Re: OpenIKED and Strongswan

create_ike: using signature for peer -->NODE_ES<--
ikev2 "-->HOST_ES<--" passive transport esp proto gre inet from -->HOST-US<--- to -->NODE_ES<-- local -->HOST-US<--- peer -->NODE_ES<-- ikesa enc aes-256 prf hmac-sha2-256,hmac-sha2-384,hmac-sha2-512,hmac-sha1 auth hmac-sha2-256 group ecp256 childsa enc aes-256 auth hmac-sha2-256 group ecp256 esn,noesn srcid -->HOSTNAME-US<---@-->CA<--- ikelifetime 3600 lifetime 1200 bytes 536870912 signature
/etc/iked.conf: loaded 1 configuration rules
ca_privkey_serialize: type RSA_KEY length 1193
ca_pubkey_serialize: type RSA_KEY length 270
ca_privkey_to_method: type RSA_KEY method RSA_SIG
ca_getkey: received private key type RSA_KEY length 1193
ca_getkey: received public key type RSA_KEY length 270
ca_dispatch_parent: config reset
ca_reload: loaded ca file ca.crt
ca_reload: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=-->CA<---
ca_reload: loaded 1 ca certificate
ca_reload: loaded cert file -->CERT-FR<---.crt
ca_reload: loaded cert file -->CERT-US<---.crt
ca_validate_cert: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=-->CERT-FR<--- ok
ca_validate_cert: /C=US/ST=Texas/L=Dallas/O=Telecom Lobby/OU=VPNC/CN=-->CERT-US<--- ok
ca_reload: local cert type X509_CERT
config_getocsp: ocsp_url none tolerate 0 maxage -1
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
config_getpolicy: received policy
config_getpfkey: received pfkey fd 3
config_getcompile: compilation done
config_getsocket: received socket fd 4
config_getsocket: received socket fd 5
config_getsocket: received socket fd 6
config_getsocket: received socket fd 7
config_getstatic: dpd_check_interval 15
config_getstatic: no enforcesingleikesa
config_getstatic: no fragmentation
config_getstatic: mobike
config_getstatic: nattport 4500
policy_lookup: setting policy '-->HOST_ES<--'
spi=0xc870f2a5b428b6b1: recv IKE_SA_INIT req 0 peer -->NODE_ES<--:500 local -->HOST-US<---:500, 1056 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0x0000000000000000
ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056 response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832
ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE spisize 0 xforms 37 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE spisize 0 xforms 45 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
ikev2_pld_ke: dh group ECP_256 reserved 0
fb4e28c8 2dc256a8 01f96855 47b989b8 bfe51d02 98dfc830 9a1926c2 ce43da18
825173f8 868e8e93 a0e15479 6648f94d df9bfcff 265f2894 369fac99 1c5390d1
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
fbb057f9 39f8991c 6147e3d5 efab770e aa42ca1c 570af11f f8af87db 2135edae
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
5b9719db 93af37fd d1506d29 77b4314f e99b3ba1
ikev2_nat_detection: peer source 0xc870f2a5b428b6b1 0x0000000000000000 -->NODE_ES<--:500
5b9719db 93af37fd d1506d29 77b4314f e99b3ba1
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
26dbd4cc e1365f1a 20cc721b 776e76b4 d97f93c2
ikev2_nat_detection: peer destination 0xc870f2a5b428b6b1 0x0000000000000000 -->HOST-US<---:500
26dbd4cc e1365f1a 20cc721b 776e76b4 d97f93c2
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
00020003 00040005
ikev2_pld_notify: signature hash SHA2_256 (2)
ikev2_pld_notify: signature hash SHA2_384 (3)
ikev2_pld_notify: signature hash SHA2_512 (4)
ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256)
proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 4
proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 0
policy_lookup: setting policy '-->HOST_ES<--'
spi=0xc870f2a5b428b6b1: sa_state: INIT -> SA_INIT
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256)
proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 4
proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 0
proposals_negotiate: score 1: ENCR AES_CBC 256
proposals_negotiate: score 1: PRF HMAC_SHA2_256
proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
proposals_negotiate: score 1: DH ECP_256
sa_stateok: SA_INIT flags 0x0000, require 0x0000
sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
spi=0xc870f2a5b428b6b1: ikev2_sa_keys: DHSECRET with 32 bytes
4a83aa63 4ac034c7 be328bea f0eac5da d117ba41 eea32330 17b36200 19c5f7a5
ikev2_sa_keys: SKEYSEED with 32 bytes
c4449822 30e6c834 83caec16 7409dd2f 83984206 86a748a0 39d8af89 397b054d
spi=0xc870f2a5b428b6b1: ikev2_sa_keys: S with 80 bytes
fbb057f9 39f8991c 6147e3d5 efab770e aa42ca1c 570af11f f8af87db 2135edae
8ab04bee 544dc638 9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00
c870f2a5 b428b6b1 f2df80a5 dd2f5b33
ikev2_prfplus: T1 with 32 bytes
0db03dbc 96a38ba0 78a1e472 bc6ecfea 3e2e3db1 5303eb1c 4d14f919 f5802901
ikev2_prfplus: T2 with 32 bytes
a173a0d8 7f060aa8 6c812231 b5920ecf 35779516 081d2946 3b73d58d 9b537b02
ikev2_prfplus: T3 with 32 bytes
2a141ed7 5f9fb6d1 fee06cb4 31d31075 199b0d7a e982b976 946fc8df 202e4359
ikev2_prfplus: T4 with 32 bytes
d54043e1 b34d9d11 bd38c5bb 207083ac 7adbb8f3 4c83c0da 6b069ac6 2714666d
ikev2_prfplus: T5 with 32 bytes
e871e73a 1ab8c048 bfa5428b db4aed8a 5d7f022c f9aa7551 6ea70a97 ab2d2e6b
ikev2_prfplus: T6 with 32 bytes
c76d3292 1f9fe008 4e1dc370 4f0c01fb 52379853 a70af25e 538d84af b61de39c
ikev2_prfplus: T7 with 32 bytes
0bd325e9 cf9d2036 467fd529 b454e0fb 040953f5 0015ee19 59b2dad5 b0a062dd
ikev2_prfplus: Tn with 224 bytes
0db03dbc 96a38ba0 78a1e472 bc6ecfea 3e2e3db1 5303eb1c 4d14f919 f5802901
a173a0d8 7f060aa8 6c812231 b5920ecf 35779516 081d2946 3b73d58d 9b537b02
2a141ed7 5f9fb6d1 fee06cb4 31d31075 199b0d7a e982b976 946fc8df 202e4359
d54043e1 b34d9d11 bd38c5bb 207083ac 7adbb8f3 4c83c0da 6b069ac6 2714666d
e871e73a 1ab8c048 bfa5428b db4aed8a 5d7f022c f9aa7551 6ea70a97 ab2d2e6b
c76d3292 1f9fe008 4e1dc370 4f0c01fb 52379853 a70af25e 538d84af b61de39c
0bd325e9 cf9d2036 467fd529 b454e0fb 040953f5 0015ee19 59b2dad5 b0a062dd
ikev2_sa_keys: SK_d with 32 bytes
0db03dbc 96a38ba0 78a1e472 bc6ecfea 3e2e3db1 5303eb1c 4d14f919 f5802901
ikev2_sa_keys: SK_ai with 32 bytes
a173a0d8 7f060aa8 6c812231 b5920ecf 35779516 081d2946 3b73d58d 9b537b02
ikev2_sa_keys: SK_ar with 32 bytes
2a141ed7 5f9fb6d1 fee06cb4 31d31075 199b0d7a e982b976 946fc8df 202e4359
ikev2_sa_keys: SK_ei with 32 bytes
d54043e1 b34d9d11 bd38c5bb 207083ac 7adbb8f3 4c83c0da 6b069ac6 2714666d
ikev2_sa_keys: SK_er with 32 bytes
e871e73a 1ab8c048 bfa5428b db4aed8a 5d7f022c f9aa7551 6ea70a97 ab2d2e6b
ikev2_sa_keys: SK_pi with 32 bytes
c76d3292 1f9fe008 4e1dc370 4f0c01fb 52379853 a70af25e 538d84af b61de39c
ikev2_sa_keys: SK_pr with 32 bytes
0bd325e9 cf9d2036 467fd529 b454e0fb 040953f5 0015ee19 59b2dad5 b0a062dd
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 72 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0xc870f2a5b428b6b1 0xf2df80a5dd2f5b33 -->HOST-US<---:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0xc870f2a5b428b6b1 0xf2df80a5dd2f5b33 -->NODE_ES<--:500
ikev2_next_payload: length 28 nextpayload CERTREQ
ikev2_add_certreq: type X509_CERT length 21
ikev2_next_payload: length 25 nextpayload NOTIFY
ikev2_next_payload: length 14 nextpayload NONE
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279 response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
ikev2_pld_ke: dh group ECP_256 reserved 0
2213a051 4f8b600e 0a6113ef 4f8843e9 dfa82f90 afc341ce 1d22f142 cc1c99a6
d1aafd33 fa14c441 f55bbe7d ed87c6e0 7f53d608 68d9943e 8fa2bc83 05a734da
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
8ab04bee 544dc638 9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
e7c537c7 188717a7 e9730252 796a3ed3 a42caf24
ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
6c1a6db7 e62f6a24 2a3d9f69 b3a85e82 d19ab215
ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25
ikev2_pld_certreq: type X509_CERT length 20
d240096d 782460df c9e68072 dc0bc444 6fab51ba
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
00020003 0004
spi=0xc870f2a5b428b6b1: send IKE_SA_INIT res 0 peer -->NODE_ES<--:500 local -->HOST-US<---:500, 279 bytes
config_free_proposals: free 0x5a932127300
config_free_proposals: free 0x5a8ff545680
spi=0xc870f2a5b428b6b1: recv IKE_AUTH req 1 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 1792 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local -->HOST-US<---:4500
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792 response 0
ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764
ikev2_msg_decrypt: IV length 16
282989b4 f635471e 33d87b37 39081a33
ikev2_msg_decrypt: encrypted payload length 1728
2640dec6 2fc56d29 7db8e661 28ebb336 17a8f4cd 25a3ccfa 89e7ad66 64271f1d
ee4b3c4a 4b055e9b 09bf7ea2 78ff9f14 fecee886 354a66d3 d329f3ac 9276d27d
5673866d b272db95 55fa1240 24d9667a 5f6791ba 735d8837 c78c897d 07878af2
2c894a02 6a92528b 1ab6d0b4 6d1b85b5 3c8e096d 1bf1db5a 2405220a 5fb2701a
0dcbd992 d60cfaf1 76892665 917d4166 05d3aba3 ffc0fb65 454b0050 2a4c0783
fbceafc6 3e22cbe8 ef581b17 818c9fcb aec89edf bf785db7 979c10eb 16fac875
947460ad 472a85bf 06195076 92acc85b 949ee718 ce6e0f1d a98d2ba1 afe878a6
56c364ea 24838380 def824c9 e7cb8f82 5acb4846 9881b961 db6c5505 aff63119
484b2cc3 00baf748 83df503c 07737489 3d9b4855 a9094b86 a5b9c293 6d926302
61ed258a c7e99cbe 9afc82e1 62057d0f 5c1b2b4b f1a76bf9 c1b1dd34 b3ecacc2
47e14e80 aed04925 1f2bf477 e407c499 8357ed81 ef14dfb0 3e58bc3c 2145e5f6
