Lots of information here but none of it is useful to look into the problem
from the iked side. An iked verbose log _showing the error_ is really what
is needed to do anything else.
On 2021/03/01 12:05, Riccardo Giuntoli wrote:
> Ok. I've reduced the strongswan configuration. By the way when connecting to an OpenIKED as
> initiator I've got a lot of errors. Now I've got a couple of scripts that control the PTP IPSEC
> IKE2 connections and I can work, but I'm preparing an ISP based upon IPSEC and it's very
> important to me got a solution.
> What I can add is that I've searched in *BSD based router/firewall distribution like OPNsense
> and what I've found is that they don't use OpenIKED but strongswan. Strongswan seems to be the
> piece of software more tunable. Now this is my configuration:
Not surprising it is more tunable, it is nearly 20x the code size ;)
> ca XXX
> cacert=/etc/ipsec.d/cacerts/ca.XXX.crt
> auto=add
>
> conn %default
> keyexchange=ikev2
> auto=start
> reauth=no
> dpdaction=clear
> closeaction=clear
> type=transport
>
> conn telecomlobby-jp
> left=%defaultroute
> leftsourceip=%config4
> leftauth=pubkey
> leftid=%indra@ca.XXX
> leftprotoport=gre
> leftupdown=/config/ipsec/ESJP-updown.sh
>
> right=YYY
> rightsubnet=YYY
> rightauth=pubkey
> rightid=%jp.XXX
> rightcert=/etc/ipsec.d/certs/jp.XXX.crt
> rightprotoport=gre
>
> This is my updown:
>
> #!/bin/bash
>
> set -o nounset
> set -o errexit
>
> TUN_IFACE="tun2"
>
> case "${PLUTO_VERB}" in
> up-host)
> echo "Putting interface ${TUN_IFACE} up"
> ifconfig $TUN_IFACE up
> echo "Disabling IPsec policy (SPD) for ${TUN_IFACE}"
> sysctl -w "net.ipv4.conf.${TUN_IFACE}.disable_policy=1"
> echo "Accepting gre keepalive"
> sysctl -w "net.ipv4.conf.${TUN_IFACE}.accept_local=1"
> ;;
> down-host)
> ifconfig $TUN_IFACE down
> ;;
> esac
>
> And this is my crontab script in the linux box that control the endpoint on the GRE interface:
>
> #!/bin/bash
> ROUTER_IP=YYY
> IPSEC="telecomlobby-jp"
> GRE="tun2"
>
> PING_RESULT=$(/usr/bin/fping -I$GRE $ROUTER_IP 2>&1)
> ALIVE="alive"
> STATUS=$(/usr/sbin/ipsec status $IPSEC)
> ESTABLISHED="INSTALLED"
>
> if [[ "$PING_RESULT" != *"$ALIVE"* ]]; then
> if [[ "$STATUS" == *"$ESTABLISHED"* ]]; then
> /usr/sbin/ipsec stroke down-nb $IPSEC
> /usr/sbin/ipsec up $IPSEC
> else
> /usr/sbin/ipsec up $IPSEC
> fi
> fi
>
> This is the OpenBSD part:
>
> set dpd_check_interval 15
> #set cert_partial_chain
>
> ikev2 "RT-01.cat.telecomlobby.com" passive transport \
> proto gre \
> from XXX to ZZZ \
> local jp.telecomlobby.com peer any \
> ikesa auth hmac-sha2-256 enc aes-256 group ecp256 \
> childsa auth hmac-sha2-256 enc aes-256 group ecp256 \
> srcid "shiva@ca.telecomlobby.com" \
> ikelifetime 86400 lifetime 3600
>
> Next there is some control about the other side public address because it is a dynamic one:
>
> # Global Configuration
>
> init-state auto
>
> JPES_up = "gre1.link.up"
> newip = '( "[[ $(dig +short @8.8.8.8 cat-01.ZZZ) != $(ifconfig gre1 | grep tunnel | cut -d ' '
> -f5;exit;}\') ]]" every 126)'
>
> # States
>
> state auto {
> if (! $JPES_up) {
> run "logger -t ifstated '(auto) US-ES down'"
> set-state JPES_down
> }
> }
>
>
> state JPES_down {
> run "mail -s 'JPES down' root@localhost"
> run "logger JPES down"
> if ($newip) {
> run "/root/Bin/change_endpoint.sh gre1"
> run "rcctl restart ospfd"
> }
> }
>
> root@shiva:/root/Bin# cat change_endpoint.sh
>
>
> #!/bin/ksh
>
> NEWIP=$(dig +short @8.8.8.8 cat-01.ZZZ)
> OLDIP=$(ifconfig $1 | grep tunnel | cut -d ' ' -f5)
>
> echo "updating PF"
> sed -i 's/$OLDIP/$NEWIP/g' /etc/pf.conf
> pfctl -f /etc/pf.conf
> echo "updating IKED"
> sed -i 's/$OLDIP/$NEWIP/g' /etc/iked.conf
> ipsecctl -f /etc/iked.conf
> echo "updating GRE"
> sed -i 's/$OLDIP/$NEWIP/g' /etc/hostname.$1
> ifconfig $1 destroy
> sh /etc/netstart $1
>
> Connection simply drop, in log you can appreciate in the charon side:
>
> Mar 1 10:27:06 06[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50065}
> Mar 1 10:28:05 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50066}
> Mar 1 10:28:05 09[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50067}
> Mar 1 10:29:05 13[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50068}
> Mar 1 10:29:05 11[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50069}
> Mar 1 10:30:05 06[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50070}
> Mar 1 10:30:05 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50071}
> Mar 1 10:31:06 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50072}
> Mar 1 10:31:06 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50073}
> Mar 1 10:32:05 08[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50074}
> Mar 1 10:32:05 05[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50075}
> Mar 1 10:33:06 09[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50076}
> Mar 1 10:33:06 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50077}
> Mar 1 10:34:05 07[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50078}
> Mar 1 10:34:05 09[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50079}
> Mar 1 10:35:06 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50080}
> Mar 1 10:35:06 15[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50081}
> Mar 1 10:36:05 15[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50083}
> Mar 1 10:36:05 12[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50084}
> Mar 1 10:37:06 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50085}
> Mar 1 10:37:06 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50086}
> Mar 1 10:38:05 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA telecomlobby-uk{50087}
> Mar 1 10:38:05 12[IKE] <telecomlobby-jp|842> establishing CHILD_SA telecomlobby-jp{50088}
>
> has you can see those are two of the three PTP.
>
> If you want I've got a pcap or access but in private.
>
> Nice regards,
>
>
>
>
> On Mon, Feb 22, 2021 at 8:06 PM Tobias Heider <tobias.heider@stusta.de> wrote:
>
> On Mon, Feb 22, 2021 at 03:59:53PM +0100, Riccardo Giuntoli wrote:
> > Ok. In the log you can appreciate.
> >
> > UK-HOST one OpenBSD machine connected to three openbsd, one mikrotik and
> > one VyOS. The VyOS is CAT-HOST
> >
> > Kind regards
>
> The log looks fine but it doesn't seem to contain the error message you
> sent earlier.
> Can you try reproducing the bug and then send a log containing the error
> message and everything that happened before?
>
> >
> >
> > On Mon, Feb 22, 2021 at 12:02 PM Stuart Henderson <stu@spacehopper.org>
> > wrote:
> >
> > > On 2021-02-22, Riccardo Giuntoli <taglio@gmail.com> wrote:
> > > > Ok I've got the same error on three different OpenBSD, tell me what error
> > > > do you want or if you want an access.
