Re: OpenIKED and Strongswan

ike=aes256-sha2_256-ecp256!
esp=aes256-sha2_256-ecp256!

ok. Up and running. Let's see if it is stable.

Nice regards,

On Tue, Mar 2, 2021 at 1:43 PM Tobias Heider <tobias.heider@stusta.de>
wrote:

> On Tue, Mar 02, 2021 at 08:38:14AM +0100, Riccardo Giuntoli wrote:
> > Here you are the debug of the PTP between ES and US.
> >
> > I've obtained it using:
> >
> > /sbin/iked -dvvv 2>&1 | /usr/bin/tee /root/iked_debug.txt
> >
> > Thank you.
> >
> > PS: in this debug connection drop one time.
>
> Looks like strongswan doesn't like your PFS configuration:
>
> ikev2_pld_notify: protoid NONE spisize 0 type NO_PROPOSAL_CHOSEN
> ikev2_init_create_child_sa: no proposal specified
>
> Try enabling ecp256 in strongswan's esp setting or disable it in iked.conf.
> An easy way to reproduce it whithout having to wait an hour would be
> setting
> lifetime to a shorter value, e.g. 30.
>
> >
> > On Mon, Mar 1, 2021 at 12:13 PM Stuart Henderson <stu@spacehopper.org>
> > wrote:
> >
> > > Lots of information here but none of it is useful to look into the
> problem
> > > from the iked side. An iked verbose log _showing the error_ is really
> what
> > > is needed to do anything else.
> > >
> > >
> > > On 2021/03/01 12:05, Riccardo Giuntoli wrote:
> > > > Ok. I've reduced the strongswan configuration. By the way when
> > > connecting to an OpenIKED as
> > > > initiator I've got a lot of errors. Now I've got a couple of scripts
> > > that control the PTP IPSEC
> > > > IKE2 connections and I can work, but I'm preparing an ISP based upon
> > > IPSEC and it's very
> > > > important to me got a solution.
> > > > What I can add is that I've searched in *BSD based router/firewall
> > > distribution like OPNsense
> > > > and what I've found is that they don't use OpenIKED but strongswan.
> > > Strongswan seems to be the
> > > > piece of software more tunable. Now this is my configuration:
> > >
> > > Not surprising it is more tunable, it is nearly 20x the code size ;)
> > >
> > > > ca XXX
> > > > cacert=/etc/ipsec.d/cacerts/ca.XXX.crt
> > > > auto=add
> > > >
> > > > conn %default
> > > > keyexchange=ikev2
> > > > auto=start
> > > > reauth=no
> > > > dpdaction=clear
> > > > closeaction=clear
> > > > type=transport
> > > >
> > > > conn telecomlobby-jp
> > > > left=%defaultroute
> > > > leftsourceip=%config4
> > > > leftauth=pubkey
> > > > leftid=%indra@ca.XXX
> > > > leftprotoport=gre
> > > > leftupdown=/config/ipsec/ESJP-updown.sh
> > > >
> > > > right=YYY
> > > > rightsubnet=YYY
> > > > rightauth=pubkey
> > > > rightid=%jp.XXX
> > > > rightcert=/etc/ipsec.d/certs/jp.XXX.crt
> > > > rightprotoport=gre
> > > >
> > > > This is my updown:
> > > >
> > > > #!/bin/bash
> > > >
> > > > set -o nounset
> > > > set -o errexit
> > > >
> > > > TUN_IFACE="tun2"
> > > >
> > > > case "${PLUTO_VERB}" in
> > > > up-host)
> > > > echo "Putting interface ${TUN_IFACE} up"
> > > > ifconfig $TUN_IFACE up
> > > > echo "Disabling IPsec policy (SPD) for ${TUN_IFACE}"
> > > > sysctl -w "net.ipv4.conf.${TUN_IFACE}.disable_policy=1"
> > > > echo "Accepting gre keepalive"
> > > > sysctl -w "net.ipv4.conf.${TUN_IFACE}.accept_local=1"
> > > > ;;
> > > > down-host)
> > > > ifconfig $TUN_IFACE down
> > > > ;;
> > > > esac
> > > >
> > > > And this is my crontab script in the linux box that control the
> endpoint
> > > on the GRE interface:
> > > >
> > > > #!/bin/bash
> > > > ROUTER_IP=YYY
> > > > IPSEC="telecomlobby-jp"
> > > > GRE="tun2"
> > > >
> > > > PING_RESULT=$(/usr/bin/fping -I$GRE $ROUTER_IP 2>&1)
> > > > ALIVE="alive"
> > > > STATUS=$(/usr/sbin/ipsec status $IPSEC)
> > > > ESTABLISHED="INSTALLED"
> > > >
> > > > if [[ "$PING_RESULT" != *"$ALIVE"* ]]; then
> > > > if [[ "$STATUS" == *"$ESTABLISHED"* ]]; then
> > > > /usr/sbin/ipsec stroke down-nb $IPSEC
> > > > /usr/sbin/ipsec up $IPSEC
> > > > else
> > > > /usr/sbin/ipsec up $IPSEC
> > > > fi
> > > > fi
> > > >
> > > > This is the OpenBSD part:
> > > >
> > > > set dpd_check_interval 15
> > > > #set cert_partial_chain
> > > >
> > > > ikev2 "RT-01.cat.telecomlobby.com" passive transport \
> > > > proto gre \
> > > > from XXX to ZZZ \
> > > > local jp.telecomlobby.com peer any \
> > > > ikesa auth hmac-sha2-256 enc aes-256 group ecp256 \
> > > > childsa auth hmac-sha2-256 enc aes-256 group ecp256 \
> > > > srcid "shiva@ca.telecomlobby.com" \
> > > > ikelifetime 86400 lifetime 3600
> > > >
> > > > Next there is some control about the other side public address
> because
> > > it is a dynamic one:
> > > >
> > > > # Global Configuration
> > > >
> > > > init-state auto
> > > >
> > > > JPES_up = "gre1.link.up"
> > > > newip = '( "[[ $(dig +short @8.8.8.8 cat-01.ZZZ) != $(ifconfig gre1
> |
> > > grep tunnel | cut -d ' '
> > > > -f5;exit;}\') ]]" every 126)'
> > > >
> > > > # States
> > > >
> > > > state auto {
> > > > if (! $JPES_up) {
> > > > run "logger -t ifstated '(auto) US-ES down'"
> > > > set-state JPES_down
> > > > }
> > > > }
> > > >
> > > >
> > > > state JPES_down {
> > > > run "mail -s 'JPES down' root@localhost"
> > > > run "logger JPES down"
> > > > if ($newip) {
> > > > run "/root/Bin/change_endpoint.sh gre1"
> > > > run "rcctl restart ospfd"
> > > > }
> > > > }
> > > >
> > > > root@shiva:/root/Bin# cat change_endpoint.sh
> > >
> > > >
> > >
> > > >
> > >
> > > > #!/bin/ksh
> > > >
> > > > NEWIP=$(dig +short @8.8.8.8 cat-01.ZZZ)
> > > > OLDIP=$(ifconfig $1 | grep tunnel | cut -d ' ' -f5)
> > > >
> > > > echo "updating PF"
> > > > sed -i 's/$OLDIP/$NEWIP/g' /etc/pf.conf
> > > > pfctl -f /etc/pf.conf
> > > > echo "updating IKED"
> > > > sed -i 's/$OLDIP/$NEWIP/g' /etc/iked.conf
> > > > ipsecctl -f /etc/iked.conf
> > > > echo "updating GRE"
> > > > sed -i 's/$OLDIP/$NEWIP/g' /etc/hostname.$1
> > > > ifconfig $1 destroy
> > > > sh /etc/netstart $1
> > > >
> > > > Connection simply drop, in log you can appreciate in the charon side:
> > > >
> > > > Mar 1 10:27:06 06[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50065}
> > > > Mar 1 10:28:05 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50066}
> > > > Mar 1 10:28:05 09[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50067}
> > > > Mar 1 10:29:05 13[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50068}
> > > > Mar 1 10:29:05 11[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50069}
> > > > Mar 1 10:30:05 06[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50070}
> > > > Mar 1 10:30:05 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50071}
> > > > Mar 1 10:31:06 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50072}
> > > > Mar 1 10:31:06 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50073}
> > > > Mar 1 10:32:05 08[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50074}
> > > > Mar 1 10:32:05 05[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50075}
> > > > Mar 1 10:33:06 09[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50076}
> > > > Mar 1 10:33:06 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50077}
> > > > Mar 1 10:34:05 07[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50078}
> > > > Mar 1 10:34:05 09[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50079}
> > > > Mar 1 10:35:06 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50080}
> > > > Mar 1 10:35:06 15[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50081}
> > > > Mar 1 10:36:05 15[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50083}
> > > > Mar 1 10:36:05 12[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50084}
> > > > Mar 1 10:37:06 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50085}
> > > > Mar 1 10:37:06 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50086}
> > > > Mar 1 10:38:05 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> > > telecomlobby-uk{50087}
> > > > Mar 1 10:38:05 12[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> > > telecomlobby-jp{50088}
> > > >
> > > > has you can see those are two of the three PTP.
> > > >
> > > > If you want I've got a pcap or access but in private.
> > > >
> > > > Nice regards,
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Feb 22, 2021 at 8:06 PM Tobias Heider <
> tobias.heider@stusta.de>
> > > wrote:
> > > >
> > > > On Mon, Feb 22, 2021 at 03:59:53PM +0100, Riccardo Giuntoli
> wrote:
> > > > > Ok. In the log you can appreciate.
> > > > >
> > > > > UK-HOST one OpenBSD machine connected to three openbsd, one
> > > mikrotik and
> > > > > one VyOS. The VyOS is CAT-HOST
> > > > >
> > > > > Kind regards
> > > >
> > > > The log looks fine but it doesn't seem to contain the error
> message
> > > you
> > > > sent earlier.
> > > > Can you try reproducing the bug and then send a log containing
> the
> > > error
> > > > message and everything that happened before?
> > > >
> > > > >
> > > > >
> > > > > On Mon, Feb 22, 2021 at 12:02 PM Stuart Henderson <
> > > stu@spacehopper.org>
> > > > > wrote:
> > > > >
> > > > > > On 2021-02-22, Riccardo Giuntoli <taglio@gmail.com> wrote:
> > > > > > > Ok I've got the same error on three different OpenBSD,
> tell me
> > > what error
> > > > > > > do you want or if you want an access.
> > > > > >
> > > > > > It would be a good start to run iked in the foreground with
> iked
> > > -vvd and
> > > > > > show the log from there.
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > > --
> > > > > Name: Riccardo Giuntoli
> > > > > Email: taglio@gmail.com
> > > > > Location: sant Pere de Ribes, BCN, Spain
> > > > > PGP Key: 0x67123739
> > > > > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712
> 3739
> > > > > Key server: hkp://wwwkeys.eu.pgp.net
> > > >
> > > > > create_ike: using signature for peer --FR--
> > > > > create_ike: using signature for peer
> > > > > ikev2 "--CAT-HOST--" passive transport esp proto gre inet from
> > > --UK-- to --CAT-- local
> > > > --UK-- peer any ikesa enc aes-256 prf
> > > hmac-sha2-256,hmac-sha2-384,hmac-sha2-512,hmac-sha1
> > > > auth hmac-sha2-256 group ecp256 childsa enc aes-256 auth
> > > hmac-sha2-256 group ecp256
> > > > esn,noesn srcid --UK-ID-- ikelifetime 86400 lifetime 3600 bytes
> > > 536870912 signature
> > > > > /etc/iked.conf: loaded 4 configuration rules
> > > > > ca_privkey_serialize: type RSA_KEY length 1191
> > > > > ca_pubkey_serialize: type RSA_KEY length 270
> > > > > ca_privkey_to_method: type RSA_KEY method RSA_SIG
> > > > > ca_getkey: received private key type RSA_KEY length 1191
> > > > > ca_getkey: received public key type RSA_KEY length 270
> > > > > ca_dispatch_parent: config reset
> > > > > ca_reload: loaded ca file ca.crt
> > > > > ca_reload: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom
> > > Lobby/OU=VPNC/CN=
> > > > --CA-HOST--
> > > > > ca_reload: loaded 1 ca certificate
> > > > > ca_reload: loaded cert file --FR-HOST--.crt
> > > > > ca_reload: loaded cert file --UK-HOST--.crt
> > > > > config_getpolicy: received policy
> > > > > config_getpolicy: received policy
> > > > > config_getpolicy: received policy
> > > > > config_getpolicy: received policy
> > > > > config_getpfkey: received pfkey fd 3
> > > > > config_getcompile: compilation done
> > > > > config_getsocket: received socket fd 4
> > > > > config_getsocket: received socket fd 5
> > > > > config_getsocket: received socket fd 6
> > > > > config_getsocket: received socket fd 7
> > > > > config_getstatic: dpd_check_interval 15
> > > > > config_getstatic: no enforcesingleikesa
> > > > > config_getstatic: no fragmentation
> > > > > config_getstatic: mobike
> > > > > config_getstatic: nattport 4500
> > > > > ca_validate_cert:
> > > /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=
> > > > --FR-HOST-- ok
> > > > > ca_validate_cert: /C=UK/ST=England/L=London/O=Telecom
> > > Lobby/OU=VPNC/CN=--UK-HOST-- ok
> > > > > ca_reload: local cert type X509_CERT
> > > > > config_getocsp: ocsp_url none tolerate 0 maxage -1
> > > > > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT
> length 20
> > > > > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT
> length 20
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> > > --FR--:500 local --UK--:500, 96
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > > > ikev2_init_recv: unknown SA
> > > > > ikev2_init_ike_sa: initiating "--FR-HOST--"
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_add_proposals: length 68
> > > > > ikev2_next_payload: length 72 nextpayload KE
> > > > > ikev2_next_payload: length 104 nextpayload NONCE
> > > > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local source 0xf2043da59221143f
> > > 0x0000000000000000 --UK--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local destination 0xf2043da59221143f
> > > 0x0000000000000000 --FR--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_next_payload: length 14 nextpayload NONE
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x0000000000000000 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310
> > > response 0
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 72
> > > > > ikev2_pld_sa: more 0 reserved 0 length 68 proposal #1 protoid
> IKE
> > > spisize 0 xforms 7 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id
> HMAC_SHA1
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 104
> > > > > ikev2_pld_ke: dh group ECP_384 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 14
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > spi=0xf2043da59221143f: send IKE_SA_INIT req 0 peer --FR--:500
> > > local --UK--:500, 310
> > > > bytes
> > > > > spi=0xf2043da59221143f: sa_state: INIT -> SA_INIT
> > > > > ikev2_init_ike_sa: initiating "--US-HOST--"
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_add_proposals: length 36
> > > > > ikev2_next_payload: length 40 nextpayload KE
> > > > > ikev2_next_payload: length 136 nextpayload NONCE
> > > > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local source 0x22cd85777285bb53
> > > 0x0000000000000000 --UK--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local destination 0x22cd85777285bb53
> > > 0x0000000000000000
> > > > --US-IP--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_next_payload: length 14 nextpayload NONE
> > > > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> > > 0x0000000000000000 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310
> > > response 0
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 40
> > > > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid
> IKE
> > > spisize 0 xforms 3 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 136
> > > > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 14
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > spi=0x22cd85777285bb53: send IKE_SA_INIT req 0 peer
> --US-IP--:500
> > > local --UK--:500, 310
> > > > bytes
> > > > > spi=0x22cd85777285bb53: sa_state: INIT -> SA_INIT
> > > > > ikev2_init_ike_sa: initiating "--JP-HOST--"
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_add_proposals: length 36
> > > > > ikev2_next_payload: length 40 nextpayload KE
> > > > > ikev2_next_payload: length 136 nextpayload NONCE
> > > > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local source 0x67cb9c572ac8b67e
> > > 0x0000000000000000 --UK--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local destination 0x67cb9c572ac8b67e
> > > 0x0000000000000000
> > > > --JP-IP--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_next_payload: length 14 nextpayload NONE
> > > > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> > > 0x0000000000000000 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310
> > > response 0
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 40
> > > > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid
> IKE
> > > spisize 0 xforms 3 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 136
> > > > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 14
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > spi=0x67cb9c572ac8b67e: send IKE_SA_INIT req 0 peer
> --JP-IP--:500
> > > local --UK--:500, 310
> > > > bytes
> > > > > spi=0x67cb9c572ac8b67e: sa_state: INIT -> SA_INIT
> > > > > spi=0xf2043da59221143f: recv IKE_SA_INIT res 0 peer --FR--:500
> > > local --UK--:500, 213
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 213
> > > response 1
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 48
> > > > > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid
> IKE
> > > spisize 0 xforms 4 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_384
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 104
> > > > > ikev2_pld_ke: dh group ECP_384 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload CERTREQ critical
> > > 0x00 length 28
> > > > > ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical
> 0x00
> > > length 5
> > > > > ikev2_pld_certreq: type X509_CERT length 0
> > > > > ikev2_pld_certreq: invalid length 0
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009
> cert,auth)
> > > > > proposals_negotiate: score 4
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > > > spi=0xf2043da59221143f: ikev2_sa_keys: DHSECRET with 48 bytes
> > > > > ikev2_sa_keys: SKEYSEED with 32 bytes
> > > > > spi=0xf2043da59221143f: ikev2_sa_keys: S with 72 bytes
> > > > > ikev2_prfplus: T1 with 32 bytes
> > > > > ikev2_prfplus: T2 with 32 bytes
> > > > > ikev2_prfplus: T3 with 32 bytes
> > > > > ikev2_prfplus: T4 with 32 bytes
> > > > > ikev2_prfplus: T5 with 32 bytes
> > > > > ikev2_prfplus: T6 with 32 bytes
> > > > > ikev2_prfplus: T7 with 32 bytes
> > > > > ikev2_prfplus: Tn with 224 bytes
> > > > > ikev2_sa_keys: SK_d with 32 bytes
> > > > > ikev2_sa_keys: SK_ai with 32 bytes
> > > > > ikev2_sa_keys: SK_ar with 32 bytes
> > > > > ikev2_sa_keys: SK_ei with 32 bytes
> > > > > ikev2_sa_keys: SK_er with 32 bytes
> > > > > ikev2_sa_keys: SK_pi with 32 bytes
> > > > > ikev2_sa_keys: SK_pr with 32 bytes
> > > > > ikev2_msg_auth: initiator auth data length 366
> > > > > ca_setauth: switching SIG to RSA_SIG(*)
> > > > > ca_setauth: auth length 366
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > > > config_free_proposals: free 0x3c27ccfe800
> > > > > ca_getreq: found CA
> > > /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > > > =--CA-HOST--
> > > > > ca_x509_subjectaltname_do: did not find subjectAltName in
> > > certificate
> > > > > ca_getreq: found local certificate
> > > /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > > > --UK-HOST--
> > > > > ca_setauth: auth length 256
> > > > > ikev2_getimsgdata: imsg 22 rspi 0x1f43bd64d771a4e5 ispi
> > > 0xf2043da59221143f initiator 1 sa
> > > > valid type 4 data length 1064
> > > > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > > > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009
> > > cert,auth)
> > > > > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > > > > ikev2_getimsgdata: imsg 28 rspi 0x1f43bd64d771a4e5 ispi
> > > 0xf2043da59221143f initiator 1 sa
> > > > valid type 1 data length 256
> > > > > ikev2_dispatch_cert: AUTH type 1 len 256
> > > > > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required
> 0x0009
> > > cert,auth)
> > > > > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > > > > ikev2_next_payload: length 35 nextpayload CERT
> > > > > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > > > > ikev2_add_certreq: type X509_CERT length 21
> > > > > ikev2_next_payload: length 25 nextpayload AUTH
> > > > > ikev2_next_payload: length 264 nextpayload NOTIFY
> > > > > ikev2_add_notify: done
> > > > > ikev2_next_payload: length 8 nextpayload SA
> > > > > pfkey_sa_getspi: spi 0x8f3bad08
> > > > > pfkey_sa_init: new spi 0x8f3bad08
> > > > > ikev2_add_proposals: length 48
> > > > > ikev2_next_payload: length 52 nextpayload TSi
> > > > > ikev2_next_payload: length 24 nextpayload TSr
> > > > > ikev2_next_payload: length 24 nextpayload NONE
> > > > > ikev2_next_payload: length 1540 nextpayload IDi
> > > > > ikev2_msg_encrypt: decrypted length 1501
> > > > > ikev2_msg_encrypt: padded length 1504
> > > > > ikev2_msg_encrypt: length 1502, padding 2, output length 1536
> > > > > ikev2_msg_integr: message length 1568
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1568
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> > > length 1540
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 1504
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 2
> > > > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> > > critical 0x00 length 35
> > > > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ
> > > critical 0x00 length 1069
> > > > > ikev2_pld_cert: type X509_CERT length 1064
> > > > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> > > critical 0x00 length 25
> > > > > ikev2_pld_certreq: type X509_CERT length 20
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> > > critical 0x00 length 264
> > > > > ikev2_pld_auth: method RSA_SIG length 256
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 52
> > > > > ikev2_pld_sa: more 0 reserved 0 length 48 proposal #1 protoid
> ESP
> > > spisize 4 xforms 4 spi
> > > > 0x8f3bad08
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --FR-- end --FR--
> > > > > spi=0xf2043da59221143f: send IKE_AUTH req 1 peer --FR--:500
> local
> > > --UK--:500, 1568 bytes
> > > > > spi=0xf2043da59221143f: recv IKE_AUTH res 1 peer --FR--:500
> local
> > > --UK--:500, 1552 bytes,
> > > > policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1552
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload CERT critical 0x00
> > > length 1524
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 1488
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 1488/1488 padding 8
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload IDr
> > > critical 0x00 length 1084
> > > > > ikev2_pld_cert: type X509_CERT length 1079
> > > > > ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH
> > > critical 0x00 length 31
> > > > > ikev2_pld_id: id UFQDN/uma@--CA-HOST-- length 27
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload TSi
> > > critical 0x00 length 264
> > > > > ikev2_pld_auth: method RSA_SIG length 256
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload SA
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --FR-- end --FR--
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload NOTIFY
> > > critical 0x00 length 44
> > > > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid
> ESP
> > > spisize 4 xforms 3 spi
> > > > 0x066d9db6
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > spi=0xf2043da59221143f: sa_state: SA_INIT -> AUTH_REQUEST
> > > > > proposals_negotiate: score 4
> > > > > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required
> > > 0x0032
> > > > certvalid,authvalid,sa)
> > > > > config_free_proposals: free 0x3c27ccfe580
> > > > > ca_validate_pubkey: could not open public key
> pubkeys/ufqdn/uma@
> > > --CA-HOST--
> > > > > ca_validate_cert:
> > > /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=
> > > > --FR-HOST-- ok
> > > > > ikev2_getimsgdata: imsg 23 rspi 0x1f43bd64d771a4e5 ispi
> > > 0xf2043da59221143f initiator 1 sa
> > > > valid type 4 data length 1079
> > > > > ikev2_msg_auth: responder auth data length 277
> > > > > ikev2_msg_authverify: method RSA_SIG keylen 1079 type X509_CERT
> > > > > ikev2_msg_authverify: authentication successful
> > > > > spi=0xf2043da59221143f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> > > (required 0x0032
> > > > certvalid,authvalid,sa)
> > > > > ikev2_dispatch_cert: peer certificate is valid
> > > > > sa_stateflags: 0x003d -> 0x003f
> > > cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> > > > certvalid,authvalid,sa)
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > spi=0xf2043da59221143f: sa_state: AUTH_SUCCESS -> VALID
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > ikev2_sa_tag: (0)
> > > > > ikev2_childsa_negotiate: proposal 1
> > > > > ikev2_childsa_negotiate: key material length 128
> > > > > ikev2_prfplus: T1 with 32 bytes
> > > > > ikev2_prfplus: T2 with 32 bytes
> > > > > ikev2_prfplus: T3 with 32 bytes
> > > > > ikev2_prfplus: T4 with 32 bytes
> > > > > ikev2_prfplus: Tn with 128 bytes
> > > > > pfkey_sa_add: add spi 0x066d9db6
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0x066d9db6
> > > > > pfkey_sa_add: update spi 0x8f3bad08
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0x8f3bad08
> > > > > ikev2_childsa_enable: loaded flow 0x3c27dfd9800
> > > > > ikev2_childsa_enable: loaded flow 0x3c27dfda000
> > > > > ikev2_childsa_enable: remember SA peer --FR--:500
> > > > > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded SPIs:
> > > 0x066d9db6, 0x8f3bad08
> > > > > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded flows:
> > > ESP---UK--/32=--FR--/32(47)
> > > > > spi=0xf2043da59221143f: sa_state: VALID -> ESTABLISHED from
> > > --FR--:500 to --UK--:500
> > > > policy '--FR-HOST--'
> > > > > spi=0xf2043da59221143f: established peer --FR--:500[UFQDN/uma@
> --CA-HOST--]
> > > local
> > > > --UK--:500[UFQDN/--UK-ID--] policy '--FR-HOST--' as initiator
> > > > > spi=0x22cd85777285bb53: recv IKE_SA_INIT res 0 peer
> --US-IP--:500
> > > local --UK--:500, 335
> > > > bytes, policy '--US-HOST--'
> > > > > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f
> > > > > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> > > 0x84c59f1c8f60d03f nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 335
> > > response 1
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 40
> > > > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid
> IKE
> > > spisize 0 xforms 3 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 136
> > > > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_nat_detection: peer source 0x22cd85777285bb53
> > > 0x84c59f1c8f60d03f --US-IP--:500
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_nat_detection: peer destination 0x22cd85777285bb53
> > > 0x84c59f1c8f60d03f --UK--:500
> > > > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> > > 0x00 length 25
> > > > > ikev2_pld_certreq: type X509_CERT length 20
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 14
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009
> cert,auth)
> > > > > proposals_negotiate: score 3
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > > > spi=0x22cd85777285bb53: ikev2_sa_keys: DHSECRET with 64 bytes
> > > > > ikev2_sa_keys: SKEYSEED with 64 bytes
> > > > > spi=0x22cd85777285bb53: ikev2_sa_keys: S with 80 bytes
> > > > > ikev2_prfplus: T1 with 64 bytes
> > > > > ikev2_prfplus: T2 with 64 bytes
> > > > > ikev2_prfplus: T3 with 64 bytes
> > > > > ikev2_prfplus: T4 with 64 bytes
> > > > > ikev2_prfplus: T5 with 64 bytes
> > > > > ikev2_prfplus: Tn with 320 bytes
> > > > > ikev2_sa_keys: SK_d with 64 bytes
> > > > > ikev2_sa_keys: SK_ei with 36 bytes
> > > > > ikev2_sa_keys: SK_er with 36 bytes
> > > > > ikev2_sa_keys: SK_pi with 64 bytes
> > > > > ikev2_sa_keys: SK_pr with 64 bytes
> > > > > ikev2_msg_auth: initiator auth data length 406
> > > > > ca_setauth: switching SIG_ANY to SIG
> > > > > ca_setauth: auth length 406
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > > > config_free_proposals: free 0x3c27dfd8300
> > > > > ca_getreq: found CA
> > > /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > > > =--CA-HOST--
> > > > > ca_x509_subjectaltname_do: did not find subjectAltName in
> > > certificate
> > > > > ca_getreq: found local certificate
> > > /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > > > --UK-HOST--
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > ca_setauth: auth length 272
> > > > > ikev2_getimsgdata: imsg 22 rspi 0x84c59f1c8f60d03f ispi
> > > 0x22cd85777285bb53 initiator 1 sa
> > > > valid type 4 data length 1064
> > > > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > > > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009
> > > cert,auth)
> > > > > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > > > > ikev2_getimsgdata: imsg 28 rspi 0x84c59f1c8f60d03f ispi
> > > 0x22cd85777285bb53 initiator 1 sa
> > > > valid type 14 data length 272
> > > > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > > > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required
> 0x0009
> > > cert,auth)
> > > > > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > > > > ikev2_next_payload: length 35 nextpayload CERT
> > > > > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > > > > ikev2_add_certreq: type X509_CERT length 21