65290b01 9fa26624 8a90d1aa ba04eeae 32d8d6c3 a5c10920 f76765d0 646440fd
006638a5 382bd6ed 5b01507e d0d6e493 70c2d33d d0e2c500 8fc86ca2 c3500c18
56320694 3069a66f d088ea6b 714cf2ac 1ef54157 6f42f331 15c4a990 0a3da535
94b91ca5 98f7a486 ce5a5d9b 3e269676 6bda0fb6 4e7c0110 efdc7ef0 1800e448
718ace5f f525542a 974f4eb2 b77a1595 7702680f 65b7408e 0a961dc3 8b50f1f4
fa0ccd1e 2e418e50 8ec2c389 26ceb8a4 505c8f24 629abddd 9630b741 809c4648
b3956f53 fb21be31 73aeb039 1df4e5bf cbe5c7c0 c6c96210 43d990b9 bcded92b
9a290630 fdb14255 4323f14d 33de0794 5a52f486 a8298e5c ea529b2a 5ddc4b78
4a8b8b42 5cb333b6 5feb538d ac7e6bff d1b4dade da1c5df9 fdbc9f19 485bf678
2307e38e e1b7d2ff 6e2e833d b58f9f23 1a1678b6 0d96461b 063b2f4c e24c8ebf
3493fcd5 a3c5834f a4973f39 605e00aa 6bff7e25 29bd5988 c5d20a16 2b017456
1c8849b3 2ade4068 1e625767 a4ca2c2c 0d461c46 71dd1427 05df97cf bd5c1b2a
e82d10d1 d51af789 1d8032a0 0fb77c3b 451c20fb f6a3a1fb 728124ca d2c9fd11
ec89d1b2 ba45c49a bfe0a932 703d5b3e 17a9c49c 0d0eb141 0bc41f45 1a4ac38a
1cec485b da65cd3d 42f15867 659589e8 ba8a9347 8bb44672 e686731b 478c83e9
c7e83057 24e5044b 5f5198a5 3d295aec 44f6460b c8ee15f0 69c5281b 1cfebf8e
7ac337ae ef0fff4a 4d0bbfba 494c3a2c e37ecae0 f683e5c7 b854efd3 0d08c6b4
9a926bc7 cbaf03c5 0ef8a358 669df5bf c65bc600 73afeeeb 8136b4a7 fecf5c73
523d5823 8a6519ad afb1e36e a56f2d04 7633cf23 e46c45b3 2b5e9ffa d293379a
6f8faf1b fec85884 ea5848f7 300d7694 6b073fe4 11fb7d20 a7597cfc a8f502de
b053ab34 6abf4177 bbb7f934 69e4b438 3d6c0524 c7b46d60 03807a8c a5f190a3
54f2d9c8 d8e20705 0ec86bdf 28f7c74e 9b9dcaf9 2cd6ea07 9d11e1f6 62d86cda
a2ae7491 c5eedc6b 8b8dad17 e2f42164 a2be7565 4d246839 f47b5442 76d63104
d71f6319 6b48af35 e3c78e0d 0a8f160a 6ea2119e ed5b0eea a9f22e0e 499115d6
8f322757 495c597a 8b43bcbc 5282df1c aa2ca71a a8d00f4b 61859a5f b567e0b3
18ca7aab fd0c8571 7bb0b869 2a48f6ba 1ba0b386 c72ead0a 5f6cbe74 eac0e03f
afc12dfa 219f768f 553712ce e3b88cd5 99a0f875 8ca3070a 5a4021c2 5a4193e3
57b3140d d075f597 5c2a9dff 28c6db78 46dbec18 f5fc5200 5216bc7f 449ac561
c7450ea9 8e55600d 67c99564 3129b8e1 69d5a885 09b8a534 21c66d74 449f9948
fc5c83e0 c3109d36 20e2a758 98aaa30a cf9cfb08 ba3682b3 d0a82d94 11f85003
34731fef 7dfe17d8 4dba31a7 1a6a027f 8d64b030 0b92dbb0 32bbbe1f b28f00c1
c4a54916 7f334169 6a7e7894 1e1eb7b9 f94f42c3 41d3a29c 53aa32e8 b323cb60
c9af3487 dcca9bde 1baf3559 76890f71 f2e69b12 7c111d4b 6dac1a05 cd6314d3
21221e3b d4c19cae cd7c285a 94e6b091 7b69f797 68af4edc b9fc4f31 78bf4163
9b48e930 3e64b51d 5cd4bfd9 fdfcbe45 d0b701a5 0c355bc6 076f3ae6 7b769911
94f1fcd4 2488fd7f 7748460f 1d0f4bc9 6be99fde 093d6f1e 3b0c952d 5383d552
1b7ba7fd 228207f0 c91c2367 31b30a4d 00f0ee8b ecb0e84f 318a55e6 27bd12ed
fff0a1f8 ca1405b8 04fd9bc8 ac106125 1a69a988 2a123fef cf5d7eb8 ba53dba2
91c1d600 c822fdc4 c15120ce ee36dee5 0d1c4429 c7f49de8 9f65d727 8098da2d
cd480ebf e52eda13 ad012ef8 2816108e cf93e240 f01db967 381c81e5 338480fb
991b2027 b4fe6b2e b6b70868 864c4a07 237a7763 01e09d8c ec2e659c 151a4c55
2f2cf3a1 07ed3d86 edd4e937 d815b5e3 0f8bd824 aaa856a2 4347ca43 a457a2be
3dd87202 b73ae12c 70a0bd29 a6df51d7 7b071066 a3af80be 83e1cda9 85b127c2
ikev2_msg_decrypt: integrity checksum length 16
54a8929d dd562669 086ebe95 9c8b1df7
ikev2_msg_decrypt: integrity check succeeded
54a8929d dd562669 086ebe95 9c8b1df7
ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
25000021 03000000 696e6472 61406361 2e74656c 65636f6d 6c6f6262 792e636f
6d290004 42043082 04393082 0321a003 02010202 082fc4d9 c96de04c b3300d06
092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652 311a3018
06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014 06035504
070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54 656c6563
6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06 03550403
0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130 32303930
39353333 335a170d 32323032 30393039 35333333 5a30818a 310b3009 06035504
06130245 53311230 10060355 04080c09 43617461 6c756e79 61311b30 19060355
04070c12 73616e74 20506572 65206465 20526962 65733116 30140603 55040a0c
0d54656c 65636f6d 204c6f62 6279310d 300b0603 55040b0c 0456504e 43312330
21060355 04030c1a 52542d30 312e6361 742e7465 6c65636f 6d6c6f62 62792e63
6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282
010100a3 db48a4b0 40b55682 81326f75 39065825 9ea9852b 6eeaa601 c4c692fa
80b16e5e bbcf8072 947ac073 f9b8e372 87cfbc6d 4002f200 d6daf70c 040b1a3f
1a8dfae5 3df72d9a d249803e a1a6b1dc 2f43a6f5 6b930198 a10b79e4 4acbf30f
68aa8f3e 7f06a0cb 17283584 502629de 0bc50868 75202485 56bab2fe d1c4ca7a
ee08c458 74618b80 d82d0fd8 f95e4444 b6d445b7 223e6529 459e672b be640500
3ddfec49 1e6192e6 6c0e57cf 937f3728 c29cb9c7 d9bce970 aa0370fb 7e19e3f7
150b2d2d 706c32e0 986d78bc 0b25eeff fe27707e 1bd36caa c844fafd 792795cb
8b919b40 d9906ed7 dccc1192 b1d18453 6d567b6b a9f5cbed b27899a5 cd7514c1
eaea1b02 03010001 a381a430 81a13013 0603551d 25040c30 0a06082b 06010505
07030230 1d060355 1d0e0416 0414d277 dc485c0f 9c282246 c877c363 d3883d07
ed9d301f 0603551d 23041830 1680142a c5939e9b 0361a9a9 b61eb388 3d40c58e
e44f5030 24060355 1d11041d 301b8119 696e6472 61406361 2e74656c 65636f6d
6c6f6262 792e636f 6d302406 09608648 0186f842 010d0417 16154765 6e657261
74656420 62792052 6f757465 724f5330 0d06092a 864886f7 0d01010b 05000382
01010056 c2f37bdf fba9a57a 17b5dcd9 062632b3 5bd7cd5e 0182b1e4 fb23bba8
8d2b0005 a406253c c28dea45 91ea8961 99b38e2b 30816fb9 3ad824f0 b9992412
dc584ec1 a3f52bc1 0a9a198f da49baf6 40d3ac5d 136095cd 7ed56814 3413d831
8e782e4c 4d1c1c82 e0ecb3ae 46254ee7 4f840f39 fcb19fde 7e5d94ad 05ac9caf
376ed1d5 e6bd774a 45cd4b20 26cc2e37 163c029c 33a41a2a 8f0f1ef8 f799327b
4c4265af ef9ab66c 11f73fcf 2d1724b7 acb365d9 7e922035 d1e7a807 f5020ce6
da69dc25 55824ce4 1c28e334 5583d13c f1a79f1e 248fe4ff dd32fa34 0d0e870d
a3654381 4118362c 99b00024 570a5104 3058d09a e9a66d6e 294a297e 805c506d
ce832b26 00000800 00400027 00005504 d240096d 782460df c9e68072 dc0bc444
6fab51ba d240096d 782460df c9e68072 dc0bc444 6fab51ba 3b6a7f0c 2f567b94
1954764f bfae24cd 40d9ea01 a467a75b d9f8d81b 482a9316 39c96dc0 98337349
2f000118 0e000000 0f300d06 092a8648 86f70d01 010b0500 71a25162 15fdcfdb
a41cd95f 479f455c 0a672e88 26c09274 32a82937 c6fdc8b2 ee4b45f0 2320509d
ae992a39 2ccbc568 28ca972b 57cb6b6b 73bbc1d6 11fa2eeb f4a9e4af 3a834f0d
16f9442a a9f241a5 3bc2ebb9 c9817533 c138e7c9 4ecdd9a5 ae2e771d 4ae9a5f3
8e34fb38 c55761a2 718b1489 df0cfedf 0f3acad3 a937f528 e04a65e0 ba7d2221
242fbe2e 32dae8f7 0dac46b0 4ac0971b aa4db8da 4c318e9d 6ccf600f 186eeaac
0bd2b238 e825396c 2f84219a a51ef78c c09cb366 37ddba31 538f814f 80eb4059
5d242e85 9e4c74a0 bd219e6f 2bf423a1 be2a7523 bfeb7768 d55a14dd 2aa9c1d3
de19fc52 6c546417 4d042a7f f0df7cb1 e93bbb48 213c382a 29000010 01000000
00010000 00030000 21000008 00004007 2c000064 00000060 01030409 cd21dd16
0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0 0300000c 0100000c
800e0100 03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008
03000002 03000008 03000005 00000008 05000000 2d000018 01000000 072f0010
0000ffff 00000000 ffffffff 29000018 01000000 072f0010 0000ffff 9b8af71b
9b8af71b 29000008 0000400c 29000018 0000400e 2a029003 00b70a85 105cb394
07f03ae0 29000008 00004021 00000008 00004024 bbe09fe6 cfef20a1 f1b1150b
ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length 33
ikev2_pld_id: id UFQDN/-->HOSTNAME-ES<---@-->CA<--- length 29
ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical 0x00 length 1090
ikev2_pld_cert: type X509_CERT length 1085
30820439 30820321 a0030201 0202082f c4d9c96d e04cb330 0d06092a 864886f7
0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303230 39303935 3333335a
170d3232 30323039 30393533 33335a30 818a310b 30090603 55040613 02455331
12301006 03550408 0c094361 74616c75 6e796131 1b301906 03550407 0c127361
6e742050 65726520 64652052 69626573 31163014 06035504 0a0c0d54 656c6563
6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 23302106 03550403
0c1a5254 2d30312e 6361742e 74656c65 636f6d6c 6f626279 2e636f6d 30820122
300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00a3db48
a4b040b5 56828132 6f753906 58259ea9 852b6eea a601c4c6 92fa80b1 6e5ebbcf
8072947a c073f9b8 e37287cf bc6d4002 f200d6da f70c040b 1a3f1a8d fae53df7
2d9ad249 803ea1a6 b1dc2f43 a6f56b93 0198a10b 79e44acb f30f68aa 8f3e7f06
a0cb1728 35845026 29de0bc5 08687520 248556ba b2fed1c4 ca7aee08 c4587461
8b80d82d 0fd8f95e 4444b6d4 45b7223e 6529459e 672bbe64 05003ddf ec491e61
92e66c0e 57cf937f 3728c29c b9c7d9bc e970aa03 70fb7e19 e3f7150b 2d2d706c
32e0986d 78bc0b25 eefffe27 707e1bd3 6caac844 fafd7927 95cb8b91 9b40d990
6ed7dccc 1192b1d1 84536d56 7b6ba9f5 cbedb278 99a5cd75 14c1eaea 1b020301
0001a381 a43081a1 30130603 551d2504 0c300a06 082b0601 05050703 02301d06
03551d0e 04160414 d277dc48 5c0f9c28 2246c877 c363d388 3d07ed9d 301f0603
551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40 c58ee44f 50302406
03551d11 041d301b 8119696e 64726140 63612e74 656c6563 6f6d6c6f 6262792e
636f6d30 24060960 86480186 f842010d 04171615 47656e65 72617465 64206279
20526f75 7465724f 53300d06 092a8648 86f70d01 010b0500 03820101 0056c2f3
7bdffba9 a57a17b5 dcd90626 32b35bd7 cd5e0182 b1e4fb23 bba88d2b 0005a406
253cc28d ea4591ea 896199b3 8e2b3081 6fb93ad8 24f0b999 2412dc58 4ec1a3f5
2bc10a9a 198fda49 baf640d3 ac5d1360 95cd7ed5 68143413 d8318e78 2e4c4d1c
1c82e0ec b3ae4625 4ee74f84 0f39fcb1 9fde7e5d 94ad05ac 9caf376e d1d5e6bd