> > >
> > > It would be a good start to run iked in the foreground with iked -vvd and
> > > show the log from there.
> > >
> > >
> > >
> >
> > --
> > Name: Riccardo Giuntoli
> > Email: taglio@gmail.com
> > Location: sant Pere de Ribes, BCN, Spain
> > PGP Key: 0x67123739
> > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
> > Key server: hkp://wwwkeys.eu.pgp.net
>
> > create_ike: using signature for peer --FR--
> > create_ike: using signature for peer
> > ikev2 "--CAT-HOST--" passive transport esp proto gre inet from --UK-- to --CAT-- local
> --UK-- peer any ikesa enc aes-256 prf hmac-sha2-256,hmac-sha2-384,hmac-sha2-512,hmac-sha1
> auth hmac-sha2-256 group ecp256 childsa enc aes-256 auth hmac-sha2-256 group ecp256
> esn,noesn srcid --UK-ID-- ikelifetime 86400 lifetime 3600 bytes 536870912 signature
> > /etc/iked.conf: loaded 4 configuration rules
> > ca_privkey_serialize: type RSA_KEY length 1191
> > ca_pubkey_serialize: type RSA_KEY length 270
> > ca_privkey_to_method: type RSA_KEY method RSA_SIG
> > ca_getkey: received private key type RSA_KEY length 1191
> > ca_getkey: received public key type RSA_KEY length 270
> > ca_dispatch_parent: config reset
> > ca_reload: loaded ca file ca.crt
> > ca_reload: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=
> --CA-HOST--
> > ca_reload: loaded 1 ca certificate
> > ca_reload: loaded cert file --FR-HOST--.crt
> > ca_reload: loaded cert file --UK-HOST--.crt
> > config_getpolicy: received policy
> > config_getpolicy: received policy
> > config_getpolicy: received policy
> > config_getpolicy: received policy
> > config_getpfkey: received pfkey fd 3
> > config_getcompile: compilation done
> > config_getsocket: received socket fd 4
> > config_getsocket: received socket fd 5
> > config_getsocket: received socket fd 6
> > config_getsocket: received socket fd 7
> > config_getstatic: dpd_check_interval 15
> > config_getstatic: no enforcesingleikesa
> > config_getstatic: no fragmentation
> > config_getstatic: mobike
> > config_getstatic: nattport 4500
> > ca_validate_cert: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=
> --FR-HOST-- ok
> > ca_validate_cert: /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=--UK-HOST-- ok
> > ca_reload: local cert type X509_CERT
> > config_getocsp: ocsp_url none tolerate 0 maxage -1
> > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > ikev2_init_recv: unknown SA
> > ikev2_init_ike_sa: initiating "--FR-HOST--"
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_add_proposals: length 68
> > ikev2_next_payload: length 72 nextpayload KE
> > ikev2_next_payload: length 104 nextpayload NONCE
> > ikev2_next_payload: length 36 nextpayload NOTIFY
> > ikev2_nat_detection: local source 0xf2043da59221143f 0x0000000000000000 --UK--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_nat_detection: local destination 0xf2043da59221143f 0x0000000000000000 --FR--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_next_payload: length 14 nextpayload NONE
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x0000000000000000 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310 response 0
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 72
> > ikev2_pld_sa: more 0 reserved 0 length 68 proposal #1 protoid IKE spisize 0 xforms 7 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 104
> > ikev2_pld_ke: dh group ECP_384 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > spi=0xf2043da59221143f: send IKE_SA_INIT req 0 peer --FR--:500 local --UK--:500, 310
> bytes
> > spi=0xf2043da59221143f: sa_state: INIT -> SA_INIT
> > ikev2_init_ike_sa: initiating "--US-HOST--"
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_add_proposals: length 36
> > ikev2_next_payload: length 40 nextpayload KE
> > ikev2_next_payload: length 136 nextpayload NONCE
> > ikev2_next_payload: length 36 nextpayload NOTIFY
> > ikev2_nat_detection: local source 0x22cd85777285bb53 0x0000000000000000 --UK--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_nat_detection: local destination 0x22cd85777285bb53 0x0000000000000000
> --US-IP--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_next_payload: length 14 nextpayload NONE
> > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x0000000000000000 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310 response 0
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40
> > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 xforms 3 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136
> > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > spi=0x22cd85777285bb53: send IKE_SA_INIT req 0 peer --US-IP--:500 local --UK--:500, 310
> bytes
> > spi=0x22cd85777285bb53: sa_state: INIT -> SA_INIT
> > ikev2_init_ike_sa: initiating "--JP-HOST--"
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_add_proposals: length 36
> > ikev2_next_payload: length 40 nextpayload KE
> > ikev2_next_payload: length 136 nextpayload NONCE
> > ikev2_next_payload: length 36 nextpayload NOTIFY
> > ikev2_nat_detection: local source 0x67cb9c572ac8b67e 0x0000000000000000 --UK--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_nat_detection: local destination 0x67cb9c572ac8b67e 0x0000000000000000
> --JP-IP--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_next_payload: length 14 nextpayload NONE
> > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x0000000000000000 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310 response 0
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40
> > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 xforms 3 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136
> > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > spi=0x67cb9c572ac8b67e: send IKE_SA_INIT req 0 peer --JP-IP--:500 local --UK--:500, 310
> bytes
> > spi=0x67cb9c572ac8b67e: sa_state: INIT -> SA_INIT
> > spi=0xf2043da59221143f: recv IKE_SA_INIT res 0 peer --FR--:500 local --UK--:500, 213
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 213 response 1
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 104
> > ikev2_pld_ke: dh group ECP_384 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload CERTREQ critical 0x00 length 28
> > ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 5
> > ikev2_pld_certreq: type X509_CERT length 0
> > ikev2_pld_certreq: invalid length 0
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth)
> > proposals_negotiate: score 4
> > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > spi=0xf2043da59221143f: ikev2_sa_keys: DHSECRET with 48 bytes
> > ikev2_sa_keys: SKEYSEED with 32 bytes
> > spi=0xf2043da59221143f: ikev2_sa_keys: S with 72 bytes
> > ikev2_prfplus: T1 with 32 bytes
> > ikev2_prfplus: T2 with 32 bytes
> > ikev2_prfplus: T3 with 32 bytes
> > ikev2_prfplus: T4 with 32 bytes
> > ikev2_prfplus: T5 with 32 bytes
> > ikev2_prfplus: T6 with 32 bytes
> > ikev2_prfplus: T7 with 32 bytes
> > ikev2_prfplus: Tn with 224 bytes
> > ikev2_sa_keys: SK_d with 32 bytes
> > ikev2_sa_keys: SK_ai with 32 bytes
> > ikev2_sa_keys: SK_ar with 32 bytes
> > ikev2_sa_keys: SK_ei with 32 bytes
> > ikev2_sa_keys: SK_er with 32 bytes
> > ikev2_sa_keys: SK_pi with 32 bytes
> > ikev2_sa_keys: SK_pr with 32 bytes
> > ikev2_msg_auth: initiator auth data length 366
> > ca_setauth: switching SIG to RSA_SIG(*)
> > ca_setauth: auth length 366
> > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > config_free_proposals: free 0x3c27ccfe800
> > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> =--CA-HOST--
> > ca_x509_subjectaltname_do: did not find subjectAltName in certificate
> > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> --UK-HOST--
> > ca_setauth: auth length 256
> > ikev2_getimsgdata: imsg 22 rspi 0x1f43bd64d771a4e5 ispi 0xf2043da59221143f initiator 1 sa
> valid type 4 data length 1064
> > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009 cert,auth)
> > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > ikev2_getimsgdata: imsg 28 rspi 0x1f43bd64d771a4e5 ispi 0xf2043da59221143f initiator 1 sa
> valid type 1 data length 256
> > ikev2_dispatch_cert: AUTH type 1 len 256
> > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009 cert,auth)
> > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > ikev2_next_payload: length 35 nextpayload CERT
> > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > ikev2_add_certreq: type X509_CERT length 21
> > ikev2_next_payload: length 25 nextpayload AUTH
> > ikev2_next_payload: length 264 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > pfkey_sa_getspi: spi 0x8f3bad08
> > pfkey_sa_init: new spi 0x8f3bad08
> > ikev2_add_proposals: length 48
> > ikev2_next_payload: length 52 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NONE
> > ikev2_next_payload: length 1540 nextpayload IDi
> > ikev2_msg_encrypt: decrypted length 1501
> > ikev2_msg_encrypt: padded length 1504
> > ikev2_msg_encrypt: length 1502, padding 2, output length 1536
> > ikev2_msg_integr: message length 1568
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1568 response 0
> > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1540
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 1504
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 2
> > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length 35
> > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ critical 0x00 length 1069
> > ikev2_pld_cert: type X509_CERT length 1064
> > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 length 264
> > ikev2_pld_auth: method RSA_SIG length 256
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 52
> > ikev2_pld_sa: more 0 reserved 0 length 48 proposal #1 protoid ESP spisize 4 xforms 4 spi
> 0x8f3bad08
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --FR-- end --FR--
> > spi=0xf2043da59221143f: send IKE_AUTH req 1 peer --FR--:500 local --UK--:500, 1568 bytes
> > spi=0xf2043da59221143f: recv IKE_AUTH res 1 peer --FR--:500 local --UK--:500, 1552 bytes,
> policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1552 response 1
> > ikev2_pld_payloads: payload SK nextpayload CERT critical 0x00 length 1524
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 1488
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 1488/1488 padding 8
> > ikev2_pld_payloads: decrypted payload CERT nextpayload IDr critical 0x00 length 1084
> > ikev2_pld_cert: type X509_CERT length 1079
> > ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH critical 0x00 length 31
> > ikev2_pld_id: id UFQDN/uma@--CA-HOST-- length 27
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload TSi critical 0x00 length 264
> > ikev2_pld_auth: method RSA_SIG length 256
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload SA critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --FR-- end --FR--
> > ikev2_pld_payloads: decrypted payload SA nextpayload NOTIFY critical 0x00 length 44
> > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi
> 0x066d9db6
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > spi=0xf2043da59221143f: sa_state: SA_INIT -> AUTH_REQUEST
> > proposals_negotiate: score 4
> > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required 0x0032
> certvalid,authvalid,sa)
> > config_free_proposals: free 0x3c27ccfe580
> > ca_validate_pubkey: could not open public key pubkeys/ufqdn/uma@--CA-HOST--
> > ca_validate_cert: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=
> --FR-HOST-- ok
> > ikev2_getimsgdata: imsg 23 rspi 0x1f43bd64d771a4e5 ispi 0xf2043da59221143f initiator 1 sa
> valid type 4 data length 1079
> > ikev2_msg_auth: responder auth data length 277
> > ikev2_msg_authverify: method RSA_SIG keylen 1079 type X509_CERT
> > ikev2_msg_authverify: authentication successful
> > spi=0xf2043da59221143f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required 0x0032
> certvalid,authvalid,sa)
> > ikev2_dispatch_cert: peer certificate is valid
> > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> certvalid,authvalid,sa)
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > spi=0xf2043da59221143f: sa_state: AUTH_SUCCESS -> VALID
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > ikev2_sa_tag: (0)
> > ikev2_childsa_negotiate: proposal 1
> > ikev2_childsa_negotiate: key material length 128
> > ikev2_prfplus: T1 with 32 bytes
> > ikev2_prfplus: T2 with 32 bytes
> > ikev2_prfplus: T3 with 32 bytes
> > ikev2_prfplus: T4 with 32 bytes
> > ikev2_prfplus: Tn with 128 bytes
> > pfkey_sa_add: add spi 0x066d9db6
> > ikev2_childsa_enable: loaded CHILD SA spi 0x066d9db6
> > pfkey_sa_add: update spi 0x8f3bad08
> > ikev2_childsa_enable: loaded CHILD SA spi 0x8f3bad08
> > ikev2_childsa_enable: loaded flow 0x3c27dfd9800
> > ikev2_childsa_enable: loaded flow 0x3c27dfda000
> > ikev2_childsa_enable: remember SA peer --FR--:500
> > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded SPIs: 0x066d9db6, 0x8f3bad08
> > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded flows: ESP---UK--/32=--FR--/32(47)
> > spi=0xf2043da59221143f: sa_state: VALID -> ESTABLISHED from --FR--:500 to --UK--:500
> policy '--FR-HOST--'
> > spi=0xf2043da59221143f: established peer --FR--:500[UFQDN/uma@--CA-HOST--] local
> --UK--:500[UFQDN/--UK-ID--] policy '--FR-HOST--' as initiator
> > spi=0x22cd85777285bb53: recv IKE_SA_INIT res 0 peer --US-IP--:500 local --UK--:500, 335
> bytes, policy '--US-HOST--'
> > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f
> > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 335 response 1
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40
> > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 xforms 3 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136
> > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_nat_detection: peer source 0x22cd85777285bb53 0x84c59f1c8f60d03f --US-IP--:500
> > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_nat_detection: peer destination 0x22cd85777285bb53 0x84c59f1c8f60d03f --UK--:500
> > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > ikev2_pld_notify: signature hash SHA2_256 (2)
> > ikev2_pld_notify: signature hash SHA2_384 (3)
> > ikev2_pld_notify: signature hash SHA2_512 (4)
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth)
> > proposals_negotiate: score 3
> > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > spi=0x22cd85777285bb53: ikev2_sa_keys: DHSECRET with 64 bytes
> > ikev2_sa_keys: SKEYSEED with 64 bytes
> > spi=0x22cd85777285bb53: ikev2_sa_keys: S with 80 bytes
> > ikev2_prfplus: T1 with 64 bytes
> > ikev2_prfplus: T2 with 64 bytes
> > ikev2_prfplus: T3 with 64 bytes
> > ikev2_prfplus: T4 with 64 bytes
> > ikev2_prfplus: T5 with 64 bytes
> > ikev2_prfplus: Tn with 320 bytes
> > ikev2_sa_keys: SK_d with 64 bytes
> > ikev2_sa_keys: SK_ei with 36 bytes
> > ikev2_sa_keys: SK_er with 36 bytes
> > ikev2_sa_keys: SK_pi with 64 bytes
> > ikev2_sa_keys: SK_pr with 64 bytes
> > ikev2_msg_auth: initiator auth data length 406
> > ca_setauth: switching SIG_ANY to SIG
> > ca_setauth: auth length 406
> > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > config_free_proposals: free 0x3c27dfd8300
> > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> =--CA-HOST--
> > ca_x509_subjectaltname_do: did not find subjectAltName in certificate
> > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> --UK-HOST--
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > ca_setauth: auth length 272
> > ikev2_getimsgdata: imsg 22 rspi 0x84c59f1c8f60d03f ispi 0x22cd85777285bb53 initiator 1 sa
> valid type 4 data length 1064
> > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009 cert,auth)
> > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > ikev2_getimsgdata: imsg 28 rspi 0x84c59f1c8f60d03f ispi 0x22cd85777285bb53 initiator 1 sa
> valid type 14 data length 272
> > ikev2_dispatch_cert: AUTH type 14 len 272
> > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009 cert,auth)
> > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > ikev2_next_payload: length 35 nextpayload CERT
> > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > ikev2_add_certreq: type X509_CERT length 21
> > ikev2_next_payload: length 25 nextpayload AUTH
> > ikev2_next_payload: length 280 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > pfkey_sa_getspi: spi 0xfc41aa70
> > pfkey_sa_init: new spi 0xfc41aa70
> > ikev2_add_proposals: length 40
> > ikev2_next_payload: length 44 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NONE
> > ikev2_next_payload: length 1534 nextpayload IDi
> > ikev2_msg_encrypt: decrypted length 1509
> > ikev2_msg_encrypt: padded length 1510
> > ikev2_msg_encrypt: length 1510, padding 0, output length 1530
> > ikev2_msg_integr: message length 1562
> > ikev2_msg_integr: integrity checksum length 12
> > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562 response 0
> > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1534
> > ikev2_msg_decrypt: IV length 8
> > ikev2_msg_decrypt: encrypted payload length 1510
> > ikev2_msg_decrypt: integrity checksum length 12
> > ikev2_msg_decrypt: AAD length 32
> > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0
> > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length 35
> > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ critical 0x00 length 1069
> > ikev2_pld_cert: type X509_CERT length 1064
> > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44
> > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi
> 0xfc41aa70
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --US-IP-- end --US-IP--
> > spi=0x22cd85777285bb53: send IKE_AUTH req 1 peer --US-IP--:500 local --UK--:500, 1562
> bytes
> > spi=0x22cd85777285bb53: recv IKE_AUTH res 1 peer --US-IP--:500 local --UK--:500, 1532
> bytes, policy '--US-HOST--'
> > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f
> > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1532 response 1
> > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1504
> > ikev2_msg_decrypt: IV length 8
> > ikev2_msg_decrypt: encrypted payload length 1480
> > ikev2_msg_decrypt: integrity checksum length 12
> > ikev2_msg_decrypt: AAD length 32
> > ikev2_msg_decrypt: decrypted payload length 1480/1480 padding 0
> > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length 37
> > ikev2_pld_id: id UFQDN/saraswati@--CA-HOST-- length 33
> > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 length 1070
> > ikev2_pld_cert: type X509_CERT length 1065