> > > > > ikev2_next_payload: length 25 nextpayload AUTH
> > > > > ikev2_next_payload: length 280 nextpayload NOTIFY
> > > > > ikev2_add_notify: done
> > > > > ikev2_next_payload: length 8 nextpayload SA
> > > > > pfkey_sa_getspi: spi 0xfc41aa70
> > > > > pfkey_sa_init: new spi 0xfc41aa70
> > > > > ikev2_add_proposals: length 40
> > > > > ikev2_next_payload: length 44 nextpayload TSi
> > > > > ikev2_next_payload: length 24 nextpayload TSr
> > > > > ikev2_next_payload: length 24 nextpayload NONE
> > > > > ikev2_next_payload: length 1534 nextpayload IDi
> > > > > ikev2_msg_encrypt: decrypted length 1509
> > > > > ikev2_msg_encrypt: padded length 1510
> > > > > ikev2_msg_encrypt: length 1510, padding 0, output length 1530
> > > > > ikev2_msg_integr: message length 1562
> > > > > ikev2_msg_integr: integrity checksum length 12
> > > > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> > > 0x84c59f1c8f60d03f nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> > > length 1534
> > > > > ikev2_msg_decrypt: IV length 8
> > > > > ikev2_msg_decrypt: encrypted payload length 1510
> > > > > ikev2_msg_decrypt: integrity checksum length 12
> > > > > ikev2_msg_decrypt: AAD length 32
> > > > > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0
> > > > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> > > critical 0x00 length 35
> > > > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ
> > > critical 0x00 length 1069
> > > > > ikev2_pld_cert: type X509_CERT length 1064
> > > > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> > > critical 0x00 length 25
> > > > > ikev2_pld_certreq: type X509_CERT length 20
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> > > critical 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 44
> > > > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid
> ESP
> > > spisize 4 xforms 3 spi
> > > > 0xfc41aa70
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CHACHA20_POLY1305
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --US-IP-- end --US-IP--
> > > > > spi=0x22cd85777285bb53: send IKE_AUTH req 1 peer --US-IP--:500
> > > local --UK--:500, 1562
> > > > bytes
> > > > > spi=0x22cd85777285bb53: recv IKE_AUTH res 1 peer --US-IP--:500
> > > local --UK--:500, 1532
> > > > bytes, policy '--US-HOST--'
> > > > > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f
> > > > > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> > > 0x84c59f1c8f60d03f nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1532
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> > > length 1504
> > > > > ikev2_msg_decrypt: IV length 8
> > > > > ikev2_msg_decrypt: encrypted payload length 1480
> > > > > ikev2_msg_decrypt: integrity checksum length 12
> > > > > ikev2_msg_decrypt: AAD length 32
> > > > > ikev2_msg_decrypt: decrypted payload length 1480/1480 padding 0
> > > > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> > > critical 0x00 length 37
> > > > > ikev2_pld_id: id UFQDN/saraswati@--CA-HOST-- length 33
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> > > critical 0x00 length 1070
> > > > > ikev2_pld_cert: type X509_CERT length 1065
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> > > critical 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 36
> > > > > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid
> ESP
> > > spisize 4 xforms 2 spi
> > > > 0xd1bfd520
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CHACHA20_POLY1305
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --US-IP-- end --US-IP--
> > > > > spi=0x22cd85777285bb53: sa_state: SA_INIT -> AUTH_REQUEST
> > > > > proposals_negotiate: score 2
> > > > > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required
> > > 0x0032
> > > > certvalid,authvalid,sa)
> > > > > config_free_proposals: free 0x3c27dfd8980
> > > > > ca_validate_pubkey: could not open public key
> > > pubkeys/ufqdn/saraswati@--CA-HOST--
> > > > > ca_validate_cert: /C=US/ST=Texas/L=Dallas/O=Telecom
> > > Lobby/OU=VPNC/CN=--US-HOST-- ok
> > > > > ikev2_getimsgdata: imsg 23 rspi 0x84c59f1c8f60d03f ispi
> > > 0x22cd85777285bb53 initiator 1 sa
> > > > valid type 4 data length 1065
> > > > > ikev2_msg_auth: responder auth data length 431
> > > > > ikev2_msg_authverify: method SIG keylen 1065 type X509_CERT
> > > > > _dsa_verify_init: signature scheme 0 selected
> > > > > ikev2_msg_authverify: authentication successful
> > > > > spi=0x22cd85777285bb53: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> > > (required 0x0032
> > > > certvalid,authvalid,sa)
> > > > > ikev2_dispatch_cert: peer certificate is valid
> > > > > sa_stateflags: 0x003d -> 0x003f
> > > cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> > > > certvalid,authvalid,sa)
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > spi=0x22cd85777285bb53: sa_state: AUTH_SUCCESS -> VALID
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > ikev2_sa_tag: (0)
> > > > > ikev2_childsa_negotiate: proposal 1
> > > > > ikev2_childsa_negotiate: key material length 72
> > > > > ikev2_prfplus: T1 with 64 bytes
> > > > > ikev2_prfplus: T2 with 64 bytes
> > > > > ikev2_prfplus: Tn with 128 bytes
> > > > > pfkey_sa_add: add spi 0xd1bfd520
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0xd1bfd520
> > > > > pfkey_sa_add: update spi 0xfc41aa70
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0xfc41aa70
> > > > > ikev2_childsa_enable: loaded flow 0x3c2c0b8f800
> > > > > ikev2_childsa_enable: loaded flow 0x3c27dfda400
> > > > > ikev2_childsa_enable: remember SA peer --US-IP--:500
> > > > > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded SPIs:
> > > 0xd1bfd520, 0xfc41aa70
> > > > > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded flows:
> > > ESP---UK--/32=--US-IP--/32
> > > > (47)
> > > > > spi=0x22cd85777285bb53: sa_state: VALID -> ESTABLISHED from
> > > --US-IP--:500 to --UK--:500
> > > > policy '--US-HOST--'
> > > > > spi=0x22cd85777285bb53: established peer
> > > --US-IP--:500[UFQDN/saraswati@--CA-HOST--] local
> > > > --UK--:500[UFQDN/--UK-ID--] policy '--US-HOST--' as initiator
> > > > > spi=0x67cb9c572ac8b67e: recv IKE_SA_INIT res 0 peer
> --JP-IP--:500
> > > local --UK--:500, 335
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7
> > > > > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> > > 0x2c3aab6ceed004e7 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 335
> > > response 1
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 40
> > > > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid
> IKE
> > > spisize 0 xforms 3 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 136
> > > > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_nat_detection: peer source 0x67cb9c572ac8b67e
> > > 0x2c3aab6ceed004e7 --JP-IP--:500
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_nat_detection: peer destination 0x67cb9c572ac8b67e
> > > 0x2c3aab6ceed004e7 --UK--:500
> > > > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> > > 0x00 length 25
> > > > > ikev2_pld_certreq: type X509_CERT length 20
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 14
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009
> cert,auth)
> > > > > proposals_negotiate: score 3
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > > > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: DHSECRET with 64 bytes
> > > > > ikev2_sa_keys: SKEYSEED with 64 bytes
> > > > > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: S with 80 bytes
> > > > > ikev2_prfplus: T1 with 64 bytes
> > > > > ikev2_prfplus: T2 with 64 bytes
> > > > > ikev2_prfplus: T3 with 64 bytes
> > > > > ikev2_prfplus: T4 with 64 bytes
> > > > > ikev2_prfplus: T5 with 64 bytes
> > > > > ikev2_prfplus: Tn with 320 bytes
> > > > > ikev2_sa_keys: SK_d with 64 bytes
> > > > > ikev2_sa_keys: SK_ei with 36 bytes
> > > > > ikev2_sa_keys: SK_er with 36 bytes
> > > > > ikev2_sa_keys: SK_pi with 64 bytes
> > > > > ikev2_sa_keys: SK_pr with 64 bytes
> > > > > ikev2_msg_auth: initiator auth data length 406
> > > > > ca_setauth: switching SIG_ANY to SIG
> > > > > ca_setauth: auth length 406
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > > > config_free_proposals: free 0x3c2a56dad00
> > > > > ca_getreq: found CA
> > > /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > > > =--CA-HOST--
> > > > > ca_x509_subjectaltname_do: did not find subjectAltName in
> > > certificate
> > > > > ca_getreq: found local certificate
> > > /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > > > --UK-HOST--
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > ca_setauth: auth length 272
> > > > > ikev2_getimsgdata: imsg 22 rspi 0x2c3aab6ceed004e7 ispi
> > > 0x67cb9c572ac8b67e initiator 1 sa
> > > > valid type 4 data length 1064
> > > > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > > > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009
> > > cert,auth)
> > > > > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > > > > ikev2_getimsgdata: imsg 28 rspi 0x2c3aab6ceed004e7 ispi
> > > 0x67cb9c572ac8b67e initiator 1 sa
> > > > valid type 14 data length 272
> > > > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > > > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required
> 0x0009
> > > cert,auth)
> > > > > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > > > > ikev2_next_payload: length 35 nextpayload CERT
> > > > > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > > > > ikev2_add_certreq: type X509_CERT length 21
> > > > > ikev2_next_payload: length 25 nextpayload AUTH
> > > > > ikev2_next_payload: length 280 nextpayload NOTIFY
> > > > > ikev2_add_notify: done
> > > > > ikev2_next_payload: length 8 nextpayload SA
> > > > > pfkey_sa_getspi: spi 0x4701e9b5
> > > > > pfkey_sa_init: new spi 0x4701e9b5
> > > > > ikev2_add_proposals: length 40
> > > > > ikev2_next_payload: length 44 nextpayload TSi
> > > > > ikev2_next_payload: length 24 nextpayload TSr
> > > > > ikev2_next_payload: length 24 nextpayload NONE
> > > > > ikev2_next_payload: length 1534 nextpayload IDi
> > > > > ikev2_msg_encrypt: decrypted length 1509
> > > > > ikev2_msg_encrypt: padded length 1510
> > > > > ikev2_msg_encrypt: length 1510, padding 0, output length 1530
> > > > > ikev2_msg_integr: message length 1562
> > > > > ikev2_msg_integr: integrity checksum length 12
> > > > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> > > 0x2c3aab6ceed004e7 nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> > > length 1534
> > > > > ikev2_msg_decrypt: IV length 8
> > > > > ikev2_msg_decrypt: encrypted payload length 1510
> > > > > ikev2_msg_decrypt: integrity checksum length 12
> > > > > ikev2_msg_decrypt: AAD length 32
> > > > > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0
> > > > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> > > critical 0x00 length 35
> > > > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ
> > > critical 0x00 length 1069
> > > > > ikev2_pld_cert: type X509_CERT length 1064
> > > > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> > > critical 0x00 length 25
> > > > > ikev2_pld_certreq: type X509_CERT length 20
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> > > critical 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 44
> > > > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid
> ESP
> > > spisize 4 xforms 3 spi
> > > > 0x4701e9b5
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CHACHA20_POLY1305
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --JP-IP-- end --JP-IP--
> > > > > spi=0x67cb9c572ac8b67e: send IKE_AUTH req 1 peer --JP-IP--:500
> > > local --UK--:500, 1562
> > > > bytes
> > > > > spi=0x67cb9c572ac8b67e: recv IKE_AUTH res 1 peer --JP-IP--:500
> > > local --UK--:500, 1527
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7
> > > > > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> > > 0x2c3aab6ceed004e7 nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1527
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> > > length 1499
> > > > > ikev2_msg_decrypt: IV length 8
> > > > > ikev2_msg_decrypt: encrypted payload length 1475
> > > > > ikev2_msg_decrypt: integrity checksum length 12
> > > > > ikev2_msg_decrypt: AAD length 32
> > > > > ikev2_msg_decrypt: decrypted payload length 1475/1475 padding 0
> > > > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> > > critical 0x00 length 33
> > > > > ikev2_pld_id: id UFQDN/shiva@--CA-HOST-- length 29
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> > > critical 0x00 length 1069
> > > > > ikev2_pld_cert: type X509_CERT length 1064
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> > > critical 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 36
> > > > > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid
> ESP
> > > spisize 4 xforms 2 spi
> > > > 0xb1bffe2d
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CHACHA20_POLY1305
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --JP-IP-- end --JP-IP--
> > > > > spi=0x67cb9c572ac8b67e: sa_state: SA_INIT -> AUTH_REQUEST
> > > > > proposals_negotiate: score 2
> > > > > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required
> > > 0x0032
> > > > certvalid,authvalid,sa)
> > > > > config_free_proposals: free 0x3c31292ac00
> > > > > ca_validate_pubkey: could not open public key
> pubkeys/ufqdn/shiva@
> > > --CA-HOST--
> > > > > ca_validate_cert: /C=JP/ST=Tokyo/L=Heiwajima/O=Telecom
> > > Lobby/OU=VPNC/CN=--JP-HOST-- ok
> > > > > ikev2_getimsgdata: imsg 23 rspi 0x2c3aab6ceed004e7 ispi
> > > 0x67cb9c572ac8b67e initiator 1 sa
> > > > valid type 4 data length 1064
> > > > > ikev2_msg_auth: responder auth data length 431
> > > > > ikev2_msg_authverify: method SIG keylen 1064 type X509_CERT
> > > > > _dsa_verify_init: signature scheme 0 selected
> > > > > ikev2_msg_authverify: authentication successful
> > > > > spi=0x67cb9c572ac8b67e: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> > > (required 0x0032
> > > > certvalid,authvalid,sa)
> > > > > ikev2_dispatch_cert: peer certificate is valid
> > > > > sa_stateflags: 0x003d -> 0x003f
> > > cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> > > > certvalid,authvalid,sa)
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > spi=0x67cb9c572ac8b67e: sa_state: AUTH_SUCCESS -> VALID
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > sa_stateok: VALID flags 0x0032, require 0x0032
> > > certvalid,authvalid,sa
> > > > > ikev2_sa_tag: (0)
> > > > > ikev2_childsa_negotiate: proposal 1
> > > > > ikev2_childsa_negotiate: key material length 72
> > > > > ikev2_prfplus: T1 with 64 bytes
> > > > > ikev2_prfplus: T2 with 64 bytes
> > > > > ikev2_prfplus: Tn with 128 bytes
> > > > > pfkey_sa_add: add spi 0xb1bffe2d
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0xb1bffe2d
> > > > > pfkey_sa_add: update spi 0x4701e9b5
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0x4701e9b5
> > > > > ikev2_childsa_enable: loaded flow 0x3c2eec20c00
> > > > > ikev2_childsa_enable: loaded flow 0x3c324182000
> > > > > ikev2_childsa_enable: remember SA peer --JP-IP--:500
> > > > > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded SPIs:
> > > 0xb1bffe2d, 0x4701e9b5
> > > > > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded flows:
> > > ESP---UK--/32=--JP-IP--/32
> > > > (47)
> > > > > spi=0x67cb9c572ac8b67e: sa_state: VALID -> ESTABLISHED from
> > > --JP-IP--:500 to --UK--:500
> > > > policy '--JP-HOST--'
> > > > > spi=0x67cb9c572ac8b67e: established peer
> --JP-IP--:500[UFQDN/shiva@--CA-HOST--]
> > > local
> > > > --UK--:500[UFQDN/--UK-ID--] policy '--JP-HOST--' as initiator
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> > > --FR--:500 local --UK--:500, 96
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > > > ikev2_init_recv: unknown SA
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> > > --FR--:500 local --UK--:500, 96
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > > > ikev2_init_recv: unknown SA
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> > > --FR--:500 local --UK--:500, 96
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > > > ikev2_init_recv: unknown SA
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 0 peer
> --FR--:500
> > > local --UK--:500, 112
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 0 length 112
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 84
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 48
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 0 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 0 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003184
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003184
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003183
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 3
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003183
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 3
> > > second(s) ago
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xf94ce3fc2e48f7f2: recv IKE_SA_INIT req 0 peer --CAT--:500
> > > local --UK--:500, 1056
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x0000000000000000
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> > > 0x0000000000000000 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056
> > > response 0
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 832
> > > > > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid
> IKE
> > > spisize 0 xforms 37
> > > > spi 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_384_192
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_512_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA1_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > AES_XCBC_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > AES_CMAC_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_XCBC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_CMAC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P256R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P384R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> CURVE25519
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_3072
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_4096
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_6144
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_8192
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> MODP_2048
> > > > > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid
> IKE
> > > spisize 0 xforms 45
> > > > spi 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_XCBC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_CMAC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P256R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P384R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> CURVE25519
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_3072
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_4096
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_6144
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_8192
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> MODP_2048
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 72
> > > > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_nat_detection: peer source 0xf94ce3fc2e48f7f2
> > > 0x0000000000000000 --CAT--:500
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_nat_detection: peer destination 0xf94ce3fc2e48f7f2
> > > 0x0000000000000000 --UK--:500
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > FRAGMENTATION_SUPPORTED
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 16
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > > > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> REDIRECT_SUPPORTED
> > > > > proposals_negotiate: score 4
> > > > > proposals_negotiate: score 0
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xf94ce3fc2e48f7f2: sa_state: INIT -> SA_INIT
> > > > > proposals_negotiate: score 4
> > > > > proposals_negotiate: score 0
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > > > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > > > > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: DHSECRET with 32 bytes
> > > > > ikev2_sa_keys: SKEYSEED with 32 bytes
> > > > > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: S with 80 bytes
> > > > > ikev2_prfplus: T1 with 32 bytes
> > > > > ikev2_prfplus: T2 with 32 bytes
> > > > > ikev2_prfplus: T3 with 32 bytes
> > > > > ikev2_prfplus: T4 with 32 bytes
> > > > > ikev2_prfplus: T5 with 32 bytes
> > > > > ikev2_prfplus: T6 with 32 bytes
> > > > > ikev2_prfplus: T7 with 32 bytes
> > > > > ikev2_prfplus: Tn with 224 bytes
> > > > > ikev2_sa_keys: SK_d with 32 bytes
> > > > > ikev2_sa_keys: SK_ai with 32 bytes
> > > > > ikev2_sa_keys: SK_ar with 32 bytes
> > > > > ikev2_sa_keys: SK_ei with 32 bytes
> > > > > ikev2_sa_keys: SK_er with 32 bytes
> > > > > ikev2_sa_keys: SK_pi with 32 bytes
> > > > > ikev2_sa_keys: SK_pr with 32 bytes
> > > > > ikev2_add_proposals: length 44
> > > > > ikev2_next_payload: length 48 nextpayload KE
> > > > > ikev2_next_payload: length 72 nextpayload NONCE
> > > > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local source 0xf94ce3fc2e48f7f2
> > > 0x1d51ac7d723a726d --UK--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local destination 0xf94ce3fc2e48f7f2
> > > 0x1d51ac7d723a726d --CAT--:500
> > > > > ikev2_next_payload: length 28 nextpayload CERTREQ
> > > > > ikev2_add_certreq: type X509_CERT length 21
> > > > > ikev2_next_payload: length 25 nextpayload NOTIFY
> > > > > ikev2_next_payload: length 14 nextpayload NONE
> > > > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> > > 0x1d51ac7d723a726d nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279
> > > response 1
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 48
> > > > > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid
> IKE
> > > spisize 0 xforms 4 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 72
> > > > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> > > 0x00 length 25
> > > > > ikev2_pld_certreq: type X509_CERT length 20
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 14
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > spi=0xf94ce3fc2e48f7f2: send IKE_SA_INIT res 0 peer --CAT--:500
> > > local --UK--:500, 279
> > > > bytes
> > > > > config_free_proposals: free 0x3c31292ae80
> > > > > config_free_proposals: free 0x3c31292a880
> > > > > spi=0xf94ce3fc2e48f7f2: recv IKE_AUTH req 1 peer --CAT--:4500
> > > local --UK--:4500, 1792
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d
> > > > > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > > > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> > > 0x1d51ac7d723a726d nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> > > length 1764
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 1728
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding
> 11
> > > > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> > > critical 0x00 length 33
> > > > > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY
> > > critical 0x00 length 1090
> > > > > ikev2_pld_cert: type X509_CERT length 1085
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload
> CERTREQ
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > > > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> > > critical 0x00 length 85
> > > > > ikev2_pld_certreq: type X509_CERT length 80
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP
> critical
> > > 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> > > critical 0x00 length 16
> > > > > ikev2_pld_cp: type REQUEST length 8
> > > > > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > > > > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 100
> > > > > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid
> ESP
> > > spisize 4 xforms 9 spi
> > > > 0xc9f9084d
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_384_192
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_512_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA1_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > AES_XCBC_96
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 24
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > ADDITIONAL_IP6_ADDRESS
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > EAP_ONLY_AUTHENTICATION
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > > > > ikev2_handle_notifies: mobike enabled
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > > > spi=0xf94ce3fc2e48f7f2: sa_state: SA_INIT -> AUTH_REQUEST
> > > > > policy_lookup: peerid 'indra@--CA-HOST--'
> > > > > proposals_negotiate: score 4
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_msg_auth: responder auth data length 343
> > > > > ca_setauth: switching SIG_ANY to SIG
> > > > > ca_setauth: auth length 343
> > > > > proposals_negotiate: score 4
> > > > > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > config_free_proposals: free 0x3c31292a480
> > > > > ca_getreq: found CA
> > > /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > > > =--CA-HOST--
> > > > > ca_x509_subjectaltname_do: did not find subjectAltName in
> > > certificate
> > > > > ca_getreq: found local certificate
> > > /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > > > --UK-HOST--
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > ca_setauth: auth length 272
> > > > > ca_validate_pubkey: could not open public key
> pubkeys/ufqdn/indra@
> > > --CA-HOST--
> > > > > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de
> > > Ribes/O=Telecom Lobby/OU=VPNC/CN=
> > > > --CAT-HOST-- ok
> > > > > ikev2_getimsgdata: imsg 22 rspi 0x1d51ac7d723a726d ispi
> > > 0xf94ce3fc2e48f7f2 initiator 0 sa
> > > > valid type 4 data length 1064
> > > > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > > > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required
> 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_getimsgdata: imsg 28 rspi 0x1d51ac7d723a726d ispi
> > > 0xf94ce3fc2e48f7f2 initiator 0 sa
> > > > valid type 14 data length 272
> > > > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > > > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required
> > > 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_getimsgdata: imsg 23 rspi 0x1d51ac7d723a726d ispi
> > > 0xf94ce3fc2e48f7f2 initiator 0 sa
> > > > valid type 4 data length 1085
> > > > > ikev2_msg_auth: initiator auth data length 1120
> > > > > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > > > > _dsa_verify_init: signature scheme 0 selected
> > > > > ikev2_msg_authverify: authentication successful
> > > > > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> > > (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_dispatch_cert: peer certificate is valid
> > > > > sa_stateflags: 0x003d -> 0x003f
> > > cert,certvalid,certreq,auth,authvalid,sa (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > sa_stateok: VALID flags 0x003b, require 0x003b
> > > cert,certvalid,auth,authvalid,sa
> > > > > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_SUCCESS -> VALID
> > > > > sa_stateok: VALID flags 0x003b, require 0x003b
> > > cert,certvalid,auth,authvalid,sa
> > > > > sa_stateok: VALID flags 0x003b, require 0x003b
> > > cert,certvalid,auth,authvalid,sa
> > > > > ikev2_sa_tag: (0)
> > > > > ikev2_childsa_negotiate: proposal 1
> > > > > ikev2_childsa_negotiate: key material length 128
> > > > > ikev2_prfplus: T1 with 32 bytes
> > > > > ikev2_prfplus: T2 with 32 bytes
> > > > > ikev2_prfplus: T3 with 32 bytes
> > > > > ikev2_prfplus: T4 with 32 bytes
> > > > > ikev2_prfplus: Tn with 128 bytes
> > > > > pfkey_sa_getspi: spi 0xba75d84f
> > > > > pfkey_sa_init: new spi 0xba75d84f
> > > > > ikev2_next_payload: length 35 nextpayload CERT
> > > > > ikev2_next_payload: length 1069 nextpayload AUTH
> > > > > ikev2_next_payload: length 280 nextpayload CP
> > > > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > > > ikev2_add_notify: done
> > > > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > > > ikev2_add_notify: done
> > > > > ikev2_next_payload: length 8 nextpayload SA
> > > > > ikev2_add_proposals: length 40
> > > > > ikev2_next_payload: length 44 nextpayload TSi
> > > > > ikev2_next_payload: length 24 nextpayload TSr
> > > > > ikev2_next_payload: length 24 nextpayload NONE
> > > > > ikev2_next_payload: length 1540 nextpayload IDr
> > > > > ikev2_msg_encrypt: decrypted length 1500
> > > > > ikev2_msg_encrypt: padded length 1504
> > > > > ikev2_msg_encrypt: length 1501, padding 3, output length 1536