774a45cd 4b2026cc 2e37163c 029c33a4 1a2a8f0f 1ef8f799 327b4c42 65afef9a
b66c11f7 3fcf2d17 24b7acb3 65d97e92 2035d1e7 a807f502 0ce6da69 dc255582
4ce41c28 e3345583 d13cf1a7 9f1e248f e4ffdd32 fa340d0e 870da365 43814118
362c99b0 0024570a 51043058 d09ae9a6 6d6e294a 297e805c 506dce83 2b
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 length 85
ikev2_pld_certreq: type X509_CERT length 80
d240096d 782460df c9e68072 dc0bc444 6fab51ba d240096d 782460df c9e68072
dc0bc444 6fab51ba 3b6a7f0c 2f567b94 1954764f bfae24cd 40d9ea01 a467a75b
d9f8d81b 482a9316 39c96dc0 98337349
ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
ikev2_pld_auth: method SIG length 272
0f300d06 092a8648 86f70d01 010b0500 71a25162 15fdcfdb a41cd95f 479f455c
0a672e88 26c09274 32a82937 c6fdc8b2 ee4b45f0 2320509d ae992a39 2ccbc568
28ca972b 57cb6b6b 73bbc1d6 11fa2eeb f4a9e4af 3a834f0d 16f9442a a9f241a5
3bc2ebb9 c9817533 c138e7c9 4ecdd9a5 ae2e771d 4ae9a5f3 8e34fb38 c55761a2
718b1489 df0cfedf 0f3acad3 a937f528 e04a65e0 ba7d2221 242fbe2e 32dae8f7
0dac46b0 4ac0971b aa4db8da 4c318e9d 6ccf600f 186eeaac 0bd2b238 e825396c
2f84219a a51ef78c c09cb366 37ddba31 538f814f 80eb4059 5d242e85 9e4c74a0
bd219e6f 2bf423a1 be2a7523 bfeb7768 d55a14dd 2aa9c1d3 de19fc52 6c546417
4d042a7f f0df7cb1 e93bbb48 213c382a
ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 16
ikev2_pld_cp: type REQUEST length 8
00010000 00030000
ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 100
ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP spisize 4 xforms 9 spi 0xcd21dd16
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 24
ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS
2a029003 00b70a85 105cb394 07f03ae0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type IKEV2_MESSAGE_ID_SYNC_SUPPORTED
ikev2_handle_notifies: mobike enabled
sa_stateok: SA_INIT flags 0x0000, require 0x0000
spi=0xc870f2a5b428b6b1: sa_state: SA_INIT -> AUTH_REQUEST
policy_lookup: peerid '-->HOSTNAME-ES<---@-->CA<---'
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 256 <-> 256)
proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 4
policy_lookup: setting policy '-->HOST_ES<--'
ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_msg_auth: responder auth data length 343
c870f2a5 b428b6b1 f2df80a5 dd2f5b33 21202220 00000000 00000117 22000030
0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008
0300000c 00000008 04000013 28000048 00130000 2213a051 4f8b600e 0a6113ef
4f8843e9 dfa82f90 afc341ce 1d22f142 cc1c99a6 d1aafd33 fa14c441 f55bbe7d
ed87c6e0 7f53d608 68d9943e 8fa2bc83 05a734da 29000024 8ab04bee 544dc638
9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00 2900001c 00004004
e7c537c7 188717a7 e9730252 796a3ed3 a42caf24 2600001c 00004005 6c1a6db7
e62f6a24 2a3d9f69 b3a85e82 d19ab215 29000019 04d24009 6d782460 dfc9e680
72dc0bc4 446fab51 ba000000 0e000040 2f000200 030004fb b057f939 f8991c61
47e3d5ef ab770eaa 42ca1c57 0af11ff8 af87db21 35edae0f 65e22c0f 7ba67ec5
f3b84c4f 45977277 cd60a97f d01d4298 cfd7c331 490e33
ca_setauth: switching SIG_ANY to SIG
ca_setauth: auth length 343
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256)
proposals_match: xform 1 <-> 1 (2): ESN NONE (keylength 0 <-> 0)
proposals_negotiate: score 4
proposals_negotiate: score 1: ENCR AES_CBC 256
proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
proposals_negotiate: score 2: ESN NONE
sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
config_free_proposals: free 0x5a9541fef80
ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=-->CA<---
ca_x509_subjectaltname_do: did not find subjectAltName in certificate
ca_getreq: found local certificate /C=US/ST=Texas/L=Dallas/O=Telecom Lobby/OU=VPNC/CN=-->CERT-US<---
_dsa_sign_encode: signature scheme 0 selected
_dsa_sign_encode: signature scheme 0 selected
_dsa_sign_encode: signature scheme 0 selected
ca_setauth: auth length 272
ca_validate_pubkey: could not open public key pubkeys/ufqdn/-->HOSTNAME-ES<---@-->CA<---
ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom Lobby/OU=VPNC/CN=-->HOST_ES<-- ok
ikev2_getimsgdata: imsg 22 rspi 0xf2df80a5dd2f5b33 ispi 0xc870f2a5b428b6b1 initiator 0 sa valid type 4 data length 1065
ikev2_dispatch_cert: cert type X509_CERT length 1065, ok
sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_getimsgdata: imsg 28 rspi 0xf2df80a5dd2f5b33 ispi 0xc870f2a5b428b6b1 initiator 0 sa valid type 14 data length 272
ikev2_dispatch_cert: AUTH type 14 len 272
sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_getimsgdata: imsg 23 rspi 0xf2df80a5dd2f5b33 ispi 0xc870f2a5b428b6b1 initiator 0 sa valid type 4 data length 1085
ikev2_msg_auth: initiator auth data length 1120
c870f2a5 b428b6b1 00000000 00000000 21202208 00000000 00000420 22000340
02000160 01010025 0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0
0300000c 0100000c 800e0100 0300000c 01000017 800e0080 0300000c 01000017
800e00c0 0300000c 01000017 800e0100 0300000c 0100000d 800e0080 0300000c
0100000d 800e00c0 0300000c 0100000d 800e0100 0300000c 01000018 800e0080
0300000c 01000018 800e00c0 0300000c 01000018 800e0100 03000008 01000003
03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008 03000002
03000008 03000005 03000008 03000008 03000008 02000005 03000008 02000006
03000008 02000007 03000008 02000004 03000008 02000008 03000008 02000002
03000008 04000013 03000008 04000014 03000008 04000015 03000008 0400001c
03000008 0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f
03000008 04000010 03000008 04000011 03000008 04000012 00000008 0400000e
000001dc 0201002d 0300000c 01000014 800e0080 0300000c 01000014 800e00c0
0300000c 01000014 800e0100 0300000c 01000010 800e0080 0300000c 01000010
800e00c0 0300000c 01000010 800e0100 0300000c 0100001b 800e0080 0300000c
0100001b 800e00c0 0300000c 0100001b 800e0100 0300000c 01000013 800e0080
0300000c 01000013 800e00c0 0300000c 01000013 800e0100 0300000c 01000012
800e0080 0300000c 01000012 800e00c0 0300000c 01000012 800e0100 0300000c
0100000e 800e0080 0300000c 0100000e 800e00c0 0300000c 0100000e 800e0100
0300000c 0100000f 800e0080 0300000c 0100000f 800e00c0 0300000c 0100000f
800e0100 0300000c 01000019 800e0080 0300000c 01000019 800e00c0 0300000c
01000019 800e0100 0300000c 0100001a 800e0080 0300000c 0100001a 800e00c0
0300000c 0100001a 800e0100 03000008 02000005 03000008 02000006 03000008
02000007 03000008 02000004 03000008 02000008 03000008 02000002 03000008
04000013 03000008 04000014 03000008 04000015 03000008 0400001c 03000008
0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f 03000008
04000010 03000008 04000011 03000008 04000012 00000008 0400000e 28000048
00130000 fb4e28c8 2dc256a8 01f96855 47b989b8 bfe51d02 98dfc830 9a1926c2
ce43da18 825173f8 868e8e93 a0e15479 6648f94d df9bfcff 265f2894 369fac99
1c5390d1 29000024 fbb057f9 39f8991c 6147e3d5 efab770e aa42ca1c 570af11f
f8af87db 2135edae 2900001c 00004004 5b9719db 93af37fd d1506d29 77b4314f
e99b3ba1 2900001c 00004005 26dbd4cc e1365f1a 20cc721b 776e76b4 d97f93c2
29000008 0000402e 29000010 0000402f 00020003 00040005 00000008 00004016
8ab04bee 544dc638 9aacd0c4 4d2fd141 ce030fa4 47db06b6 0e3b4e35 80fc8e00
403b497c 4a0d0e5f fe6ed31d a73a1254 d614ad46 17edb761 8297f711 a392cd2a
ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
_dsa_verify_init: signature scheme 0 selected
ikev2_msg_authverify: authentication successful
spi=0xc870f2a5b428b6b1: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_dispatch_cert: peer certificate is valid
sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
spi=0xc870f2a5b428b6b1: sa_state: AUTH_SUCCESS -> VALID
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
ikev2_sa_tag: (0)
ikev2_childsa_negotiate: proposal 1
ikev2_childsa_negotiate: key material length 128
ikev2_prfplus: T1 with 32 bytes
83d5aea1 7b9d8e9d ed5dec4e 98014a68 6061640a 0cb3b8e1 08d434ec 73fda0e1
ikev2_prfplus: T2 with 32 bytes
ada9ecd8 8df6b3e8 70876ed7 c15ac445 c312e014 68d52b74 f34309a7 3c258859
ikev2_prfplus: T3 with 32 bytes
204947a0 28353211 2f785ea8 7630cf0b 5aca6258 d50b3ee6 cfa05415 2a0a74be
ikev2_prfplus: T4 with 32 bytes
e9dbc08b 1f79a9e3 7b1a1819 0aa5c10b fb473ff2 ae5b795b 4d77c92e 90b54df0
ikev2_prfplus: Tn with 128 bytes
83d5aea1 7b9d8e9d ed5dec4e 98014a68 6061640a 0cb3b8e1 08d434ec 73fda0e1
ada9ecd8 8df6b3e8 70876ed7 c15ac445 c312e014 68d52b74 f34309a7 3c258859
204947a0 28353211 2f785ea8 7630cf0b 5aca6258 d50b3ee6 cfa05415 2a0a74be
e9dbc08b 1f79a9e3 7b1a1819 0aa5c10b fb473ff2 ae5b795b 4d77c92e 90b54df0
pfkey_sa_getspi: spi 0x50e4e0d2
pfkey_sa_init: new spi 0x50e4e0d2
ikev2_next_payload: length 37 nextpayload CERT
ikev2_next_payload: length 1070 nextpayload AUTH
ikev2_next_payload: length 280 nextpayload CP
ikev2_next_payload: length 8 nextpayload NOTIFY
ikev2_add_notify: done
ikev2_next_payload: length 8 nextpayload NOTIFY
ikev2_add_notify: done
ikev2_next_payload: length 8 nextpayload SA
ikev2_add_proposals: length 40
ikev2_next_payload: length 44 nextpayload TSi
ikev2_next_payload: length 24 nextpayload TSr
ikev2_next_payload: length 24 nextpayload NONE
ikev2_next_payload: length 1540 nextpayload IDr
ikev2_msg_encrypt: decrypted length 1503
25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
2a864886 f70d0101 0b050048 38dd0031 679b58e6 3198f12b 36790423 7c44ad15
55062882 53eb88f0 98f81065 60f1cb6d 3e5b19a3 77c526c7 70a37722 29f59bf0
