length > 112 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 48 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 3 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 3 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003229 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003229 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003231 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003231 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003231 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003231 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003231 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago > policy_lookup: setting policy '--CAT-HOST--' > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14 > spi=0xf2043da59221143f: recv INFORMATIONAL req 4 peer --FR--:500 local > --UK--:500, 128 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 4 length > 128 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 100 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 64 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 4 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 4 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003244 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003245 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003246 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003246 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003246 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003246 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003246 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago > spi=0xf2043da59221143f: recv INFORMATIONAL req 5 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 5 length > 96 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 32 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 5 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 5 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003259 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003259 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003261 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003261 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003261 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003261 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003261 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago > policy_lookup: setting policy '--CAT-HOST--' > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14 > spi=0xf2043da59221143f: recv INFORMATIONAL req 6 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 6 length > 96 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 32 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 6 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 6 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003275 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003275 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003276 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003276 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003276 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003276 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003275 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > ikev2_init_ike_sa: "--FR-HOST--" is already active > ikev2_init_ike_sa: "--US-HOST--" is already active > ikev2_init_ike_sa: "--JP-HOST--" is already active > spi=0xf2043da59221143f: recv INFORMATIONAL req 7 peer --FR--:500 local > --UK--:500, 112 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 7 length > 112 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 48 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 7 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 7 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003290 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003290 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003291 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003291 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003291 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003291 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003290 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > spi=0xf2043da59221143f: recv INFORMATIONAL req 8 peer --FR--:500 local > --UK--:500, 144 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 8 length > 144 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 116 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 80 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 8 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 8 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003305 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003305 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003306 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003306 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003306 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003306 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003305 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > spi=0xf2043da59221143f: recv INFORMATIONAL req 9 peer --FR--:500 local > --UK--:500, 160 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 9 length > 160 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 132 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 96 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 9 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 9 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003319 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003320 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003321 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003321 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003321 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003321 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003320 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > spi=0xf2043da59221143f: recv INFORMATIONAL req 10 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 10 length > 96 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 32 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 10 