> > > > > ikev2_msg_integr: message length 1568
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> > > 0x1d51ac7d723a726d nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> > > length 1540
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 1504
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3
> > > > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> > > critical 0x00 length 35
> > > > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> > > critical 0x00 length 1069
> > > > > ikev2_pld_cert: type X509_CERT length 1064
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP
> critical
> > > 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_cp: type REPLY length 0
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 44
> > > > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid
> ESP
> > > spisize 4 xforms 3 spi
> > > > 0xba75d84f
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --CAT-- end --CAT--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > spi=0xf94ce3fc2e48f7f2: send IKE_AUTH res 1 peer --CAT--:4500
> > > local --UK--:4500, 1568
> > > > bytes, NAT-T
> > > > > pfkey_sa_add: update spi 0xba75d84f
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0xba75d84f
> > > > > pfkey_sa_add: add spi 0xc9f9084d
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0xc9f9084d
> > > > > ikev2_childsa_enable: loaded flow 0x3c324182800
> > > > > ikev2_childsa_enable: loaded flow 0x3c2eec20400
> > > > > ikev2_childsa_enable: remember SA peer --CAT--:4500
> > > > > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded SPIs:
> > > 0xba75d84f, 0xc9f9084d
> > > > > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded flows:
> > > ESP---UK--/32=--CAT--/32(47)
> > > > > spi=0xf94ce3fc2e48f7f2: sa_state: VALID -> ESTABLISHED from
> > > --CAT--:4500 to --UK--:4500
> > > > policy '--CAT-HOST--'
> > > > > spi=0xf94ce3fc2e48f7f2: established peer
> --CAT--:4500[UFQDN/indra@--CA-HOST--]
> > > local
> > > > --UK--:4500[UFQDN/--UK-ID--] policy '--CAT-HOST--' as responder
> > > > > pfkey_sa_lookup: last_used 1614003186
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003186
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 0
> > > second(s) ago
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> > > --FR--:500 local --UK--:500, 96
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > > > ikev2_init_recv: unknown SA
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4429 peer
> > > --FR--:500 local --UK--:500, 240
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > > > ikev2_init_recv: unknown SA
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 1 peer
> --FR--:500
> > > local --UK--:500, 128
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 1 length 128
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 100
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 64
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 1 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 1 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003199
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003199
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003198
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 3
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003198
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 3
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003201
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003201
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003201
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 0
> > > second(s) ago
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 2 peer
> --FR--:500
> > > local --UK--:500, 144
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 2 length 144
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 116
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 80
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 2 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 2 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003214
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003214
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003216
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003216
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003216
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003216
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003216
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 0
> > > second(s) ago
> > > > > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > > > > ikev2_init_ike_sa: "--US-HOST--" is already active
> > > > > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 3 peer
> --FR--:500
> > > local --UK--:500, 112
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 3 length 112
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 84
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 48
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 3 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 3 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003229
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003229
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003231
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003231
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003231
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003231
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003231
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 0
> > > second(s) ago
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 4 peer
> --FR--:500
> > > local --UK--:500, 128
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 4 length 128
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 100
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 64
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 4 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 4 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003244
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003245
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003246
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003246
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003246
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003246
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003246
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 0
> > > second(s) ago
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 5 peer
> --FR--:500
> > > local --UK--:500, 96
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 5 length 96
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 68
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 32
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 5 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 5 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003259
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003259
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003261
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003261
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003261
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003261
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003261
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 0
> > > second(s) ago
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 6 peer
> --FR--:500
> > > local --UK--:500, 96
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 6 length 96
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 68
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 32
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 6 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 6 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003275
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003275
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003276
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003276
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003276
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003276
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003275
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > > > > ikev2_init_ike_sa: "--US-HOST--" is already active
> > > > > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 7 peer
> --FR--:500
> > > local --UK--:500, 112
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 7 length 112
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 84
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 48
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 7 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 7 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003290
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003290
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003291
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003291
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003291
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003291
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003290
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 8 peer
> --FR--:500
> > > local --UK--:500, 144
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 8 length 144
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 116
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 80
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 8 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 8 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003305
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003305
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003306
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003306
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003306
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003306
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003305
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 9 peer
> --FR--:500
> > > local --UK--:500, 160
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 9 length 160
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 132
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 96
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 9 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 9 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003319
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003320
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003321
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003321
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003321
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003321
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003320
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 10 peer
> --FR--:500
> > > local --UK--:500, 96
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 10 length 96
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 68
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 32
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 10 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 10 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003334
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003335
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003336
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003336
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003336
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003336
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003335
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > policy_lookup: setting policy '--JP-HOST--'
> > > > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> > > --JP-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > > > ikev2_init_recv: unknown SA
> > > > > policy_lookup: setting policy '--JP-HOST--'
> > > > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> > > --JP-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > > > ikev2_init_recv: unknown SA
> > > > > policy_lookup: setting policy '--JP-HOST--'
> > > > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> > > --JP-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > > > ikev2_init_recv: unknown SA
> > > > > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > > > > ikev2_init_ike_sa: "--US-HOST--" is already active
> > > > > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 11 peer
> --FR--:500
> > > local --UK--:500, 96
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 11 length 96
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 68
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 32
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 11 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 11 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003349
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003350
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003351
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003351
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003350
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003351
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003350
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > policy_lookup: setting policy '--JP-HOST--'
> > > > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> > > --JP-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > > > ikev2_init_recv: unknown SA
> > > > > spi=0xf94ce3fc2e48f7f2: recv INFORMATIONAL req 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d
> > > > > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > > > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> > > 0x1d51ac7d723a726d nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x08 msgid 2 length 80
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 7
> > > > > ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE
> > > critical 0x00 length 8
> > > > > ikev2_pld_delete: proto IKE spisize 0 nspi 0
> > > > > ikev2_next_payload: length 4 nextpayload NONE
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 4
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 5, padding 11, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> > > 0x1d51ac7d723a726d nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x20 msgid 2 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
> > > > > spi=0xf94ce3fc2e48f7f2: send INFORMATIONAL res 2 peer
> --CAT--:4500
> > > local --UK--:4500, 80
> > > > bytes, NAT-T
> > > > > spi=0xf94ce3fc2e48f7f2: ikev2_ikesa_recv_delete: received
> delete
> > > > > spi=0xf94ce3fc2e48f7f2: sa_state: ESTABLISHED -> CLOSED from
> > > --CAT--:4500 to --UK--:4500
> > > > policy '--CAT-HOST--'
> > > > > ikev2_recv: closing SA
> > > > > spi=0xf94ce3fc2e48f7f2: sa_free: received delete
> > > > > config_free_proposals: free 0x3c27ccfe800
> > > > > config_free_proposals: free 0x3c31292a600
> > > > > config_free_childsas: free 0x3c2db888f00
> > > > > config_free_childsas: free 0x3c300bf3e00
> > > > > sa_free_flows: free 0x3c324182800
> > > > > sa_free_flows: free 0x3c2eec20400
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0x87993e0d839b617f: recv IKE_SA_INIT req 0 peer --CAT--:500
> > > local --UK--:500, 1056
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0x87993e0d839b617f rspi 0x0000000000000000
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> > > 0x0000000000000000 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056
> > > response 0
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 832
> > > > > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid
> IKE
> > > spisize 0 xforms 37
> > > > spi 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CTR
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_384_192
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_512_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA1_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > AES_XCBC_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > AES_CMAC_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_XCBC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_CMAC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P256R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P384R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> CURVE25519
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_3072
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_4096
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_6144
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_8192
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> MODP_2048
> > > > > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid
> IKE
> > > spisize 0 xforms 45
> > > > spi 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_16
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_GCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > AES_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_8
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> > > CAMELLIA_CCM_12
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_512
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_XCBC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> AES128_CMAC
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P256R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P384R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> > > BRAINPOOL_P512R1
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> CURVE25519
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_3072
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_4096
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_6144
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> MODP_8192
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> MODP_2048
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 72
> > > > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_nat_detection: peer source 0x87993e0d839b617f
> > > 0x0000000000000000 --CAT--:500
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_nat_detection: peer destination 0x87993e0d839b617f
> > > 0x0000000000000000 --UK--:500
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > FRAGMENTATION_SUPPORTED
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 16
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > > > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> REDIRECT_SUPPORTED
> > > > > proposals_negotiate: score 4
> > > > > proposals_negotiate: score 0
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > spi=0x87993e0d839b617f: sa_state: INIT -> SA_INIT
> > > > > proposals_negotiate: score 4
> > > > > proposals_negotiate: score 0
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > > > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > > > > spi=0x87993e0d839b617f: ikev2_sa_keys: DHSECRET with 32 bytes
> > > > > ikev2_sa_keys: SKEYSEED with 32 bytes
> > > > > spi=0x87993e0d839b617f: ikev2_sa_keys: S with 80 bytes
> > > > > ikev2_prfplus: T1 with 32 bytes
> > > > > ikev2_prfplus: T2 with 32 bytes
> > > > > ikev2_prfplus: T3 with 32 bytes
> > > > > ikev2_prfplus: T4 with 32 bytes
> > > > > ikev2_prfplus: T5 with 32 bytes
> > > > > ikev2_prfplus: T6 with 32 bytes
> > > > > ikev2_prfplus: T7 with 32 bytes
> > > > > ikev2_prfplus: Tn with 224 bytes
> > > > > ikev2_sa_keys: SK_d with 32 bytes
> > > > > ikev2_sa_keys: SK_ai with 32 bytes
> > > > > ikev2_sa_keys: SK_ar with 32 bytes
> > > > > ikev2_sa_keys: SK_ei with 32 bytes
> > > > > ikev2_sa_keys: SK_er with 32 bytes
> > > > > ikev2_sa_keys: SK_pi with 32 bytes
> > > > > ikev2_sa_keys: SK_pr with 32 bytes
> > > > > ikev2_add_proposals: length 44
> > > > > ikev2_next_payload: length 48 nextpayload KE
> > > > > ikev2_next_payload: length 72 nextpayload NONCE
> > > > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local source 0x87993e0d839b617f
> > > 0xbd5bf5ce26784624 --UK--:500
> > > > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > > > ikev2_nat_detection: local destination 0x87993e0d839b617f
> > > 0xbd5bf5ce26784624 --CAT--:500
> > > > > ikev2_next_payload: length 28 nextpayload CERTREQ
> > > > > ikev2_add_certreq: type X509_CERT length 21
> > > > > ikev2_next_payload: length 25 nextpayload NOTIFY
> > > > > ikev2_next_payload: length 14 nextpayload NONE
> > > > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> > > 0xbd5bf5ce26784624 nextpayload SA
> > > > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279
> > > response 1
> > > > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00
> length
> > > 48
> > > > > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid
> IKE
> > > spisize 0 xforms 4 spi
> > > > 0
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> > > HMAC_SHA2_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > > > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> > > length 72
> > > > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical
> 0x00
> > > length 36
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_SOURCE_IP
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> > > 0x00 length 28
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > NAT_DETECTION_DESTINATION_IP
> > > > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> > > 0x00 length 25
> > > > > ikev2_pld_certreq: type X509_CERT length 20
> > > > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical
> 0x00
> > > length 14
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > SIGNATURE_HASH_ALGORITHMS
> > > > > spi=0x87993e0d839b617f: send IKE_SA_INIT res 0 peer --CAT--:500
> > > local --UK--:500, 279
> > > > bytes
> > > > > config_free_proposals: free 0x3c2ef864700
> > > > > config_free_proposals: free 0x3c2a56da100
> > > > > spi=0x87993e0d839b617f: recv IKE_AUTH req 1 peer --CAT--:4500
> > > local --UK--:4500, 1792
> > > > bytes, policy '--CAT-HOST--'
> > > > > ikev2_recv: ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624
> > > > > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > > > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> > > 0xbd5bf5ce26784624 nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> > > length 1764
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 1728
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding
> 11
> > > > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> > > critical 0x00 length 33
> > > > > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY
> > > critical 0x00 length 1090
> > > > > ikev2_pld_cert: type X509_CERT length 1085
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload
> CERTREQ
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > > > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> > > critical 0x00 length 85
> > > > > ikev2_pld_certreq: type X509_CERT length 80
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP
> critical
> > > 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> > > critical 0x00 length 16
> > > > > ikev2_pld_cp: type REQUEST length 8
> > > > > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > > > > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 100
> > > > > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid
> ESP
> > > spisize 4 xforms 9 spi
> > > > 0xc0567d8f
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_384_192
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_512_256
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA1_96
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > AES_XCBC_96
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 24
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > ADDITIONAL_IP6_ADDRESS
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > EAP_ONLY_AUTHENTICATION
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> > > IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > > > > ikev2_handle_notifies: mobike enabled
> > > > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > > > spi=0x87993e0d839b617f: sa_state: SA_INIT -> AUTH_REQUEST
> > > > > policy_lookup: peerid 'indra@--CA-HOST--'
> > > > > proposals_negotiate: score 4
> > > > > policy_lookup: setting policy '--CAT-HOST--'
> > > > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > > > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_msg_auth: responder auth data length 343
> > > > > ca_setauth: switching SIG_ANY to SIG
> > > > > ca_setauth: auth length 343
> > > > > proposals_negotiate: score 4
> > > > > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > config_free_proposals: free 0x3c2ef864180
> > > > > ca_getreq: found CA
> > > /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > > > =--CA-HOST--
> > > > > ca_x509_subjectaltname_do: did not find subjectAltName in
> > > certificate
> > > > > ca_getreq: found local certificate
> > > /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > > > --UK-HOST--
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > _dsa_sign_encode: signature scheme 0 selected
> > > > > ca_setauth: auth length 272
> > > > > ca_validate_pubkey: could not open public key
> pubkeys/ufqdn/indra@
> > > --CA-HOST--
> > > > > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de
> > > Ribes/O=Telecom Lobby/OU=VPNC/CN=
> > > > --CAT-HOST-- ok
> > > > > ikev2_getimsgdata: imsg 22 rspi 0xbd5bf5ce26784624 ispi
> > > 0x87993e0d839b617f initiator 0 sa
> > > > valid type 4 data length 1064
> > > > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > > > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required
> 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_getimsgdata: imsg 28 rspi 0xbd5bf5ce26784624 ispi
> > > 0x87993e0d839b617f initiator 0 sa
> > > > valid type 14 data length 272
> > > > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > > > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required
> > > 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_getimsgdata: imsg 23 rspi 0xbd5bf5ce26784624 ispi
> > > 0x87993e0d839b617f initiator 0 sa
> > > > valid type 4 data length 1085
> > > > > ikev2_msg_auth: initiator auth data length 1120
> > > > > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > > > > _dsa_verify_init: signature scheme 0 selected
> > > > > ikev2_msg_authverify: authentication successful
> > > > > spi=0x87993e0d839b617f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> > > (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > ikev2_dispatch_cert: peer certificate is valid
> > > > > sa_stateflags: 0x003d -> 0x003f
> > > cert,certvalid,certreq,auth,authvalid,sa (required 0x003b
> > > > cert,certvalid,auth,authvalid,sa)
> > > > > sa_stateok: VALID flags 0x003b, require 0x003b
> > > cert,certvalid,auth,authvalid,sa
> > > > > spi=0x87993e0d839b617f: sa_state: AUTH_SUCCESS -> VALID
> > > > > sa_stateok: VALID flags 0x003b, require 0x003b
> > > cert,certvalid,auth,authvalid,sa
> > > > > sa_stateok: VALID flags 0x003b, require 0x003b
> > > cert,certvalid,auth,authvalid,sa
> > > > > ikev2_sa_tag: (0)
> > > > > ikev2_childsa_negotiate: proposal 1
> > > > > ikev2_childsa_negotiate: key material length 128
> > > > > ikev2_prfplus: T1 with 32 bytes
> > > > > ikev2_prfplus: T2 with 32 bytes
> > > > > ikev2_prfplus: T3 with 32 bytes
> > > > > ikev2_prfplus: T4 with 32 bytes
> > > > > ikev2_prfplus: Tn with 128 bytes
> > > > > pfkey_sa_getspi: spi 0x41a9644f
> > > > > pfkey_sa_init: new spi 0x41a9644f
> > > > > ikev2_next_payload: length 35 nextpayload CERT
> > > > > ikev2_next_payload: length 1069 nextpayload AUTH
> > > > > ikev2_next_payload: length 280 nextpayload CP
> > > > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > > > ikev2_add_notify: done
> > > > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > > > ikev2_add_notify: done
> > > > > ikev2_next_payload: length 8 nextpayload SA
> > > > > ikev2_add_proposals: length 40
> > > > > ikev2_next_payload: length 44 nextpayload TSi
> > > > > ikev2_next_payload: length 24 nextpayload TSr
> > > > > ikev2_next_payload: length 24 nextpayload NONE
> > > > > ikev2_next_payload: length 1540 nextpayload IDr
> > > > > ikev2_msg_encrypt: decrypted length 1500
> > > > > ikev2_msg_encrypt: padded length 1504
> > > > > ikev2_msg_encrypt: length 1501, padding 3, output length 1536
> > > > > ikev2_msg_integr: message length 1568
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> > > 0xbd5bf5ce26784624 nextpayload SK
> > > > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> > > length 1540
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 1504