827ce545 6869bf34 fd54e8da 1d6e0d4a c7ab5ca1 d35fc212 b29e10c1 67da905f
62ccc153 a311ec70 06d76408 1dac7f9c 17146925 3af25e99 a50f834f 04dc7234
841be95e 86df2d9c 2caefb11 3e93a20a 8d270359 52b871a5 8ab383a8 0063a6e2
c800be60 dee87f89 692209e2 a3cea439 a82224af e96617ed 88a4e8c8 1dce4521
aa8e6033 36c0e628 aad05fb9 79beba3b abf0451d 5ee45b43 2316de10 389d9c2d
15d9284a c3ddd1b6 ced8d74e 6d860332 57162dda 6434342f 04284f3a 6c6bc5c6
b4d8b4c3 deb06260 911d4429 00000802 00000029 00000800 00400721 00000800
00400c2c 00002c00 00002801 03040350 e4e0d203 00000c01 00000c80 0e010003
00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b
ikev2_msg_encrypt: padded length 1504
25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
2a864886 f70d0101 0b050048 38dd0031 679b58e6 3198f12b 36790423 7c44ad15
55062882 53eb88f0 98f81065 60f1cb6d 3e5b19a3 77c526c7 70a37722 29f59bf0
827ce545 6869bf34 fd54e8da 1d6e0d4a c7ab5ca1 d35fc212 b29e10c1 67da905f
62ccc153 a311ec70 06d76408 1dac7f9c 17146925 3af25e99 a50f834f 04dc7234
841be95e 86df2d9c 2caefb11 3e93a20a 8d270359 52b871a5 8ab383a8 0063a6e2
c800be60 dee87f89 692209e2 a3cea439 a82224af e96617ed 88a4e8c8 1dce4521
aa8e6033 36c0e628 aad05fb9 79beba3b abf0451d 5ee45b43 2316de10 389d9c2d
15d9284a c3ddd1b6 ced8d74e 6d860332 57162dda 6434342f 04284f3a 6c6bc5c6
b4d8b4c3 deb06260 911d4429 00000802 00000029 00000800 00400721 00000800
00400c2c 00002c00 00002801 03040350 e4e0d203 00000c01 00000c80 0e010003
00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
ikev2_msg_encrypt: length 1504, padding 0, output length 1536
7ff1a8ea afd7c75d 04856811 3cb768e0 a5beb593 6f4e064c f5b4d246 2e420a00
40726193 cd22693a a16e690d 0c618a56 95ec3190 94ad4094 861c1d8e 0c6cd80e
30012f5a 54e5726e b90af238 fc89de8f fa49211b d537b00a c74d2b76 eab44858
64556ac2 49ac3aed 1fedf547 293034d9 5720e4b6 e0ec3a0a dd079e87 e57ea852
915faed2 f08769ae abeba225 cab58ae1 f37db0e9 26799545 1c567644 56cfa02a
4fe566f0 25d3dfd1 bb4284a8 c8d664ee bc2480fd 07a55302 bc5c7f00 50649002
ef3387c9 f9f9117f b20b1876 549668ea 682276c9 e22a07c7 15457a8b 4d201e28
1618553c b66101eb 372f082f 8a32014a 60058d8d e62503d0 4d04312b 2d91be1d
64a9299f 761b168b 32f21339 0ca59c66 552cdd40 09c7819c 9d3f0fea 37cd0145
97264fdd 91511f67 56f5e4e1 574a7651 877a934f ab732db4 c57f8110 86258a5c
83ca131c 250e4af0 4f37070d 80e052af c7f229ff 43fcfd86 b7dcf4ed a481a90a
f2b7b6b3 cd0f4e45 6ba21aa5 838786d2 e82f723a e5a7b741 e99fb521 880a39da
860e05cc 7f3a133d 6c6e2813 41b6d6f9 7082eee0 073a630b b07e35c3 8aa11708
4b3e0adb d274c12f 35a53783 a8bd0afb 8abb9a58 bee67d71 4394259a 23f37076
120bef82 17144995 edc21c7f 628fe780 c951c173 02091175 bf6f5158 9fc29465
9d019736 c0ecfc64 7a6ba117 0c1fcad6 84316d93 c57b61cf 88ef136d 652f5c88
140ad285 6cf20c40 ca4534b3 dd9b1711 bd68cf01 a1e35205 c027e56b bbd9ac26
5a243cce 764b6138 84b6fa34 8a8731c7 61a613ba ad6f31b4 b085e7be 6e574c6d
748801cd 7906e85c 8a66329d 8948e688 93fef048 19968212 a895b4e7 241f21f5
6b28fc07 0277e1f6 92b35cc9 70f818d9 10fcd24f b20623e5 2e9fe64b 185ee1c9
44d6f7f6 b6acabf6 3348548a c891bdb9 98413b90 9ebbeb3d 816ee802 34a21900
f99e273c a61aa967 71fbebd1 a1570046 56eb4f74 edb8f879 7735d5cf 765f4f30
1e0dbf65 11257b7a 40e221a0 562a0151 92a2c1ae 141ea28c d0f06549 b2f3ef4f
84476513 7bcc2254 72fdffb2 cce1568a 95c3f994 3dcd5740 b25b7d2c f1b57223
e0a65192 8eec875d d613ddd8 b3a1ff8f f408c0a5 21a30d0f daf956e1 f2d257e7
e3643d9f 03562e92 d1769f9c b6d3ee0e 60454033 a79f88d9 8be80e9d 78229616
2cbea059 44921f7b f5728a9c 0b615e5f 51113d61 53003714 eaadacef e5b9ac3f
ee48908f c8893ef1 dee7de2f b58739df d368ce61 7deac339 4965e9bc 58cd1fa3
865b3bd3 453f3095 23db7b24 929112c2 ecd999fa 0516f5aa 67daaace 66fec9c8
76cae89c ed4ca2e6 3c5a61d4 42b77dc7 5fda3326 7c32a825 b90af1f3 8df3d7d2
479decd6 ed07435e 69d9da1f c655f1a9 418b03c3 05f8727c c28910dd b0ca62f6
f83c1ccc 04a805a0 389b4162 1da56acb e6be9e6e b644cd7b 8d8422da 6dd4a0cb
ecca809b da4f2cf4 fd96a5d2 1e15c189 8e7f4e32 32ee1d47 0f0e4fbc dc7ec75c
bcbdb974 f7979bef 4efdab1f 6d66ce5a caa03313 fd4ca295 6ec64370 5469f8de
978295a2 a7b83cd3 2ae7965a 938ac9ba f2969e5b 2870d1b5 c7c9744f 577f9163
c38c57cd feac3244 cde6c706 4a900738 a702df1e 918264bf 76117e2c 45c78dcb
51a392c5 ebbf040c c9c19aaf 92684f2c 3e6d2ed5 6867e356 76946ab7 51b93841
3a04b3bc 283ca2ba b0b6dcdc c1e4ff71 4237f650 bbf0ebe5 1e74bebe 6fcb9ef2
08519453 c798b5ae 6fbb4ec0 8a36066f dcf7586c 683aecb5 28fc5379 12dc1a56
1fe57b65 70a86bd9 19a040cc acd3dc6b e55c284e 4686d410 764247ea 83f5606a
ac623293 6c4307fd e7e3efd6 a806ac4a 215212d4 1471efef 784b7a0b 0e755b38
11287e0a 3df8ebc4 be05ec3f c3f7206c 25c54b8b efb88b5c fd4b35e1 3f5f281b
4031af96 056554e0 817a25db e8d7912b ae378659 65bc1fd0 9b870474 78f4f0cc
f0d1ea91 f944eb6c 66744a93 d35c55d5 fba3b74b 0399b35f d8118c91 eb96472e
4df4eef9 c99075f6 36c1528f 19328de6 de8503c1 1f86f34e 41e2ad1b cf8eb068
385277f2 1027f1c3 710907c4 38253d83 10e77343 6f60b54f accc7dc9 db7ed987
6ab58ee3 a35f4e29 b963fbc2 a5eaa5a7 b6923406 572c0fbe 5ae353ab 94d91d67
c21c1be8 6bc6d845 e764e413 e3926306 00000000 00000000 00000000 00000000
ikev2_msg_integr: message length 1568
c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202320 00000001 00000620 24000604
7ff1a8ea afd7c75d 04856811 3cb768e0 a5beb593 6f4e064c f5b4d246 2e420a00
40726193 cd22693a a16e690d 0c618a56 95ec3190 94ad4094 861c1d8e 0c6cd80e
30012f5a 54e5726e b90af238 fc89de8f fa49211b d537b00a c74d2b76 eab44858
64556ac2 49ac3aed 1fedf547 293034d9 5720e4b6 e0ec3a0a dd079e87 e57ea852
915faed2 f08769ae abeba225 cab58ae1 f37db0e9 26799545 1c567644 56cfa02a
4fe566f0 25d3dfd1 bb4284a8 c8d664ee bc2480fd 07a55302 bc5c7f00 50649002
ef3387c9 f9f9117f b20b1876 549668ea 682276c9 e22a07c7 15457a8b 4d201e28
1618553c b66101eb 372f082f 8a32014a 60058d8d e62503d0 4d04312b 2d91be1d
64a9299f 761b168b 32f21339 0ca59c66 552cdd40 09c7819c 9d3f0fea 37cd0145
97264fdd 91511f67 56f5e4e1 574a7651 877a934f ab732db4 c57f8110 86258a5c
83ca131c 250e4af0 4f37070d 80e052af c7f229ff 43fcfd86 b7dcf4ed a481a90a
f2b7b6b3 cd0f4e45 6ba21aa5 838786d2 e82f723a e5a7b741 e99fb521 880a39da
860e05cc 7f3a133d 6c6e2813 41b6d6f9 7082eee0 073a630b b07e35c3 8aa11708
4b3e0adb d274c12f 35a53783 a8bd0afb 8abb9a58 bee67d71 4394259a 23f37076
120bef82 17144995 edc21c7f 628fe780 c951c173 02091175 bf6f5158 9fc29465
9d019736 c0ecfc64 7a6ba117 0c1fcad6 84316d93 c57b61cf 88ef136d 652f5c88
140ad285 6cf20c40 ca4534b3 dd9b1711 bd68cf01 a1e35205 c027e56b bbd9ac26
5a243cce 764b6138 84b6fa34 8a8731c7 61a613ba ad6f31b4 b085e7be 6e574c6d
748801cd 7906e85c 8a66329d 8948e688 93fef048 19968212 a895b4e7 241f21f5
6b28fc07 0277e1f6 92b35cc9 70f818d9 10fcd24f b20623e5 2e9fe64b 185ee1c9
44d6f7f6 b6acabf6 3348548a c891bdb9 98413b90 9ebbeb3d 816ee802 34a21900
f99e273c a61aa967 71fbebd1 a1570046 56eb4f74 edb8f879 7735d5cf 765f4f30
1e0dbf65 11257b7a 40e221a0 562a0151 92a2c1ae 141ea28c d0f06549 b2f3ef4f
84476513 7bcc2254 72fdffb2 cce1568a 95c3f994 3dcd5740 b25b7d2c f1b57223
e0a65192 8eec875d d613ddd8 b3a1ff8f f408c0a5 21a30d0f daf956e1 f2d257e7
e3643d9f 03562e92 d1769f9c b6d3ee0e 60454033 a79f88d9 8be80e9d 78229616
2cbea059 44921f7b f5728a9c 0b615e5f 51113d61 53003714 eaadacef e5b9ac3f
ee48908f c8893ef1 dee7de2f b58739df d368ce61 7deac339 4965e9bc 58cd1fa3
865b3bd3 453f3095 23db7b24 929112c2 ecd999fa 0516f5aa 67daaace 66fec9c8
76cae89c ed4ca2e6 3c5a61d4 42b77dc7 5fda3326 7c32a825 b90af1f3 8df3d7d2
479decd6 ed07435e 69d9da1f c655f1a9 418b03c3 05f8727c c28910dd b0ca62f6
f83c1ccc 04a805a0 389b4162 1da56acb e6be9e6e b644cd7b 8d8422da 6dd4a0cb
ecca809b da4f2cf4 fd96a5d2 1e15c189 8e7f4e32 32ee1d47 0f0e4fbc dc7ec75c
bcbdb974 f7979bef 4efdab1f 6d66ce5a caa03313 fd4ca295 6ec64370 5469f8de
978295a2 a7b83cd3 2ae7965a 938ac9ba f2969e5b 2870d1b5 c7c9744f 577f9163
c38c57cd feac3244 cde6c706 4a900738 a702df1e 918264bf 76117e2c 45c78dcb
51a392c5 ebbf040c c9c19aaf 92684f2c 3e6d2ed5 6867e356 76946ab7 51b93841
3a04b3bc 283ca2ba b0b6dcdc c1e4ff71 4237f650 bbf0ebe5 1e74bebe 6fcb9ef2
08519453 c798b5ae 6fbb4ec0 8a36066f dcf7586c 683aecb5 28fc5379 12dc1a56
1fe57b65 70a86bd9 19a040cc acd3dc6b e55c284e 4686d410 764247ea 83f5606a
ac623293 6c4307fd e7e3efd6 a806ac4a 215212d4 1471efef 784b7a0b 0e755b38
11287e0a 3df8ebc4 be05ec3f c3f7206c 25c54b8b efb88b5c fd4b35e1 3f5f281b
4031af96 056554e0 817a25db e8d7912b ae378659 65bc1fd0 9b870474 78f4f0cc
f0d1ea91 f944eb6c 66744a93 d35c55d5 fba3b74b 0399b35f d8118c91 eb96472e
4df4eef9 c99075f6 36c1528f 19328de6 de8503c1 1f86f34e 41e2ad1b cf8eb068
385277f2 1027f1c3 710907c4 38253d83 10e77343 6f60b54f accc7dc9 db7ed987
6ab58ee3 a35f4e29 b963fbc2 a5eaa5a7 b6923406 572c0fbe 5ae353ab 94d91d67
c21c1be8 6bc6d845 e764e413 e3926306 00000000 00000000 00000000 00000000
ikev2_msg_integr: integrity checksum length 16
30e79f7f ab81894a 42cb568b 642b8af6 761d35fa 65c0d308 c6e3fff7 81c202b7
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568 response 1
ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540
ikev2_msg_decrypt: IV length 16
7ff1a8ea afd7c75d 04856811 3cb768e0
ikev2_msg_decrypt: encrypted payload length 1504
a5beb593 6f4e064c f5b4d246 2e420a00 40726193 cd22693a a16e690d 0c618a56
95ec3190 94ad4094 861c1d8e 0c6cd80e 30012f5a 54e5726e b90af238 fc89de8f
fa49211b d537b00a c74d2b76 eab44858 64556ac2 49ac3aed 1fedf547 293034d9
5720e4b6 e0ec3a0a dd079e87 e57ea852 915faed2 f08769ae abeba225 cab58ae1