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 36
> > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid ESP spisize 4 xforms 2 spi
> 0xd1bfd520
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --US-IP-- end --US-IP--
> > spi=0x22cd85777285bb53: sa_state: SA_INIT -> AUTH_REQUEST
> > proposals_negotiate: score 2
> > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required 0x0032
> certvalid,authvalid,sa)
> > config_free_proposals: free 0x3c27dfd8980
> > ca_validate_pubkey: could not open public key pubkeys/ufqdn/saraswati@--CA-HOST--
> > ca_validate_cert: /C=US/ST=Texas/L=Dallas/O=Telecom Lobby/OU=VPNC/CN=--US-HOST-- ok
> > ikev2_getimsgdata: imsg 23 rspi 0x84c59f1c8f60d03f ispi 0x22cd85777285bb53 initiator 1 sa
> valid type 4 data length 1065
> > ikev2_msg_auth: responder auth data length 431
> > ikev2_msg_authverify: method SIG keylen 1065 type X509_CERT
> > _dsa_verify_init: signature scheme 0 selected
> > ikev2_msg_authverify: authentication successful
> > spi=0x22cd85777285bb53: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required 0x0032
> certvalid,authvalid,sa)
> > ikev2_dispatch_cert: peer certificate is valid
> > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> certvalid,authvalid,sa)
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > spi=0x22cd85777285bb53: sa_state: AUTH_SUCCESS -> VALID
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > ikev2_sa_tag: (0)
> > ikev2_childsa_negotiate: proposal 1
> > ikev2_childsa_negotiate: key material length 72
> > ikev2_prfplus: T1 with 64 bytes
> > ikev2_prfplus: T2 with 64 bytes
> > ikev2_prfplus: Tn with 128 bytes
> > pfkey_sa_add: add spi 0xd1bfd520
> > ikev2_childsa_enable: loaded CHILD SA spi 0xd1bfd520
> > pfkey_sa_add: update spi 0xfc41aa70
> > ikev2_childsa_enable: loaded CHILD SA spi 0xfc41aa70
> > ikev2_childsa_enable: loaded flow 0x3c2c0b8f800
> > ikev2_childsa_enable: loaded flow 0x3c27dfda400
> > ikev2_childsa_enable: remember SA peer --US-IP--:500
> > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded SPIs: 0xd1bfd520, 0xfc41aa70
> > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded flows: ESP---UK--/32=--US-IP--/32
> (47)
> > spi=0x22cd85777285bb53: sa_state: VALID -> ESTABLISHED from --US-IP--:500 to --UK--:500
> policy '--US-HOST--'
> > spi=0x22cd85777285bb53: established peer --US-IP--:500[UFQDN/saraswati@--CA-HOST--] local
> --UK--:500[UFQDN/--UK-ID--] policy '--US-HOST--' as initiator
> > spi=0x67cb9c572ac8b67e: recv IKE_SA_INIT res 0 peer --JP-IP--:500 local --UK--:500, 335
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7
> > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 335 response 1
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 40
> > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE spisize 0 xforms 3 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136
> > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_nat_detection: peer source 0x67cb9c572ac8b67e 0x2c3aab6ceed004e7 --JP-IP--:500
> > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_nat_detection: peer destination 0x67cb9c572ac8b67e 0x2c3aab6ceed004e7 --UK--:500
> > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > ikev2_pld_notify: signature hash SHA2_256 (2)
> > ikev2_pld_notify: signature hash SHA2_384 (3)
> > ikev2_pld_notify: signature hash SHA2_512 (4)
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth)
> > proposals_negotiate: score 3
> > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: DHSECRET with 64 bytes
> > ikev2_sa_keys: SKEYSEED with 64 bytes
> > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: S with 80 bytes
> > ikev2_prfplus: T1 with 64 bytes
> > ikev2_prfplus: T2 with 64 bytes
> > ikev2_prfplus: T3 with 64 bytes
> > ikev2_prfplus: T4 with 64 bytes
> > ikev2_prfplus: T5 with 64 bytes
> > ikev2_prfplus: Tn with 320 bytes
> > ikev2_sa_keys: SK_d with 64 bytes
> > ikev2_sa_keys: SK_ei with 36 bytes
> > ikev2_sa_keys: SK_er with 36 bytes
> > ikev2_sa_keys: SK_pi with 64 bytes
> > ikev2_sa_keys: SK_pr with 64 bytes
> > ikev2_msg_auth: initiator auth data length 406
> > ca_setauth: switching SIG_ANY to SIG
> > ca_setauth: auth length 406
> > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > config_free_proposals: free 0x3c2a56dad00
> > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> =--CA-HOST--
> > ca_x509_subjectaltname_do: did not find subjectAltName in certificate
> > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> --UK-HOST--
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > ca_setauth: auth length 272
> > ikev2_getimsgdata: imsg 22 rspi 0x2c3aab6ceed004e7 ispi 0x67cb9c572ac8b67e initiator 1 sa
> valid type 4 data length 1064
> > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009 cert,auth)
> > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > ikev2_getimsgdata: imsg 28 rspi 0x2c3aab6ceed004e7 ispi 0x67cb9c572ac8b67e initiator 1 sa
> valid type 14 data length 272
> > ikev2_dispatch_cert: AUTH type 14 len 272
> > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009 cert,auth)
> > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > ikev2_next_payload: length 35 nextpayload CERT
> > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > ikev2_add_certreq: type X509_CERT length 21
> > ikev2_next_payload: length 25 nextpayload AUTH
> > ikev2_next_payload: length 280 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > pfkey_sa_getspi: spi 0x4701e9b5
> > pfkey_sa_init: new spi 0x4701e9b5
> > ikev2_add_proposals: length 40
> > ikev2_next_payload: length 44 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NONE
> > ikev2_next_payload: length 1534 nextpayload IDi
> > ikev2_msg_encrypt: decrypted length 1509
> > ikev2_msg_encrypt: padded length 1510
> > ikev2_msg_encrypt: length 1510, padding 0, output length 1530
> > ikev2_msg_integr: message length 1562
> > ikev2_msg_integr: integrity checksum length 12
> > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562 response 0
> > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1534
> > ikev2_msg_decrypt: IV length 8
> > ikev2_msg_decrypt: encrypted payload length 1510
> > ikev2_msg_decrypt: integrity checksum length 12
> > ikev2_msg_decrypt: AAD length 32
> > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0
> > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length 35
> > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ critical 0x00 length 1069
> > ikev2_pld_cert: type X509_CERT length 1064
> > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44
> > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi
> 0x4701e9b5
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --JP-IP-- end --JP-IP--
> > spi=0x67cb9c572ac8b67e: send IKE_AUTH req 1 peer --JP-IP--:500 local --UK--:500, 1562
> bytes
> > spi=0x67cb9c572ac8b67e: recv IKE_AUTH res 1 peer --JP-IP--:500 local --UK--:500, 1527
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7
> > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7 nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1527 response 1
> > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1499
> > ikev2_msg_decrypt: IV length 8
> > ikev2_msg_decrypt: encrypted payload length 1475
> > ikev2_msg_decrypt: integrity checksum length 12
> > ikev2_msg_decrypt: AAD length 32
> > ikev2_msg_decrypt: decrypted payload length 1475/1475 padding 0
> > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length 33
> > ikev2_pld_id: id UFQDN/shiva@--CA-HOST-- length 29
> > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 length 1069
> > ikev2_pld_cert: type X509_CERT length 1064
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 36
> > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid ESP spisize 4 xforms 2 spi
> 0xb1bffe2d
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CHACHA20_POLY1305
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --JP-IP-- end --JP-IP--
> > spi=0x67cb9c572ac8b67e: sa_state: SA_INIT -> AUTH_REQUEST
> > proposals_negotiate: score 2
> > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required 0x0032
> certvalid,authvalid,sa)
> > config_free_proposals: free 0x3c31292ac00
> > ca_validate_pubkey: could not open public key pubkeys/ufqdn/shiva@--CA-HOST--
> > ca_validate_cert: /C=JP/ST=Tokyo/L=Heiwajima/O=Telecom Lobby/OU=VPNC/CN=--JP-HOST-- ok
> > ikev2_getimsgdata: imsg 23 rspi 0x2c3aab6ceed004e7 ispi 0x67cb9c572ac8b67e initiator 1 sa
> valid type 4 data length 1064
> > ikev2_msg_auth: responder auth data length 431
> > ikev2_msg_authverify: method SIG keylen 1064 type X509_CERT
> > _dsa_verify_init: signature scheme 0 selected
> > ikev2_msg_authverify: authentication successful
> > spi=0x67cb9c572ac8b67e: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required 0x0032
> certvalid,authvalid,sa)
> > ikev2_dispatch_cert: peer certificate is valid
> > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> certvalid,authvalid,sa)
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > spi=0x67cb9c572ac8b67e: sa_state: AUTH_SUCCESS -> VALID
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > sa_stateok: VALID flags 0x0032, require 0x0032 certvalid,authvalid,sa
> > ikev2_sa_tag: (0)
> > ikev2_childsa_negotiate: proposal 1