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3
> > > > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> > > critical 0x00 length 35
> > > > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> > > critical 0x00 length 1069
> > > > > ikev2_pld_cert: type X509_CERT length 1064
> > > > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP
> critical
> > > 0x00 length 280
> > > > > ikev2_pld_auth: method SIG length 272
> > > > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_cp: type REPLY length 0
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type
> USE_TRANSPORT_MODE
> > > > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> > > critical 0x00 length 8
> > > > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi
> critical
> > > 0x00 length 44
> > > > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid
> ESP
> > > spisize 4 xforms 3 spi
> > > > 0x41a9644f
> > > > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CBC
> > > > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> > > HMAC_SHA2_256_128
> > > > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr
> critical
> > > 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --CAT-- end --CAT--
> > > > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> > > critical 0x00 length 24
> > > > > ikev2_pld_tss: count 1 length 16
> > > > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16
> startport
> > > 0 endport 65535
> > > > > ikev2_pld_ts: start --UK-- end --UK--
> > > > > spi=0x87993e0d839b617f: send IKE_AUTH res 1 peer --CAT--:4500
> > > local --UK--:4500, 1568
> > > > bytes, NAT-T
> > > > > pfkey_sa_add: update spi 0x41a9644f
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0x41a9644f
> > > > > pfkey_sa_add: add spi 0xc0567d8f
> > > > > ikev2_childsa_enable: loaded CHILD SA spi 0xc0567d8f
> > > > > ikev2_childsa_enable: loaded flow 0x3c324182400
> > > > > ikev2_childsa_enable: loaded flow 0x3c2eec20000
> > > > > ikev2_childsa_enable: remember SA peer --CAT--:4500
> > > > > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded SPIs:
> > > 0x41a9644f, 0xc0567d8f
> > > > > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded flows:
> > > ESP---UK--/32=--CAT--/32(47)
> > > > > spi=0x87993e0d839b617f: sa_state: VALID -> ESTABLISHED from
> > > --CAT--:4500 to --UK--:4500
> > > > policy '--CAT-HOST--'
> > > > > spi=0x87993e0d839b617f: established peer
> --CAT--:4500[UFQDN/indra@--CA-HOST--]
> > > local
> > > > --UK--:4500[UFQDN/--UK-ID--] policy '--CAT-HOST--' as responder
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 12 peer
> --FR--:500
> > > local --UK--:500, 112
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 12 length
> 112
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 84
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 48
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 12 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 12 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003365
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003365
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003366
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003366
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003366
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003365
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > policy_lookup: setting policy '--JP-HOST--'
> > > > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> > > --JP-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > > > ikev2_init_recv: unknown SA
> > > > > pfkey_sa_lookup: last_used 1614003379
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used
> 1
> > > second(s) ago
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 13 peer
> --FR--:500
> > > local --UK--:500, 128
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 13 length
> 128
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 100
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 64
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 13 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 13 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003380
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003380
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003381
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003381
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003381
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003380
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > policy_lookup: setting policy '--US-HOST--'
> > > > > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer
> > > --US-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--US-HOST--'
> > > > > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > > > > ikev2_init_recv: unknown SA
> > > > > pfkey_sa_lookup: last_used 1614003392
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used
> 3
> > > second(s) ago
> > > > > spi=0xf2043da59221143f: recv INFORMATIONAL req 14 peer
> --FR--:500
> > > local --UK--:500, 160
> > > > bytes, policy '--FR-HOST--'
> > > > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 14 length
> 160
> > > response 0
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 132
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 96
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95
> > > > > ikev2_next_payload: length 52 nextpayload NONE
> > > > > ikev2_msg_encrypt: decrypted length 0
> > > > > ikev2_msg_encrypt: padded length 16
> > > > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > > > ikev2_msg_integr: message length 80
> > > > > ikev2_msg_integr: integrity checksum length 16
> > > > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> > > 0x1f43bd64d771a4e5 nextpayload SK
> > > > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 14 length 80
> > > response 1
> > > > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> > > length 52
> > > > > ikev2_msg_decrypt: IV length 16
> > > > > ikev2_msg_decrypt: encrypted payload length 16
> > > > > ikev2_msg_decrypt: integrity checksum length 16
> > > > > ikev2_msg_decrypt: integrity check succeeded
> > > > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > > > spi=0xf2043da59221143f: send INFORMATIONAL res 14 peer
> --FR--:500
> > > local --UK--:500, 80
> > > > bytes
> > > > > pfkey_sa_lookup: last_used 1614003394
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used
> 1
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003394
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used
> 1
> > > second(s) ago
> > > > > policy_lookup: setting policy '--US-HOST--'
> > > > > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer
> > > --US-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--US-HOST--'
> > > > > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > > > > ikev2_init_recv: unknown SA
> > > > > pfkey_sa_lookup: last_used 1614003396
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003396
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003396
> > > > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used
> 0
> > > second(s) ago
> > > > > pfkey_sa_lookup: last_used 1614003395
> > > > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used
> 1
> > > second(s) ago
> > > > > policy_lookup: setting policy '--US-HOST--'
> > > > > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer
> > > --US-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--US-HOST--'
> > > > > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > > > > ikev2_init_recv: unknown SA
> > > > > policy_lookup: setting policy '--JP-HOST--'
> > > > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> > > --JP-IP--:500 local --UK--:500, 57
> > > > bytes, policy '--JP-HOST--'
> > > > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > > > ikev2_init_recv: unknown SA
> > > > > ca exiting, pid 842
> > > > > control exiting, pid 64161
> > > > > ikev2 exiting, pid 15623
> > > > > parent terminating
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Name: Riccardo Giuntoli
> > > > Email: taglio@gmail.com
> > > > Location: sant Pere de Ribes, BCN, Spain
> > > > PGP Key: 0x67123739
> > > > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
> > > > Key server: hkp://wwwkeys.eu.pgp.net
> > >
> >
> >
> > --
> > Name: Riccardo Giuntoli
> > Email: taglio@gmail.com
> > Location: sant Pere de Ribes, BCN, Spain
> > PGP Key: 0x67123739
> > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
> > Key server: hkp://wwwkeys.eu.pgp.net
>
> > create_ike: using signature for peer -->NODE_ES<--
> > ikev2 "-->HOST_ES<--" passive transport esp proto gre inet from
> -->HOST-US<--- to -->NODE_ES<-- local -->HOST-US<--- peer -->NODE_ES<--
> ikesa enc aes-256 prf hmac-sha2-256,hmac-sha2-384,hmac-sha2-512,hmac-sha1
> auth hmac-sha2-256 group ecp256 childsa enc aes-256 auth hmac-sha2-256
> group ecp256 esn,noesn srcid -->HOSTNAME-US<---@-->CA<--- ikelifetime 3600
> lifetime 1200 bytes 536870912 signature
> > /etc/iked.conf: loaded 1 configuration rules
> > ca_privkey_serialize: type RSA_KEY length 1193
> > ca_pubkey_serialize: type RSA_KEY length 270
> > ca_privkey_to_method: type RSA_KEY method RSA_SIG
> > ca_getkey: received private key type RSA_KEY length 1193
> > ca_getkey: received public key type RSA_KEY length 270
> > ca_dispatch_parent: config reset
> > ca_reload: loaded ca file ca.crt
> > ca_reload: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom
> Lobby/OU=VPNC/CN=-->CA<---
> > ca_reload: loaded 1 ca certificate
> > ca_reload: loaded cert file -->CERT-FR<---.crt
> > ca_reload: loaded cert file -->CERT-US<---.crt
> > ca_validate_cert: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom
> Lobby/OU=VPNC/CN=-->CERT-FR<--- ok
> > ca_validate_cert: /C=US/ST=Texas/L=Dallas/O=Telecom
> Lobby/OU=VPNC/CN=-->CERT-US<--- ok
> > ca_reload: local cert type X509_CERT
> > config_getocsp: ocsp_url none tolerate 0 maxage -1
> > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> > config_getpolicy: received policy
> > config_getpfkey: received pfkey fd 3
> > config_getcompile: compilation done
> > config_getsocket: received socket fd 4
> > config_getsocket: received socket fd 5
> > config_getsocket: received socket fd 6
> > config_getsocket: received socket fd 7
> > config_getstatic: dpd_check_interval 15
> > config_getstatic: no enforcesingleikesa
> > config_getstatic: no fragmentation
> > config_getstatic: mobike
> > config_getstatic: nattport 4500
> > policy_lookup: setting policy '-->HOST_ES<--'
> > spi=0xc870f2a5b428b6b1: recv IKE_SA_INIT req 0 peer -->NODE_ES<--:500
> local -->HOST-US<---:500, 1056 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0x0000000000000000
> > ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0x0000000000000000
> nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length
> 1056 response 0
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832
> > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE
> spisize 0 xforms 37 spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE
> spisize 0 xforms 45 spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > fb4e28c8 2dc256a8 01f96855 47b989b8 bfe51d02 98dfc830 9a1926c2 ce43da18
> > 825173f8 868e8e93 a0e15479 6648f94d df9bfcff 265f2894 369fac99 1c5390d1
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > fbb057f9 39f8991c 6147e3d5 efab770e aa42ca1c 570af11f f8af87db 2135edae
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > 5b9719db 93af37fd d1506d29 77b4314f e99b3ba1
> > ikev2_nat_detection: peer source 0xc870f2a5b428b6b1 0x0000000000000000
> -->NODE_ES<--:500
> > 5b9719db 93af37fd d1506d29 77b4314f e99b3ba1
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > 26dbd4cc e1365f1a 20cc721b 776e76b4 d97f93c2
> > ikev2_nat_detection: peer destination 0xc870f2a5b428b6b1
> 0x0000000000000000 -->HOST-US<---:500
> > 26dbd4cc e1365f1a 20cc721b 776e76b4 d97f93c2
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 16
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > 00020003 00040005
> > ikev2_pld_notify: signature hash SHA2_256 (2)
> > ikev2_pld_notify: signature hash SHA2_384 (3)
> > ikev2_pld_notify: signature hash SHA2_512 (4)
> > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length
> 8
> > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 0 <-> 256)
> > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 0
> > policy_lookup: setting policy '-->HOST_ES<--'
> > spi=0xc870f2a5b428b6b1: sa_state: INIT -> SA_INIT
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 0 <-> 256)
> > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 0
> > proposals_negotiate: score 1: ENCR AES_CBC 256
> > proposals_negotiate: score 1: PRF HMAC_SHA2_256
> > proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
> > proposals_negotiate: score 1: DH ECP_256
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > spi=0xc870f2a5b428b6b1: ikev2_sa_keys: DHSECRET with 32 bytes
> > 4a83aa63 4ac034c7 be328bea f0eac5da d117ba41 eea32330 17b36200 19c5f7a5
> > ikev2_sa_keys: SKEYSEED with 32 bytes
> > c4449822 30e6c834 83caec16 7409dd2f 83984206 86a748a0 39d8af89 397b054d
> > spi=0xc870f2a5b428b6b1: ikev2_sa_keys: S with 80 bytes
> > fbb057f9 39f8991c 6147e3d5 efab770e aa42ca1c 570af11f f8af87db 2135edae
> > 8ab04bee 544dc638 9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33
> > ikev2_prfplus: T1 with 32 bytes
> > 0db03dbc 96a38ba0 78a1e472 bc6ecfea 3e2e3db1 5303eb1c 4d14f919 f5802901
> > ikev2_prfplus: T2 with 32 bytes
> > a173a0d8 7f060aa8 6c812231 b5920ecf 35779516 081d2946 3b73d58d 9b537b02
> > ikev2_prfplus: T3 with 32 bytes
> > 2a141ed7 5f9fb6d1 fee06cb4 31d31075 199b0d7a e982b976 946fc8df 202e4359
> > ikev2_prfplus: T4 with 32 bytes
> > d54043e1 b34d9d11 bd38c5bb 207083ac 7adbb8f3 4c83c0da 6b069ac6 2714666d
> > ikev2_prfplus: T5 with 32 bytes
> > e871e73a 1ab8c048 bfa5428b db4aed8a 5d7f022c f9aa7551 6ea70a97 ab2d2e6b
> > ikev2_prfplus: T6 with 32 bytes
> > c76d3292 1f9fe008 4e1dc370 4f0c01fb 52379853 a70af25e 538d84af b61de39c
> > ikev2_prfplus: T7 with 32 bytes
> > 0bd325e9 cf9d2036 467fd529 b454e0fb 040953f5 0015ee19 59b2dad5 b0a062dd
> > ikev2_prfplus: Tn with 224 bytes
> > 0db03dbc 96a38ba0 78a1e472 bc6ecfea 3e2e3db1 5303eb1c 4d14f919 f5802901
> > a173a0d8 7f060aa8 6c812231 b5920ecf 35779516 081d2946 3b73d58d 9b537b02
> > 2a141ed7 5f9fb6d1 fee06cb4 31d31075 199b0d7a e982b976 946fc8df 202e4359
> > d54043e1 b34d9d11 bd38c5bb 207083ac 7adbb8f3 4c83c0da 6b069ac6 2714666d
> > e871e73a 1ab8c048 bfa5428b db4aed8a 5d7f022c f9aa7551 6ea70a97 ab2d2e6b
> > c76d3292 1f9fe008 4e1dc370 4f0c01fb 52379853 a70af25e 538d84af b61de39c
> > 0bd325e9 cf9d2036 467fd529 b454e0fb 040953f5 0015ee19 59b2dad5 b0a062dd
> > ikev2_sa_keys: SK_d with 32 bytes
> > 0db03dbc 96a38ba0 78a1e472 bc6ecfea 3e2e3db1 5303eb1c 4d14f919 f5802901
> > ikev2_sa_keys: SK_ai with 32 bytes
> > a173a0d8 7f060aa8 6c812231 b5920ecf 35779516 081d2946 3b73d58d 9b537b02
> > ikev2_sa_keys: SK_ar with 32 bytes
> > 2a141ed7 5f9fb6d1 fee06cb4 31d31075 199b0d7a e982b976 946fc8df 202e4359
> > ikev2_sa_keys: SK_ei with 32 bytes
> > d54043e1 b34d9d11 bd38c5bb 207083ac 7adbb8f3 4c83c0da 6b069ac6 2714666d
> > ikev2_sa_keys: SK_er with 32 bytes
> > e871e73a 1ab8c048 bfa5428b db4aed8a 5d7f022c f9aa7551 6ea70a97 ab2d2e6b
> > ikev2_sa_keys: SK_pi with 32 bytes
> > c76d3292 1f9fe008 4e1dc370 4f0c01fb 52379853 a70af25e 538d84af b61de39c
> > ikev2_sa_keys: SK_pr with 32 bytes
> > 0bd325e9 cf9d2036 467fd529 b454e0fb 040953f5 0015ee19 59b2dad5 b0a062dd
> > ikev2_add_proposals: length 44
> > ikev2_next_payload: length 48 nextpayload KE
> > ikev2_next_payload: length 72 nextpayload NONCE
> > ikev2_next_payload: length 36 nextpayload NOTIFY
> > ikev2_nat_detection: local source 0xc870f2a5b428b6b1 0xf2df80a5dd2f5b33
> -->HOST-US<---:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_nat_detection: local destination 0xc870f2a5b428b6b1
> 0xf2df80a5dd2f5b33 -->NODE_ES<--:500
> > ikev2_next_payload: length 28 nextpayload CERTREQ
> > ikev2_add_certreq: type X509_CERT length 21
> > ikev2_next_payload: length 25 nextpayload NOTIFY
> > ikev2_next_payload: length 14 nextpayload NONE
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length
> 279 response 1
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > 2213a051 4f8b600e 0a6113ef 4f8843e9 dfa82f90 afc341ce 1d22f142 cc1c99a6
> > d1aafd33 fa14c441 f55bbe7d ed87c6e0 7f53d608 68d9943e 8fa2bc83 05a734da
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > 8ab04bee 544dc638 9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > e7c537c7 188717a7 e9730252 796a3ed3 a42caf24
> > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > 6c1a6db7 e62f6a24 2a3d9f69 b3a85e82 d19ab215
> > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00
> length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > d240096d 782460df c9e68072 dc0bc444 6fab51ba
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length
> 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > 00020003 0004
> > spi=0xc870f2a5b428b6b1: send IKE_SA_INIT res 0 peer -->NODE_ES<--:500
> local -->HOST-US<---:500, 279 bytes
> > config_free_proposals: free 0x5a932127300
> > config_free_proposals: free 0x5a8ff545680
> > spi=0xc870f2a5b428b6b1: recv IKE_AUTH req 1 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 1792 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> > ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local
> -->HOST-US<---:4500
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length
> 1792 response 0
> > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764
> > ikev2_msg_decrypt: IV length 16
> > 282989b4 f635471e 33d87b37 39081a33
> > ikev2_msg_decrypt: encrypted payload length 1728
> > 2640dec6 2fc56d29 7db8e661 28ebb336 17a8f4cd 25a3ccfa 89e7ad66 64271f1d
> > ee4b3c4a 4b055e9b 09bf7ea2 78ff9f14 fecee886 354a66d3 d329f3ac 9276d27d
> > 5673866d b272db95 55fa1240 24d9667a 5f6791ba 735d8837 c78c897d 07878af2
> > 2c894a02 6a92528b 1ab6d0b4 6d1b85b5 3c8e096d 1bf1db5a 2405220a 5fb2701a
> > 0dcbd992 d60cfaf1 76892665 917d4166 05d3aba3 ffc0fb65 454b0050 2a4c0783
> > fbceafc6 3e22cbe8 ef581b17 818c9fcb aec89edf bf785db7 979c10eb 16fac875
> > 947460ad 472a85bf 06195076 92acc85b 949ee718 ce6e0f1d a98d2ba1 afe878a6
> > 56c364ea 24838380 def824c9 e7cb8f82 5acb4846 9881b961 db6c5505 aff63119
> > 484b2cc3 00baf748 83df503c 07737489 3d9b4855 a9094b86 a5b9c293 6d926302
> > 61ed258a c7e99cbe 9afc82e1 62057d0f 5c1b2b4b f1a76bf9 c1b1dd34 b3ecacc2
> > 47e14e80 aed04925 1f2bf477 e407c499 8357ed81 ef14dfb0 3e58bc3c 2145e5f6
> > 65290b01 9fa26624 8a90d1aa ba04eeae 32d8d6c3 a5c10920 f76765d0 646440fd
> > 006638a5 382bd6ed 5b01507e d0d6e493 70c2d33d d0e2c500 8fc86ca2 c3500c18
> > 56320694 3069a66f d088ea6b 714cf2ac 1ef54157 6f42f331 15c4a990 0a3da535
> > 94b91ca5 98f7a486 ce5a5d9b 3e269676 6bda0fb6 4e7c0110 efdc7ef0 1800e448
> > 718ace5f f525542a 974f4eb2 b77a1595 7702680f 65b7408e 0a961dc3 8b50f1f4
> > fa0ccd1e 2e418e50 8ec2c389 26ceb8a4 505c8f24 629abddd 9630b741 809c4648
> > b3956f53 fb21be31 73aeb039 1df4e5bf cbe5c7c0 c6c96210 43d990b9 bcded92b
> > 9a290630 fdb14255 4323f14d 33de0794 5a52f486 a8298e5c ea529b2a 5ddc4b78
> > 4a8b8b42 5cb333b6 5feb538d ac7e6bff d1b4dade da1c5df9 fdbc9f19 485bf678
> > 2307e38e e1b7d2ff 6e2e833d b58f9f23 1a1678b6 0d96461b 063b2f4c e24c8ebf
> > 3493fcd5 a3c5834f a4973f39 605e00aa 6bff7e25 29bd5988 c5d20a16 2b017456
> > 1c8849b3 2ade4068 1e625767 a4ca2c2c 0d461c46 71dd1427 05df97cf bd5c1b2a
> > e82d10d1 d51af789 1d8032a0 0fb77c3b 451c20fb f6a3a1fb 728124ca d2c9fd11
> > ec89d1b2 ba45c49a bfe0a932 703d5b3e 17a9c49c 0d0eb141 0bc41f45 1a4ac38a
> > 1cec485b da65cd3d 42f15867 659589e8 ba8a9347 8bb44672 e686731b 478c83e9
> > c7e83057 24e5044b 5f5198a5 3d295aec 44f6460b c8ee15f0 69c5281b 1cfebf8e
> > 7ac337ae ef0fff4a 4d0bbfba 494c3a2c e37ecae0 f683e5c7 b854efd3 0d08c6b4
> > 9a926bc7 cbaf03c5 0ef8a358 669df5bf c65bc600 73afeeeb 8136b4a7 fecf5c73
> > 523d5823 8a6519ad afb1e36e a56f2d04 7633cf23 e46c45b3 2b5e9ffa d293379a
> > 6f8faf1b fec85884 ea5848f7 300d7694 6b073fe4 11fb7d20 a7597cfc a8f502de
> > b053ab34 6abf4177 bbb7f934 69e4b438 3d6c0524 c7b46d60 03807a8c a5f190a3
> > 54f2d9c8 d8e20705 0ec86bdf 28f7c74e 9b9dcaf9 2cd6ea07 9d11e1f6 62d86cda
> > a2ae7491 c5eedc6b 8b8dad17 e2f42164 a2be7565 4d246839 f47b5442 76d63104
> > d71f6319 6b48af35 e3c78e0d 0a8f160a 6ea2119e ed5b0eea a9f22e0e 499115d6
> > 8f322757 495c597a 8b43bcbc 5282df1c aa2ca71a a8d00f4b 61859a5f b567e0b3
> > 18ca7aab fd0c8571 7bb0b869 2a48f6ba 1ba0b386 c72ead0a 5f6cbe74 eac0e03f
> > afc12dfa 219f768f 553712ce e3b88cd5 99a0f875 8ca3070a 5a4021c2 5a4193e3
> > 57b3140d d075f597 5c2a9dff 28c6db78 46dbec18 f5fc5200 5216bc7f 449ac561
> > c7450ea9 8e55600d 67c99564 3129b8e1 69d5a885 09b8a534 21c66d74 449f9948
> > fc5c83e0 c3109d36 20e2a758 98aaa30a cf9cfb08 ba3682b3 d0a82d94 11f85003
> > 34731fef 7dfe17d8 4dba31a7 1a6a027f 8d64b030 0b92dbb0 32bbbe1f b28f00c1
> > c4a54916 7f334169 6a7e7894 1e1eb7b9 f94f42c3 41d3a29c 53aa32e8 b323cb60
> > c9af3487 dcca9bde 1baf3559 76890f71 f2e69b12 7c111d4b 6dac1a05 cd6314d3
> > 21221e3b d4c19cae cd7c285a 94e6b091 7b69f797 68af4edc b9fc4f31 78bf4163
> > 9b48e930 3e64b51d 5cd4bfd9 fdfcbe45 d0b701a5 0c355bc6 076f3ae6 7b769911
> > 94f1fcd4 2488fd7f 7748460f 1d0f4bc9 6be99fde 093d6f1e 3b0c952d 5383d552
> > 1b7ba7fd 228207f0 c91c2367 31b30a4d 00f0ee8b ecb0e84f 318a55e6 27bd12ed
> > fff0a1f8 ca1405b8 04fd9bc8 ac106125 1a69a988 2a123fef cf5d7eb8 ba53dba2
> > 91c1d600 c822fdc4 c15120ce ee36dee5 0d1c4429 c7f49de8 9f65d727 8098da2d
> > cd480ebf e52eda13 ad012ef8 2816108e cf93e240 f01db967 381c81e5 338480fb
> > 991b2027 b4fe6b2e b6b70868 864c4a07 237a7763 01e09d8c ec2e659c 151a4c55
> > 2f2cf3a1 07ed3d86 edd4e937 d815b5e3 0f8bd824 aaa856a2 4347ca43 a457a2be
> > 3dd87202 b73ae12c 70a0bd29 a6df51d7 7b071066 a3af80be 83e1cda9 85b127c2
> > ikev2_msg_decrypt: integrity checksum length 16
> > 54a8929d dd562669 086ebe95 9c8b1df7
> > ikev2_msg_decrypt: integrity check succeeded
> > 54a8929d dd562669 086ebe95 9c8b1df7
> > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
> > 25000021 03000000 696e6472 61406361 2e74656c 65636f6d 6c6f6262 792e636f
> > 6d290004 42043082 04393082 0321a003 02010202 082fc4d9 c96de04c b3300d06
> > 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652 311a3018
> > 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014 06035504
> > 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54 656c6563
> > 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06 03550403
> > 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130 32303930
> > 39353333 335a170d 32323032 30393039 35333333 5a30818a 310b3009 06035504
> > 06130245 53311230 10060355 04080c09 43617461 6c756e79 61311b30 19060355
> > 04070c12 73616e74 20506572 65206465 20526962 65733116 30140603 55040a0c
> > 0d54656c 65636f6d 204c6f62 6279310d 300b0603 55040b0c 0456504e 43312330
> > 21060355 04030c1a 52542d30 312e6361 742e7465 6c65636f 6d6c6f62 62792e63
> > 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282
> > 010100a3 db48a4b0 40b55682 81326f75 39065825 9ea9852b 6eeaa601 c4c692fa
> > 80b16e5e bbcf8072 947ac073 f9b8e372 87cfbc6d 4002f200 d6daf70c 040b1a3f
> > 1a8dfae5 3df72d9a d249803e a1a6b1dc 2f43a6f5 6b930198 a10b79e4 4acbf30f
> > 68aa8f3e 7f06a0cb 17283584 502629de 0bc50868 75202485 56bab2fe d1c4ca7a
> > ee08c458 74618b80 d82d0fd8 f95e4444 b6d445b7 223e6529 459e672b be640500
> > 3ddfec49 1e6192e6 6c0e57cf 937f3728 c29cb9c7 d9bce970 aa0370fb 7e19e3f7
> > 150b2d2d 706c32e0 986d78bc 0b25eeff fe27707e 1bd36caa c844fafd 792795cb
> > 8b919b40 d9906ed7 dccc1192 b1d18453 6d567b6b a9f5cbed b27899a5 cd7514c1
> > eaea1b02 03010001 a381a430 81a13013 0603551d 25040c30 0a06082b 06010505
> > 07030230 1d060355 1d0e0416 0414d277 dc485c0f 9c282246 c877c363 d3883d07
> > ed9d301f 0603551d 23041830 1680142a c5939e9b 0361a9a9 b61eb388 3d40c58e
> > e44f5030 24060355 1d11041d 301b8119 696e6472 61406361 2e74656c 65636f6d
> > 6c6f6262 792e636f 6d302406 09608648 0186f842 010d0417 16154765 6e657261
> > 74656420 62792052 6f757465 724f5330 0d06092a 864886f7 0d01010b 05000382
> > 01010056 c2f37bdf fba9a57a 17b5dcd9 062632b3 5bd7cd5e 0182b1e4 fb23bba8
> > 8d2b0005 a406253c c28dea45 91ea8961 99b38e2b 30816fb9 3ad824f0 b9992412
> > dc584ec1 a3f52bc1 0a9a198f da49baf6 40d3ac5d 136095cd 7ed56814 3413d831
> > 8e782e4c 4d1c1c82 e0ecb3ae 46254ee7 4f840f39 fcb19fde 7e5d94ad 05ac9caf
> > 376ed1d5 e6bd774a 45cd4b20 26cc2e37 163c029c 33a41a2a 8f0f1ef8 f799327b
> > 4c4265af ef9ab66c 11f73fcf 2d1724b7 acb365d9 7e922035 d1e7a807 f5020ce6
> > da69dc25 55824ce4 1c28e334 5583d13c f1a79f1e 248fe4ff dd32fa34 0d0e870d
> > a3654381 4118362c 99b00024 570a5104 3058d09a e9a66d6e 294a297e 805c506d
> > ce832b26 00000800 00400027 00005504 d240096d 782460df c9e68072 dc0bc444
> > 6fab51ba d240096d 782460df c9e68072 dc0bc444 6fab51ba 3b6a7f0c 2f567b94
> > 1954764f bfae24cd 40d9ea01 a467a75b d9f8d81b 482a9316 39c96dc0 98337349
> > 2f000118 0e000000 0f300d06 092a8648 86f70d01 010b0500 71a25162 15fdcfdb
> > a41cd95f 479f455c 0a672e88 26c09274 32a82937 c6fdc8b2 ee4b45f0 2320509d
> > ae992a39 2ccbc568 28ca972b 57cb6b6b 73bbc1d6 11fa2eeb f4a9e4af 3a834f0d
> > 16f9442a a9f241a5 3bc2ebb9 c9817533 c138e7c9 4ecdd9a5 ae2e771d 4ae9a5f3
> > 8e34fb38 c55761a2 718b1489 df0cfedf 0f3acad3 a937f528 e04a65e0 ba7d2221
> > 242fbe2e 32dae8f7 0dac46b0 4ac0971b aa4db8da 4c318e9d 6ccf600f 186eeaac
> > 0bd2b238 e825396c 2f84219a a51ef78c c09cb366 37ddba31 538f814f 80eb4059
> > 5d242e85 9e4c74a0 bd219e6f 2bf423a1 be2a7523 bfeb7768 d55a14dd 2aa9c1d3
> > de19fc52 6c546417 4d042a7f f0df7cb1 e93bbb48 213c382a 29000010 01000000
> > 00010000 00030000 21000008 00004007 2c000064 00000060 01030409 cd21dd16
> > 0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0 0300000c 0100000c
> > 800e0100 03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008
> > 03000002 03000008 03000005 00000008 05000000 2d000018 01000000 072f0010
> > 0000ffff 00000000 ffffffff 29000018 01000000 072f0010 0000ffff 9b8af71b
> > 9b8af71b 29000008 0000400c 29000018 0000400e 2a029003 00b70a85 105cb394
> > 07f03ae0 29000008 00004021 00000008 00004024 bbe09fe6 cfef20a1 f1b1150b
> > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00
> length 33
> > ikev2_pld_id: id UFQDN/-->HOSTNAME-ES<---@-->CA<--- length 29
> > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical
> 0x00 length 1090
> > ikev2_pld_cert: type X509_CERT length 1085
> > 30820439 30820321 a0030201 0202082f c4d9c96d e04cb330 0d06092a 864886f7
> > 0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
> > 11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
> > 65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
> > 6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
> > 656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303230 39303935 3333335a
> > 170d3232 30323039 30393533 33335a30 818a310b 30090603 55040613 02455331
> > 12301006 03550408 0c094361 74616c75 6e796131 1b301906 03550407 0c127361
> > 6e742050 65726520 64652052 69626573 31163014 06035504 0a0c0d54 656c6563
> > 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 23302106 03550403
> > 0c1a5254 2d30312e 6361742e 74656c65 636f6d6c 6f626279 2e636f6d 30820122
> > 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00a3db48
> > a4b040b5 56828132 6f753906 58259ea9 852b6eea a601c4c6 92fa80b1 6e5ebbcf
> > 8072947a c073f9b8 e37287cf bc6d4002 f200d6da f70c040b 1a3f1a8d fae53df7
> > 2d9ad249 803ea1a6 b1dc2f43 a6f56b93 0198a10b 79e44acb f30f68aa 8f3e7f06
> > a0cb1728 35845026 29de0bc5 08687520 248556ba b2fed1c4 ca7aee08 c4587461
> > 8b80d82d 0fd8f95e 4444b6d4 45b7223e 6529459e 672bbe64 05003ddf ec491e61
> > 92e66c0e 57cf937f 3728c29c b9c7d9bc e970aa03 70fb7e19 e3f7150b 2d2d706c
> > 32e0986d 78bc0b25 eefffe27 707e1bd3 6caac844 fafd7927 95cb8b91 9b40d990
> > 6ed7dccc 1192b1d1 84536d56 7b6ba9f5 cbedb278 99a5cd75 14c1eaea 1b020301
> > 0001a381 a43081a1 30130603 551d2504 0c300a06 082b0601 05050703 02301d06
> > 03551d0e 04160414 d277dc48 5c0f9c28 2246c877 c363d388 3d07ed9d 301f0603
> > 551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40 c58ee44f 50302406
> > 03551d11 041d301b 8119696e 64726140 63612e74 656c6563 6f6d6c6f 6262792e
> > 636f6d30 24060960 86480186 f842010d 04171615 47656e65 72617465 64206279
> > 20526f75 7465724f 53300d06 092a8648 86f70d01 010b0500 03820101 0056c2f3
> > 7bdffba9 a57a17b5 dcd90626 32b35bd7 cd5e0182 b1e4fb23 bba88d2b 0005a406