f37db0e9 26799545 1c567644 56cfa02a 4fe566f0 25d3dfd1 bb4284a8 c8d664ee
bc2480fd 07a55302 bc5c7f00 50649002 ef3387c9 f9f9117f b20b1876 549668ea
682276c9 e22a07c7 15457a8b 4d201e28 1618553c b66101eb 372f082f 8a32014a
60058d8d e62503d0 4d04312b 2d91be1d 64a9299f 761b168b 32f21339 0ca59c66
552cdd40 09c7819c 9d3f0fea 37cd0145 97264fdd 91511f67 56f5e4e1 574a7651
877a934f ab732db4 c57f8110 86258a5c 83ca131c 250e4af0 4f37070d 80e052af
c7f229ff 43fcfd86 b7dcf4ed a481a90a f2b7b6b3 cd0f4e45 6ba21aa5 838786d2
e82f723a e5a7b741 e99fb521 880a39da 860e05cc 7f3a133d 6c6e2813 41b6d6f9
7082eee0 073a630b b07e35c3 8aa11708 4b3e0adb d274c12f 35a53783 a8bd0afb
8abb9a58 bee67d71 4394259a 23f37076 120bef82 17144995 edc21c7f 628fe780
c951c173 02091175 bf6f5158 9fc29465 9d019736 c0ecfc64 7a6ba117 0c1fcad6
84316d93 c57b61cf 88ef136d 652f5c88 140ad285 6cf20c40 ca4534b3 dd9b1711
bd68cf01 a1e35205 c027e56b bbd9ac26 5a243cce 764b6138 84b6fa34 8a8731c7
61a613ba ad6f31b4 b085e7be 6e574c6d 748801cd 7906e85c 8a66329d 8948e688
93fef048 19968212 a895b4e7 241f21f5 6b28fc07 0277e1f6 92b35cc9 70f818d9
10fcd24f b20623e5 2e9fe64b 185ee1c9 44d6f7f6 b6acabf6 3348548a c891bdb9
98413b90 9ebbeb3d 816ee802 34a21900 f99e273c a61aa967 71fbebd1 a1570046
56eb4f74 edb8f879 7735d5cf 765f4f30 1e0dbf65 11257b7a 40e221a0 562a0151
92a2c1ae 141ea28c d0f06549 b2f3ef4f 84476513 7bcc2254 72fdffb2 cce1568a
95c3f994 3dcd5740 b25b7d2c f1b57223 e0a65192 8eec875d d613ddd8 b3a1ff8f
f408c0a5 21a30d0f daf956e1 f2d257e7 e3643d9f 03562e92 d1769f9c b6d3ee0e
60454033 a79f88d9 8be80e9d 78229616 2cbea059 44921f7b f5728a9c 0b615e5f
51113d61 53003714 eaadacef e5b9ac3f ee48908f c8893ef1 dee7de2f b58739df
d368ce61 7deac339 4965e9bc 58cd1fa3 865b3bd3 453f3095 23db7b24 929112c2
ecd999fa 0516f5aa 67daaace 66fec9c8 76cae89c ed4ca2e6 3c5a61d4 42b77dc7
5fda3326 7c32a825 b90af1f3 8df3d7d2 479decd6 ed07435e 69d9da1f c655f1a9
418b03c3 05f8727c c28910dd b0ca62f6 f83c1ccc 04a805a0 389b4162 1da56acb
e6be9e6e b644cd7b 8d8422da 6dd4a0cb ecca809b da4f2cf4 fd96a5d2 1e15c189
8e7f4e32 32ee1d47 0f0e4fbc dc7ec75c bcbdb974 f7979bef 4efdab1f 6d66ce5a
caa03313 fd4ca295 6ec64370 5469f8de 978295a2 a7b83cd3 2ae7965a 938ac9ba
f2969e5b 2870d1b5 c7c9744f 577f9163 c38c57cd feac3244 cde6c706 4a900738
a702df1e 918264bf 76117e2c 45c78dcb 51a392c5 ebbf040c c9c19aaf 92684f2c
3e6d2ed5 6867e356 76946ab7 51b93841 3a04b3bc 283ca2ba b0b6dcdc c1e4ff71
4237f650 bbf0ebe5 1e74bebe 6fcb9ef2 08519453 c798b5ae 6fbb4ec0 8a36066f
dcf7586c 683aecb5 28fc5379 12dc1a56 1fe57b65 70a86bd9 19a040cc acd3dc6b
e55c284e 4686d410 764247ea 83f5606a ac623293 6c4307fd e7e3efd6 a806ac4a
215212d4 1471efef 784b7a0b 0e755b38 11287e0a 3df8ebc4 be05ec3f c3f7206c
25c54b8b efb88b5c fd4b35e1 3f5f281b 4031af96 056554e0 817a25db e8d7912b
ae378659 65bc1fd0 9b870474 78f4f0cc f0d1ea91 f944eb6c 66744a93 d35c55d5
fba3b74b 0399b35f d8118c91 eb96472e 4df4eef9 c99075f6 36c1528f 19328de6
de8503c1 1f86f34e 41e2ad1b cf8eb068 385277f2 1027f1c3 710907c4 38253d83
10e77343 6f60b54f accc7dc9 db7ed987 6ab58ee3 a35f4e29 b963fbc2 a5eaa5a7
b6923406 572c0fbe 5ae353ab 94d91d67 c21c1be8 6bc6d845 e764e413 e3926306
ikev2_msg_decrypt: integrity checksum length 16
30e79f7f ab81894a 42cb568b 642b8af6
ikev2_msg_decrypt: integrity check succeeded
30e79f7f ab81894a 42cb568b 642b8af6
ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 0
25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
2a864886 f70d0101 0b050048 38dd0031 679b58e6 3198f12b 36790423 7c44ad15
55062882 53eb88f0 98f81065 60f1cb6d 3e5b19a3 77c526c7 70a37722 29f59bf0
827ce545 6869bf34 fd54e8da 1d6e0d4a c7ab5ca1 d35fc212 b29e10c1 67da905f
62ccc153 a311ec70 06d76408 1dac7f9c 17146925 3af25e99 a50f834f 04dc7234
841be95e 86df2d9c 2caefb11 3e93a20a 8d270359 52b871a5 8ab383a8 0063a6e2
c800be60 dee87f89 692209e2 a3cea439 a82224af e96617ed 88a4e8c8 1dce4521
aa8e6033 36c0e628 aad05fb9 79beba3b abf0451d 5ee45b43 2316de10 389d9c2d
15d9284a c3ddd1b6 ced8d74e 6d860332 57162dda 6434342f 04284f3a 6c6bc5c6
b4d8b4c3 deb06260 911d4429 00000802 00000029 00000800 00400721 00000800
00400c2c 00002c00 00002801 03040350 e4e0d203 00000c01 00000c80 0e010003
00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length 37
ikev2_pld_id: id UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 length 1070
ikev2_pld_cert: type X509_CERT length 1065
30820425 3082030d a0030201 0202082d 419f457a 39997e30 0d06092a 864886f7
0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303231 32303931 3934355a
170d3232 30323132 30393139 34355a30 73310b30 09060355 04061302 5553310e
300c0603 5504080c 05546578 6173310f 300d0603 5504070c 0644616c 6c617331
16301406 0355040a 0c0d5465 6c65636f 6d204c6f 62627931 0d300b06 0355040b
0c045650 4e43311c 301a0603 5504030c 1375732e 74656c65 636f6d6c 6f626279
2e636f6d 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
02820101 00c784ff dbc6ca9a ab055597 5ce7484c 5f8b5417 aa700ac3 6cd1e397
ed2ee4ee f84c596f 06c3c5fa 21442658 7d21cefc 5efc87bd a9d6ab32 94609275
ff9c4079 2a2b4873 e34a6c79 7f374c14 f906b9bf 6a5bfef9 40de51b0 65be749b
027450bb c0e27622 54fab93a e31d51d1 5d6f390c dd3112cf ea40fea6 5853323b
f49a99bb e29de6dc 6c42a438 89f7d125 f10568c9 a35cafb5 94ef78bc 12e7ac81
86ac32f2 b242b093 1f67b67c 3509108e 50c857c1 4a6f99ad ddbb8ff0 9f38c134
464115cc 086b0a7f 3656c529 14e92847 74ce82aa c90939d5 e327b0cd bf3c22f8
644cec88 f1a1e44b e4ac5dc7 61cbbe9b d51b5b75 7c1e1eeb c42a0033 7ed0c1f9
0476f644 75020301 0001a381 a83081a5 30130603 551d2504 0c300a06 082b0601
05050703 02301d06 03551d0e 04160414 03e0e552 755300f3 5eb7ff71 c90bcd94
778da6c4 301f0603 551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40
c58ee44f 50302806 03551d11 0421301f 811d7361 72617377 61746940 63612e74
656c6563 6f6d6c6f 6262792e 636f6d30 24060960 86480186 f842010d 04171615
47656e65 72617465 64206279 20526f75 7465724f 53300d06 092a8648 86f70d01
010b0500 03820101 0028d738 60f9b6fe 28fce31f 93816f2e 39570762 ef665d53
ae0d1c24 865083c8 45d74f31 66a9199a 034db37d 826e06c8 93f29784 8d793c2c
b200fb35 ecfd38df fe926862 680a6145 39182c17 b83a7b11 8f89550a ab8fce59
d05a1aa2 182c5aa3 9c9aa04e 88a50faa c7cfaab4 6b51e223 be57c3bb aa727546
c67bb300 62c4db14 e86c058a d00213e3 8ee4d586 b2bc9d64 0bc421d6 ec33cbc3
a066df6b cb65a5df 729212a5 19e17178 44600b99 a4e00234 a29e2454 40f21cfb
11282b68 0441a12e 3da23ee1 6467b6f1 ede20e22 59ae0235 c1f0feb6 48084db6
76d53cbf 14512149 48d29928 88359c46 d2b0e98b 0facca74 5b4a3882 e7782f85
e8eb8fc5 e406736b 8a
ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
ikev2_pld_auth: method SIG length 272
0f300d06 092a8648 86f70d01 010b0500 4838dd00 31679b58 e63198f1 2b367904
237c44ad 15550628 8253eb88 f098f810 6560f1cb 6d3e5b19 a377c526 c770a377
2229f59b f0827ce5 456869bf 34fd54e8 da1d6e0d 4ac7ab5c a1d35fc2 12b29e10
c167da90 5f62ccc1 53a311ec 7006d764 081dac7f 9c171469 253af25e 99a50f83
4f04dc72 34841be9 5e86df2d 9c2caefb 113e93a2 0a8d2703 5952b871 a58ab383
a80063a6 e2c800be 60dee87f 89692209 e2a3cea4 39a82224 afe96617 ed88a4e8
c81dce45 21aa8e60 3336c0e6 28aad05f b979beba 3babf045 1d5ee45b 432316de
10389d9c 2d15d928 4ac3ddd1 b6ced8d7 4e6d8603 3257162d da643434 2f04284f
3a6c6bc5 c6b4d8b4 c3deb062 60911d44
ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_cp: type REPLY length 0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44
ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi 0x50e4e0d2
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->NODE_ES<-- end -->NODE_ES<--
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
spi=0xc870f2a5b428b6b1: send IKE_AUTH res 1 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 1568 bytes, NAT-T
pfkey_sa_add: update spi 0x50e4e0d2
ikev2_childsa_enable: loaded CHILD SA spi 0x50e4e0d2
pfkey_sa_add: add spi 0xcd21dd16
ikev2_childsa_enable: loaded CHILD SA spi 0xcd21dd16
ikev2_childsa_enable: loaded flow 0x5a9867fe000
ikev2_childsa_enable: loaded flow 0x5a987582c00
ikev2_childsa_enable: remember SA peer -->NODE_ES<--:4500
spi=0xc870f2a5b428b6b1: ikev2_childsa_enable: loaded SPIs: 0x50e4e0d2, 0xcd21dd16
spi=0xc870f2a5b428b6b1: ikev2_childsa_enable: loaded flows: ESP--->HOST-US<---/32=-->NODE_ES<--/32(47)
spi=0xc870f2a5b428b6b1: sa_state: VALID -> ESTABLISHED from -->NODE_ES<--:4500 to -->HOST-US<---:4500 policy '-->HOST_ES<--'
spi=0xc870f2a5b428b6b1: established peer -->NODE_ES<--:4500[UFQDN/-->HOSTNAME-ES<---@-->CA<---] local -->HOST-US<---:4500[UFQDN/-->HOSTNAME-US<---@-->CA<---] policy '-->HOST_ES<--' as responder
pfkey_sa_lookup: last_used 1614669104
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669119
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669134
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669149
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669164
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669179
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669194
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669210
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669224
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669239
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669254
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669270
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669284
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669300
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669315
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669330