> > ikev2_childsa_negotiate: key material length 72
> > ikev2_prfplus: T1 with 64 bytes
> > ikev2_prfplus: T2 with 64 bytes
> > ikev2_prfplus: Tn with 128 bytes
> > pfkey_sa_add: add spi 0xb1bffe2d
> > ikev2_childsa_enable: loaded CHILD SA spi 0xb1bffe2d
> > pfkey_sa_add: update spi 0x4701e9b5
> > ikev2_childsa_enable: loaded CHILD SA spi 0x4701e9b5
> > ikev2_childsa_enable: loaded flow 0x3c2eec20c00
> > ikev2_childsa_enable: loaded flow 0x3c324182000
> > ikev2_childsa_enable: remember SA peer --JP-IP--:500
> > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded SPIs: 0xb1bffe2d, 0x4701e9b5
> > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded flows: ESP---UK--/32=--JP-IP--/32
> (47)
> > spi=0x67cb9c572ac8b67e: sa_state: VALID -> ESTABLISHED from --JP-IP--:500 to --UK--:500
> policy '--JP-HOST--'
> > spi=0x67cb9c572ac8b67e: established peer --JP-IP--:500[UFQDN/shiva@--CA-HOST--] local
> --UK--:500[UFQDN/--UK-ID--] policy '--JP-HOST--' as initiator
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > ikev2_init_recv: unknown SA
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > ikev2_init_recv: unknown SA
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > ikev2_init_recv: unknown SA
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 0 peer --FR--:500 local --UK--:500, 112
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 0 length 112 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 48
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 0 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 0 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003184
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003184
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003183
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 3 second(s) ago
> > pfkey_sa_lookup: last_used 1614003183
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 3 second(s) ago
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xf94ce3fc2e48f7f2: recv IKE_SA_INIT req 0 peer --CAT--:500 local --UK--:500, 1056
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x0000000000000000
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x0000000000000000 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056 response 0
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832
> > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE spisize 0 xforms 37
> spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE spisize 0 xforms 45
> spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_nat_detection: peer source 0xf94ce3fc2e48f7f2 0x0000000000000000 --CAT--:500
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_nat_detection: peer destination 0xf94ce3fc2e48f7f2 0x0000000000000000 --UK--:500
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > ikev2_pld_notify: signature hash SHA2_256 (2)
> > ikev2_pld_notify: signature hash SHA2_384 (3)
> > ikev2_pld_notify: signature hash SHA2_512 (4)
> > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> > proposals_negotiate: score 4
> > proposals_negotiate: score 0
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xf94ce3fc2e48f7f2: sa_state: INIT -> SA_INIT
> > proposals_negotiate: score 4
> > proposals_negotiate: score 0
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: DHSECRET with 32 bytes
> > ikev2_sa_keys: SKEYSEED with 32 bytes
> > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: S with 80 bytes
> > ikev2_prfplus: T1 with 32 bytes
> > ikev2_prfplus: T2 with 32 bytes
> > ikev2_prfplus: T3 with 32 bytes
> > ikev2_prfplus: T4 with 32 bytes
> > ikev2_prfplus: T5 with 32 bytes
> > ikev2_prfplus: T6 with 32 bytes
> > ikev2_prfplus: T7 with 32 bytes
> > ikev2_prfplus: Tn with 224 bytes
> > ikev2_sa_keys: SK_d with 32 bytes
> > ikev2_sa_keys: SK_ai with 32 bytes
> > ikev2_sa_keys: SK_ar with 32 bytes
> > ikev2_sa_keys: SK_ei with 32 bytes
> > ikev2_sa_keys: SK_er with 32 bytes
> > ikev2_sa_keys: SK_pi with 32 bytes
> > ikev2_sa_keys: SK_pr with 32 bytes
> > ikev2_add_proposals: length 44
> > ikev2_next_payload: length 48 nextpayload KE
> > ikev2_next_payload: length 72 nextpayload NONCE
> > ikev2_next_payload: length 36 nextpayload NOTIFY
> > ikev2_nat_detection: local source 0xf94ce3fc2e48f7f2 0x1d51ac7d723a726d --UK--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_nat_detection: local destination 0xf94ce3fc2e48f7f2 0x1d51ac7d723a726d --CAT--:500
> > ikev2_next_payload: length 28 nextpayload CERTREQ
> > ikev2_add_certreq: type X509_CERT length 21
> > ikev2_next_payload: length 25 nextpayload NOTIFY
> > ikev2_next_payload: length 14 nextpayload NONE
> > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279 response 1
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > spi=0xf94ce3fc2e48f7f2: send IKE_SA_INIT res 0 peer --CAT--:500 local --UK--:500, 279
> bytes
> > config_free_proposals: free 0x3c31292ae80
> > config_free_proposals: free 0x3c31292a880
> > spi=0xf94ce3fc2e48f7f2: recv IKE_AUTH req 1 peer --CAT--:4500 local --UK--:4500, 1792
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d
> > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792 response 0
> > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 1728
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
> > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length 33
> > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29
> > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical 0x00 length 1090
> > ikev2_pld_cert: type X509_CERT length 1085
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 length 85
> > ikev2_pld_certreq: type X509_CERT length 80
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 16
> > ikev2_pld_cp: type REQUEST length 8
> > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 100
> > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP spisize 4 xforms 9 spi
> 0xc9f9084d
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 24
> > ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > ikev2_handle_notifies: mobike enabled
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > spi=0xf94ce3fc2e48f7f2: sa_state: SA_INIT -> AUTH_REQUEST
> > policy_lookup: peerid 'indra@--CA-HOST--'
> > proposals_negotiate: score 4
> > policy_lookup: setting policy '--CAT-HOST--'
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_msg_auth: responder auth data length 343
> > ca_setauth: switching SIG_ANY to SIG
> > ca_setauth: auth length 343
> > proposals_negotiate: score 4
> > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > config_free_proposals: free 0x3c31292a480
> > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> =--CA-HOST--
> > ca_x509_subjectaltname_do: did not find subjectAltName in certificate
> > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> --UK-HOST--
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > ca_setauth: auth length 272
> > ca_validate_pubkey: could not open public key pubkeys/ufqdn/indra@--CA-HOST--
> > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom Lobby/OU=VPNC/CN=
> --CAT-HOST-- ok
> > ikev2_getimsgdata: imsg 22 rspi 0x1d51ac7d723a726d ispi 0xf94ce3fc2e48f7f2 initiator 0 sa
> valid type 4 data length 1064
> > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 28 rspi 0x1d51ac7d723a726d ispi 0xf94ce3fc2e48f7f2 initiator 0 sa
> valid type 14 data length 272
> > ikev2_dispatch_cert: AUTH type 14 len 272
> > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 23 rspi 0x1d51ac7d723a726d ispi 0xf94ce3fc2e48f7f2 initiator 0 sa
> valid type 4 data length 1085
> > ikev2_msg_auth: initiator auth data length 1120
> > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > _dsa_verify_init: signature scheme 0 selected
> > ikev2_msg_authverify: authentication successful
> > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_dispatch_cert: peer certificate is valid
> > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
> > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_SUCCESS -> VALID
> > sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
> > sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
> > ikev2_sa_tag: (0)
> > ikev2_childsa_negotiate: proposal 1
> > ikev2_childsa_negotiate: key material length 128
> > ikev2_prfplus: T1 with 32 bytes
> > ikev2_prfplus: T2 with 32 bytes
> > ikev2_prfplus: T3 with 32 bytes
> > ikev2_prfplus: T4 with 32 bytes
> > ikev2_prfplus: Tn with 128 bytes
> > pfkey_sa_getspi: spi 0xba75d84f
> > pfkey_sa_init: new spi 0xba75d84f
> > ikev2_next_payload: length 35 nextpayload CERT
> > ikev2_next_payload: length 1069 nextpayload AUTH
> > ikev2_next_payload: length 280 nextpayload CP
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > ikev2_add_proposals: length 40
> > ikev2_next_payload: length 44 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NONE
> > ikev2_next_payload: length 1540 nextpayload IDr
> > ikev2_msg_encrypt: decrypted length 1500
> > ikev2_msg_encrypt: padded length 1504
> > ikev2_msg_encrypt: length 1501, padding 3, output length 1536
> > ikev2_msg_integr: message length 1568
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568 response 1
> > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 1504