> > 253cc28d ea4591ea 896199b3 8e2b3081 6fb93ad8 24f0b999 2412dc58 4ec1a3f5
> > 2bc10a9a 198fda49 baf640d3 ac5d1360 95cd7ed5 68143413 d8318e78 2e4c4d1c
> > 1c82e0ec b3ae4625 4ee74f84 0f39fcb1 9fde7e5d 94ad05ac 9caf376e d1d5e6bd
> > 774a45cd 4b2026cc 2e37163c 029c33a4 1a2a8f0f 1ef8f799 327b4c42 65afef9a
> > b66c11f7 3fcf2d17 24b7acb3 65d97e92 2035d1e7 a807f502 0ce6da69 dc255582
> > 4ce41c28 e3345583 d13cf1a7 9f1e248f e4ffdd32 fa340d0e 870da365 43814118
> > 362c99b0 0024570a 51043058 d09ae9a6 6d6e294a 297e805c 506dce83 2b
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ
> critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical
> 0x00 length 85
> > ikev2_pld_certreq: type X509_CERT length 80
> > d240096d 782460df c9e68072 dc0bc444 6fab51ba d240096d 782460df c9e68072
> > dc0bc444 6fab51ba 3b6a7f0c 2f567b94 1954764f bfae24cd 40d9ea01 a467a75b
> > d9f8d81b 482a9316 39c96dc0 98337349
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00
> length 280
> > ikev2_pld_auth: method SIG length 272
> > 0f300d06 092a8648 86f70d01 010b0500 71a25162 15fdcfdb a41cd95f 479f455c
> > 0a672e88 26c09274 32a82937 c6fdc8b2 ee4b45f0 2320509d ae992a39 2ccbc568
> > 28ca972b 57cb6b6b 73bbc1d6 11fa2eeb f4a9e4af 3a834f0d 16f9442a a9f241a5
> > 3bc2ebb9 c9817533 c138e7c9 4ecdd9a5 ae2e771d 4ae9a5f3 8e34fb38 c55761a2
> > 718b1489 df0cfedf 0f3acad3 a937f528 e04a65e0 ba7d2221 242fbe2e 32dae8f7
> > 0dac46b0 4ac0971b aa4db8da 4c318e9d 6ccf600f 186eeaac 0bd2b238 e825396c
> > 2f84219a a51ef78c c09cb366 37ddba31 538f814f 80eb4059 5d242e85 9e4c74a0
> > bd219e6f 2bf423a1 be2a7523 bfeb7768 d55a14dd 2aa9c1d3 de19fc52 6c546417
> > 4d042a7f f0df7cb1 e93bbb48 213c382a
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical
> 0x00 length 16
> > ikev2_pld_cp: type REQUEST length 8
> > 00010000 00030000
> > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
> length 100
> > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP
> spisize 4 xforms 9 spi 0xcd21dd16
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
> length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical
> 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 24
> > ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS
> > 2a029003 00b70a85 105cb394 07f03ae0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type
> IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > ikev2_handle_notifies: mobike enabled
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > spi=0xc870f2a5b428b6b1: sa_state: SA_INIT -> AUTH_REQUEST
> > policy_lookup: peerid '-->HOSTNAME-ES<---@-->CA<---'
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 256 <-> 256)
> > proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > policy_lookup: setting policy '-->HOST_ES<--'
> > ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
> > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_msg_auth: responder auth data length 343
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33 21202220 00000000 00000117 22000030
> > 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008
> > 0300000c 00000008 04000013 28000048 00130000 2213a051 4f8b600e 0a6113ef
> > 4f8843e9 dfa82f90 afc341ce 1d22f142 cc1c99a6 d1aafd33 fa14c441 f55bbe7d
> > ed87c6e0 7f53d608 68d9943e 8fa2bc83 05a734da 29000024 8ab04bee 544dc638
> > 9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00 2900001c 00004004
> > e7c537c7 188717a7 e9730252 796a3ed3 a42caf24 2600001c 00004005 6c1a6db7
> > e62f6a24 2a3d9f69 b3a85e82 d19ab215 29000019 04d24009 6d782460 dfc9e680
> > 72dc0bc4 446fab51 ba000000 0e000040 2f000200 030004fb b057f939 f8991c61
> > 47e3d5ef ab770eaa 42ca1c57 0af11ff8 af87db21 35edae0f 65e22c0f 7ba67ec5
> > f3b84c4f 45977277 cd60a97f d01d4298 cfd7c331 490e33
> > ca_setauth: switching SIG_ANY to SIG
> > ca_setauth: auth length 343
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 0 <-> 256)
> > proposals_match: xform 1 <-> 1 (2): ESN NONE (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > proposals_negotiate: score 1: ENCR AES_CBC 256
> > proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
> > proposals_negotiate: score 2: ESN NONE
> > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > config_free_proposals: free 0x5a9541fef80
> > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom
> Lobby/OU=VPNC/CN=-->CA<---
> > ca_x509_subjectaltname_do: did not find subjectAltName in certificate
> > ca_getreq: found local certificate /C=US/ST=Texas/L=Dallas/O=Telecom
> Lobby/OU=VPNC/CN=-->CERT-US<---
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > ca_setauth: auth length 272
> > ca_validate_pubkey: could not open public key
> pubkeys/ufqdn/-->HOSTNAME-ES<---@-->CA<---
> > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom
> Lobby/OU=VPNC/CN=-->HOST_ES<-- ok
> > ikev2_getimsgdata: imsg 22 rspi 0xf2df80a5dd2f5b33 ispi
> 0xc870f2a5b428b6b1 initiator 0 sa valid type 4 data length 1065
> > ikev2_dispatch_cert: cert type X509_CERT length 1065, ok
> > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 28 rspi 0xf2df80a5dd2f5b33 ispi
> 0xc870f2a5b428b6b1 initiator 0 sa valid type 14 data length 272
> > ikev2_dispatch_cert: AUTH type 14 len 272
> > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 23 rspi 0xf2df80a5dd2f5b33 ispi
> 0xc870f2a5b428b6b1 initiator 0 sa valid type 4 data length 1085
> > ikev2_msg_auth: initiator auth data length 1120
> > c870f2a5 b428b6b1 00000000 00000000 21202208 00000000 00000420 22000340
> > 02000160 01010025 0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0
> > 0300000c 0100000c 800e0100 0300000c 01000017 800e0080 0300000c 01000017
> > 800e00c0 0300000c 01000017 800e0100 0300000c 0100000d 800e0080 0300000c
> > 0100000d 800e00c0 0300000c 0100000d 800e0100 0300000c 01000018 800e0080
> > 0300000c 01000018 800e00c0 0300000c 01000018 800e0100 03000008 01000003
> > 03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008 03000002
> > 03000008 03000005 03000008 03000008 03000008 02000005 03000008 02000006
> > 03000008 02000007 03000008 02000004 03000008 02000008 03000008 02000002
> > 03000008 04000013 03000008 04000014 03000008 04000015 03000008 0400001c
> > 03000008 0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f
> > 03000008 04000010 03000008 04000011 03000008 04000012 00000008 0400000e
> > 000001dc 0201002d 0300000c 01000014 800e0080 0300000c 01000014 800e00c0
> > 0300000c 01000014 800e0100 0300000c 01000010 800e0080 0300000c 01000010
> > 800e00c0 0300000c 01000010 800e0100 0300000c 0100001b 800e0080 0300000c
> > 0100001b 800e00c0 0300000c 0100001b 800e0100 0300000c 01000013 800e0080
> > 0300000c 01000013 800e00c0 0300000c 01000013 800e0100 0300000c 01000012
> > 800e0080 0300000c 01000012 800e00c0 0300000c 01000012 800e0100 0300000c
> > 0100000e 800e0080 0300000c 0100000e 800e00c0 0300000c 0100000e 800e0100
> > 0300000c 0100000f 800e0080 0300000c 0100000f 800e00c0 0300000c 0100000f
> > 800e0100 0300000c 01000019 800e0080 0300000c 01000019 800e00c0 0300000c
> > 01000019 800e0100 0300000c 0100001a 800e0080 0300000c 0100001a 800e00c0
> > 0300000c 0100001a 800e0100 03000008 02000005 03000008 02000006 03000008
> > 02000007 03000008 02000004 03000008 02000008 03000008 02000002 03000008
> > 04000013 03000008 04000014 03000008 04000015 03000008 0400001c 03000008
> > 0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f 03000008
> > 04000010 03000008 04000011 03000008 04000012 00000008 0400000e 28000048
> > 00130000 fb4e28c8 2dc256a8 01f96855 47b989b8 bfe51d02 98dfc830 9a1926c2
> > ce43da18 825173f8 868e8e93 a0e15479 6648f94d df9bfcff 265f2894 369fac99
> > 1c5390d1 29000024 fbb057f9 39f8991c 6147e3d5 efab770e aa42ca1c 570af11f
> > f8af87db 2135edae 2900001c 00004004 5b9719db 93af37fd d1506d29 77b4314f
> > e99b3ba1 2900001c 00004005 26dbd4cc e1365f1a 20cc721b 776e76b4 d97f93c2
> > 29000008 0000402e 29000010 0000402f 00020003 00040005 00000008 00004016
> > 8ab04bee 544dc638 9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00
> > 403b497c 4a0d0e5f fe6ed31d a73a1254 d614ad46 17edb761 8297f711 a392cd2a
> > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > _dsa_verify_init: signature scheme 0 selected
> > ikev2_msg_authverify: authentication successful
> > spi=0xc870f2a5b428b6b1: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required
> 0x003b cert,certvalid,auth,authvalid,sa)
> > ikev2_dispatch_cert: peer certificate is valid
> > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa
> (required 0x003b cert,certvalid,auth,authvalid,sa)
> > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > spi=0xc870f2a5b428b6b1: sa_state: AUTH_SUCCESS -> VALID
> > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > ikev2_sa_tag: (0)
> > ikev2_childsa_negotiate: proposal 1
> > ikev2_childsa_negotiate: key material length 128
> > ikev2_prfplus: T1 with 32 bytes
> > 83d5aea1 7b9d8e9d ed5dec4e 98014a68 6061640a 0cb3b8e1 08d434ec 73fda0e1
> > ikev2_prfplus: T2 with 32 bytes
> > ada9ecd8 8df6b3e8 70876ed7 c15ac445 c312e014 68d52b74 f34309a7 3c258859
> > ikev2_prfplus: T3 with 32 bytes
> > 204947a0 28353211 2f785ea8 7630cf0b 5aca6258 d50b3ee6 cfa05415 2a0a74be
> > ikev2_prfplus: T4 with 32 bytes
> > e9dbc08b 1f79a9e3 7b1a1819 0aa5c10b fb473ff2 ae5b795b 4d77c92e 90b54df0
> > ikev2_prfplus: Tn with 128 bytes
> > 83d5aea1 7b9d8e9d ed5dec4e 98014a68 6061640a 0cb3b8e1 08d434ec 73fda0e1
> > ada9ecd8 8df6b3e8 70876ed7 c15ac445 c312e014 68d52b74 f34309a7 3c258859
> > 204947a0 28353211 2f785ea8 7630cf0b 5aca6258 d50b3ee6 cfa05415 2a0a74be
> > e9dbc08b 1f79a9e3 7b1a1819 0aa5c10b fb473ff2 ae5b795b 4d77c92e 90b54df0
> > pfkey_sa_getspi: spi 0x50e4e0d2
> > pfkey_sa_init: new spi 0x50e4e0d2
> > ikev2_next_payload: length 37 nextpayload CERT
> > ikev2_next_payload: length 1070 nextpayload AUTH
> > ikev2_next_payload: length 280 nextpayload CP
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > ikev2_add_proposals: length 40
> > ikev2_next_payload: length 44 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NONE
> > ikev2_next_payload: length 1540 nextpayload IDr
> > ikev2_msg_encrypt: decrypted length 1503
> > 25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
> > 792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
> > 7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
> > 311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
> > 06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
> > 656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
> > 03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
> > 32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
> > 03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
> > 070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
> > 79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
> > 6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
> > 00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
> > 5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
> > 87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
> > fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
> > 12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
> > afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
> > 99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
> > 39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
> > 1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
> > 25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
> > 00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
> > 0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
> > 73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
> > 0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
> > 0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
> > 6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
> > 06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
> > 7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
> > e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
> > 9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
> > 0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
> > 0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
> > ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
> > 2a864886 f70d0101 0b050048 38dd0031 679b58e6 3198f12b 36790423 7c44ad15
> > 55062882 53eb88f0 98f81065 60f1cb6d 3e5b19a3 77c526c7 70a37722 29f59bf0
> > 827ce545 6869bf34 fd54e8da 1d6e0d4a c7ab5ca1 d35fc212 b29e10c1 67da905f
> > 62ccc153 a311ec70 06d76408 1dac7f9c 17146925 3af25e99 a50f834f 04dc7234
> > 841be95e 86df2d9c 2caefb11 3e93a20a 8d270359 52b871a5 8ab383a8 0063a6e2
> > c800be60 dee87f89 692209e2 a3cea439 a82224af e96617ed 88a4e8c8 1dce4521
> > aa8e6033 36c0e628 aad05fb9 79beba3b abf0451d 5ee45b43 2316de10 389d9c2d
> > 15d9284a c3ddd1b6 ced8d74e 6d860332 57162dda 6434342f 04284f3a 6c6bc5c6
> > b4d8b4c3 deb06260 911d4429 00000802 00000029 00000800 00400721 00000800
> > 00400c2c 00002c00 00002801 03040350 e4e0d203 00000c01 00000c80 0e010003
> > 00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
> > 2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b
> > ikev2_msg_encrypt: padded length 1504
> > 25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
> > 792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
> > 7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
> > 311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
> > 06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
> > 656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
> > 03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
> > 32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
> > 03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
> > 070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
> > 79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
> > 6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
> > 00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
> > 5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
> > 87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
> > fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
> > 12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
> > afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
> > 99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
> > 39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
> > 1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
> > 25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
> > 00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
> > 0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
> > 73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
> > 0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
> > 0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
> > 6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
> > 06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
> > 7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
> > e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
> > 9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
> > 0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
> > 0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
> > ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
> > 2a864886 f70d0101 0b050048 38dd0031 679b58e6 3198f12b 36790423 7c44ad15
> > 55062882 53eb88f0 98f81065 60f1cb6d 3e5b19a3 77c526c7 70a37722 29f59bf0
> > 827ce545 6869bf34 fd54e8da 1d6e0d4a c7ab5ca1 d35fc212 b29e10c1 67da905f
> > 62ccc153 a311ec70 06d76408 1dac7f9c 17146925 3af25e99 a50f834f 04dc7234
> > 841be95e 86df2d9c 2caefb11 3e93a20a 8d270359 52b871a5 8ab383a8 0063a6e2
> > c800be60 dee87f89 692209e2 a3cea439 a82224af e96617ed 88a4e8c8 1dce4521
> > aa8e6033 36c0e628 aad05fb9 79beba3b abf0451d 5ee45b43 2316de10 389d9c2d
> > 15d9284a c3ddd1b6 ced8d74e 6d860332 57162dda 6434342f 04284f3a 6c6bc5c6
> > b4d8b4c3 deb06260 911d4429 00000802 00000029 00000800 00400721 00000800
> > 00400c2c 00002c00 00002801 03040350 e4e0d203 00000c01 00000c80 0e010003
> > 00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
> > 2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
> > ikev2_msg_encrypt: length 1504, padding 0, output length 1536
> > 7ff1a8ea afd7c75d 04856811 3cb768e0 a5beb593 6f4e064c f5b4d246 2e420a00
> > 40726193 cd22693a a16e690d 0c618a56 95ec3190 94ad4094 861c1d8e 0c6cd80e
> > 30012f5a 54e5726e b90af238 fc89de8f fa49211b d537b00a c74d2b76 eab44858
> > 64556ac2 49ac3aed 1fedf547 293034d9 5720e4b6 e0ec3a0a dd079e87 e57ea852
> > 915faed2 f08769ae abeba225 cab58ae1 f37db0e9 26799545 1c567644 56cfa02a
> > 4fe566f0 25d3dfd1 bb4284a8 c8d664ee bc2480fd 07a55302 bc5c7f00 50649002
> > ef3387c9 f9f9117f b20b1876 549668ea 682276c9 e22a07c7 15457a8b 4d201e28
> > 1618553c b66101eb 372f082f 8a32014a 60058d8d e62503d0 4d04312b 2d91be1d
> > 64a9299f 761b168b 32f21339 0ca59c66 552cdd40 09c7819c 9d3f0fea 37cd0145
> > 97264fdd 91511f67 56f5e4e1 574a7651 877a934f ab732db4 c57f8110 86258a5c
> > 83ca131c 250e4af0 4f37070d 80e052af c7f229ff 43fcfd86 b7dcf4ed a481a90a
> > f2b7b6b3 cd0f4e45 6ba21aa5 838786d2 e82f723a e5a7b741 e99fb521 880a39da
> > 860e05cc 7f3a133d 6c6e2813 41b6d6f9 7082eee0 073a630b b07e35c3 8aa11708
> > 4b3e0adb d274c12f 35a53783 a8bd0afb 8abb9a58 bee67d71 4394259a 23f37076
> > 120bef82 17144995 edc21c7f 628fe780 c951c173 02091175 bf6f5158 9fc29465
> > 9d019736 c0ecfc64 7a6ba117 0c1fcad6 84316d93 c57b61cf 88ef136d 652f5c88
> > 140ad285 6cf20c40 ca4534b3 dd9b1711 bd68cf01 a1e35205 c027e56b bbd9ac26
> > 5a243cce 764b6138 84b6fa34 8a8731c7 61a613ba ad6f31b4 b085e7be 6e574c6d
> > 748801cd 7906e85c 8a66329d 8948e688 93fef048 19968212 a895b4e7 241f21f5
> > 6b28fc07 0277e1f6 92b35cc9 70f818d9 10fcd24f b20623e5 2e9fe64b 185ee1c9
> > 44d6f7f6 b6acabf6 3348548a c891bdb9 98413b90 9ebbeb3d 816ee802 34a21900
> > f99e273c a61aa967 71fbebd1 a1570046 56eb4f74 edb8f879 7735d5cf 765f4f30
> > 1e0dbf65 11257b7a 40e221a0 562a0151 92a2c1ae 141ea28c d0f06549 b2f3ef4f
> > 84476513 7bcc2254 72fdffb2 cce1568a 95c3f994 3dcd5740 b25b7d2c f1b57223
> > e0a65192 8eec875d d613ddd8 b3a1ff8f f408c0a5 21a30d0f daf956e1 f2d257e7
> > e3643d9f 03562e92 d1769f9c b6d3ee0e 60454033 a79f88d9 8be80e9d 78229616
> > 2cbea059 44921f7b f5728a9c 0b615e5f 51113d61 53003714 eaadacef e5b9ac3f
> > ee48908f c8893ef1 dee7de2f b58739df d368ce61 7deac339 4965e9bc 58cd1fa3
> > 865b3bd3 453f3095 23db7b24 929112c2 ecd999fa 0516f5aa 67daaace 66fec9c8
> > 76cae89c ed4ca2e6 3c5a61d4 42b77dc7 5fda3326 7c32a825 b90af1f3 8df3d7d2
> > 479decd6 ed07435e 69d9da1f c655f1a9 418b03c3 05f8727c c28910dd b0ca62f6
> > f83c1ccc 04a805a0 389b4162 1da56acb e6be9e6e b644cd7b 8d8422da 6dd4a0cb
> > ecca809b da4f2cf4 fd96a5d2 1e15c189 8e7f4e32 32ee1d47 0f0e4fbc dc7ec75c
> > bcbdb974 f7979bef 4efdab1f 6d66ce5a caa03313 fd4ca295 6ec64370 5469f8de
> > 978295a2 a7b83cd3 2ae7965a 938ac9ba f2969e5b 2870d1b5 c7c9744f 577f9163
> > c38c57cd feac3244 cde6c706 4a900738 a702df1e 918264bf 76117e2c 45c78dcb
> > 51a392c5 ebbf040c c9c19aaf 92684f2c 3e6d2ed5 6867e356 76946ab7 51b93841
> > 3a04b3bc 283ca2ba b0b6dcdc c1e4ff71 4237f650 bbf0ebe5 1e74bebe 6fcb9ef2
> > 08519453 c798b5ae 6fbb4ec0 8a36066f dcf7586c 683aecb5 28fc5379 12dc1a56
> > 1fe57b65 70a86bd9 19a040cc acd3dc6b e55c284e 4686d410 764247ea 83f5606a
> > ac623293 6c4307fd e7e3efd6 a806ac4a 215212d4 1471efef 784b7a0b 0e755b38
> > 11287e0a 3df8ebc4 be05ec3f c3f7206c 25c54b8b efb88b5c fd4b35e1 3f5f281b
> > 4031af96 056554e0 817a25db e8d7912b ae378659 65bc1fd0 9b870474 78f4f0cc
> > f0d1ea91 f944eb6c 66744a93 d35c55d5 fba3b74b 0399b35f d8118c91 eb96472e
> > 4df4eef9 c99075f6 36c1528f 19328de6 de8503c1 1f86f34e 41e2ad1b cf8eb068
> > 385277f2 1027f1c3 710907c4 38253d83 10e77343 6f60b54f accc7dc9 db7ed987
> > 6ab58ee3 a35f4e29 b963fbc2 a5eaa5a7 b6923406 572c0fbe 5ae353ab 94d91d67
> > c21c1be8 6bc6d845 e764e413 e3926306 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: message length 1568
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202320 00000001 00000620 24000604
> > 7ff1a8ea afd7c75d 04856811 3cb768e0 a5beb593 6f4e064c f5b4d246 2e420a00
> > 40726193 cd22693a a16e690d 0c618a56 95ec3190 94ad4094 861c1d8e 0c6cd80e
> > 30012f5a 54e5726e b90af238 fc89de8f fa49211b d537b00a c74d2b76 eab44858
> > 64556ac2 49ac3aed 1fedf547 293034d9 5720e4b6 e0ec3a0a dd079e87 e57ea852
> > 915faed2 f08769ae abeba225 cab58ae1 f37db0e9 26799545 1c567644 56cfa02a
> > 4fe566f0 25d3dfd1 bb4284a8 c8d664ee bc2480fd 07a55302 bc5c7f00 50649002
> > ef3387c9 f9f9117f b20b1876 549668ea 682276c9 e22a07c7 15457a8b 4d201e28
> > 1618553c b66101eb 372f082f 8a32014a 60058d8d e62503d0 4d04312b 2d91be1d
> > 64a9299f 761b168b 32f21339 0ca59c66 552cdd40 09c7819c 9d3f0fea 37cd0145
> > 97264fdd 91511f67 56f5e4e1 574a7651 877a934f ab732db4 c57f8110 86258a5c
> > 83ca131c 250e4af0 4f37070d 80e052af c7f229ff 43fcfd86 b7dcf4ed a481a90a
> > f2b7b6b3 cd0f4e45 6ba21aa5 838786d2 e82f723a e5a7b741 e99fb521 880a39da
> > 860e05cc 7f3a133d 6c6e2813 41b6d6f9 7082eee0 073a630b b07e35c3 8aa11708
> > 4b3e0adb d274c12f 35a53783 a8bd0afb 8abb9a58 bee67d71 4394259a 23f37076
> > 120bef82 17144995 edc21c7f 628fe780 c951c173 02091175 bf6f5158 9fc29465
> > 9d019736 c0ecfc64 7a6ba117 0c1fcad6 84316d93 c57b61cf 88ef136d 652f5c88
> > 140ad285 6cf20c40 ca4534b3 dd9b1711 bd68cf01 a1e35205 c027e56b bbd9ac26
> > 5a243cce 764b6138 84b6fa34 8a8731c7 61a613ba ad6f31b4 b085e7be 6e574c6d
> > 748801cd 7906e85c 8a66329d 8948e688 93fef048 19968212 a895b4e7 241f21f5
> > 6b28fc07 0277e1f6 92b35cc9 70f818d9 10fcd24f b20623e5 2e9fe64b 185ee1c9
> > 44d6f7f6 b6acabf6 3348548a c891bdb9 98413b90 9ebbeb3d 816ee802 34a21900
> > f99e273c a61aa967 71fbebd1 a1570046 56eb4f74 edb8f879 7735d5cf 765f4f30
> > 1e0dbf65 11257b7a 40e221a0 562a0151 92a2c1ae 141ea28c d0f06549 b2f3ef4f
> > 84476513 7bcc2254 72fdffb2 cce1568a 95c3f994 3dcd5740 b25b7d2c f1b57223
> > e0a65192 8eec875d d613ddd8 b3a1ff8f f408c0a5 21a30d0f daf956e1 f2d257e7
> > e3643d9f 03562e92 d1769f9c b6d3ee0e 60454033 a79f88d9 8be80e9d 78229616
> > 2cbea059 44921f7b f5728a9c 0b615e5f 51113d61 53003714 eaadacef e5b9ac3f
> > ee48908f c8893ef1 dee7de2f b58739df d368ce61 7deac339 4965e9bc 58cd1fa3
> > 865b3bd3 453f3095 23db7b24 929112c2 ecd999fa 0516f5aa 67daaace 66fec9c8
> > 76cae89c ed4ca2e6 3c5a61d4 42b77dc7 5fda3326 7c32a825 b90af1f3 8df3d7d2
> > 479decd6 ed07435e 69d9da1f c655f1a9 418b03c3 05f8727c c28910dd b0ca62f6
> > f83c1ccc 04a805a0 389b4162 1da56acb e6be9e6e b644cd7b 8d8422da 6dd4a0cb
> > ecca809b da4f2cf4 fd96a5d2 1e15c189 8e7f4e32 32ee1d47 0f0e4fbc dc7ec75c
> > bcbdb974 f7979bef 4efdab1f 6d66ce5a caa03313 fd4ca295 6ec64370 5469f8de
> > 978295a2 a7b83cd3 2ae7965a 938ac9ba f2969e5b 2870d1b5 c7c9744f 577f9163
> > c38c57cd feac3244 cde6c706 4a900738 a702df1e 918264bf 76117e2c 45c78dcb
> > 51a392c5 ebbf040c c9c19aaf 92684f2c 3e6d2ed5 6867e356 76946ab7 51b93841
> > 3a04b3bc 283ca2ba b0b6dcdc c1e4ff71 4237f650 bbf0ebe5 1e74bebe 6fcb9ef2
> > 08519453 c798b5ae 6fbb4ec0 8a36066f dcf7586c 683aecb5 28fc5379 12dc1a56
> > 1fe57b65 70a86bd9 19a040cc acd3dc6b e55c284e 4686d410 764247ea 83f5606a
> > ac623293 6c4307fd e7e3efd6 a806ac4a 215212d4 1471efef 784b7a0b 0e755b38
> > 11287e0a 3df8ebc4 be05ec3f c3f7206c 25c54b8b efb88b5c fd4b35e1 3f5f281b
> > 4031af96 056554e0 817a25db e8d7912b ae378659 65bc1fd0 9b870474 78f4f0cc
> > f0d1ea91 f944eb6c 66744a93 d35c55d5 fba3b74b 0399b35f d8118c91 eb96472e
> > 4df4eef9 c99075f6 36c1528f 19328de6 de8503c1 1f86f34e 41e2ad1b cf8eb068
> > 385277f2 1027f1c3 710907c4 38253d83 10e77343 6f60b54f accc7dc9 db7ed987
> > 6ab58ee3 a35f4e29 b963fbc2 a5eaa5a7 b6923406 572c0fbe 5ae353ab 94d91d67
> > c21c1be8 6bc6d845 e764e413 e3926306 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: integrity checksum length 16
> > 30e79f7f ab81894a 42cb568b 642b8af6 761d35fa 65c0d308 c6e3fff7 81c202b7
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length
> 1568 response 1
> > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540
> > ikev2_msg_decrypt: IV length 16
> > 7ff1a8ea afd7c75d 04856811 3cb768e0
> > ikev2_msg_decrypt: encrypted payload length 1504
> > a5beb593 6f4e064c f5b4d246 2e420a00 40726193 cd22693a a16e690d 0c618a56
> > 95ec3190 94ad4094 861c1d8e 0c6cd80e 30012f5a 54e5726e b90af238 fc89de8f
> > fa49211b d537b00a c74d2b76 eab44858 64556ac2 49ac3aed 1fedf547 293034d9
> > 5720e4b6 e0ec3a0a dd079e87 e57ea852 915faed2 f08769ae abeba225 cab58ae1
> > f37db0e9 26799545 1c567644 56cfa02a 4fe566f0 25d3dfd1 bb4284a8 c8d664ee
> > bc2480fd 07a55302 bc5c7f00 50649002 ef3387c9 f9f9117f b20b1876 549668ea
> > 682276c9 e22a07c7 15457a8b 4d201e28 1618553c b66101eb 372f082f 8a32014a
> > 60058d8d e62503d0 4d04312b 2d91be1d 64a9299f 761b168b 32f21339 0ca59c66
> > 552cdd40 09c7819c 9d3f0fea 37cd0145 97264fdd 91511f67 56f5e4e1 574a7651
> > 877a934f ab732db4 c57f8110 86258a5c 83ca131c 250e4af0 4f37070d 80e052af
> > c7f229ff 43fcfd86 b7dcf4ed a481a90a f2b7b6b3 cd0f4e45 6ba21aa5 838786d2
> > e82f723a e5a7b741 e99fb521 880a39da 860e05cc 7f3a133d 6c6e2813 41b6d6f9
> > 7082eee0 073a630b b07e35c3 8aa11708 4b3e0adb d274c12f 35a53783 a8bd0afb
> > 8abb9a58 bee67d71 4394259a 23f37076 120bef82 17144995 edc21c7f 628fe780
> > c951c173 02091175 bf6f5158 9fc29465 9d019736 c0ecfc64 7a6ba117 0c1fcad6
> > 84316d93 c57b61cf 88ef136d 652f5c88 140ad285 6cf20c40 ca4534b3 dd9b1711
> > bd68cf01 a1e35205 c027e56b bbd9ac26 5a243cce 764b6138 84b6fa34 8a8731c7
> > 61a613ba ad6f31b4 b085e7be 6e574c6d 748801cd 7906e85c 8a66329d 8948e688
> > 93fef048 19968212 a895b4e7 241f21f5 6b28fc07 0277e1f6 92b35cc9 70f818d9
> > 10fcd24f b20623e5 2e9fe64b 185ee1c9 44d6f7f6 b6acabf6 3348548a c891bdb9
> > 98413b90 9ebbeb3d 816ee802 34a21900 f99e273c a61aa967 71fbebd1 a1570046
> > 56eb4f74 edb8f879 7735d5cf 765f4f30 1e0dbf65 11257b7a 40e221a0 562a0151
> > 92a2c1ae 141ea28c d0f06549 b2f3ef4f 84476513 7bcc2254 72fdffb2 cce1568a
> > 95c3f994 3dcd5740 b25b7d2c f1b57223 e0a65192 8eec875d d613ddd8 b3a1ff8f
> > f408c0a5 21a30d0f daf956e1 f2d257e7 e3643d9f 03562e92 d1769f9c b6d3ee0e
> > 60454033 a79f88d9 8be80e9d 78229616 2cbea059 44921f7b f5728a9c 0b615e5f
> > 51113d61 53003714 eaadacef e5b9ac3f ee48908f c8893ef1 dee7de2f b58739df
> > d368ce61 7deac339 4965e9bc 58cd1fa3 865b3bd3 453f3095 23db7b24 929112c2
> > ecd999fa 0516f5aa 67daaace 66fec9c8 76cae89c ed4ca2e6 3c5a61d4 42b77dc7
> > 5fda3326 7c32a825 b90af1f3 8df3d7d2 479decd6 ed07435e 69d9da1f c655f1a9
> > 418b03c3 05f8727c c28910dd b0ca62f6 f83c1ccc 04a805a0 389b4162 1da56acb
> > e6be9e6e b644cd7b 8d8422da 6dd4a0cb ecca809b da4f2cf4 fd96a5d2 1e15c189
> > 8e7f4e32 32ee1d47 0f0e4fbc dc7ec75c bcbdb974 f7979bef 4efdab1f 6d66ce5a
> > caa03313 fd4ca295 6ec64370 5469f8de 978295a2 a7b83cd3 2ae7965a 938ac9ba
> > f2969e5b 2870d1b5 c7c9744f 577f9163 c38c57cd feac3244 cde6c706 4a900738
> > a702df1e 918264bf 76117e2c 45c78dcb 51a392c5 ebbf040c c9c19aaf 92684f2c
> > 3e6d2ed5 6867e356 76946ab7 51b93841 3a04b3bc 283ca2ba b0b6dcdc c1e4ff71
> > 4237f650 bbf0ebe5 1e74bebe 6fcb9ef2 08519453 c798b5ae 6fbb4ec0 8a36066f
> > dcf7586c 683aecb5 28fc5379 12dc1a56 1fe57b65 70a86bd9 19a040cc acd3dc6b
> > e55c284e 4686d410 764247ea 83f5606a ac623293 6c4307fd e7e3efd6 a806ac4a
> > 215212d4 1471efef 784b7a0b 0e755b38 11287e0a 3df8ebc4 be05ec3f c3f7206c
> > 25c54b8b efb88b5c fd4b35e1 3f5f281b 4031af96 056554e0 817a25db e8d7912b
> > ae378659 65bc1fd0 9b870474 78f4f0cc f0d1ea91 f944eb6c 66744a93 d35c55d5
> > fba3b74b 0399b35f d8118c91 eb96472e 4df4eef9 c99075f6 36c1528f 19328de6
> > de8503c1 1f86f34e 41e2ad1b cf8eb068 385277f2 1027f1c3 710907c4 38253d83
> > 10e77343 6f60b54f accc7dc9 db7ed987 6ab58ee3 a35f4e29 b963fbc2 a5eaa5a7
> > b6923406 572c0fbe 5ae353ab 94d91d67 c21c1be8 6bc6d845 e764e413 e3926306
> > ikev2_msg_decrypt: integrity checksum length 16
> > 30e79f7f ab81894a 42cb568b 642b8af6
> > ikev2_msg_decrypt: integrity check succeeded
> > 30e79f7f ab81894a 42cb568b 642b8af6
> > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 0
> > 25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
> > 792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
> > 7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
> > 311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
> > 06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
> > 656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
> > 03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
> > 32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
> > 03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
> > 070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
> > 79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