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669344
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669360
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669375
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669390
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
ikev2_ike_sa_alive: IKE SA 0x5a9044b67d0 ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 last received 300 second(s) ago
ikev2_ike_sa_alive: sending alive check
ikev2_next_payload: length 52 nextpayload NONE
ikev2_msg_encrypt: decrypted length 4
00000400
ikev2_msg_encrypt: padded length 16
00000400 a1ad8c2c 1946be46 830e7b0b
ikev2_msg_encrypt: length 5, padding 11, output length 48
2b312d0f 68b36c6c e309b44d 7dab37a5 d607cdf8 b4cfd029 38df9bd7 aa230b8b
00000000 00000000 00000000 00000000
ikev2_msg_integr: message length 80
c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202500 00000000 00000050 00000034
2b312d0f 68b36c6c e309b44d 7dab37a5 d607cdf8 b4cfd029 38df9bd7 aa230b8b
00000000 00000000 00000000 00000000
ikev2_msg_integr: integrity checksum length 16
9b0ad9d9 503ed019 3966542a 639c15c5 610fbbf4 45293d65 faf1930d 30ba78e5
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 0 length 80 response 0
ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
2b312d0f 68b36c6c e309b44d 7dab37a5
ikev2_msg_decrypt: encrypted payload length 16
d607cdf8 b4cfd029 38df9bd7 aa230b8b
ikev2_msg_decrypt: integrity checksum length 16
9b0ad9d9 503ed019 3966542a 639c15c5
ikev2_msg_decrypt: integrity check succeeded
9b0ad9d9 503ed019 3966542a 639c15c5
ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
00000400 a1ad8c2c 1946be46 830e7b0b
spi=0xc870f2a5b428b6b1: send INFORMATIONAL req 0 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, NAT-T
spi=0xc870f2a5b428b6b1: recv INFORMATIONAL res 0 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local -->HOST-US<---:4500
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 0 length 80 response 1
ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
098e5e89 f21396b3 7612b01f 54ab5af5
ikev2_msg_decrypt: encrypted payload length 16
3c9c6aea c37f1ea7 24026fb9 68f21ae9
ikev2_msg_decrypt: integrity checksum length 16
f297a53b fc7d61e4 32e22f80 3684f269
ikev2_msg_decrypt: integrity check succeeded
f297a53b fc7d61e4 32e22f80 3684f269
ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
08e4f8bc d6e2f6c3 debca410 7ebe3b0f
pfkey_sa_lookup: last_used 1614669405
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669420
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669435
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669450
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669465
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669480
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669495
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669510
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669525
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669540
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669555
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669570
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669585
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669600
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669615
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669630
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669645
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669660
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669675
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669690
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
ikev2_ike_sa_alive: IKE SA 0x5a9044b67d0 ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 last received 300 second(s) ago
ikev2_ike_sa_alive: sending alive check
ikev2_next_payload: length 52 nextpayload NONE
ikev2_msg_encrypt: decrypted length 4
00000400
ikev2_msg_encrypt: padded length 16
00000400 e895a15d 7af30ca3 8baf180b
ikev2_msg_encrypt: length 5, padding 11, output length 48
e10b0852 75f0a9c8 176d6c73 9c47558d 5d065fbf ddbb52db ab936e1b 38ceda57
00000000 00000000 00000000 00000000
ikev2_msg_integr: message length 80
c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202500 00000001 00000050 00000034
e10b0852 75f0a9c8 176d6c73 9c47558d 5d065fbf ddbb52db ab936e1b 38ceda57
00000000 00000000 00000000 00000000
ikev2_msg_integr: integrity checksum length 16
b740fda4 24d90007 1d26d512 49c7972e cf5bf202 cd20bb12 03a71190 3ce82d57
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 1 length 80 response 0
ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
e10b0852 75f0a9c8 176d6c73 9c47558d
ikev2_msg_decrypt: encrypted payload length 16
5d065fbf ddbb52db ab936e1b 38ceda57
ikev2_msg_decrypt: integrity checksum length 16
b740fda4 24d90007 1d26d512 49c7972e
ikev2_msg_decrypt: integrity check succeeded
b740fda4 24d90007 1d26d512 49c7972e
ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
00000400 e895a15d 7af30ca3 8baf180b
spi=0xc870f2a5b428b6b1: send INFORMATIONAL req 1 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, NAT-T
spi=0xc870f2a5b428b6b1: recv INFORMATIONAL res 1 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local -->HOST-US<---:4500
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 1 length 80 response 1
ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
3af2f89c 87965512 cb06ef0b f03caad7
ikev2_msg_decrypt: encrypted payload length 16
2f22f16c 78053499 877b65da 8391ba92
ikev2_msg_decrypt: integrity checksum length 16
b5d4e613 9e412724 0fccc221 49fc1ad9
ikev2_msg_decrypt: integrity check succeeded
b5d4e613 9e412724 0fccc221 49fc1ad9
ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
00088f46 8b1ae3d0 94218323 4519900f
pfkey_sa_lookup: last_used 1614669705
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669720
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669735
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669750
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669765
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669780
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669795
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669810
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669826
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669840
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669855
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669870
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669885
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669899
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 2 second(s) ago
pfkey_sa_lookup: last_used 1614669915
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669931
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614669945
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669960
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669975
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614669989
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 2 second(s) ago
ikev2_ike_sa_alive: IKE SA 0x5a9044b67d0 ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 last received 300 second(s) ago
ikev2_ike_sa_alive: sending alive check
ikev2_next_payload: length 52 nextpayload NONE
ikev2_msg_encrypt: decrypted length 4
00000400
ikev2_msg_encrypt: padded length 16
00000400 9d0e58d0 25a63b09 3ff7560b
ikev2_msg_encrypt: length 5, padding 11, output length 48
aeff7c47 9c79483b 0d1a9747 93c39522 ba8da05f 0c294394 44ef8b03 84471b09
00000000 00000000 00000000 00000000
ikev2_msg_integr: message length 80
c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202500 00000002 00000050 00000034
aeff7c47 9c79483b 0d1a9747 93c39522 ba8da05f 0c294394 44ef8b03 84471b09
00000000 00000000 00000000 00000000
ikev2_msg_integr: integrity checksum length 16
0765f1e9 2136aef6 fcb4dfbe 2f459d77 1e23825b 0cc83fc2 2fb4f9f8 70c171cb
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x00 msgid 2 length 80 response 0
ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
aeff7c47 9c79483b 0d1a9747 93c39522
ikev2_msg_decrypt: encrypted payload length 16
ba8da05f 0c294394 44ef8b03 84471b09
ikev2_msg_decrypt: integrity checksum length 16
0765f1e9 2136aef6 fcb4dfbe 2f459d77
ikev2_msg_decrypt: integrity check succeeded
0765f1e9 2136aef6 fcb4dfbe 2f459d77
ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
00000400 9d0e58d0 25a63b09 3ff7560b
spi=0xc870f2a5b428b6b1: send INFORMATIONAL req 2 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, NAT-T
spi=0xc870f2a5b428b6b1: recv INFORMATIONAL res 2 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local -->HOST-US<---:4500
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x28 msgid 2 length 80 response 1
ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
bb18234b c5209d86 cab8e1b8 984a1ece
ikev2_msg_decrypt: encrypted payload length 16
e3259382 97db3f63 c34057e3 15ea1413
ikev2_msg_decrypt: integrity checksum length 16
e2f2f174 3ba4468a 16b45c95 729d837a
ikev2_msg_decrypt: integrity check succeeded
e2f2f174 3ba4468a 16b45c95 729d837a
ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
79f4de00 742e3c58 e1b6d904 e359250f
pfkey_sa_lookup: last_used 1614670006
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670019