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3
> > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length 35
> > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 length 1069
> > ikev2_pld_cert: type X509_CERT length 1064
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_cp: type REPLY length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44
> > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi
> 0xba75d84f
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --CAT-- end --CAT--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > spi=0xf94ce3fc2e48f7f2: send IKE_AUTH res 1 peer --CAT--:4500 local --UK--:4500, 1568
> bytes, NAT-T
> > pfkey_sa_add: update spi 0xba75d84f
> > ikev2_childsa_enable: loaded CHILD SA spi 0xba75d84f
> > pfkey_sa_add: add spi 0xc9f9084d
> > ikev2_childsa_enable: loaded CHILD SA spi 0xc9f9084d
> > ikev2_childsa_enable: loaded flow 0x3c324182800
> > ikev2_childsa_enable: loaded flow 0x3c2eec20400
> > ikev2_childsa_enable: remember SA peer --CAT--:4500
> > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded SPIs: 0xba75d84f, 0xc9f9084d
> > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded flows: ESP---UK--/32=--CAT--/32(47)
> > spi=0xf94ce3fc2e48f7f2: sa_state: VALID -> ESTABLISHED from --CAT--:4500 to --UK--:4500
> policy '--CAT-HOST--'
> > spi=0xf94ce3fc2e48f7f2: established peer --CAT--:4500[UFQDN/indra@--CA-HOST--] local
> --UK--:4500[UFQDN/--UK-ID--] policy '--CAT-HOST--' as responder
> > pfkey_sa_lookup: last_used 1614003186
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003186
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > ikev2_init_recv: unknown SA
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4429 peer --FR--:500 local --UK--:500, 240
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > ikev2_init_recv: unknown SA
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 1 peer --FR--:500 local --UK--:500, 128
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 1 length 128 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 100
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 64
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 1 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 1 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003199
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003199
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003198
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 3 second(s) ago
> > pfkey_sa_lookup: last_used 1614003198
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 3 second(s) ago
> > pfkey_sa_lookup: last_used 1614003201
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003201
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003201
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 2 peer --FR--:500 local --UK--:500, 144
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 2 length 144 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 116
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 80
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 2 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 2 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003214
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003214
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003216
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003216
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003216
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003216
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003216
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago
> > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > ikev2_init_ike_sa: "--US-HOST--" is already active
> > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 3 peer --FR--:500 local --UK--:500, 112
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 3 length 112 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 48
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 3 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 3 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003229
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003229
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003231
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003231
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003231
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003231
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003231
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 4 peer --FR--:500 local --UK--:500, 128
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 4 length 128 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 100
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 64
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 4 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 4 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003244
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003245
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003246
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003246
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003246
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003246
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003246
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 5 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 5 length 96 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 32
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 5 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 5 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003259
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003259
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003261
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003261
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003261
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003261
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003261
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0 second(s) ago
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 6 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 6 length 96 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 32
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 6 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 6 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003275
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003275
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003276
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003276
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003276
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003276
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003275
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > ikev2_init_ike_sa: "--US-HOST--" is already active
> > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 7 peer --FR--:500 local --UK--:500, 112
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 7 length 112 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 48
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 7 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 7 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003290
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003290
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003291
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003291
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003291
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003291
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003290
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 8 peer --FR--:500 local --UK--:500, 144
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 8 length 144 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 116
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 80
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 8 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 8 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003305
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003305
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003306
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003306
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003306
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003306
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003305
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 9 peer --FR--:500 local --UK--:500, 160
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 9 length 160 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 132
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 96
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 9 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 9 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003319
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003320
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003321
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003321
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003321
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003321