> > 6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
> > 00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
> > 5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
> > 87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
> > fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
> > 12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
> > afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
> > 99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
> > 39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
> > 1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
> > 25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
> > 00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
> > 0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
> > 73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
> > 0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
> > 0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
> > 6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
> > 06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
> > 7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
> > e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
> > 9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
> > 0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
> > 0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
> > ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
> > 2a864886 f70d0101 0b050048 38dd0031 679b58e6 3198f12b 36790423 7c44ad15
> > 55062882 53eb88f0 98f81065 60f1cb6d 3e5b19a3 77c526c7 70a37722 29f59bf0
> > 827ce545 6869bf34 fd54e8da 1d6e0d4a c7ab5ca1 d35fc212 b29e10c1 67da905f
> > 62ccc153 a311ec70 06d76408 1dac7f9c 17146925 3af25e99 a50f834f 04dc7234
> > 841be95e 86df2d9c 2caefb11 3e93a20a 8d270359 52b871a5 8ab383a8 0063a6e2
> > c800be60 dee87f89 692209e2 a3cea439 a82224af e96617ed 88a4e8c8 1dce4521
> > aa8e6033 36c0e628 aad05fb9 79beba3b abf0451d 5ee45b43 2316de10 389d9c2d
> > 15d9284a c3ddd1b6 ced8d74e 6d860332 57162dda 6434342f 04284f3a 6c6bc5c6
> > b4d8b4c3 deb06260 911d4429 00000802 00000029 00000800 00400721 00000800
> > 00400c2c 00002c00 00002801 03040350 e4e0d203 00000c01 00000c80 0e010003
> > 00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
> > 2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
> > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00
> length 37
> > ikev2_pld_id: id UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
> > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical
> 0x00 length 1070
> > ikev2_pld_cert: type X509_CERT length 1065
> > 30820425 3082030d a0030201 0202082d 419f457a 39997e30 0d06092a 864886f7
> > 0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
> > 11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
> > 65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
> > 6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
> > 656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303231 32303931 3934355a
> > 170d3232 30323132 30393139 34355a30 73310b30 09060355 04061302 5553310e
> > 300c0603 5504080c 05546578 6173310f 300d0603 5504070c 0644616c 6c617331
> > 16301406 0355040a 0c0d5465 6c65636f 6d204c6f 62627931 0d300b06 0355040b
> > 0c045650 4e43311c 301a0603 5504030c 1375732e 74656c65 636f6d6c 6f626279
> > 2e636f6d 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
> > 02820101 00c784ff dbc6ca9a ab055597 5ce7484c 5f8b5417 aa700ac3 6cd1e397
> > ed2ee4ee f84c596f 06c3c5fa 21442658 7d21cefc 5efc87bd a9d6ab32 94609275
> > ff9c4079 2a2b4873 e34a6c79 7f374c14 f906b9bf 6a5bfef9 40de51b0 65be749b
> > 027450bb c0e27622 54fab93a e31d51d1 5d6f390c dd3112cf ea40fea6 5853323b
> > f49a99bb e29de6dc 6c42a438 89f7d125 f10568c9 a35cafb5 94ef78bc 12e7ac81
> > 86ac32f2 b242b093 1f67b67c 3509108e 50c857c1 4a6f99ad ddbb8ff0 9f38c134
> > 464115cc 086b0a7f 3656c529 14e92847 74ce82aa c90939d5 e327b0cd bf3c22f8
> > 644cec88 f1a1e44b e4ac5dc7 61cbbe9b d51b5b75 7c1e1eeb c42a0033 7ed0c1f9
> > 0476f644 75020301 0001a381 a83081a5 30130603 551d2504 0c300a06 082b0601
> > 05050703 02301d06 03551d0e 04160414 03e0e552 755300f3 5eb7ff71 c90bcd94
> > 778da6c4 301f0603 551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40
> > c58ee44f 50302806 03551d11 0421301f 811d7361 72617377 61746940 63612e74
> > 656c6563 6f6d6c6f 6262792e 636f6d30 24060960 86480186 f842010d 04171615
> > 47656e65 72617465 64206279 20526f75 7465724f 53300d06 092a8648 86f70d01
> > 010b0500 03820101 0028d738 60f9b6fe 28fce31f 93816f2e 39570762 ef665d53
> > ae0d1c24 865083c8 45d74f31 66a9199a 034db37d 826e06c8 93f29784 8d793c2c
> > b200fb35 ecfd38df fe926862 680a6145 39182c17 b83a7b11 8f89550a ab8fce59
> > d05a1aa2 182c5aa3 9c9aa04e 88a50faa c7cfaab4 6b51e223 be57c3bb aa727546
> > c67bb300 62c4db14 e86c058a d00213e3 8ee4d586 b2bc9d64 0bc421d6 ec33cbc3
> > a066df6b cb65a5df 729212a5 19e17178 44600b99 a4e00234 a29e2454 40f21cfb
> > 11282b68 0441a12e 3da23ee1 6467b6f1 ede20e22 59ae0235 c1f0feb6 48084db6
> > 76d53cbf 14512149 48d29928 88359c46 d2b0e98b 0facca74 5b4a3882 e7782f85
> > e8eb8fc5 e406736b 8a
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00
> length 280
> > ikev2_pld_auth: method SIG length 272
> > 0f300d06 092a8648 86f70d01 010b0500 4838dd00 31679b58 e63198f1 2b367904
> > 237c44ad 15550628 8253eb88 f098f810 6560f1cb 6d3e5b19 a377c526 c770a377
> > 2229f59b f0827ce5 456869bf 34fd54e8 da1d6e0d 4ac7ab5c a1d35fc2 12b29e10
> > c167da90 5f62ccc1 53a311ec 7006d764 081dac7f 9c171469 253af25e 99a50f83
> > 4f04dc72 34841be9 5e86df2d 9c2caefb 113e93a2 0a8d2703 5952b871 a58ab383
> > a80063a6 e2c800be 60dee87f 89692209 e2a3cea4 39a82224 afe96617 ed88a4e8
> > c81dce45 21aa8e60 3336c0e6 28aad05f b979beba 3babf045 1d5ee45b 432316de
> > 10389d9c 2d15d928 4ac3ddd1 b6ced8d7 4e6d8603 3257162d da643434 2f04284f
> > 3a6c6bc5 c6b4d8b4 c3deb062 60911d44
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_cp: type REPLY length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
> length 44
> > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
> spisize 4 xforms 3 spi 0x50e4e0d2
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
> length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->NODE_ES<-- end -->NODE_ES<--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00
> length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
> > spi=0xc870f2a5b428b6b1: send IKE_AUTH res 1 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 1568 bytes, NAT-T
> > pfkey_sa_add: update spi 0x50e4e0d2
> > ikev2_childsa_enable: loaded CHILD SA spi 0x50e4e0d2
> > pfkey_sa_add: add spi 0xcd21dd16
> > ikev2_childsa_enable: loaded CHILD SA spi 0xcd21dd16
> > ikev2_childsa_enable: loaded flow 0x5a9867fe000
> > ikev2_childsa_enable: loaded flow 0x5a987582c00
> > ikev2_childsa_enable: remember SA peer -->NODE_ES<--:4500
> > spi=0xc870f2a5b428b6b1: ikev2_childsa_enable: loaded SPIs: 0x50e4e0d2,
> 0xcd21dd16
> > spi=0xc870f2a5b428b6b1: ikev2_childsa_enable: loaded flows:
> ESP--->HOST-US<---/32=-->NODE_ES<--/32(47)
> > spi=0xc870f2a5b428b6b1: sa_state: VALID -> ESTABLISHED from
> -->NODE_ES<--:4500 to -->HOST-US<---:4500 policy '-->HOST_ES<--'
> > spi=0xc870f2a5b428b6b1: established peer
> -->NODE_ES<--:4500[UFQDN/-->HOSTNAME-ES<---@-->CA<---] local
> -->HOST-US<---:4500[UFQDN/-->HOSTNAME-US<---@-->CA<---] policy
> '-->HOST_ES<--' as responder
> > pfkey_sa_lookup: last_used 1614669104
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669119
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669134
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669149
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669164
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669179
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669194
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669210
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669224
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669239
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669254
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669270
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669284
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669300
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669315
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669330
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669344
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669360
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669375
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669390
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > ikev2_ike_sa_alive: IKE SA 0x5a9044b67d0 ispi 0xc870f2a5b428b6b1 rspi
> 0xf2df80a5dd2f5b33 last received 300 second(s) ago
> > ikev2_ike_sa_alive: sending alive check
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 4
> > 00000400
> > ikev2_msg_encrypt: padded length 16
> > 00000400 a1ad8c2c 1946be46 830e7b0b
> > ikev2_msg_encrypt: length 5, padding 11, output length 48
> > 2b312d0f 68b36c6c e309b44d 7dab37a5 d607cdf8 b4cfd029 38df9bd7 aa230b8b
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: message length 80
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202500 00000000 00000050 00000034
> > 2b312d0f 68b36c6c e309b44d 7dab37a5 d607cdf8 b4cfd029 38df9bd7 aa230b8b
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: integrity checksum length 16
> > 9b0ad9d9 503ed019 3966542a 639c15c5 610fbbf4 45293d65 faf1930d 30ba78e5
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 0
> length 80 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > 2b312d0f 68b36c6c e309b44d 7dab37a5
> > ikev2_msg_decrypt: encrypted payload length 16
> > d607cdf8 b4cfd029 38df9bd7 aa230b8b
> > ikev2_msg_decrypt: integrity checksum length 16
> > 9b0ad9d9 503ed019 3966542a 639c15c5
> > ikev2_msg_decrypt: integrity check succeeded
> > 9b0ad9d9 503ed019 3966542a 639c15c5
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
> > 00000400 a1ad8c2c 1946be46 830e7b0b
> > spi=0xc870f2a5b428b6b1: send INFORMATIONAL req 0 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, NAT-T
> > spi=0xc870f2a5b428b6b1: recv INFORMATIONAL res 0 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> > ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local
> -->HOST-US<---:4500
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 0
> length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > 098e5e89 f21396b3 7612b01f 54ab5af5
> > ikev2_msg_decrypt: encrypted payload length 16
> > 3c9c6aea c37f1ea7 24026fb9 68f21ae9
> > ikev2_msg_decrypt: integrity checksum length 16
> > f297a53b fc7d61e4 32e22f80 3684f269
> > ikev2_msg_decrypt: integrity check succeeded
> > f297a53b fc7d61e4 32e22f80 3684f269
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > 08e4f8bc d6e2f6c3 debca410 7ebe3b0f
> > pfkey_sa_lookup: last_used 1614669405
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669420
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669435
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669450
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669465
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669480
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669495
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669510
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669525
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669540
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669555
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669570
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669585
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669600
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669615
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669630
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669645
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669660
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669675
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669690
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > ikev2_ike_sa_alive: IKE SA 0x5a9044b67d0 ispi 0xc870f2a5b428b6b1 rspi
> 0xf2df80a5dd2f5b33 last received 300 second(s) ago
> > ikev2_ike_sa_alive: sending alive check
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 4
> > 00000400
> > ikev2_msg_encrypt: padded length 16
> > 00000400 e895a15d 7af30ca3 8baf180b
> > ikev2_msg_encrypt: length 5, padding 11, output length 48
> > e10b0852 75f0a9c8 176d6c73 9c47558d 5d065fbf ddbb52db ab936e1b 38ceda57
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: message length 80
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202500 00000001 00000050 00000034
> > e10b0852 75f0a9c8 176d6c73 9c47558d 5d065fbf ddbb52db ab936e1b 38ceda57
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: integrity checksum length 16
> > b740fda4 24d90007 1d26d512 49c7972e cf5bf202 cd20bb12 03a71190 3ce82d57
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 1
> length 80 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > e10b0852 75f0a9c8 176d6c73 9c47558d
> > ikev2_msg_decrypt: encrypted payload length 16
> > 5d065fbf ddbb52db ab936e1b 38ceda57
> > ikev2_msg_decrypt: integrity checksum length 16
> > b740fda4 24d90007 1d26d512 49c7972e
> > ikev2_msg_decrypt: integrity check succeeded
> > b740fda4 24d90007 1d26d512 49c7972e
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
> > 00000400 e895a15d 7af30ca3 8baf180b
> > spi=0xc870f2a5b428b6b1: send INFORMATIONAL req 1 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, NAT-T
> > spi=0xc870f2a5b428b6b1: recv INFORMATIONAL res 1 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> > ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local
> -->HOST-US<---:4500
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 1
> length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > 3af2f89c 87965512 cb06ef0b f03caad7
> > ikev2_msg_decrypt: encrypted payload length 16
> > 2f22f16c 78053499 877b65da 8391ba92
> > ikev2_msg_decrypt: integrity checksum length 16
> > b5d4e613 9e412724 0fccc221 49fc1ad9
> > ikev2_msg_decrypt: integrity check succeeded
> > b5d4e613 9e412724 0fccc221 49fc1ad9
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > 00088f46 8b1ae3d0 94218323 4519900f
> > pfkey_sa_lookup: last_used 1614669705
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669720
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669735
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669750
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669765
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669780
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669795
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669810
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669826
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669840
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669855
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669870
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669885
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669899
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 2
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669915
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669931
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669945
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669960
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669975
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614669989
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 2
> second(s) ago
> > ikev2_ike_sa_alive: IKE SA 0x5a9044b67d0 ispi 0xc870f2a5b428b6b1 rspi
> 0xf2df80a5dd2f5b33 last received 300 second(s) ago
> > ikev2_ike_sa_alive: sending alive check
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 4
> > 00000400
> > ikev2_msg_encrypt: padded length 16
> > 00000400 9d0e58d0 25a63b09 3ff7560b
> > ikev2_msg_encrypt: length 5, padding 11, output length 48
> > aeff7c47 9c79483b 0d1a9747 93c39522 ba8da05f 0c294394 44ef8b03 84471b09
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: message length 80
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202500 00000002 00000050 00000034
> > aeff7c47 9c79483b 0d1a9747 93c39522 ba8da05f 0c294394 44ef8b03 84471b09
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: integrity checksum length 16
> > 0765f1e9 2136aef6 fcb4dfbe 2f459d77 1e23825b 0cc83fc2 2fb4f9f8 70c171cb
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 2
> length 80 response 0
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > aeff7c47 9c79483b 0d1a9747 93c39522
> > ikev2_msg_decrypt: encrypted payload length 16
> > ba8da05f 0c294394 44ef8b03 84471b09
> > ikev2_msg_decrypt: integrity checksum length 16
> > 0765f1e9 2136aef6 fcb4dfbe 2f459d77
> > ikev2_msg_decrypt: integrity check succeeded
> > 0765f1e9 2136aef6 fcb4dfbe 2f459d77
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
> > 00000400 9d0e58d0 25a63b09 3ff7560b
> > spi=0xc870f2a5b428b6b1: send INFORMATIONAL req 2 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, NAT-T
> > spi=0xc870f2a5b428b6b1: recv INFORMATIONAL res 2 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> > ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local
> -->HOST-US<---:4500
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 2
> length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > bb18234b c5209d86 cab8e1b8 984a1ece
> > ikev2_msg_decrypt: encrypted payload length 16
> > e3259382 97db3f63 c34057e3 15ea1413
> > ikev2_msg_decrypt: integrity checksum length 16
> > e2f2f174 3ba4468a 16b45c95 729d837a
> > ikev2_msg_decrypt: integrity check succeeded
> > e2f2f174 3ba4468a 16b45c95 729d837a
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > 79f4de00 742e3c58 e1b6d904 e359250f
> > pfkey_sa_lookup: last_used 1614670006
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670019
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 2
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670036
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670051
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670065
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670081
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670096
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670111
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670126
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670141
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670156
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_process: SA 0x50e4e0d2 is expired, pending rekeying
> > ikev2_send_create_child_sa: rekeying ESP spi 0xcd21dd16
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > config_free_proposals: free 0x5a9867f8000
> > pfkey_sa_getspi: spi 0x72f660e2
> > pfkey_sa_init: new spi 0x72f660e2
> > ikev2_add_proposals: length 56
> > ikev2_next_payload: length 60 nextpayload NONCE
> > ikev2_send_create_child_sa: enable PFS
> > ikev2_next_payload: length 36 nextpayload KE
> > ikev2_next_payload: length 72 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NOTIFY
> > ikev2_next_payload: length 12 nextpayload NONE
> > ikev2_next_payload: length 276 nextpayload NOTIFY
> > ikev2_msg_encrypt: decrypted length 236
> > 21000008 00004007 2800003c 00000038 01030405 72f660e2 03000008 0300000c
> > 0300000c 0100000c 800e0100 03000008 04000013 03000008 05000001 00000008
> > 05000000 22000024 0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7
> > 17d708f3 9986cb41 2c000048 00130000 0c9f34bb 6a8613f1 7b11b8f3 ee313c82
> > bd5de5fb c04e87fc f3494bf9 e7451173 64318c0b ada04af1 9f7232a8 849000ac
> > 932d27a6 be4c36c0 ee7369c2 990458b0 2d000018 01000000 072f0010 0000ffff
> > 9b8af71b 9b8af71b 29000018 01000000 072f0010 0000ffff 512c202f 512c202f
> > 0000000c 03044009 50e4e0d2
> > ikev2_msg_encrypt: padded length 240
> > 21000008 00004007 2800003c 00000038 01030405 72f660e2 03000008 0300000c
> > 0300000c 0100000c 800e0100 03000008 04000013 03000008 05000001 00000008
> > 05000000 22000024 0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7
> > 17d708f3 9986cb41 2c000048 00130000 0c9f34bb 6a8613f1 7b11b8f3 ee313c82
> > bd5de5fb c04e87fc f3494bf9 e7451173 64318c0b ada04af1 9f7232a8 849000ac
> > 932d27a6 be4c36c0 ee7369c2 990458b0 2d000018 01000000 072f0010 0000ffff
> > 9b8af71b 9b8af71b 29000018 01000000 072f0010 0000ffff 512c202f 512c202f
> > 0000000c 03044009 50e4e0d2 23d9b303
> > ikev2_msg_encrypt: length 237, padding 3, output length 272
> > 9b19b441 8be31824 8fcf386f c5fdfbf8 de756819 fa06af94 ffab7cf5 c34a5cb9
> > f4844390 40907313 1201a314 f4b7702b 03d9b0cb f6938ff9 f460c551 1ec06c01
> > 6b2abc03 8434baa6 e89c503b b3252c15 3c95ce24 a63c4963 fec095a6 ae3b230f
> > b4dcd83b 91b461fe 02289ab9 f9e6bc01 b0c543e5 b354a5ce bdfb6718 bd87b019
> > 72854b1c 08f7fd02 744698cb 11024f01 dddaf26e d785a037 de3091e2 619b9334
> > ee5c95d6 bad6dcbc 502cd96e 44cca3b0 6e339ae9 77be5a60 78dd46c6 48b94d38
> > 839415dd 34f5e351 024cee34 035577fe 281d3b01 0f2342f9 589705ca 0b9ff7cc
> > ace0e94d 3eda4cc2 1ba8b896 014390b9 f1ac616f f738c1c0 431e4cab 75edaa68
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: message length 304
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202400 00000003 00000130 29000114
> > 9b19b441 8be31824 8fcf386f c5fdfbf8 de756819 fa06af94 ffab7cf5 c34a5cb9
> > f4844390 40907313 1201a314 f4b7702b 03d9b0cb f6938ff9 f460c551 1ec06c01
> > 6b2abc03 8434baa6 e89c503b b3252c15 3c95ce24 a63c4963 fec095a6 ae3b230f
> > b4dcd83b 91b461fe 02289ab9 f9e6bc01 b0c543e5 b354a5ce bdfb6718 bd87b019
> > 72854b1c 08f7fd02 744698cb 11024f01 dddaf26e d785a037 de3091e2 619b9334
> > ee5c95d6 bad6dcbc 502cd96e 44cca3b0 6e339ae9 77be5a60 78dd46c6 48b94d38
> > 839415dd 34f5e351 024cee34 035577fe 281d3b01 0f2342f9 589705ca 0b9ff7cc
> > ace0e94d 3eda4cc2 1ba8b896 014390b9 f1ac616f f738c1c0 431e4cab 75edaa68
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: integrity checksum length 16
> > a564b06e d741f47e 79ea50fd 27e6de1c 94dc42c9 5dffdc5d b9b1b2bd be00a9a6
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x00 msgid 3
> length 304 response 0
> > ikev2_pld_payloads: payload SK nextpayload NOTIFY critical 0x00 length
> 276
> > ikev2_msg_decrypt: IV length 16
> > 9b19b441 8be31824 8fcf386f c5fdfbf8
> > ikev2_msg_decrypt: encrypted payload length 240
> > de756819 fa06af94 ffab7cf5 c34a5cb9 f4844390 40907313 1201a314 f4b7702b
> > 03d9b0cb f6938ff9 f460c551 1ec06c01 6b2abc03 8434baa6 e89c503b b3252c15
> > 3c95ce24 a63c4963 fec095a6 ae3b230f b4dcd83b 91b461fe 02289ab9 f9e6bc01
> > b0c543e5 b354a5ce bdfb6718 bd87b019 72854b1c 08f7fd02 744698cb 11024f01
> > dddaf26e d785a037 de3091e2 619b9334 ee5c95d6 bad6dcbc 502cd96e 44cca3b0
> > 6e339ae9 77be5a60 78dd46c6 48b94d38 839415dd 34f5e351 024cee34 035577fe
> > 281d3b01 0f2342f9 589705ca 0b9ff7cc ace0e94d 3eda4cc2 1ba8b896 014390b9
> > f1ac616f f738c1c0 431e4cab 75edaa68
> > ikev2_msg_decrypt: integrity checksum length 16
> > a564b06e d741f47e 79ea50fd 27e6de1c
> > ikev2_msg_decrypt: integrity check succeeded
> > a564b06e d741f47e 79ea50fd 27e6de1c
> > ikev2_msg_decrypt: decrypted payload length 240/240 padding 3
> > 21000008 00004007 2800003c 00000038 01030405 72f660e2 03000008 0300000c
> > 0300000c 0100000c 800e0100 03000008 04000013 03000008 05000001 00000008
> > 05000000 22000024 0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7
> > 17d708f3 9986cb41 2c000048 00130000 0c9f34bb 6a8613f1 7b11b8f3 ee313c82
> > bd5de5fb c04e87fc f3494bf9 e7451173 64318c0b ada04af1 9f7232a8 849000ac
> > 932d27a6 be4c36c0 ee7369c2 990458b0 2d000018 01000000 072f0010 0000ffff
> > 9b8af71b 9b8af71b 29000018 01000000 072f0010 0000ffff 512c202f 512c202f
> > 0000000c 03044009 50e4e0d2 23d9b303
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload NONCE critical 0x00
> length 60
> > ikev2_pld_sa: more 0 reserved 0 length 56 proposal #1 protoid ESP
> spisize 4 xforms 5 spi 0x72f660e2
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload NONCE nextpayload KE critical 0x00
> length 36
> > 0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7 17d708f3 9986cb41
> > ikev2_pld_payloads: decrypted payload KE nextpayload TSi critical 0x00
> length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > 0c9f34bb 6a8613f1 7b11b8f3 ee313c82 bd5de5fb c04e87fc f3494bf9 e7451173
> > 64318c0b ada04af1 9f7232a8 849000ac 932d27a6 be4c36c0 ee7369c2 990458b0
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
> length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical
> 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->NODE_ES<-- end -->NODE_ES<--
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical
> 0x00 length 12
> > ikev2_pld_notify: protoid ESP spisize 4 type REKEY_SA
> > 50e4e0d2
> > spi=0xc870f2a5b428b6b1: send CREATE_CHILD_SA req 3 peer
> -->NODE_ES<--:4500 local -->HOST-US<---:4500, 304 bytes, NAT-T
> > spi=0xc870f2a5b428b6b1: recv CREATE_CHILD_SA res 3 peer
> -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, policy
> '-->HOST_ES<--'
> > ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> > ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local
> -->HOST-US<---:4500
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x28 msgid 3
> length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NOTIFY critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > f0330e71 1ca719b2 11c706d3 8e74ff52
> > ikev2_msg_decrypt: encrypted payload length 16
> > 9aa48498 9152ec11 a1321ebe 262e1c76
> > ikev2_msg_decrypt: integrity checksum length 16
> > 717c939c 28dbd813 708ad9da 61a3defe
> > ikev2_msg_decrypt: integrity check succeeded
> > 717c939c 28dbd813 708ad9da 61a3defe
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 7
> > 00000008 0000000e ed803db5 5ab03507
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type NO_PROPOSAL_CHOSEN
> > ikev2_init_create_child_sa: no proposal specified
> > pfkey_sa_lookup: last_used 1614670171
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_process: SA 0xcd21dd16 is expired, pending rekeying
> > pfkey_process: SA 0xcd21dd16 is expired, pending rekeying
> > pfkey_sa_lookup: last_used 1614670186
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > pfkey_process: SA 0xcd21dd16 is expired, pending deletion
> > pfkey_process: acquire request (peer -->NODE_ES<--)
> > pfkey_process: flow out from -->HOST-US<---/255.255.255.255 to
> -->NODE_ES<--/255.255.255.255 via -->NODE_ES<--
> > ikev2_child_sa_acquire: flow wasn't found
> > pfkey_sa_lookup: last_used 1614670201
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0
> second(s) ago
> > spi=0xc870f2a5b428b6b1: recv INFORMATIONAL req 2 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> > ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local
> -->HOST-US<---:4500
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x08 msgid 2
> length 80 response 0
> > ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > 8c87aeac 8fc555ba c6b7aa49 9ceb4468
> > ikev2_msg_decrypt: encrypted payload length 16
> > 0b2fcbaf 102c6cfb 4c2b5095 7e770c09
> > ikev2_msg_decrypt: integrity checksum length 16
> > 918adecd 4ffa503a 4db392e0 5a144c50
> > ikev2_msg_decrypt: integrity check succeeded
> > 918adecd 4ffa503a 4db392e0 5a144c50
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 7
> > 00000008 01000000 33a40e78 fa036607
> > ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE critical
> 0x00 length 8
> > ikev2_pld_delete: proto IKE spisize 0 nspi 0
> > ikev2_next_payload: length 4 nextpayload NONE
> > ikev2_next_payload: length 52 nextpayload NONE
> > ikev2_msg_encrypt: decrypted length 4
> > 00000004
> > ikev2_msg_encrypt: padded length 16
> > 00000004 def17d0c 56e9d3ed 8a341c0b
> > ikev2_msg_encrypt: length 5, padding 11, output length 48
> > d546de2a 455c665e 381669aa 5de37429 466b682e 45825b85 e861c0be 42439b80
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: message length 80
> > c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202520 00000002 00000050 00000034
> > d546de2a 455c665e 381669aa 5de37429 466b682e 45825b85 e861c0be 42439b80
> > 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: integrity checksum length 16
> > a0babe4e 7861e19a e0b86310 5dedacc6 f2db6289 ba443935 83dc37c5 1807baed
> > ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
> nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x20 msgid 2
> length 80 response 1
> > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
> > ikev2_msg_decrypt: IV length 16
> > d546de2a 455c665e 381669aa 5de37429
> > ikev2_msg_decrypt: encrypted payload length 16
> > 466b682e 45825b85 e861c0be 42439b80
> > ikev2_msg_decrypt: integrity checksum length 16
> > a0babe4e 7861e19a e0b86310 5dedacc6
> > ikev2_msg_decrypt: integrity check succeeded
> > a0babe4e 7861e19a e0b86310 5dedacc6
> > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
> > 00000004 def17d0c 56e9d3ed 8a341c0b
> > spi=0xc870f2a5b428b6b1: send INFORMATIONAL res 2 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 80 bytes, NAT-T
> > spi=0xc870f2a5b428b6b1: ikev2_ikesa_recv_delete: received delete
> > spi=0xc870f2a5b428b6b1: sa_state: ESTABLISHED -> CLOSED from
> -->NODE_ES<--:4500 to -->HOST-US<---:4500 policy '-->HOST_ES<--'
> > ikev2_recv: closing SA
> > spi=0xc870f2a5b428b6b1: sa_free: received delete
> > config_free_proposals: free 0x5a932127f00
> > config_free_proposals: free 0x5a8ff545e00
> > config_free_childsas: free 0x5a9044b8900
> > config_free_childsas: free 0x5a9867f7600
> > pfkey_reply: message: No such process
> > pfkey_sa_lookup: message: No such process
> > sa_free_flows: free 0x5a9867fe000
> > sa_free_flows: free 0x5a987582c00
> > policy_lookup: setting policy '-->HOST_ES<--'
> > spi=0x0469346daf3de27d: recv IKE_SA_INIT req 0 peer -->NODE_ES<--:500
> local -->HOST-US<---:500, 1056 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0x0469346daf3de27d rspi 0x0000000000000000
> > ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
> > ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0000000000000000
> nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length
> 1056 response 0
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832
> > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE
> spisize 0 xforms 37 spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE
> spisize 0 xforms 45 spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > 1d7e318b 838e8797 aba3010d 3739e240 84dbfd09 5567a715 7e8ea13a 16bd8693
> > d56d97e1 7b683f88 057b66d5 64f10592 3bfa482b 28216145 09de4ff5 36f7e3cd
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > cbba93f2 c39b68d3 8fdec633 369fb0f0 766b97d8 ac6c7175 4edfc408 ec3c8805
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > 2cae4948 7eb54c08 73046c2c 4f162702 662f6758
> > ikev2_nat_detection: peer source 0x0469346daf3de27d 0x0000000000000000
> -->NODE_ES<--:500
> > 2cae4948 7eb54c08 73046c2c 4f162702 662f6758
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > e284914c eab8f0ba 6dd9e5f7 778e6b29 cbade815
> > ikev2_nat_detection: peer destination 0x0469346daf3de27d
> 0x0000000000000000 -->HOST-US<---:500
> > e284914c eab8f0ba 6dd9e5f7 778e6b29 cbade815
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 16
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > 00020003 00040005
> > ikev2_pld_notify: signature hash SHA2_256 (2)
> > ikev2_pld_notify: signature hash SHA2_384 (3)
> > ikev2_pld_notify: signature hash SHA2_512 (4)
> > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length
> 8
> > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 0 <-> 256)
> > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 0
> > policy_lookup: setting policy '-->HOST_ES<--'
> > spi=0x0469346daf3de27d: sa_state: INIT -> SA_INIT
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 0 <-> 256)
> > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 0
> > proposals_negotiate: score 1: ENCR AES_CBC 256
> > proposals_negotiate: score 1: PRF HMAC_SHA2_256
> > proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
> > proposals_negotiate: score 1: DH ECP_256
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > spi=0x0469346daf3de27d: ikev2_sa_keys: DHSECRET with 32 bytes
> > 85400aed ec698cf4 f9781c41 acd9a6d7 75e4d15e f9fa70ad bd5fee34 358b8bb0
> > ikev2_sa_keys: SKEYSEED with 32 bytes
> > f568d3a3 a960b4dd 50be9f34 098162f1 56c40230 5dc51757 1bc82b2a abe3bdd5
> > spi=0x0469346daf3de27d: ikev2_sa_keys: S with 80 bytes
> > cbba93f2 c39b68d3 8fdec633 369fb0f0 766b97d8 ac6c7175 4edfc408 ec3c8805
> > 88dca6c3 8051bf74 ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208
> > 0469346d af3de27d 0d2bd80b 33716e8b
> > ikev2_prfplus: T1 with 32 bytes
> > c0ae9a37 129b2cc3 0d83006c 2afb01f8 2b5c8ebd 67585b2b ddc9bb61 ea2eb6fa
> > ikev2_prfplus: T2 with 32 bytes
> > 9ec450df 74326293 a9c587d3 7f6e23e0 0d5654d3 edcea7df dd366711 3874724a
> > ikev2_prfplus: T3 with 32 bytes
> > a4d3ba72 8b8beb78 56bc8f78 66f22302 2500b7e8 8d916586 32118690 d751a61d
> > ikev2_prfplus: T4 with 32 bytes
> > 3c0bf6e0 1445f394 39b7ae35 f41d6c19 42c81809 b8d01ade f24232df f9c40182
> > ikev2_prfplus: T5 with 32 bytes
> > 25d402ae 439bb7b1 ff22d407 fdcce54e 696a2d22 579d56c4 58a032ed 239e5311
> > ikev2_prfplus: T6 with 32 bytes
> > bc6f8ff9 675d15f0 c797d786 a9ce9941 8c19fbd8 e3d1d1a2 56a70d82 e8343dfe
> > ikev2_prfplus: T7 with 32 bytes
> > 61816249 6c0b01dd 2778ee58 f1b82251 6174bf7f 0f71c813 b059405a 11561fb4
> > ikev2_prfplus: Tn with 224 bytes
> > c0ae9a37 129b2cc3 0d83006c 2afb01f8 2b5c8ebd 67585b2b ddc9bb61 ea2eb6fa
> > 9ec450df 74326293 a9c587d3 7f6e23e0 0d5654d3 edcea7df dd366711 3874724a
> > a4d3ba72 8b8beb78 56bc8f78 66f22302 2500b7e8 8d916586 32118690 d751a61d
> > 3c0bf6e0 1445f394 39b7ae35 f41d6c19 42c81809 b8d01ade f24232df f9c40182
> > 25d402ae 439bb7b1 ff22d407 fdcce54e 696a2d22 579d56c4 58a032ed 239e5311
> > bc6f8ff9 675d15f0 c797d786 a9ce9941 8c19fbd8 e3d1d1a2 56a70d82 e8343dfe
> > 61816249 6c0b01dd 2778ee58 f1b82251 6174bf7f 0f71c813 b059405a 11561fb4
> > ikev2_sa_keys: SK_d with 32 bytes
> > c0ae9a37 129b2cc3 0d83006c 2afb01f8 2b5c8ebd 67585b2b ddc9bb61 ea2eb6fa
> > ikev2_sa_keys: SK_ai with 32 bytes
> > 9ec450df 74326293 a9c587d3 7f6e23e0 0d5654d3 edcea7df dd366711 3874724a
> > ikev2_sa_keys: SK_ar with 32 bytes
> > a4d3ba72 8b8beb78 56bc8f78 66f22302 2500b7e8 8d916586 32118690 d751a61d
> > ikev2_sa_keys: SK_ei with 32 bytes
> > 3c0bf6e0 1445f394 39b7ae35 f41d6c19 42c81809 b8d01ade f24232df f9c40182
> > ikev2_sa_keys: SK_er with 32 bytes
> > 25d402ae 439bb7b1 ff22d407 fdcce54e 696a2d22 579d56c4 58a032ed 239e5311
> > ikev2_sa_keys: SK_pi with 32 bytes
> > bc6f8ff9 675d15f0 c797d786 a9ce9941 8c19fbd8 e3d1d1a2 56a70d82 e8343dfe
> > ikev2_sa_keys: SK_pr with 32 bytes
> > 61816249 6c0b01dd 2778ee58 f1b82251 6174bf7f 0f71c813 b059405a 11561fb4
> > ikev2_add_proposals: length 44
> > ikev2_next_payload: length 48 nextpayload KE
> > ikev2_next_payload: length 72 nextpayload NONCE
> > ikev2_next_payload: length 36 nextpayload NOTIFY
> > ikev2_nat_detection: local source 0x0469346daf3de27d 0x0d2bd80b33716e8b
> -->HOST-US<---:500
> > ikev2_next_payload: length 28 nextpayload NOTIFY
> > ikev2_nat_detection: local destination 0x0469346daf3de27d
> 0x0d2bd80b33716e8b -->NODE_ES<--:500
> > ikev2_next_payload: length 28 nextpayload CERTREQ
> > ikev2_add_certreq: type X509_CERT length 21
> > ikev2_next_payload: length 25 nextpayload NOTIFY
> > ikev2_next_payload: length 14 nextpayload NONE
> > ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b
> nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length
> 279 response 1
> > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
> > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi 0
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
> > ikev2_pld_ke: dh group ECP_256 reserved 0
> > ed32cc33 a1c1f3e4 c329be29 204ed03e 6e9e1876 83f5091a 473e6760 1094d7b0
> > bd194dab ae9679cd 8cbd9274 c5fe49ff 7052d6af 0a88ce33 9572aea8 88f00245
> > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > 88dca6c3 8051bf74 ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208
> > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
> > 53c4df3b fb1245a1 7e79116a f711383f 30f19a17
> > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00
> length 28
> > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > df418d07 a3ae1d49 debedc53 f3a64f26 bcb0aeee
> > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00
> length 25
> > ikev2_pld_certreq: type X509_CERT length 20
> > d240096d 782460df c9e68072 dc0bc444 6fab51ba
> > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length
> 14
> > ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
> > 00020003 0004
> > spi=0x0469346daf3de27d: send IKE_SA_INIT res 0 peer -->NODE_ES<--:500
> local -->HOST-US<---:500, 279 bytes
> > config_free_proposals: free 0x5a9867f8480
> > config_free_proposals: free 0x5a932127e00
> > spi=0x0469346daf3de27d: recv IKE_AUTH req 1 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 1792 bytes, policy '-->HOST_ES<--'
> > ikev2_recv: ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b
> > ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local
> -->HOST-US<---:4500
> > ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b
> nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length
> 1792 response 0
> > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764
> > ikev2_msg_decrypt: IV length 16
> > 3ab9b7a7 c53cf175 201483ab f719c3a6
> > ikev2_msg_decrypt: encrypted payload length 1728
> > 71d82e3d bcb3dd1e 44dc8360 f0895157 68d711b0 ca25d1ab 1f4b5139 a8104ab7
> > c2be9030 d3e9a339 93f6815e 398e0f83 748a4438 f1b6abe4 d800d343 30e1045c
> > 24b0d620 a0b3cfa1 8602f509 e9896b1b 4fc27cf5 567abd71 7bd6f3f2 0faaf017
> > 933c0cdf 217310f0 befdcacd 47aa9be7 7f7d4d73 f8ab43c9 42c99821 157f5d1f
> > 2a712831 df96db60 109ab5f9 777426cc 120300f9 96ef0585 4f66398c 8679e11f
> > 19f91412 01aede10 c2cbadba 788def8e 7472bb67 fcecb977 43358063 c803aa43
> > 4c7eec63 67174a5b 95298973 1cdbf33f af02e173 fbd843ea 724ae857 0397351c
> > 414d3ecc c356404e 017886f3 efd3d705 756ea808 cdb13e9a 3b70164e e39b72cb
> > f21e90d3 057a30d6 332629fb c2c36fd9 139856de e5d53aa8 74f6889b 5e544fb2
> > 338b4ff7 fa49f74c fd06315c d6af3e23 4a0de970 1f39bf8d b3b5a42a 257c070e
> > f02f2bd6 605d8674 be9ea508 741c6a3a c23d6909 4a81a7c0 98fd3a4b 35ddca23
> > 387afc0b a41d0dac 72ee952f dda2f04d 859de283 f313650f 91d7c50d 6a69f26b
> > 2669e1b9 95a59413 cbe0b04c a2078bcf 74959f9a e3574a85 77900304 a3db1f8c
> > 2632d613 56b7eaf1 ce0e1410 734c3dfd 69fe77bd 254f8fda d02ce9cd e9998073
> > fa830760 c13abe96 7739d21b 0abea39c f5fed6ad 321f5552 1c1c9d60 12f37ecd
> > a5fa8639 fe9c143c c569662e c43c7d0b 6c022d91 082cac99 8254b0ba 24efd0b0
> > 403563a5 b231753b 06be7854 f617041b 29db3522 8db13e8e efbe2efb 21dae244
> > 7482f6ed 2021d15f 65a76008 db2ecdf5 ec6892c2 848f2a3f aa8edbaf b0878023
> > f9bfeb10 212697c5 f03795e2 5d825d5c 02a05fcc b94432c4 4962d965 541d276c
> > 30a45d5e bc0b3fe2 b4313eac 580abb6f dcf22073 29bc017f 66f92975 a4fba0dd
> > 934686b4 0c621a27 b1aa24da 659b7dac 257bdd5d ea9db2d4 543def3d cf4c4b95
> > c1ea4e89 74896b1d b61631b5 065770cf 36a08d83 b495f9a5 ba192af7 ba95d0c0
> > a0efed4f e196a322 d93d81fa abae05c0 3ed56901 e768c57c 01c3cfc9 3b267a73
> > 5f045fd9 290174a9 166a7a67 5bfceff2 a5c0597d 2f1f5620 e8baf8d2 b71cfab8
> > cf140db2 0488b436 3fc76e9e 33db4b45 e91af648 a0ae6649 02f7a64e 37a9ff78
> > 7f3212db 31b5b73c 76e5d814 7a4026ba 7ba63260 4b2dfd8b cbee49fc 00f1e1af
> > 0d62610a a27da1c8 0f929d90 7ac69c4d 02f5f356 f69b6b2d c61b184d 09da245a
> > de61234d 90f3dfc1 cfd0af21 7b3a96fe 5bc01aa3 07027abd f22a9278 5c3e207f
> > 7a78e6d6 efef3282 fc5af681 15376f9e 07fbf5e8 51134e94 b2b8fb55 3fb35dac
> > 3c49f912 ac2ea153 3a9c60b8 deec62e4 6ad4584e c698805f 1fa53d22 9df0cb1b
> > f423324e 5ba20f55 9fc7ca00 af2cc899 3ebb7913 dd14e96c 3f2472a6 46ce9f74
> > 932e1feb 27d39e82 7593424b 4156eb36 2bd310d8 4b6cc863 2f6eea99 e32e8ca3
> > 93fe8c8d b8989222 c711f912 fba1bb80 3f29cac2 7f892e28 f0d3d9d5 0c2b061b
> > 60bc4e58 e52f1c73 7b3b7ff9 542af3a2 d4169b5e cf8216ca e2c27fba 10f5b675
> > 8c81ecd9 231d93e6 8b623c7a d53395dd 6c8d7876 2ca4efd4 027f8d12 6bfc2fd7
> > 7a5cf053 a1ad5a76 83a930f7 12b18be2 d50504f7 76c93069 c30073fa 0204c9a7
> > cc914e1d 2a6fae68 47b07be4 edd90a77 e7872f7c 4c8ad7cb 0b2a7cf2 93902db9
> > 223c3ca7 e1496ce0 0ef60190 bdf6ce3a 61d82a7f aca26b7f 673b53f3 228a498c
> > 85173dd6 bb9bbcea c4247ac3 26388787 ad54d753 64838d89 e826e9fd 35a67efe
> > b91b4483 f958eb75 96707c1b 15166416 f09fb78e 219ea573 67fc41c1 dc91de52
> > b43e1670 1180d875 225cd178 413f0b8b 3a7040ad 025b32a9 0d0c963a 619b63cc
> > 4e951dca 5ec10255 02c21d35 263530e6 41886b97 7a1576da 4b005653 bbf08ddb
> > 3437ab92 7a722fca 443d694f 483727dd a09db561 9e5bf560 59b73398 4d08a40a
> > 1ad3ea2b 74c9269e bc40a341 61f2be10 bf44b364 f11cac30 2a235274 1d74937d
> > b2c3e153 e96416db b40bcc54 1c255b2d 29756931 e51fa664 1dca0619 f3fd7f07
> > 9b0bd10f a92cd047 486eef2e 810bd369 5aab61a6 c5f4d29c c1de5152 0931665a
> > 2c9895a7 1ba78dd0 dcd5f914 8073e2c7 20a605f2 10192081 618c3e7a b3696a46
> > f3988a31 1c26b357 c349172a d2492de4 09637abc 9fa8c2aa d4c89c0b 427cad75
> > 9870d979 8d80ba03 85fb2521 75c58605 3aa85740 327f8da5 26b8fc5b 56747315
> > e9b77fb4 9afc646f 311e2c81 260b5944 a3f40565 b6f1801b 07eda7f7 c98c65fc
> > a70b4fdf 08e22c56 27ce1ca1 ee033bc6 b1573f7f 35297b78 5b7723bb 47d00a25
> > fdd2eae8 d25985e5 04e47e93 a21aae6d 3268e947 6493a5bb c9138fea d23e6d23
> > 13d14119 66cfc6c1 5ec52cbb f3cb965a 8a2c6d37 4a62f6d9 d9819009 26a22ec0
> > 6f0b8b00 fddd4990 c01577e3 5e109ddc a0fc4e89 4066939d c00b5ec7 bd12dc57
> > ikev2_msg_decrypt: integrity checksum length 16
> > 6a56e16d e7e0cfa1 b3581be5 41028f95
> > ikev2_msg_decrypt: integrity check succeeded
> > 6a56e16d e7e0cfa1 b3581be5 41028f95
> > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
> > 25000021 03000000 696e6472 61406361 2e74656c 65636f6d 6c6f6262 792e636f
> > 6d290004 42043082 04393082 0321a003 02010202 082fc4d9 c96de04c b3300d06
> > 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652 311a3018
> > 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014 06035504
> > 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54 656c6563
> > 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06 03550403
> > 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130 32303930
> > 39353333 335a170d 32323032 30393039 35333333 5a30818a 310b3009 06035504
> > 06130245 53311230 10060355 04080c09 43617461 6c756e79 61311b30 19060355
> > 04070c12 73616e74 20506572 65206465 20526962 65733116 30140603 55040a0c
> > 0d54656c 65636f6d 204c6f62 6279310d 300b0603 55040b0c 0456504e 43312330
> > 21060355 04030c1a 52542d30 312e6361 742e7465 6c65636f 6d6c6f62 62792e63
> > 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282
> > 010100a3 db48a4b0 40b55682 81326f75 39065825 9ea9852b 6eeaa601 c4c692fa
> > 80b16e5e bbcf8072 947ac073 f9b8e372 87cfbc6d 4002f200 d6daf70c 040b1a3f
> > 1a8dfae5 3df72d9a d249803e a1a6b1dc 2f43a6f5 6b930198 a10b79e4 4acbf30f
> > 68aa8f3e 7f06a0cb 17283584 502629de 0bc50868 75202485 56bab2fe d1c4ca7a
> > ee08c458 74618b80 d82d0fd8 f95e4444 b6d445b7 223e6529 459e672b be640500
> > 3ddfec49 1e6192e6 6c0e57cf 937f3728 c29cb9c7 d9bce970 aa0370fb 7e19e3f7
> > 150b2d2d 706c32e0 986d78bc 0b25eeff fe27707e 1bd36caa c844fafd 792795cb
> > 8b919b40 d9906ed7 dccc1192 b1d18453 6d567b6b a9f5cbed b27899a5 cd7514c1
> > eaea1b02 03010001 a381a430 81a13013 0603551d 25040c30 0a06082b 06010505
> > 07030230 1d060355 1d0e0416 0414d277 dc485c0f 9c282246 c877c363 d3883d07
> > ed9d301f 0603551d 23041830 1680142a c5939e9b 0361a9a9 b61eb388 3d40c58e
> > e44f5030 24060355 1d11041d 301b8119 696e6472 61406361 2e74656c 65636f6d
> > 6c6f6262 792e636f 6d302406 09608648 0186f842 010d0417 16154765 6e657261
> > 74656420 62792052 6f757465 724f5330 0d06092a 864886f7 0d01010b 05000382
> > 01010056 c2f37bdf fba9a57a 17b5dcd9 062632b3 5bd7cd5e 0182b1e4 fb23bba8
> > 8d2b0005 a406253c c28dea45 91ea8961 99b38e2b 30816fb9 3ad824f0 b9992412
> > dc584ec1 a3f52bc1 0a9a198f da49baf6 40d3ac5d 136095cd 7ed56814 3413d831
> > 8e782e4c 4d1c1c82 e0ecb3ae 46254ee7 4f840f39 fcb19fde 7e5d94ad 05ac9caf
> > 376ed1d5 e6bd774a 45cd4b20 26cc2e37 163c029c 33a41a2a 8f0f1ef8 f799327b
> > 4c4265af ef9ab66c 11f73fcf 2d1724b7 acb365d9 7e922035 d1e7a807 f5020ce6
> > da69dc25 55824ce4 1c28e334 5583d13c f1a79f1e 248fe4ff dd32fa34 0d0e870d
> > a3654381 4118362c 99b00024 570a5104 3058d09a e9a66d6e 294a297e 805c506d
> > ce832b26 00000800 00400027 00005504 d240096d 782460df c9e68072 dc0bc444
> > 6fab51ba d240096d 782460df c9e68072 dc0bc444 6fab51ba 3b6a7f0c 2f567b94
> > 1954764f bfae24cd 40d9ea01 a467a75b d9f8d81b 482a9316 39c96dc0 98337349
> > 2f000118 0e000000 0f300d06 092a8648 86f70d01 010b0500 90c6695a d9d6c62c
> > 3e505609 b65cbd2e dddc6748 2000e932 8feb7562 6aa9cc0f fc3b450b c7ade4c3
> > 5bb244b8 dde138d9 b426d18b 4b223f57 c6e1b9a0 ca823b9f 91baf1b6 f60e4478
> > 1ebc7b0c 620f7125 566bee11 f722a9a8 67ac1750 bec0d809 6a8c81f5 3bf1543c
> > 971d19e7 dcc64da6 f0561c20 625bad51 82df9602 0ccadab0 a724e075 23dbf1a7
> > 6a7fe64a ed7eaf53 0af9801a ff12cbc2 81c8a736 d2666ea9 fdf3a1d4 2a189db4
> > f9e7b176 bb77295b 60a1de4c 0bceb1ec d2e18a19 661dddd2 39708878 7b6703b8
> > 8d48f246 4f62cc89 287a3075 064101b4 6211f38b 63bcaa56 116f9002 4c0c2310
> > 727cac08 0d69c4dd 11841c97 0f9ba3ed f33fdacf 1ae431a3 29000010 01000000
> > 00010000 00030000 21000008 00004007 2c000064 00000060 01030409 c977da0e
> > 0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0 0300000c 0100000c
> > 800e0100 03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008
> > 03000002 03000008 03000005 00000008 05000000 2d000018 01000000 072f0010
> > 0000ffff 00000000 ffffffff 29000018 01000000 072f0010 0000ffff 9b8af71b
> > 9b8af71b 29000008 0000400c 29000018 0000400e 2a029003 00b70a85 105cb394
> > 07f03ae0 29000008 00004021 00000008 00004024 39d1f768 e83c6b61 ae20470b
> > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00
> length 33
> > ikev2_pld_id: id UFQDN/-->HOSTNAME-ES<---@-->CA<--- length 29
> > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical
> 0x00 length 1090
> > ikev2_pld_cert: type X509_CERT length 1085
> > 30820439 30820321 a0030201 0202082f c4d9c96d e04cb330 0d06092a 864886f7
> > 0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
> > 11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
> > 65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
> > 6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
> > 656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303230 39303935 3333335a
> > 170d3232 30323039 30393533 33335a30 818a310b 30090603 55040613 02455331
> > 12301006 03550408 0c094361 74616c75 6e796131 1b301906 03550407 0c127361
> > 6e742050 65726520 64652052 69626573 31163014 06035504 0a0c0d54 656c6563
> > 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 23302106 03550403
> > 0c1a5254 2d30312e 6361742e 74656c65 636f6d6c 6f626279 2e636f6d 30820122
> > 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00a3db48
> > a4b040b5 56828132 6f753906 58259ea9 852b6eea a601c4c6 92fa80b1 6e5ebbcf
> > 8072947a c073f9b8 e37287cf bc6d4002 f200d6da f70c040b 1a3f1a8d fae53df7
> > 2d9ad249 803ea1a6 b1dc2f43 a6f56b93 0198a10b 79e44acb f30f68aa 8f3e7f06
> > a0cb1728 35845026 29de0bc5 08687520 248556ba b2fed1c4 ca7aee08 c4587461
> > 8b80d82d 0fd8f95e 4444b6d4 45b7223e 6529459e 672bbe64 05003ddf ec491e61
> > 92e66c0e 57cf937f 3728c29c b9c7d9bc e970aa03 70fb7e19 e3f7150b 2d2d706c
> > 32e0986d 78bc0b25 eefffe27 707e1bd3 6caac844 fafd7927 95cb8b91 9b40d990
> > 6ed7dccc 1192b1d1 84536d56 7b6ba9f5 cbedb278 99a5cd75 14c1eaea 1b020301
> > 0001a381 a43081a1 30130603 551d2504 0c300a06 082b0601 05050703 02301d06
> > 03551d0e 04160414 d277dc48 5c0f9c28 2246c877 c363d388 3d07ed9d 301f0603
> > 551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40 c58ee44f 50302406
> > 03551d11 041d301b 8119696e 64726140 63612e74 656c6563 6f6d6c6f 6262792e
> > 636f6d30 24060960 86480186 f842010d 04171615 47656e65 72617465 64206279
> > 20526f75 7465724f 53300d06 092a8648 86f70d01 010b0500 03820101 0056c2f3
> > 7bdffba9 a57a17b5 dcd90626 32b35bd7 cd5e0182 b1e4fb23 bba88d2b 0005a406
> > 253cc28d ea4591ea 896199b3 8e2b3081 6fb93ad8 24f0b999 2412dc58 4ec1a3f5
> > 2bc10a9a 198fda49 baf640d3 ac5d1360 95cd7ed5 68143413 d8318e78 2e4c4d1c
> > 1c82e0ec b3ae4625 4ee74f84 0f39fcb1 9fde7e5d 94ad05ac 9caf376e d1d5e6bd
> > 774a45cd 4b2026cc 2e37163c 029c33a4 1a2a8f0f 1ef8f799 327b4c42 65afef9a
> > b66c11f7 3fcf2d17 24b7acb3 65d97e92 2035d1e7 a807f502 0ce6da69 dc255582
> > 4ce41c28 e3345583 d13cf1a7 9f1e248f e4ffdd32 fa340d0e 870da365 43814118
> > 362c99b0 0024570a 51043058 d09ae9a6 6d6e294a 297e805c 506dce83 2b
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ
> critical 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical
> 0x00 length 85
> > ikev2_pld_certreq: type X509_CERT length 80
> > d240096d 782460df c9e68072 dc0bc444 6fab51ba d240096d 782460df c9e68072
> > dc0bc444 6fab51ba 3b6a7f0c 2f567b94 1954764f bfae24cd 40d9ea01 a467a75b
> > d9f8d81b 482a9316 39c96dc0 98337349
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00
> length 280
> > ikev2_pld_auth: method SIG length 272
> > 0f300d06 092a8648 86f70d01 010b0500 90c6695a d9d6c62c 3e505609 b65cbd2e
> > dddc6748 2000e932 8feb7562 6aa9cc0f fc3b450b c7ade4c3 5bb244b8 dde138d9
> > b426d18b 4b223f57 c6e1b9a0 ca823b9f 91baf1b6 f60e4478 1ebc7b0c 620f7125
> > 566bee11 f722a9a8 67ac1750 bec0d809 6a8c81f5 3bf1543c 971d19e7 dcc64da6
> > f0561c20 625bad51 82df9602 0ccadab0 a724e075 23dbf1a7 6a7fe64a ed7eaf53
> > 0af9801a ff12cbc2 81c8a736 d2666ea9 fdf3a1d4 2a189db4 f9e7b176 bb77295b
> > 60a1de4c 0bceb1ec d2e18a19 661dddd2 39708878 7b6703b8 8d48f246 4f62cc89
> > 287a3075 064101b4 6211f38b 63bcaa56 116f9002 4c0c2310 727cac08 0d69c4dd
> > 11841c97 0f9ba3ed f33fdacf 1ae431a3
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical
> 0x00 length 16
> > ikev2_pld_cp: type REQUEST length 8
> > 00010000 00030000
> > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
> length 100
> > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP
> spisize 4 xforms 9 spi 0xc977da0e
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
> length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical
> 0x00 length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 24
> > ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS
> > 2a029003 00b70a85 105cb394 07f03ae0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type
> IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > ikev2_handle_notifies: mobike enabled
> > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > spi=0x0469346daf3de27d: sa_state: SA_INIT -> AUTH_REQUEST
> > policy_lookup: peerid '-->HOSTNAME-ES<---@-->CA<---'
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 256 <-> 256)
> > proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > policy_lookup: setting policy '-->HOST_ES<--'
> > ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
> > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_msg_auth: responder auth data length 343
> > 0469346d af3de27d 0d2bd80b 33716e8b 21202220 00000000 00000117 22000030
> > 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008
> > 0300000c 00000008 04000013 28000048 00130000 ed32cc33 a1c1f3e4 c329be29
> > 204ed03e 6e9e1876 83f5091a 473e6760 1094d7b0 bd194dab ae9679cd 8cbd9274
> > c5fe49ff 7052d6af 0a88ce33 9572aea8 88f00245 29000024 88dca6c3 8051bf74
> > ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208 2900001c 00004004
> > 53c4df3b fb1245a1 7e79116a f711383f 30f19a17 2600001c 00004005 df418d07
> > a3ae1d49 debedc53 f3a64f26 bcb0aeee 29000019 04d24009 6d782460 dfc9e680
> > 72dc0bc4 446fab51 ba000000 0e000040 2f000200 030004cb ba93f2c3 9b68d38f
> > dec63336 9fb0f076 6b97d8ac 6c71754e dfc408ec 3c8805f1 6ddc94ea 5f3b4adb
> > 53c1e470 d3b3cb0b 9ed8bf5d ed1fc393 00620e9f 491958
> > ca_setauth: switching SIG_ANY to SIG
> > ca_setauth: auth length 343
> > proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256)
> 256
> > proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength
> 0 <-> 256)
> > proposals_match: xform 1 <-> 1 (2): ESN NONE (keylength 0 <-> 0)
> > proposals_negotiate: score 4
> > proposals_negotiate: score 1: ENCR AES_CBC 256
> > proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
> > proposals_negotiate: score 2: ESN NONE
> > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > config_free_proposals: free 0x5a9044b6e00
> > ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom
> Lobby/OU=VPNC/CN=-->CA<---
> > ca_x509_subjectaltname_do: did not find subjectAltName in certificate
> > ca_getreq: found local certificate /C=US/ST=Texas/L=Dallas/O=Telecom
> Lobby/OU=VPNC/CN=-->CERT-US<---
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > _dsa_sign_encode: signature scheme 0 selected
> > ca_setauth: auth length 272
> > ca_validate_pubkey: could not open public key
> pubkeys/ufqdn/-->HOSTNAME-ES<---@-->CA<---
> > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom
> Lobby/OU=VPNC/CN=-->HOST_ES<-- ok
> > ikev2_getimsgdata: imsg 22 rspi 0x0d2bd80b33716e8b ispi
> 0x0469346daf3de27d initiator 0 sa valid type 4 data length 1065
> > ikev2_dispatch_cert: cert type X509_CERT length 1065, ok
> > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 28 rspi 0x0d2bd80b33716e8b ispi
> 0x0469346daf3de27d initiator 0 sa valid type 14 data length 272
> > ikev2_dispatch_cert: AUTH type 14 len 272
> > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b
> cert,certvalid,auth,authvalid,sa)
> > ikev2_getimsgdata: imsg 23 rspi 0x0d2bd80b33716e8b ispi
> 0x0469346daf3de27d initiator 0 sa valid type 4 data length 1085
> > ikev2_msg_auth: initiator auth data length 1120
> > 0469346d af3de27d 00000000 00000000 21202208 00000000 00000420 22000340
> > 02000160 01010025 0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0
> > 0300000c 0100000c 800e0100 0300000c 01000017 800e0080 0300000c 01000017
> > 800e00c0 0300000c 01000017 800e0100 0300000c 0100000d 800e0080 0300000c
> > 0100000d 800e00c0 0300000c 0100000d 800e0100 0300000c 01000018 800e0080
> > 0300000c 01000018 800e00c0 0300000c 01000018 800e0100 03000008 01000003
> > 03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008 03000002
> > 03000008 03000005 03000008 03000008 03000008 02000005 03000008 02000006
> > 03000008 02000007 03000008 02000004 03000008 02000008 03000008 02000002
> > 03000008 04000013 03000008 04000014 03000008 04000015 03000008 0400001c
> > 03000008 0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f
> > 03000008 04000010 03000008 04000011 03000008 04000012 00000008 0400000e
> > 000001dc 0201002d 0300000c 01000014 800e0080 0300000c 01000014 800e00c0
> > 0300000c 01000014 800e0100 0300000c 01000010 800e0080 0300000c 01000010
> > 800e00c0 0300000c 01000010 800e0100 0300000c 0100001b 800e0080 0300000c
> > 0100001b 800e00c0 0300000c 0100001b 800e0100 0300000c 01000013 800e0080
> > 0300000c 01000013 800e00c0 0300000c 01000013 800e0100 0300000c 01000012
> > 800e0080 0300000c 01000012 800e00c0 0300000c 01000012 800e0100 0300000c
> > 0100000e 800e0080 0300000c 0100000e 800e00c0 0300000c 0100000e 800e0100
> > 0300000c 0100000f 800e0080 0300000c 0100000f 800e00c0 0300000c 0100000f
> > 800e0100 0300000c 01000019 800e0080 0300000c 01000019 800e00c0 0300000c
> > 01000019 800e0100 0300000c 0100001a 800e0080 0300000c 0100001a 800e00c0
> > 0300000c 0100001a 800e0100 03000008 02000005 03000008 02000006 03000008
> > 02000007 03000008 02000004 03000008 02000008 03000008 02000002 03000008
> > 04000013 03000008 04000014 03000008 04000015 03000008 0400001c 03000008
> > 0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f 03000008
> > 04000010 03000008 04000011 03000008 04000012 00000008 0400000e 28000048
> > 00130000 1d7e318b 838e8797 aba3010d 3739e240 84dbfd09 5567a715 7e8ea13a
> > 16bd8693 d56d97e1 7b683f88 057b66d5 64f10592 3bfa482b 28216145 09de4ff5
> > 36f7e3cd 29000024 cbba93f2 c39b68d3 8fdec633 369fb0f0 766b97d8 ac6c7175
> > 4edfc408 ec3c8805 2900001c 00004004 2cae4948 7eb54c08 73046c2c 4f162702
> > 662f6758 2900001c 00004005 e284914c eab8f0ba 6dd9e5f7 778e6b29 cbade815
> > 29000008 0000402e 29000010 0000402f 00020003 00040005 00000008 00004016
> > 88dca6c3 8051bf74 ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208
> > 56f39dad 220d5ae2 c33f92bd 19235e6c 0badc3a7 c1f34783 de32597f 7a92cc45
> > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > _dsa_verify_init: signature scheme 0 selected
> > ikev2_msg_authverify: authentication successful
> > spi=0x0469346daf3de27d: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required
> 0x003b cert,certvalid,auth,authvalid,sa)
> > ikev2_dispatch_cert: peer certificate is valid
> > sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa