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 2 second(s) ago
pfkey_sa_lookup: last_used 1614670036
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670051
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670065
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614670081
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670096
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670111
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670126
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670141
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670156
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_process: SA 0x50e4e0d2 is expired, pending rekeying
ikev2_send_create_child_sa: rekeying ESP spi 0xcd21dd16
ikev2_add_notify: done
ikev2_next_payload: length 8 nextpayload SA
config_free_proposals: free 0x5a9867f8000
pfkey_sa_getspi: spi 0x72f660e2
pfkey_sa_init: new spi 0x72f660e2
ikev2_add_proposals: length 56
ikev2_next_payload: length 60 nextpayload NONCE
ikev2_send_create_child_sa: enable PFS
ikev2_next_payload: length 36 nextpayload KE
ikev2_next_payload: length 72 nextpayload TSi
ikev2_next_payload: length 24 nextpayload TSr
ikev2_next_payload: length 24 nextpayload NOTIFY
ikev2_next_payload: length 12 nextpayload NONE
ikev2_next_payload: length 276 nextpayload NOTIFY
ikev2_msg_encrypt: decrypted length 236
21000008 00004007 2800003c 00000038 01030405 72f660e2 03000008 0300000c
0300000c 0100000c 800e0100 03000008 04000013 03000008 05000001 00000008
05000000 22000024 0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7
17d708f3 9986cb41 2c000048 00130000 0c9f34bb 6a8613f1 7b11b8f3 ee313c82
bd5de5fb c04e87fc f3494bf9 e7451173 64318c0b ada04af1 9f7232a8 849000ac
932d27a6 be4c36c0 ee7369c2 990458b0 2d000018 01000000 072f0010 0000ffff
9b8af71b 9b8af71b 29000018 01000000 072f0010 0000ffff 512c202f 512c202f
0000000c 03044009 50e4e0d2
ikev2_msg_encrypt: padded length 240
21000008 00004007 2800003c 00000038 01030405 72f660e2 03000008 0300000c
0300000c 0100000c 800e0100 03000008 04000013 03000008 05000001 00000008
05000000 22000024 0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7
17d708f3 9986cb41 2c000048 00130000 0c9f34bb 6a8613f1 7b11b8f3 ee313c82
bd5de5fb c04e87fc f3494bf9 e7451173 64318c0b ada04af1 9f7232a8 849000ac
932d27a6 be4c36c0 ee7369c2 990458b0 2d000018 01000000 072f0010 0000ffff
9b8af71b 9b8af71b 29000018 01000000 072f0010 0000ffff 512c202f 512c202f
0000000c 03044009 50e4e0d2 23d9b303
ikev2_msg_encrypt: length 237, padding 3, output length 272
9b19b441 8be31824 8fcf386f c5fdfbf8 de756819 fa06af94 ffab7cf5 c34a5cb9
f4844390 40907313 1201a314 f4b7702b 03d9b0cb f6938ff9 f460c551 1ec06c01
6b2abc03 8434baa6 e89c503b b3252c15 3c95ce24 a63c4963 fec095a6 ae3b230f
b4dcd83b 91b461fe 02289ab9 f9e6bc01 b0c543e5 b354a5ce bdfb6718 bd87b019
72854b1c 08f7fd02 744698cb 11024f01 dddaf26e d785a037 de3091e2 619b9334
ee5c95d6 bad6dcbc 502cd96e 44cca3b0 6e339ae9 77be5a60 78dd46c6 48b94d38
839415dd 34f5e351 024cee34 035577fe 281d3b01 0f2342f9 589705ca 0b9ff7cc
ace0e94d 3eda4cc2 1ba8b896 014390b9 f1ac616f f738c1c0 431e4cab 75edaa68
00000000 00000000 00000000 00000000
ikev2_msg_integr: message length 304
c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202400 00000003 00000130 29000114
9b19b441 8be31824 8fcf386f c5fdfbf8 de756819 fa06af94 ffab7cf5 c34a5cb9
f4844390 40907313 1201a314 f4b7702b 03d9b0cb f6938ff9 f460c551 1ec06c01
6b2abc03 8434baa6 e89c503b b3252c15 3c95ce24 a63c4963 fec095a6 ae3b230f
b4dcd83b 91b461fe 02289ab9 f9e6bc01 b0c543e5 b354a5ce bdfb6718 bd87b019
72854b1c 08f7fd02 744698cb 11024f01 dddaf26e d785a037 de3091e2 619b9334
ee5c95d6 bad6dcbc 502cd96e 44cca3b0 6e339ae9 77be5a60 78dd46c6 48b94d38
839415dd 34f5e351 024cee34 035577fe 281d3b01 0f2342f9 589705ca 0b9ff7cc
ace0e94d 3eda4cc2 1ba8b896 014390b9 f1ac616f f738c1c0 431e4cab 75edaa68
00000000 00000000 00000000 00000000
ikev2_msg_integr: integrity checksum length 16
a564b06e d741f47e 79ea50fd 27e6de1c 94dc42c9 5dffdc5d b9b1b2bd be00a9a6
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x00 msgid 3 length 304 response 0
ikev2_pld_payloads: payload SK nextpayload NOTIFY critical 0x00 length 276
ikev2_msg_decrypt: IV length 16
9b19b441 8be31824 8fcf386f c5fdfbf8
ikev2_msg_decrypt: encrypted payload length 240
de756819 fa06af94 ffab7cf5 c34a5cb9 f4844390 40907313 1201a314 f4b7702b
03d9b0cb f6938ff9 f460c551 1ec06c01 6b2abc03 8434baa6 e89c503b b3252c15
3c95ce24 a63c4963 fec095a6 ae3b230f b4dcd83b 91b461fe 02289ab9 f9e6bc01
b0c543e5 b354a5ce bdfb6718 bd87b019 72854b1c 08f7fd02 744698cb 11024f01
dddaf26e d785a037 de3091e2 619b9334 ee5c95d6 bad6dcbc 502cd96e 44cca3b0
6e339ae9 77be5a60 78dd46c6 48b94d38 839415dd 34f5e351 024cee34 035577fe
281d3b01 0f2342f9 589705ca 0b9ff7cc ace0e94d 3eda4cc2 1ba8b896 014390b9
f1ac616f f738c1c0 431e4cab 75edaa68
ikev2_msg_decrypt: integrity checksum length 16
a564b06e d741f47e 79ea50fd 27e6de1c
ikev2_msg_decrypt: integrity check succeeded
a564b06e d741f47e 79ea50fd 27e6de1c
ikev2_msg_decrypt: decrypted payload length 240/240 padding 3
21000008 00004007 2800003c 00000038 01030405 72f660e2 03000008 0300000c
0300000c 0100000c 800e0100 03000008 04000013 03000008 05000001 00000008
05000000 22000024 0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7
17d708f3 9986cb41 2c000048 00130000 0c9f34bb 6a8613f1 7b11b8f3 ee313c82
bd5de5fb c04e87fc f3494bf9 e7451173 64318c0b ada04af1 9f7232a8 849000ac
932d27a6 be4c36c0 ee7369c2 990458b0 2d000018 01000000 072f0010 0000ffff
9b8af71b 9b8af71b 29000018 01000000 072f0010 0000ffff 512c202f 512c202f
0000000c 03044009 50e4e0d2 23d9b303
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
ikev2_pld_payloads: decrypted payload SA nextpayload NONCE critical 0x00 length 60
ikev2_pld_sa: more 0 reserved 0 length 56 proposal #1 protoid ESP spisize 4 xforms 5 spi 0x72f660e2
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload NONCE nextpayload KE critical 0x00 length 36
0b2cc600 bc36fef6 d85c7b9c 97b2e249 2a72453a c6378de7 17d708f3 9986cb41
ikev2_pld_payloads: decrypted payload KE nextpayload TSi critical 0x00 length 72
ikev2_pld_ke: dh group ECP_256 reserved 0
0c9f34bb 6a8613f1 7b11b8f3 ee313c82 bd5de5fb c04e87fc f3494bf9 e7451173
64318c0b ada04af1 9f7232a8 849000ac 932d27a6 be4c36c0 ee7369c2 990458b0
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->NODE_ES<-- end -->NODE_ES<--
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 12
ikev2_pld_notify: protoid ESP spisize 4 type REKEY_SA
50e4e0d2
spi=0xc870f2a5b428b6b1: send CREATE_CHILD_SA req 3 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 304 bytes, NAT-T
spi=0xc870f2a5b428b6b1: recv CREATE_CHILD_SA res 3 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local -->HOST-US<---:4500
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x28 msgid 3 length 80 response 1
ikev2_pld_payloads: payload SK nextpayload NOTIFY critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
f0330e71 1ca719b2 11c706d3 8e74ff52
ikev2_msg_decrypt: encrypted payload length 16
9aa48498 9152ec11 a1321ebe 262e1c76
ikev2_msg_decrypt: integrity checksum length 16
717c939c 28dbd813 708ad9da 61a3defe
ikev2_msg_decrypt: integrity check succeeded
717c939c 28dbd813 708ad9da 61a3defe
ikev2_msg_decrypt: decrypted payload length 16/16 padding 7
00000008 0000000e ed803db5 5ab03507
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type NO_PROPOSAL_CHOSEN
ikev2_init_create_child_sa: no proposal specified
pfkey_sa_lookup: last_used 1614670171
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_process: SA 0xcd21dd16 is expired, pending rekeying
pfkey_process: SA 0xcd21dd16 is expired, pending rekeying
pfkey_sa_lookup: last_used 1614670186
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
pfkey_process: SA 0xcd21dd16 is expired, pending deletion
pfkey_process: acquire request (peer -->NODE_ES<--)
pfkey_process: flow out from -->HOST-US<---/255.255.255.255 to -->NODE_ES<--/255.255.255.255 via -->NODE_ES<--
ikev2_child_sa_acquire: flow wasn't found
pfkey_sa_lookup: last_used 1614670201
ikev2_ike_sa_alive: incoming CHILD SA spi 0x50e4e0d2 last used 0 second(s) ago
spi=0xc870f2a5b428b6b1: recv INFORMATIONAL req 2 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33
ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local -->HOST-US<---:4500
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x08 msgid 2 length 80 response 0
ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
8c87aeac 8fc555ba c6b7aa49 9ceb4468
ikev2_msg_decrypt: encrypted payload length 16
0b2fcbaf 102c6cfb 4c2b5095 7e770c09
ikev2_msg_decrypt: integrity checksum length 16
918adecd 4ffa503a 4db392e0 5a144c50
ikev2_msg_decrypt: integrity check succeeded
918adecd 4ffa503a 4db392e0 5a144c50
ikev2_msg_decrypt: decrypted payload length 16/16 padding 7
00000008 01000000 33a40e78 fa036607
ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE critical 0x00 length 8
ikev2_pld_delete: proto IKE spisize 0 nspi 0
ikev2_next_payload: length 4 nextpayload NONE
ikev2_next_payload: length 52 nextpayload NONE
ikev2_msg_encrypt: decrypted length 4
00000004
ikev2_msg_encrypt: padded length 16
00000004 def17d0c 56e9d3ed 8a341c0b
ikev2_msg_encrypt: length 5, padding 11, output length 48
d546de2a 455c665e 381669aa 5de37429 466b682e 45825b85 e861c0be 42439b80