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003320
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 10 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 10 length 96 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 32
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 10 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 10 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003334
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003335
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003336
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003336
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003336
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003336
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003335
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > policy_lookup: setting policy '--JP-HOST--'
> > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local --UK--:500, 57
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > ikev2_init_recv: unknown SA
> > policy_lookup: setting policy '--JP-HOST--'
> > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local --UK--:500, 57
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > ikev2_init_recv: unknown SA
> > policy_lookup: setting policy '--JP-HOST--'
> > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local --UK--:500, 57
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > ikev2_init_recv: unknown SA
> > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > ikev2_init_ike_sa: "--US-HOST--" is already active
> > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 11 peer --FR--:500 local --UK--:500, 96
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 11 length 96 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 68
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 32
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 11 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 11 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003349
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003350
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003351
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003351
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003350
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003351
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003350
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > policy_lookup: setting policy '--JP-HOST--'
> > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local --UK--:500, 57
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > ikev2_init_recv: unknown SA
> > spi=0xf94ce3fc2e48f7f2: recv INFORMATIONAL req 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d
> > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x08 msgid 2 length 80 response 0
> > ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 7
> > ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE critical 0x00 length 8
> > ikev2_pld_delete: proto IKE spisize 0 nspi 0
> > ikev2_next_payload: length 4 nextpayload NONE
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 4
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 5, padding 11, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x20 msgid 2 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
> > spi=0xf94ce3fc2e48f7f2: send INFORMATIONAL res 2 peer --CAT--:4500 local --UK--:4500, 80
> bytes, NAT-T
> > spi=0xf94ce3fc2e48f7f2: ikev2_ikesa_recv_delete: received delete
> > spi=0xf94ce3fc2e48f7f2: sa_state: ESTABLISHED -> CLOSED from --CAT--:4500 to --UK--:4500
> policy '--CAT-HOST--'
> > ikev2_recv: closing SA
> > spi=0xf94ce3fc2e48f7f2: sa_free: received delete
> > config_free_proposals: free 0x3c27ccfe800
> > config_free_proposals: free 0x3c31292a600
> > config_free_childsas: free 0x3c2db888f00
> > config_free_childsas: free 0x3c300bf3e00
> > sa_free_flows: free 0x3c324182800
> > sa_free_flows: free 0x3c2eec20400
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0x87993e0d839b617f: recv IKE_SA_INIT req 0 peer --CAT--:500 local --UK--:500, 1056
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0x87993e0d839b617f rspi 0x0000000000000000
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0x0000000000000000 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056 response 0
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832
> > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE spisize 0 xforms 37
> spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE spisize 0 xforms 45
> spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_nat_detection: peer source 0x87993e0d839b617f 0x0000000000000000 --CAT--:500
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_nat_detection: peer destination 0x87993e0d839b617f 0x0000000000000000 --UK--:500
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > ikev2_pld_notify: signature hash SHA2_256 (2)
> > ikev2_pld_notify: signature hash SHA2_384 (3)
> > ikev2_pld_notify: signature hash SHA2_512 (4)
> > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> > proposals_negotiate: score 4
> > proposals_negotiate: score 0
> > policy_lookup: setting policy '--CAT-HOST--'
> > spi=0x87993e0d839b617f: sa_state: INIT -> SA_INIT
> > proposals_negotiate: score 4
> > proposals_negotiate: score 0
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > spi=0x87993e0d839b617f: ikev2_sa_keys: DHSECRET with 32 bytes
> > ikev2_sa_keys: SKEYSEED with 32 bytes
> > spi=0x87993e0d839b617f: ikev2_sa_keys: S with 80 bytes
> > ikev2_prfplus: T1 with 32 bytes
> > ikev2_prfplus: T2 with 32 bytes
> > ikev2_prfplus: T3 with 32 bytes
> > ikev2_prfplus: T4 with 32 bytes
> > ikev2_prfplus: T5 with 32 bytes
> > ikev2_prfplus: T6 with 32 bytes
> > ikev2_prfplus: T7 with 32 bytes
> > ikev2_prfplus: Tn with 224 bytes
> > ikev2_sa_keys: SK_d with 32 bytes
> > ikev2_sa_keys: SK_ai with 32 bytes
> > ikev2_sa_keys: SK_ar with 32 bytes
> > ikev2_sa_keys: SK_ei with 32 bytes
> > ikev2_sa_keys: SK_er with 32 bytes
> > ikev2_sa_keys: SK_pi with 32 bytes
> > ikev2_sa_keys: SK_pr with 32 bytes
> > ikev2_add_proposals: length 44
> > ikev2_next_payload: length 48 nextpayload KE
> > ikev2_next_payload: length 72 nextpayload NONCE
> > ikev2_next_payload: length 36 nextpayload NOTIFY
> > ikev2_nat_detection: local source 0x87993e0d839b617f 0xbd5bf5ce26784624 --UK--:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_nat_detection: local destination 0x87993e0d839b617f 0xbd5bf5ce26784624 --CAT--:500
> > ikev2_next_payload: length 28 nextpayload CERTREQ
> > ikev2_add_certreq: type X509_CERT length 21
> > ikev2_next_payload: length 25 nextpayload NOTIFY
> > ikev2_next_payload: length 14 nextpayload NONE
> > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624 nextpayload SA
> version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279 response 1
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi
> 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
> > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > spi=0x87993e0d839b617f: send IKE_SA_INIT res 0 peer --CAT--:500 local --UK--:500, 279
> bytes
> > config_free_proposals: free 0x3c2ef864700
> > config_free_proposals: free 0x3c2a56da100
> > spi=0x87993e0d839b617f: recv IKE_AUTH req 1 peer --CAT--:4500 local --UK--:4500, 1792
> bytes, policy '--CAT-HOST--'
> > ikev2_recv: ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624
> > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624 nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792 response 0
> > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 1728
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
> > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length 33
> > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29
> > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical 0x00 length 1090
> > ikev2_pld_cert: type X509_CERT length 1085
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 length 85
> > ikev2_pld_certreq: type X509_CERT length 80
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 16
> > ikev2_pld_cp: type REQUEST length 8
> > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 100
> > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP spisize 4 xforms 9 spi
> 0xc0567d8f
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 24
> > ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > ikev2_handle_notifies: mobike enabled
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > spi=0x87993e0d839b617f: sa_state: SA_INIT -> AUTH_REQUEST
> > policy_lookup: peerid 'indra@--CA-HOST--'
> > proposals_negotiate: score 4
> > policy_lookup: setting policy '--CAT-HOST--'
> > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_msg_auth: responder auth data length 343
> > ca_setauth: switching SIG_ANY to SIG
> > ca_setauth: auth length 343
> > proposals_negotiate: score 4
> > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > config_free_proposals: free 0x3c2ef864180
> > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> =--CA-HOST--
> > ca_x509_subjectaltname_do: did not find subjectAltName in certificate
> > ca_getreq: found local certificate /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> --UK-HOST--