> (required 0x003b cert,certvalid,auth,authvalid,sa)
> > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > spi=0x0469346daf3de27d: sa_state: AUTH_SUCCESS -> VALID
> > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > ikev2_sa_tag: (0)
> > ikev2_childsa_negotiate: proposal 1
> > ikev2_childsa_negotiate: key material length 128
> > ikev2_prfplus: T1 with 32 bytes
> > ae53d4df 824b8c24 5b85f124 31b5b4fe 052e8952 cb9e4ef0 9743531c 2e0948e9
> > ikev2_prfplus: T2 with 32 bytes
> > 969881ea e031275d e508f818 c4179caf 14b504b0 09c1ff7d f0aa6c86 ba90f279
> > ikev2_prfplus: T3 with 32 bytes
> > 99b1a9d8 45e7d499 d1c33ca9 63d625bb 1467fd16 2218ef2d e9f06e68 aac608af
> > ikev2_prfplus: T4 with 32 bytes
> > c37cbce8 5c53098a 0bb8bcd6 25539cef 99bab221 b5d6647e ba75fc3f 0c1e4e26
> > ikev2_prfplus: Tn with 128 bytes
> > ae53d4df 824b8c24 5b85f124 31b5b4fe 052e8952 cb9e4ef0 9743531c 2e0948e9
> > 969881ea e031275d e508f818 c4179caf 14b504b0 09c1ff7d f0aa6c86 ba90f279
> > 99b1a9d8 45e7d499 d1c33ca9 63d625bb 1467fd16 2218ef2d e9f06e68 aac608af
> > c37cbce8 5c53098a 0bb8bcd6 25539cef 99bab221 b5d6647e ba75fc3f 0c1e4e26
> > pfkey_sa_getspi: spi 0x15c92cc6
> > pfkey_sa_init: new spi 0x15c92cc6
> > ikev2_next_payload: length 37 nextpayload CERT
> > ikev2_next_payload: length 1070 nextpayload AUTH
> > ikev2_next_payload: length 280 nextpayload CP
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload NOTIFY
> > ikev2_add_notify: done
> > ikev2_next_payload: length 8 nextpayload SA
> > ikev2_add_proposals: length 40
> > ikev2_next_payload: length 44 nextpayload TSi
> > ikev2_next_payload: length 24 nextpayload TSr
> > ikev2_next_payload: length 24 nextpayload NONE
> > ikev2_next_payload: length 1540 nextpayload IDr
> > ikev2_msg_encrypt: decrypted length 1503
> > 25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
> > 792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
> > 7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
> > 311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
> > 06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
> > 656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
> > 03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
> > 32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
> > 03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
> > 070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
> > 79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
> > 6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
> > 00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
> > 5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
> > 87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
> > fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
> > 12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
> > afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
> > 99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
> > 39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
> > 1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
> > 25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
> > 00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
> > 0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
> > 73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
> > 0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
> > 0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
> > 6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
> > 06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
> > 7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
> > e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
> > 9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
> > 0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
> > 0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
> > ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
> > 2a864886 f70d0101 0b0500a1 ad203756 08e8bf95 a644250c a72c2e08 95b40311
> > 23aa0f57 ddede788 a7c5d57c c8a5e852 13be661d 049db647 ddccac99 acbeab37
> > 1d0a6b61 1a7084fb 5550d19e 4b84ad40 6048bc9d 8bdc8aba f646d800 177a3c34
> > 54729a77 0e95bc75 4706eacc be9418da 5c62cd75 e6402f6f 7b7f67b9 9b45cd0a
> > 54e193fe 2128d002 c65341ac 683194c8 493ab0d2 3e96a269 37ec086b 53b68378
> > 20fd3a63 af3e9e99 f817ed57 256aa7cf f3d80bfd 41dec827 bf61ddaa b5fef960
> > 3c364f16 1736a468 3089621e 1f75e5c1 b505c190 c36d9e37 87bcd3d6 e267447f
> > 5e32b121 5e70bcf0 4319b6a5 f7704241 490269fe cd62e256 df4f191f 32581803
> > f2167696 e366dbd1 81b12829 00000802 00000029 00000800 00400721 00000800
> > 00400c2c 00002c00 00002801 03040315 c92cc603 00000c01 00000c80 0e010003
> > 00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
> > 2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b
> > ikev2_msg_encrypt: padded length 1504
> > 25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
> > 792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
> > 7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
> > 311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
> > 06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
> > 656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
> > 03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
> > 32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
> > 03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
> > 070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
> > 79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
> > 6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
> > 00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
> > 5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
> > 87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
> > fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
> > 12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
> > afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
> > 99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
> > 39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
> > 1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
> > 25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
> > 00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
> > 0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
> > 73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
> > 0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
> > 0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
> > 6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
> > 06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
> > 7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
> > e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
> > 9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
> > 0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
> > 0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
> > ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
> > 2a864886 f70d0101 0b0500a1 ad203756 08e8bf95 a644250c a72c2e08 95b40311
> > 23aa0f57 ddede788 a7c5d57c c8a5e852 13be661d 049db647 ddccac99 acbeab37
> > 1d0a6b61 1a7084fb 5550d19e 4b84ad40 6048bc9d 8bdc8aba f646d800 177a3c34
> > 54729a77 0e95bc75 4706eacc be9418da 5c62cd75 e6402f6f 7b7f67b9 9b45cd0a
> > 54e193fe 2128d002 c65341ac 683194c8 493ab0d2 3e96a269 37ec086b 53b68378
> > 20fd3a63 af3e9e99 f817ed57 256aa7cf f3d80bfd 41dec827 bf61ddaa b5fef960
> > 3c364f16 1736a468 3089621e 1f75e5c1 b505c190 c36d9e37 87bcd3d6 e267447f
> > 5e32b121 5e70bcf0 4319b6a5 f7704241 490269fe cd62e256 df4f191f 32581803
> > f2167696 e366dbd1 81b12829 00000802 00000029 00000800 00400721 00000800
> > 00400c2c 00002c00 00002801 03040315 c92cc603 00000c01 00000c80 0e010003
> > 00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
> > 2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
> > ikev2_msg_encrypt: length 1504, padding 0, output length 1536
> > a6a752d6 e1549dcb 49518dc4 2b8d34d4 08bb2cd7 f12a36be 5c422dd3 e99f461e
> > 228d49be 4e182aaa 185c2dcc b8ca6c0c da007f8e 2a14a761 6505d770 297e7ae4
> > 5ca1777c 115d5b31 ef514716 48ddd96f 97ddca65 014ea722 c4189519 54662d86
> > f352874a e1275f05 33f0fc33 d34a757e bf5a0b6c c7631a6f 0aee4ffc a64988b6
> > e7bfe1f5 f8363fa6 7d380965 f2c2d676 ac8e986d 8cac825a d0d3956b 6780cc02
> > 8119d49d fb23e24a 30baf8e6 39be476a 4c33ddd7 14c5b78c c4ae9bce 193c73d9
> > f050ed08 11b4a90c 18163ce6 71204a91 ba92ea6c f4cb678a 7d41bcd7 24d19d69
> > b0cdced0 5c515973 387a27b9 ed9ad001 e1603ff6 c0a267b7 034d3a7e 02e87540
> > 3a948da4 81d9b501 58bffb9c 084a903c 8ff0d7fc e6b6d3eb 33dbfcfd 470a77bb
> > d841a227 747ef48c 6d7be20d 6288c86c 4fb6cdd1 cfaf759b fe307b1f 5afd176b
> > a24ead98 b6d78f69 90d47367 ccfe4a12 e6f9b094 ce7352d5 b29440a7 d469de4c
> > c77c77b1 ab394f6f e3650a7c 6ecb5db0 7950742b be1e1043 2f9bd579 48e0a728
> > 2b82cfe1 e7739ed3 e61c2706 2620fd58 be3850ac 88e162aa 1b4980ae e427bf48
> > bc1d5714 faf96f43 b4833c11 74e97043 e2dc4467 792cbde6 36a1f262 35f54774
> > 3dec4326 00e022dd 9e503582 602c901f e844c261 89758816 1847c837 a3c34f7b
> > 09ca99ec ed06abf0 ad2ef504 48bdffb3 e70b8b01 2ea40183 15ddd188 ad06e908
> > ef4dfdaf ad464c0a 99e422d9 d5170ca3 a594c5fe a0aedb03 abf692b8 81869972
> > 7be78c86 4f0aa5a7 40d27ed8 78b2861a eddd59cd 35e71df1 ebcb924f 461e3934
> > 78be8780 310b9d6a 9c282c6e b5d7d14f 6f266343 0eb98bc4 c7354a59 139a2f85
> > 5f2c2cc1 88f074cd 276382a2 d64a8de7 78469b84 b14f391a fee90b6f c6bdb3b4
> > ccb0be6b f2ebd711 aff0201f 55e9b28d 58e016d9 6a6a1cde fdf3ccee 6bb0b1af
> > 041cdf00 1f561499 b0192a8e 1fee1f3d e0448ebf 9b356ae4 a5de9d96 04f76ef1
> > 2e2e34a4 f61f27a1 ff6d0855 ac365be3 91786828 5a751dfa 8035d9bf 882ea2a6
> > 5aa10d66 676a9855 89a7477f d445ac29 f92766f2 300122bf 6b8b2ef0 153158e3
> > 02bbf851 c56917ed f920111f ad17825f 002ea8e1 8ace0476 6ae6b050 5869f5f6
> > eb670675 33986715 e7fa9337 531a9dd5 c45f50e4 af5ff151 57b00392 e6fadbfe
> > b56c92e0 436c1705 577c2e9c ee60963d 5fe47a08 32dd8dcf 661a9758 2b5f5ea9
> > b56beb56 e416fcec da6a7d81 efbc62f4 22430986 4366aa7e e07549cb 107e98eb
> > 3a413d1c 0b77c190 228751e8 41000cf8 aaae72e2 efc0fb53 9627893f dc0f7b31
> > ed690696 f33fedd9 9ece214a 5746fbc3 9bed46ef 8f491bfe 2cb25481 f24f2be8
> > 864de508 7b1c183e a5e36104 bc281366 0166fa76 99ebe3bb fb57e763 8d1b142e
> > 66c558b7 6621791f c5377dad 95fb9c5e daa3e0fe 47685067 3893ff36 36e93f44
> > b0f81e71 f5a13673 62fbb537 3ddf5938 51b795ad 5dc43086 c7358435 c6613977
> > 09a150f8 060b206a 55bd6962 a1bde382 4610c59f 47506c76 0a9de946 dc4fc0d9
> > 5f4f0793 1a6cdbc4 4446c3c9 124e40c1 be0368f7 4ba84114 6cf632f0 ae1d4a11
> > b2178d11 a1dcf03d 09a6f49c cdd66215 3c7cba51 8393427d 32fd356c 9a0c6cfb
> > bd920a47 8daa8348 e80a1c46 3e2011a1 afed128c 2fefd140 c67558a3 f8588e41
> > 1b9e191c a3e55328 ff19e330 4effaebe 457243d9 9d5beff1 896f8057 469a526e
> > 99930122 ba7529ce 3125e5a5 e5056a46 3ff6e6a1 aca6fa04 62a4a38f 5b9b5e4e
> > caad06db c5c9603b 4f7f2994 88bae7fe e71962db b8636ad7 d90fa90c ba85b59f
> > 015d6052 34777c2b df56913c b48a52b1 4685de6b 4673a9dd a07d3712 6bc3c190
> > 03c9a944 889038bd 4b38b2fc bc282452 a4a19498 cfd76ab4 22f3054f 7b99a552
> > 9ee49438 0072ed29 10739caf 751dbe65 0c839186 e25624ce 0704103a 94e1df67
> > 233da2a5 c3512fa2 1d42638f 2a59b0ba 95124798 8ea8f4f0 f59638a7 c480d079
> > 8c94e51c 326c40e9 33bb781a c3632955 ddc8a71b 7d5a4aa7 732ddedc dd01930f
> > d44b1032 2f40163b 2d8e0a46 90a61964 efac2e7c 810d1e1d bc41ee23 c368f7bb
> > dfb401d4 0b91b1ab 9a6a6821 46d83131 7e8183c7 d2d16b35 79e1963e 9d8b6702
> > 75d339ea c92005b2 c7fdf71f d6db09ec 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: message length 1568
> > 0469346d af3de27d 0d2bd80b 33716e8b 2e202320 00000001 00000620 24000604
> > a6a752d6 e1549dcb 49518dc4 2b8d34d4 08bb2cd7 f12a36be 5c422dd3 e99f461e
> > 228d49be 4e182aaa 185c2dcc b8ca6c0c da007f8e 2a14a761 6505d770 297e7ae4
> > 5ca1777c 115d5b31 ef514716 48ddd96f 97ddca65 014ea722 c4189519 54662d86
> > f352874a e1275f05 33f0fc33 d34a757e bf5a0b6c c7631a6f 0aee4ffc a64988b6
> > e7bfe1f5 f8363fa6 7d380965 f2c2d676 ac8e986d 8cac825a d0d3956b 6780cc02
> > 8119d49d fb23e24a 30baf8e6 39be476a 4c33ddd7 14c5b78c c4ae9bce 193c73d9
> > f050ed08 11b4a90c 18163ce6 71204a91 ba92ea6c f4cb678a 7d41bcd7 24d19d69
> > b0cdced0 5c515973 387a27b9 ed9ad001 e1603ff6 c0a267b7 034d3a7e 02e87540
> > 3a948da4 81d9b501 58bffb9c 084a903c 8ff0d7fc e6b6d3eb 33dbfcfd 470a77bb
> > d841a227 747ef48c 6d7be20d 6288c86c 4fb6cdd1 cfaf759b fe307b1f 5afd176b
> > a24ead98 b6d78f69 90d47367 ccfe4a12 e6f9b094 ce7352d5 b29440a7 d469de4c
> > c77c77b1 ab394f6f e3650a7c 6ecb5db0 7950742b be1e1043 2f9bd579 48e0a728
> > 2b82cfe1 e7739ed3 e61c2706 2620fd58 be3850ac 88e162aa 1b4980ae e427bf48
> > bc1d5714 faf96f43 b4833c11 74e97043 e2dc4467 792cbde6 36a1f262 35f54774
> > 3dec4326 00e022dd 9e503582 602c901f e844c261 89758816 1847c837 a3c34f7b
> > 09ca99ec ed06abf0 ad2ef504 48bdffb3 e70b8b01 2ea40183 15ddd188 ad06e908
> > ef4dfdaf ad464c0a 99e422d9 d5170ca3 a594c5fe a0aedb03 abf692b8 81869972
> > 7be78c86 4f0aa5a7 40d27ed8 78b2861a eddd59cd 35e71df1 ebcb924f 461e3934
> > 78be8780 310b9d6a 9c282c6e b5d7d14f 6f266343 0eb98bc4 c7354a59 139a2f85
> > 5f2c2cc1 88f074cd 276382a2 d64a8de7 78469b84 b14f391a fee90b6f c6bdb3b4
> > ccb0be6b f2ebd711 aff0201f 55e9b28d 58e016d9 6a6a1cde fdf3ccee 6bb0b1af
> > 041cdf00 1f561499 b0192a8e 1fee1f3d e0448ebf 9b356ae4 a5de9d96 04f76ef1
> > 2e2e34a4 f61f27a1 ff6d0855 ac365be3 91786828 5a751dfa 8035d9bf 882ea2a6
> > 5aa10d66 676a9855 89a7477f d445ac29 f92766f2 300122bf 6b8b2ef0 153158e3
> > 02bbf851 c56917ed f920111f ad17825f 002ea8e1 8ace0476 6ae6b050 5869f5f6
> > eb670675 33986715 e7fa9337 531a9dd5 c45f50e4 af5ff151 57b00392 e6fadbfe
> > b56c92e0 436c1705 577c2e9c ee60963d 5fe47a08 32dd8dcf 661a9758 2b5f5ea9
> > b56beb56 e416fcec da6a7d81 efbc62f4 22430986 4366aa7e e07549cb 107e98eb
> > 3a413d1c 0b77c190 228751e8 41000cf8 aaae72e2 efc0fb53 9627893f dc0f7b31
> > ed690696 f33fedd9 9ece214a 5746fbc3 9bed46ef 8f491bfe 2cb25481 f24f2be8
> > 864de508 7b1c183e a5e36104 bc281366 0166fa76 99ebe3bb fb57e763 8d1b142e
> > 66c558b7 6621791f c5377dad 95fb9c5e daa3e0fe 47685067 3893ff36 36e93f44
> > b0f81e71 f5a13673 62fbb537 3ddf5938 51b795ad 5dc43086 c7358435 c6613977
> > 09a150f8 060b206a 55bd6962 a1bde382 4610c59f 47506c76 0a9de946 dc4fc0d9
> > 5f4f0793 1a6cdbc4 4446c3c9 124e40c1 be0368f7 4ba84114 6cf632f0 ae1d4a11
> > b2178d11 a1dcf03d 09a6f49c cdd66215 3c7cba51 8393427d 32fd356c 9a0c6cfb
> > bd920a47 8daa8348 e80a1c46 3e2011a1 afed128c 2fefd140 c67558a3 f8588e41
> > 1b9e191c a3e55328 ff19e330 4effaebe 457243d9 9d5beff1 896f8057 469a526e
> > 99930122 ba7529ce 3125e5a5 e5056a46 3ff6e6a1 aca6fa04 62a4a38f 5b9b5e4e
> > caad06db c5c9603b 4f7f2994 88bae7fe e71962db b8636ad7 d90fa90c ba85b59f
> > 015d6052 34777c2b df56913c b48a52b1 4685de6b 4673a9dd a07d3712 6bc3c190
> > 03c9a944 889038bd 4b38b2fc bc282452 a4a19498 cfd76ab4 22f3054f 7b99a552
> > 9ee49438 0072ed29 10739caf 751dbe65 0c839186 e25624ce 0704103a 94e1df67
> > 233da2a5 c3512fa2 1d42638f 2a59b0ba 95124798 8ea8f4f0 f59638a7 c480d079
> > 8c94e51c 326c40e9 33bb781a c3632955 ddc8a71b 7d5a4aa7 732ddedc dd01930f
> > d44b1032 2f40163b 2d8e0a46 90a61964 efac2e7c 810d1e1d bc41ee23 c368f7bb
> > dfb401d4 0b91b1ab 9a6a6821 46d83131 7e8183c7 d2d16b35 79e1963e 9d8b6702
> > 75d339ea c92005b2 c7fdf71f d6db09ec 00000000 00000000 00000000 00000000
> > ikev2_msg_integr: integrity checksum length 16
> > 619120f7 dd187aa4 9edaaf0d 901701c4 875b992f af439f91 a7fc3c59 1920b751
> > ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b
> nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length
> 1568 response 1
> > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540
> > ikev2_msg_decrypt: IV length 16
> > a6a752d6 e1549dcb 49518dc4 2b8d34d4
> > ikev2_msg_decrypt: encrypted payload length 1504
> > 08bb2cd7 f12a36be 5c422dd3 e99f461e 228d49be 4e182aaa 185c2dcc b8ca6c0c
> > da007f8e 2a14a761 6505d770 297e7ae4 5ca1777c 115d5b31 ef514716 48ddd96f
> > 97ddca65 014ea722 c4189519 54662d86 f352874a e1275f05 33f0fc33 d34a757e
> > bf5a0b6c c7631a6f 0aee4ffc a64988b6 e7bfe1f5 f8363fa6 7d380965 f2c2d676
> > ac8e986d 8cac825a d0d3956b 6780cc02 8119d49d fb23e24a 30baf8e6 39be476a
> > 4c33ddd7 14c5b78c c4ae9bce 193c73d9 f050ed08 11b4a90c 18163ce6 71204a91
> > ba92ea6c f4cb678a 7d41bcd7 24d19d69 b0cdced0 5c515973 387a27b9 ed9ad001
> > e1603ff6 c0a267b7 034d3a7e 02e87540 3a948da4 81d9b501 58bffb9c 084a903c
> > 8ff0d7fc e6b6d3eb 33dbfcfd 470a77bb d841a227 747ef48c 6d7be20d 6288c86c
> > 4fb6cdd1 cfaf759b fe307b1f 5afd176b a24ead98 b6d78f69 90d47367 ccfe4a12
> > e6f9b094 ce7352d5 b29440a7 d469de4c c77c77b1 ab394f6f e3650a7c 6ecb5db0
> > 7950742b be1e1043 2f9bd579 48e0a728 2b82cfe1 e7739ed3 e61c2706 2620fd58
> > be3850ac 88e162aa 1b4980ae e427bf48 bc1d5714 faf96f43 b4833c11 74e97043
> > e2dc4467 792cbde6 36a1f262 35f54774 3dec4326 00e022dd 9e503582 602c901f
> > e844c261 89758816 1847c837 a3c34f7b 09ca99ec ed06abf0 ad2ef504 48bdffb3
> > e70b8b01 2ea40183 15ddd188 ad06e908 ef4dfdaf ad464c0a 99e422d9 d5170ca3
> > a594c5fe a0aedb03 abf692b8 81869972 7be78c86 4f0aa5a7 40d27ed8 78b2861a
> > eddd59cd 35e71df1 ebcb924f 461e3934 78be8780 310b9d6a 9c282c6e b5d7d14f
> > 6f266343 0eb98bc4 c7354a59 139a2f85 5f2c2cc1 88f074cd 276382a2 d64a8de7
> > 78469b84 b14f391a fee90b6f c6bdb3b4 ccb0be6b f2ebd711 aff0201f 55e9b28d
> > 58e016d9 6a6a1cde fdf3ccee 6bb0b1af 041cdf00 1f561499 b0192a8e 1fee1f3d
> > e0448ebf 9b356ae4 a5de9d96 04f76ef1 2e2e34a4 f61f27a1 ff6d0855 ac365be3
> > 91786828 5a751dfa 8035d9bf 882ea2a6 5aa10d66 676a9855 89a7477f d445ac29
> > f92766f2 300122bf 6b8b2ef0 153158e3 02bbf851 c56917ed f920111f ad17825f
> > 002ea8e1 8ace0476 6ae6b050 5869f5f6 eb670675 33986715 e7fa9337 531a9dd5
> > c45f50e4 af5ff151 57b00392 e6fadbfe b56c92e0 436c1705 577c2e9c ee60963d
> > 5fe47a08 32dd8dcf 661a9758 2b5f5ea9 b56beb56 e416fcec da6a7d81 efbc62f4
> > 22430986 4366aa7e e07549cb 107e98eb 3a413d1c 0b77c190 228751e8 41000cf8
> > aaae72e2 efc0fb53 9627893f dc0f7b31 ed690696 f33fedd9 9ece214a 5746fbc3
> > 9bed46ef 8f491bfe 2cb25481 f24f2be8 864de508 7b1c183e a5e36104 bc281366
> > 0166fa76 99ebe3bb fb57e763 8d1b142e 66c558b7 6621791f c5377dad 95fb9c5e
> > daa3e0fe 47685067 3893ff36 36e93f44 b0f81e71 f5a13673 62fbb537 3ddf5938
> > 51b795ad 5dc43086 c7358435 c6613977 09a150f8 060b206a 55bd6962 a1bde382
> > 4610c59f 47506c76 0a9de946 dc4fc0d9 5f4f0793 1a6cdbc4 4446c3c9 124e40c1
> > be0368f7 4ba84114 6cf632f0 ae1d4a11 b2178d11 a1dcf03d 09a6f49c cdd66215
> > 3c7cba51 8393427d 32fd356c 9a0c6cfb bd920a47 8daa8348 e80a1c46 3e2011a1
> > afed128c 2fefd140 c67558a3 f8588e41 1b9e191c a3e55328 ff19e330 4effaebe
> > 457243d9 9d5beff1 896f8057 469a526e 99930122 ba7529ce 3125e5a5 e5056a46
> > 3ff6e6a1 aca6fa04 62a4a38f 5b9b5e4e caad06db c5c9603b 4f7f2994 88bae7fe
> > e71962db b8636ad7 d90fa90c ba85b59f 015d6052 34777c2b df56913c b48a52b1
> > 4685de6b 4673a9dd a07d3712 6bc3c190 03c9a944 889038bd 4b38b2fc bc282452
> > a4a19498 cfd76ab4 22f3054f 7b99a552 9ee49438 0072ed29 10739caf 751dbe65
> > 0c839186 e25624ce 0704103a 94e1df67 233da2a5 c3512fa2 1d42638f 2a59b0ba
> > 95124798 8ea8f4f0 f59638a7 c480d079 8c94e51c 326c40e9 33bb781a c3632955
> > ddc8a71b 7d5a4aa7 732ddedc dd01930f d44b1032 2f40163b 2d8e0a46 90a61964
> > efac2e7c 810d1e1d bc41ee23 c368f7bb dfb401d4 0b91b1ab 9a6a6821 46d83131
> > 7e8183c7 d2d16b35 79e1963e 9d8b6702 75d339ea c92005b2 c7fdf71f d6db09ec
> > ikev2_msg_decrypt: integrity checksum length 16
> > 619120f7 dd187aa4 9edaaf0d 901701c4
> > ikev2_msg_decrypt: integrity check succeeded
> > 619120f7 dd187aa4 9edaaf0d 901701c4
> > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 0
> > 25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
> > 792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
> > 7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
> > 311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
> > 06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
> > 656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
> > 03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
> > 32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
> > 03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
> > 070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
> > 79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
> > 6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
> > 00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
> > 5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
> > 87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
> > fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
> > 12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
> > afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
> > 99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
> > 39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
> > 1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
> > 25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
> > 00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
> > 0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
> > 73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
> > 0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
> > 0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
> > 6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
> > 06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
> > 7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
> > e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
> > 9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
> > 0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
> > 0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
> > ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
> > 2a864886 f70d0101 0b0500a1 ad203756 08e8bf95 a644250c a72c2e08 95b40311
> > 23aa0f57 ddede788 a7c5d57c c8a5e852 13be661d 049db647 ddccac99 acbeab37
> > 1d0a6b61 1a7084fb 5550d19e 4b84ad40 6048bc9d 8bdc8aba f646d800 177a3c34
> > 54729a77 0e95bc75 4706eacc be9418da 5c62cd75 e6402f6f 7b7f67b9 9b45cd0a
> > 54e193fe 2128d002 c65341ac 683194c8 493ab0d2 3e96a269 37ec086b 53b68378
> > 20fd3a63 af3e9e99 f817ed57 256aa7cf f3d80bfd 41dec827 bf61ddaa b5fef960
> > 3c364f16 1736a468 3089621e 1f75e5c1 b505c190 c36d9e37 87bcd3d6 e267447f
> > 5e32b121 5e70bcf0 4319b6a5 f7704241 490269fe cd62e256 df4f191f 32581803
> > f2167696 e366dbd1 81b12829 00000802 00000029 00000800 00400721 00000800
> > 00400c2c 00002c00 00002801 03040315 c92cc603 00000c01 00000c80 0e010003
> > 00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
> > 2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
> > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00
> length 37
> > ikev2_pld_id: id UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
> > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical
> 0x00 length 1070
> > ikev2_pld_cert: type X509_CERT length 1065
> > 30820425 3082030d a0030201 0202082d 419f457a 39997e30 0d06092a 864886f7
> > 0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
> > 11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
> > 65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
> > 6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
> > 656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303231 32303931 3934355a
> > 170d3232 30323132 30393139 34355a30 73310b30 09060355 04061302 5553310e
> > 300c0603 5504080c 05546578 6173310f 300d0603 5504070c 0644616c 6c617331
> > 16301406 0355040a 0c0d5465 6c65636f 6d204c6f 62627931 0d300b06 0355040b
> > 0c045650 4e43311c 301a0603 5504030c 1375732e 74656c65 636f6d6c 6f626279
> > 2e636f6d 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
> > 02820101 00c784ff dbc6ca9a ab055597 5ce7484c 5f8b5417 aa700ac3 6cd1e397
> > ed2ee4ee f84c596f 06c3c5fa 21442658 7d21cefc 5efc87bd a9d6ab32 94609275
> > ff9c4079 2a2b4873 e34a6c79 7f374c14 f906b9bf 6a5bfef9 40de51b0 65be749b
> > 027450bb c0e27622 54fab93a e31d51d1 5d6f390c dd3112cf ea40fea6 5853323b
> > f49a99bb e29de6dc 6c42a438 89f7d125 f10568c9 a35cafb5 94ef78bc 12e7ac81
> > 86ac32f2 b242b093 1f67b67c 3509108e 50c857c1 4a6f99ad ddbb8ff0 9f38c134
> > 464115cc 086b0a7f 3656c529 14e92847 74ce82aa c90939d5 e327b0cd bf3c22f8
> > 644cec88 f1a1e44b e4ac5dc7 61cbbe9b d51b5b75 7c1e1eeb c42a0033 7ed0c1f9
> > 0476f644 75020301 0001a381 a83081a5 30130603 551d2504 0c300a06 082b0601
> > 05050703 02301d06 03551d0e 04160414 03e0e552 755300f3 5eb7ff71 c90bcd94
> > 778da6c4 301f0603 551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40
> > c58ee44f 50302806 03551d11 0421301f 811d7361 72617377 61746940 63612e74
> > 656c6563 6f6d6c6f 6262792e 636f6d30 24060960 86480186 f842010d 04171615
> > 47656e65 72617465 64206279 20526f75 7465724f 53300d06 092a8648 86f70d01
> > 010b0500 03820101 0028d738 60f9b6fe 28fce31f 93816f2e 39570762 ef665d53
> > ae0d1c24 865083c8 45d74f31 66a9199a 034db37d 826e06c8 93f29784 8d793c2c
> > b200fb35 ecfd38df fe926862 680a6145 39182c17 b83a7b11 8f89550a ab8fce59
> > d05a1aa2 182c5aa3 9c9aa04e 88a50faa c7cfaab4 6b51e223 be57c3bb aa727546
> > c67bb300 62c4db14 e86c058a d00213e3 8ee4d586 b2bc9d64 0bc421d6 ec33cbc3
> > a066df6b cb65a5df 729212a5 19e17178 44600b99 a4e00234 a29e2454 40f21cfb
> > 11282b68 0441a12e 3da23ee1 6467b6f1 ede20e22 59ae0235 c1f0feb6 48084db6
> > 76d53cbf 14512149 48d29928 88359c46 d2b0e98b 0facca74 5b4a3882 e7782f85
> > e8eb8fc5 e406736b 8a
> > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00
> length 280
> > ikev2_pld_auth: method SIG length 272
> > 0f300d06 092a8648 86f70d01 010b0500 a1ad2037 5608e8bf 95a64425 0ca72c2e
> > 0895b403 1123aa0f 57ddede7 88a7c5d5 7cc8a5e8 5213be66 1d049db6 47ddccac
> > 99acbeab 371d0a6b 611a7084 fb5550d1 9e4b84ad 406048bc 9d8bdc8a baf646d8
> > 00177a3c 3454729a 770e95bc 754706ea ccbe9418 da5c62cd 75e6402f 6f7b7f67
> > b99b45cd 0a54e193 fe2128d0 02c65341 ac683194 c8493ab0 d23e96a2 6937ec08
> > 6b53b683 7820fd3a 63af3e9e 99f817ed 57256aa7 cff3d80b fd41dec8 27bf61dd
> > aab5fef9 603c364f 161736a4 68308962 1e1f75e5 c1b505c1 90c36d9e 3787bcd3
> > d6e26744 7f5e32b1 215e70bc f04319b6 a5f77042 41490269 fecd62e2 56df4f19
> > 1f325818 03f21676 96e366db d181b128
> > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_cp: type REPLY length 0
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical
> 0x00 length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
> length 44
> > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
> spisize 4 xforms 3 spi 0x15c92cc6
> > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
> length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->NODE_ES<-- end -->NODE_ES<--
> > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00
> length 24
> > ikev2_pld_tss: count 1 length 16
> > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0
> endport 65535
> > ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
> > spi=0x0469346daf3de27d: send IKE_AUTH res 1 peer -->NODE_ES<--:4500
> local -->HOST-US<---:4500, 1568 bytes, NAT-T
> > pfkey_sa_add: update spi 0x15c92cc6
> > ikev2_childsa_enable: loaded CHILD SA spi 0x15c92cc6
> > pfkey_sa_add: add spi 0xc977da0e
> > ikev2_childsa_enable: loaded CHILD SA spi 0xc977da0e
> > ikev2_childsa_enable: loaded flow 0x5a9867fe400
> > ikev2_childsa_enable: loaded flow 0x5a9cf4ec000
> > ikev2_childsa_enable: remember SA peer -->NODE_ES<--:4500
> > spi=0x0469346daf3de27d: ikev2_childsa_enable: loaded SPIs: 0x15c92cc6,
> 0xc977da0e
> > spi=0x0469346daf3de27d: ikev2_childsa_enable: loaded flows:
> ESP--->HOST-US<---/32=-->NODE_ES<--/32(47)
> > spi=0x0469346daf3de27d: sa_state: VALID -> ESTABLISHED from
> -->NODE_ES<--:4500 to -->HOST-US<---:4500 policy '-->HOST_ES<--'
> > spi=0x0469346daf3de27d: established peer
> -->NODE_ES<--:4500[UFQDN/-->HOSTNAME-ES<---@-->CA<---] local
> -->HOST-US<---:4500[UFQDN/-->HOSTNAME-US<---@-->CA<---] policy
> '-->HOST_ES<--' as responder
> > pfkey_sa_lookup: last_used 1614670222
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x15c92cc6 last used 0
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670236
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x15c92cc6 last used 1
> second(s) ago
> > pfkey_sa_lookup: last_used 1614670252
> > ikev2_ike_sa_alive: incoming CHILD SA spi 0x15c92cc6 last used 0
> second(s) ago
> >
>
>

--
Name: Riccardo Giuntoli
Email: taglio@gmail.com
Location: sant Pere de Ribes, BCN, Spain
PGP Key: 0x67123739
PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
Key server: hkp://wwwkeys.eu.pgp.net