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 10 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003334 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003335 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003336 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003336 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003336 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003336 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003335 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > policy_lookup: setting policy '--JP-HOST--' > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local > --UK--:500, 57 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a > ikev2_init_recv: unknown SA > policy_lookup: setting policy '--JP-HOST--' > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local > --UK--:500, 57 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a > ikev2_init_recv: unknown SA > policy_lookup: setting policy '--JP-HOST--' > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local > --UK--:500, 57 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a > ikev2_init_recv: unknown SA > ikev2_init_ike_sa: "--FR-HOST--" is already active > ikev2_init_ike_sa: "--US-HOST--" is already active > ikev2_init_ike_sa: "--JP-HOST--" is already active > spi=0xf2043da59221143f: recv INFORMATIONAL req 11 peer --FR--:500 local > --UK--:500, 96 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 11 length > 96 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 32 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 11 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 11 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003349 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003350 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003351 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003351 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003350 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003351 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003350 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > policy_lookup: setting policy '--JP-HOST--' > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local > --UK--:500, 57 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a > ikev2_init_recv: unknown SA > spi=0xf94ce3fc2e48f7f2: recv INFORMATIONAL req 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500 > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x08 msgid 2 length > 80 response 0 > ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 7 > ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE critical 0x00 > length 8 > ikev2_pld_delete: proto IKE spisize 0 nspi 0 > ikev2_next_payload: length 4 nextpayload NONE > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 4 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 5, padding 11, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x20 msgid 2 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11 > spi=0xf94ce3fc2e48f7f2: send INFORMATIONAL res 2 peer --CAT--:4500 local > --UK--:4500, 80 bytes, NAT-T > spi=0xf94ce3fc2e48f7f2: ikev2_ikesa_recv_delete: received delete > spi=0xf94ce3fc2e48f7f2: sa_state: ESTABLISHED -> CLOSED from --CAT--:4500 to > --UK--:4500 policy '--CAT-HOST--' > ikev2_recv: closing SA > spi=0xf94ce3fc2e48f7f2: sa_free: received delete > config_free_proposals: free 0x3c27ccfe800 > config_free_proposals: free 0x3c31292a600 > config_free_childsas: free 0x3c2db888f00 > config_free_childsas: free 0x3c300bf3e00 > sa_free_flows: free 0x3c324182800 > sa_free_flows: free 0x3c2eec20400 > policy_lookup: setting policy '--CAT-HOST--' > spi=0x87993e0d839b617f: recv IKE_SA_INIT req 0 peer --CAT--:500 local > --UK--:500, 1056 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0x87993e0d839b617f rspi 0x0000000000000000 > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 1056 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832 > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE spisize 0 > xforms 37 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE spisize 0 > xforms 45 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12 > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144 > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 > ikev2_pld_ke: dh group ECP_256 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_nat_detection: peer source 0x87993e0d839b617f 0x0000000000000000 > --CAT--:500 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_nat_detection: peer destination 0x87993e0d839b617f 0x0000000000000000 > --UK--:500 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > ikev2_pld_notify: signature hash SHA2_256 (2) > ikev2_pld_notify: signature hash SHA2_384 (3) > ikev2_pld_notify: signature hash SHA2_512 (4) > ikev2_pld_notify: signature hash <UNKNOWN:5> (5) > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED > proposals_negotiate: score 4 > proposals_negotiate: score 0 > policy_lookup: setting policy '--CAT-HOST--' > spi=0x87993e0d839b617f: sa_state: INIT -> SA_INIT > proposals_negotiate: score 4 > proposals_negotiate: score 0 > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) > spi=0x87993e0d839b617f: ikev2_sa_keys: DHSECRET with 32 bytes > ikev2_sa_keys: SKEYSEED with 32 bytes > spi=0x87993e0d839b617f: ikev2_sa_keys: S with 80 bytes > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: T5 with 32 bytes > ikev2_prfplus: T6 with 32 bytes > ikev2_prfplus: T7 with 32 bytes > ikev2_prfplus: Tn with 224 bytes > ikev2_sa_keys: SK_d with 32 bytes > ikev2_sa_keys: SK_ai with 32 bytes > ikev2_sa_keys: SK_ar with 32 bytes > ikev2_sa_keys: SK_ei with 32 bytes > ikev2_sa_keys: SK_er with 32 bytes > ikev2_sa_keys: SK_pi with 32 bytes > ikev2_sa_keys: SK_pr with 32 bytes > ikev2_add_proposals: length 44 > ikev2_next_payload: length 48 nextpayload KE > ikev2_next_payload: length 72 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0x87993e0d839b617f 0xbd5bf5ce26784624 > --UK--:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0x87993e0d839b617f 0xbd5bf5ce26784624 > --CAT--:500 > ikev2_next_payload: length 28 nextpayload CERTREQ > ikev2_add_certreq: type X509_CERT length 21 > ikev2_next_payload: length 