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > ca_setauth: auth length 272
> > ca_validate_pubkey: could not open public key pubkeys/ufqdn/indra@--CA-HOST--
> > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom Lobby/OU=VPNC/CN=
> --CAT-HOST-- ok
> > ikev2_getimsgdata: imsg 22 rspi 0xbd5bf5ce26784624 ispi 0x87993e0d839b617f initiator 0 sa
> valid type 4 data length 1064
> > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 28 rspi 0xbd5bf5ce26784624 ispi 0x87993e0d839b617f initiator 0 sa
> valid type 14 data length 272
> > ikev2_dispatch_cert: AUTH type 14 len 272
> > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 23 rspi 0xbd5bf5ce26784624 ispi 0x87993e0d839b617f initiator 0 sa
> valid type 4 data length 1085
> > ikev2_msg_auth: initiator auth data length 1120
> > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > _dsa_verify_init: signature scheme 0 selected
> > ikev2_msg_authverify: authentication successful
> > spi=0x87993e0d839b617f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_dispatch_cert: peer certificate is valid
> > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
> > spi=0x87993e0d839b617f: sa_state: AUTH_SUCCESS -> VALID
> > sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
> > sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
> > ikev2_sa_tag: (0)
> > ikev2_childsa_negotiate: proposal 1
> > ikev2_childsa_negotiate: key material length 128
> > ikev2_prfplus: T1 with 32 bytes
> > ikev2_prfplus: T2 with 32 bytes
> > ikev2_prfplus: T3 with 32 bytes
> > ikev2_prfplus: T4 with 32 bytes
> > ikev2_prfplus: Tn with 128 bytes
> > pfkey_sa_getspi: spi 0x41a9644f
> > pfkey_sa_init: new spi 0x41a9644f
> > ikev2_next_payload: length 35 nextpayload CERT
> > ikev2_next_payload: length 1069 nextpayload AUTH
> > ikev2_next_payload: length 280 nextpayload CP
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > ikev2_add_proposals: length 40
> > ikev2_next_payload: length 44 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NONE
> > ikev2_next_payload: length 1540 nextpayload IDr
> > ikev2_msg_encrypt: decrypted length 1500
> > ikev2_msg_encrypt: padded length 1504
> > ikev2_msg_encrypt: length 1501, padding 3, output length 1536
> > ikev2_msg_integr: message length 1568
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624 nextpayload SK
> version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568 response 1
> > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 1504
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3
> > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length 35
> > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 length 1069
> > ikev2_pld_cert: type X509_CERT length 1064
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
> > ikev2_pld_auth: method SIG length 272
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_cp: type REPLY length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44
> > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi
> 0x41a9644f
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --CAT-- end --CAT--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
> > ikev2_pld_ts: start --UK-- end --UK--
> > spi=0x87993e0d839b617f: send IKE_AUTH res 1 peer --CAT--:4500 local --UK--:4500, 1568
> bytes, NAT-T
> > pfkey_sa_add: update spi 0x41a9644f
> > ikev2_childsa_enable: loaded CHILD SA spi 0x41a9644f
> > pfkey_sa_add: add spi 0xc0567d8f
> > ikev2_childsa_enable: loaded CHILD SA spi 0xc0567d8f
> > ikev2_childsa_enable: loaded flow 0x3c324182400
> > ikev2_childsa_enable: loaded flow 0x3c2eec20000
> > ikev2_childsa_enable: remember SA peer --CAT--:4500
> > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded SPIs: 0x41a9644f, 0xc0567d8f
> > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded flows: ESP---UK--/32=--CAT--/32(47)
> > spi=0x87993e0d839b617f: sa_state: VALID -> ESTABLISHED from --CAT--:4500 to --UK--:4500
> policy '--CAT-HOST--'
> > spi=0x87993e0d839b617f: established peer --CAT--:4500[UFQDN/indra@--CA-HOST--] local
> --UK--:4500[UFQDN/--UK-ID--] policy '--CAT-HOST--' as responder
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 12 peer --FR--:500 local --UK--:500, 112
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 12 length 112 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 84
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 48
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 12 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 12 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003365
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003365
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003366
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003366
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003366
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003365
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > policy_lookup: setting policy '--JP-HOST--'
> > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local --UK--:500, 57
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > ikev2_init_recv: unknown SA
> > pfkey_sa_lookup: last_used 1614003379
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used 1 second(s) ago
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 13 peer --FR--:500 local --UK--:500, 128
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 13 length 128 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 100
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 64
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 13 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 13 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003380
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003380
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003381
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003381
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003381
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003380
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > policy_lookup: setting policy '--US-HOST--'
> > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer --US-IP--:500 local --UK--:500, 57
> bytes, policy '--US-HOST--'
> > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > ikev2_init_recv: unknown SA
> > pfkey_sa_lookup: last_used 1614003392
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used 3 second(s) ago
> > spi=0xf2043da59221143f: recv INFORMATIONAL req 14 peer --FR--:500 local --UK--:500, 160
> bytes, policy '--FR-HOST--'
> > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x00 msgid 14 length 160 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 132
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 96
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 0
> > ikev2_msg_encrypt: padded length 16
> > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > ikev2_msg_integr: message length 80
> > ikev2_msg_integr: integrity checksum length 16
> > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5 nextpayload SK
> version 0x20 exchange INFORMATIONAL flags 0x28 msgid 14 length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > ikev2_msg_decrypt: encrypted payload length 16
> > ikev2_msg_decrypt: integrity checksum length 16
> > ikev2_msg_decrypt: integrity check succeeded
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > spi=0xf2043da59221143f: send INFORMATIONAL res 14 peer --FR--:500 local --UK--:500, 80
> bytes
> > pfkey_sa_lookup: last_used 1614003394
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1 second(s) ago
> > pfkey_sa_lookup: last_used 1614003394
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1 second(s) ago
> > policy_lookup: setting policy '--US-HOST--'
> > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer --US-IP--:500 local --UK--:500, 57
> bytes, policy '--US-HOST--'
> > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > ikev2_init_recv: unknown SA
> > pfkey_sa_lookup: last_used 1614003396
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003396
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003396
> > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0 second(s) ago
> > pfkey_sa_lookup: last_used 1614003395
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1 second(s) ago
> > policy_lookup: setting policy '--US-HOST--'
> > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer --US-IP--:500 local --UK--:500, 57
> bytes, policy '--US-HOST--'
> > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > ikev2_init_recv: unknown SA
> > policy_lookup: setting policy '--JP-HOST--'
> > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer --JP-IP--:500 local --UK--:500, 57
> bytes, policy '--JP-HOST--'
> > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > ikev2_init_recv: unknown SA
> > ca exiting, pid 842
> > control exiting, pid 64161
> > ikev2 exiting, pid 15623
> > parent terminating
>
>
>
>
> --
> Name: Riccardo Giuntoli
> Email: taglio@gmail.com
> Location: sant Pere de Ribes, BCN, Spain
> PGP Key: 0x67123739
> PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
> Key server: hkp://wwwkeys.eu.pgp.net
No comments:
Post a Comment