25 nextpayload NOTIFY > ikev2_next_payload: length 14 nextpayload NONE > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length > 279 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 > ikev2_pld_ke: dh group ECP_256 reserved 0 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25 > ikev2_pld_certreq: type X509_CERT length 20 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14 > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS > spi=0x87993e0d839b617f: send IKE_SA_INIT res 0 peer --CAT--:500 local > --UK--:500, 279 bytes > config_free_proposals: free 0x3c2ef864700 > config_free_proposals: free 0x3c2a56da100 > spi=0x87993e0d839b617f: recv IKE_AUTH req 1 peer --CAT--:4500 local > --UK--:4500, 1792 bytes, policy '--CAT-HOST--' > ikev2_recv: ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624 > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500 > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624 > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792 > response 0 > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 1728 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11 > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 > length 33 > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29 > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical 0x00 > length 1090 > ikev2_pld_cert: type X509_CERT length 1085 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ critical > 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 > length 85 > ikev2_pld_certreq: type X509_CERT length 80 > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 > length 16 > ikev2_pld_cp: type REQUEST length 8 > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0 > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 100 > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP spisize 4 > xforms 9 spi 0xc0567d8f > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 24 > ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type IKEV2_MESSAGE_ID_SYNC_SUPPORTED > ikev2_handle_notifies: mobike enabled > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > spi=0x87993e0d839b617f: sa_state: SA_INIT -> AUTH_REQUEST > policy_lookup: peerid 'indra@--CA-HOST--' > proposals_negotiate: score 4 > policy_lookup: setting policy '--CAT-HOST--' > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31 > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > ikev2_msg_auth: responder auth data length 343 > ca_setauth: switching SIG_ANY to SIG > ca_setauth: auth length 343 > proposals_negotiate: score 4 > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > config_free_proposals: free 0x3c2ef864180 > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom > Lobby/OU=VPNC/CN=--CA-HOST-- > ca_x509_subjectaltname_do: did not find subjectAltName in certificate > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom > Lobby/OU=VPNC/CN=--UK-HOST-- > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > _dsa_sign_encode: signature scheme 0 selected > ca_setauth: auth length 272 > ca_validate_pubkey: could not open public key pubkeys/ufqdn/indra@--CA-HOST-- > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom > Lobby/OU=VPNC/CN=--CAT-HOST-- ok > ikev2_getimsgdata: imsg 22 rspi 0xbd5bf5ce26784624 ispi 0x87993e0d839b617f > initiator 0 sa valid type 4 data length 1064 > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > ikev2_getimsgdata: imsg 28 rspi 0xbd5bf5ce26784624 ispi 0x87993e0d839b617f > initiator 0 sa valid type 14 data length 272 > ikev2_dispatch_cert: AUTH type 14 len 272 > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b > cert,certvalid,auth,authvalid,sa) > ikev2_getimsgdata: imsg 23 rspi 0xbd5bf5ce26784624 ispi 0x87993e0d839b617f > initiator 0 sa valid type 4 data length 1085 > ikev2_msg_auth: initiator auth data length 1120 > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT > _dsa_verify_init: signature scheme 0 selected > ikev2_msg_authverify: authentication successful > spi=0x87993e0d839b617f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required > 0x003b cert,certvalid,auth,authvalid,sa) > ikev2_dispatch_cert: peer certificate is valid > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa > (required 0x003b cert,certvalid,auth,authvalid,sa) > sa_stateok: VALID flags 0x003b, require 0x003b > cert,certvalid,auth,authvalid,sa > spi=0x87993e0d839b617f: sa_state: AUTH_SUCCESS -> VALID > sa_stateok: VALID flags 0x003b, require 0x003b > cert,certvalid,auth,authvalid,sa > sa_stateok: VALID flags 0x003b, require 0x003b > cert,certvalid,auth,authvalid,sa > ikev2_sa_tag: (0) > ikev2_childsa_negotiate: proposal 1 > ikev2_childsa_negotiate: key material length 128 > ikev2_prfplus: T1 with 32 bytes > ikev2_prfplus: T2 with 32 bytes > ikev2_prfplus: T3 with 32 bytes > ikev2_prfplus: T4 with 32 bytes > ikev2_prfplus: Tn with 128 bytes > pfkey_sa_getspi: spi 0x41a9644f > pfkey_sa_init: new spi 0x41a9644f > ikev2_next_payload: length 35 nextpayload CERT > ikev2_next_payload: length 1069 nextpayload AUTH > ikev2_next_payload: length 280 nextpayload CP > ikev2_next_payload: length 8 nextpayload NOTIFY > ikev2_add_notify: done > ikev2_next_payload: length 8 nextpayload NOTIFY > ikev2_add_notify: done > ikev2_next_payload: length 8 nextpayload SA > ikev2_add_proposals: length 40 > ikev2_next_payload: length 44 nextpayload TSi > ikev2_next_payload: length 24 nextpayload TSr > ikev2_next_payload: length 24 nextpayload NONE > ikev2_next_payload: length 1540 nextpayload IDr > ikev2_msg_encrypt: decrypted length 1500 > ikev2_msg_encrypt: padded length 1504 > ikev2_msg_encrypt: length 1501, padding 3, output length 1536 > ikev2_msg_integr: message length 1568 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624 > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568 > response 1 > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 1504 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3 > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 > length 35 > ikev2_pld_id: id UFQDN/--UK-ID-- length 31 > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 > length 1069 > ikev2_pld_cert: type X509_CERT length 1064 > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 > length 280 > ikev2_pld_auth: method SIG length 272 > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_cp: type REPLY length 0 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 44 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 > xforms 3 spi 0x41a9644f > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --CAT-- end --CAT-- > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 > length 24 > ikev2_pld_tss: count 1 length 16 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start --UK-- end --UK-- > spi=0x87993e0d839b617f: send IKE_AUTH res 1 peer --CAT--:4500 local > --UK--:4500, 1568 bytes, NAT-T > pfkey_sa_add: update spi 0x41a9644f > ikev2_childsa_enable: loaded CHILD SA spi 0x41a9644f > pfkey_sa_add: add spi 0xc0567d8f > ikev2_childsa_enable: loaded CHILD SA spi 0xc0567d8f > ikev2_childsa_enable: loaded flow 0x3c324182400 > ikev2_childsa_enable: loaded flow 0x3c2eec20000 > ikev2_childsa_enable: remember SA peer --CAT--:4500 > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded SPIs: 0x41a9644f, > 0xc0567d8f > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded flows: > ESP---UK--/32=--CAT--/32(47) > spi=0x87993e0d839b617f: sa_state: VALID -> ESTABLISHED from --CAT--:4500 to > --UK--:4500 policy '--CAT-HOST--' > spi=0x87993e0d839b617f: established peer > --CAT--:4500[UFQDN/indra@--CA-HOST--] local --UK--:4500[UFQDN/--UK-ID--] > policy '--CAT-HOST--' as responder > spi=0xf2043da59221143f: recv INFORMATIONAL req 12 peer --FR--:500 local > --UK--:500, 112 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 12 length > 112 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 48 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 12 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 12 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003365 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003365 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003366 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003366 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003366 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003365 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > policy_lookup: setting policy '--JP-HOST--' > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local > --UK--:500, 57 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a > ikev2_init_recv: unknown SA > pfkey_sa_lookup: last_used 1614003379 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used 1 second(s) ago > spi=0xf2043da59221143f: recv INFORMATIONAL req 13 peer --FR--:500 local > --UK--:500, 128 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 13 length > 128 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 100 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 64 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 13 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 13 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003380 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003380 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003381 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003381 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003381 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003380 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > policy_lookup: setting policy '--US-HOST--' > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer --US-IP--:500 local > --UK--:500, 57 bytes, policy '--US-HOST--' > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a > ikev2_init_recv: unknown SA > pfkey_sa_lookup: last_used 1614003392 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used 3 second(s) ago > spi=0xf2043da59221143f: recv INFORMATIONAL req 14 peer --FR--:500 local > --UK--:500, 160 bytes, policy '--FR-HOST--' > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 14 length > 160 response 0 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 132 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 96 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95 > ikev2_next_payload: length 52 nextpayload NONE > ikev2_msg_encrypt: decrypted length 0 > ikev2_msg_encrypt: padded length 16 > ikev2_msg_encrypt: length 1, padding 15, output length 48 > ikev2_msg_integr: message length 80 > ikev2_msg_integr: integrity checksum length 16 > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 > nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 14 length > 80 response 1 > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 > ikev2_msg_decrypt: IV length 16 > ikev2_msg_decrypt: encrypted payload length 16 > ikev2_msg_decrypt: integrity checksum length 16 > ikev2_msg_decrypt: integrity check succeeded > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15 > spi=0xf2043da59221143f: send INFORMATIONAL res 14 peer --FR--:500 local > --UK--:500, 80 bytes > pfkey_sa_lookup: last_used 1614003394 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago > pfkey_sa_lookup: last_used 1614003394 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago > policy_lookup: setting policy '--US-HOST--' > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer --US-IP--:500 local > --UK--:500, 57 bytes, policy '--US-HOST--' > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a > ikev2_init_recv: unknown SA > pfkey_sa_lookup: last_used 1614003396 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003396 > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003396 > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago > pfkey_sa_lookup: last_used 1614003395 > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago > policy_lookup: setting policy '--US-HOST--' > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer --US-IP--:500 local > --UK--:500, 57 bytes, policy '--US-HOST--' > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a > ikev2_init_recv: unknown SA > policy_lookup: setting policy '--JP-HOST--' > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local > --UK--:500, 57 bytes, policy '--JP-HOST--' > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a > ikev2_init_recv: unknown SA > ca exiting, pid 842 > control exiting, pid 64161 > ikev2 exiting, pid 15623 > parent terminating