00000000 00000000 00000000 00000000
ikev2_msg_integr: message length 80
c870f2a5 b428b6b1 f2df80a5 dd2f5b33 2e202520 00000002 00000050 00000034
d546de2a 455c665e 381669aa 5de37429 466b682e 45825b85 e861c0be 42439b80
00000000 00000000 00000000 00000000
ikev2_msg_integr: integrity checksum length 16
a0babe4e 7861e19a e0b86310 5dedacc6 f2db6289 ba443935 83dc37c5 1807baed
ikev2_pld_parse: header ispi 0xc870f2a5b428b6b1 rspi 0xf2df80a5dd2f5b33 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x20 msgid 2 length 80 response 1
ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
d546de2a 455c665e 381669aa 5de37429
ikev2_msg_decrypt: encrypted payload length 16
466b682e 45825b85 e861c0be 42439b80
ikev2_msg_decrypt: integrity checksum length 16
a0babe4e 7861e19a e0b86310 5dedacc6
ikev2_msg_decrypt: integrity check succeeded
a0babe4e 7861e19a e0b86310 5dedacc6
ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
00000004 def17d0c 56e9d3ed 8a341c0b
spi=0xc870f2a5b428b6b1: send INFORMATIONAL res 2 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 80 bytes, NAT-T
spi=0xc870f2a5b428b6b1: ikev2_ikesa_recv_delete: received delete
spi=0xc870f2a5b428b6b1: sa_state: ESTABLISHED -> CLOSED from -->NODE_ES<--:4500 to -->HOST-US<---:4500 policy '-->HOST_ES<--'
ikev2_recv: closing SA
spi=0xc870f2a5b428b6b1: sa_free: received delete
config_free_proposals: free 0x5a932127f00
config_free_proposals: free 0x5a8ff545e00
config_free_childsas: free 0x5a9044b8900
config_free_childsas: free 0x5a9867f7600
pfkey_reply: message: No such process
pfkey_sa_lookup: message: No such process
sa_free_flows: free 0x5a9867fe000
sa_free_flows: free 0x5a987582c00
policy_lookup: setting policy '-->HOST_ES<--'
spi=0x0469346daf3de27d: recv IKE_SA_INIT req 0 peer -->NODE_ES<--:500 local -->HOST-US<---:500, 1056 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0x0469346daf3de27d rspi 0x0000000000000000
ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056 response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 832
ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE spisize 0 xforms 37 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CTR
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_CMAC_96
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE spisize 0 xforms 45 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_16
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_8
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id CAMELLIA_CCM_12
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_384
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_512
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P256R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P384R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id BRAINPOOL_P512R1
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
ikev2_pld_ke: dh group ECP_256 reserved 0
1d7e318b 838e8797 aba3010d 3739e240 84dbfd09 5567a715 7e8ea13a 16bd8693
d56d97e1 7b683f88 057b66d5 64f10592 3bfa482b 28216145 09de4ff5 36f7e3cd
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
cbba93f2 c39b68d3 8fdec633 369fb0f0 766b97d8 ac6c7175 4edfc408 ec3c8805
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
2cae4948 7eb54c08 73046c2c 4f162702 662f6758
ikev2_nat_detection: peer source 0x0469346daf3de27d 0x0000000000000000 -->NODE_ES<--:500
2cae4948 7eb54c08 73046c2c 4f162702 662f6758
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
e284914c eab8f0ba 6dd9e5f7 778e6b29 cbade815
ikev2_nat_detection: peer destination 0x0469346daf3de27d 0x0000000000000000 -->HOST-US<---:500
e284914c eab8f0ba 6dd9e5f7 778e6b29 cbade815
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
00020003 00040005
ikev2_pld_notify: signature hash SHA2_256 (2)
ikev2_pld_notify: signature hash SHA2_384 (3)
ikev2_pld_notify: signature hash SHA2_512 (4)
ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256)
proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 4
proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 0
policy_lookup: setting policy '-->HOST_ES<--'
spi=0x0469346daf3de27d: sa_state: INIT -> SA_INIT
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256)
proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 4
proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 2 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 0
proposals_negotiate: score 1: ENCR AES_CBC 256
proposals_negotiate: score 1: PRF HMAC_SHA2_256
proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
proposals_negotiate: score 1: DH ECP_256
sa_stateok: SA_INIT flags 0x0000, require 0x0000
sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
spi=0x0469346daf3de27d: ikev2_sa_keys: DHSECRET with 32 bytes
85400aed ec698cf4 f9781c41 acd9a6d7 75e4d15e f9fa70ad bd5fee34 358b8bb0
ikev2_sa_keys: SKEYSEED with 32 bytes
f568d3a3 a960b4dd 50be9f34 098162f1 56c40230 5dc51757 1bc82b2a abe3bdd5
spi=0x0469346daf3de27d: ikev2_sa_keys: S with 80 bytes
cbba93f2 c39b68d3 8fdec633 369fb0f0 766b97d8 ac6c7175 4edfc408 ec3c8805
88dca6c3 8051bf74 ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208
0469346d af3de27d 0d2bd80b 33716e8b
ikev2_prfplus: T1 with 32 bytes
c0ae9a37 129b2cc3 0d83006c 2afb01f8 2b5c8ebd 67585b2b ddc9bb61 ea2eb6fa
ikev2_prfplus: T2 with 32 bytes
9ec450df 74326293 a9c587d3 7f6e23e0 0d5654d3 edcea7df dd366711 3874724a
ikev2_prfplus: T3 with 32 bytes
a4d3ba72 8b8beb78 56bc8f78 66f22302 2500b7e8 8d916586 32118690 d751a61d
ikev2_prfplus: T4 with 32 bytes
3c0bf6e0 1445f394 39b7ae35 f41d6c19 42c81809 b8d01ade f24232df f9c40182
ikev2_prfplus: T5 with 32 bytes
25d402ae 439bb7b1 ff22d407 fdcce54e 696a2d22 579d56c4 58a032ed 239e5311
ikev2_prfplus: T6 with 32 bytes
bc6f8ff9 675d15f0 c797d786 a9ce9941 8c19fbd8 e3d1d1a2 56a70d82 e8343dfe
ikev2_prfplus: T7 with 32 bytes
61816249 6c0b01dd 2778ee58 f1b82251 6174bf7f 0f71c813 b059405a 11561fb4
ikev2_prfplus: Tn with 224 bytes
c0ae9a37 129b2cc3 0d83006c 2afb01f8 2b5c8ebd 67585b2b ddc9bb61 ea2eb6fa
9ec450df 74326293 a9c587d3 7f6e23e0 0d5654d3 edcea7df dd366711 3874724a
a4d3ba72 8b8beb78 56bc8f78 66f22302 2500b7e8 8d916586 32118690 d751a61d
3c0bf6e0 1445f394 39b7ae35 f41d6c19 42c81809 b8d01ade f24232df f9c40182
25d402ae 439bb7b1 ff22d407 fdcce54e 696a2d22 579d56c4 58a032ed 239e5311
bc6f8ff9 675d15f0 c797d786 a9ce9941 8c19fbd8 e3d1d1a2 56a70d82 e8343dfe
61816249 6c0b01dd 2778ee58 f1b82251 6174bf7f 0f71c813 b059405a 11561fb4
ikev2_sa_keys: SK_d with 32 bytes
c0ae9a37 129b2cc3 0d83006c 2afb01f8 2b5c8ebd 67585b2b ddc9bb61 ea2eb6fa
ikev2_sa_keys: SK_ai with 32 bytes
9ec450df 74326293 a9c587d3 7f6e23e0 0d5654d3 edcea7df dd366711 3874724a
ikev2_sa_keys: SK_ar with 32 bytes
a4d3ba72 8b8beb78 56bc8f78 66f22302 2500b7e8 8d916586 32118690 d751a61d
ikev2_sa_keys: SK_ei with 32 bytes
3c0bf6e0 1445f394 39b7ae35 f41d6c19 42c81809 b8d01ade f24232df f9c40182
ikev2_sa_keys: SK_er with 32 bytes
25d402ae 439bb7b1 ff22d407 fdcce54e 696a2d22 579d56c4 58a032ed 239e5311
ikev2_sa_keys: SK_pi with 32 bytes
bc6f8ff9 675d15f0 c797d786 a9ce9941 8c19fbd8 e3d1d1a2 56a70d82 e8343dfe
ikev2_sa_keys: SK_pr with 32 bytes
61816249 6c0b01dd 2778ee58 f1b82251 6174bf7f 0f71c813 b059405a 11561fb4
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 72 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0x0469346daf3de27d 0x0d2bd80b33716e8b -->HOST-US<---:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0x0469346daf3de27d 0x0d2bd80b33716e8b -->NODE_ES<--:500
ikev2_next_payload: length 28 nextpayload CERTREQ
ikev2_add_certreq: type X509_CERT length 21
ikev2_next_payload: length 25 nextpayload NOTIFY
ikev2_next_payload: length 14 nextpayload NONE
ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279 response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72
ikev2_pld_ke: dh group ECP_256 reserved 0
ed32cc33 a1c1f3e4 c329be29 204ed03e 6e9e1876 83f5091a 473e6760 1094d7b0
bd194dab ae9679cd 8cbd9274 c5fe49ff 7052d6af 0a88ce33 9572aea8 88f00245
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
88dca6c3 8051bf74 ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
53c4df3b fb1245a1 7e79116a f711383f 30f19a17
ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
df418d07 a3ae1d49 debedc53 f3a64f26 bcb0aeee
ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25
ikev2_pld_certreq: type X509_CERT length 20
d240096d 782460df c9e68072 dc0bc444 6fab51ba
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
00020003 0004
spi=0x0469346daf3de27d: send IKE_SA_INIT res 0 peer -->NODE_ES<--:500 local -->HOST-US<---:500, 279 bytes
config_free_proposals: free 0x5a9867f8480
config_free_proposals: free 0x5a932127e00
spi=0x0469346daf3de27d: recv IKE_AUTH req 1 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 1792 bytes, policy '-->HOST_ES<--'
ikev2_recv: ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b
ikev2_recv: updated SA to peer -->NODE_ES<--:4500 local -->HOST-US<---:4500
ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792 response 0
ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1764
ikev2_msg_decrypt: IV length 16
3ab9b7a7 c53cf175 201483ab f719c3a6
ikev2_msg_decrypt: encrypted payload length 1728
71d82e3d bcb3dd1e 44dc8360 f0895157 68d711b0 ca25d1ab 1f4b5139 a8104ab7
c2be9030 d3e9a339 93f6815e 398e0f83 748a4438 f1b6abe4 d800d343 30e1045c
24b0d620 a0b3cfa1 8602f509 e9896b1b 4fc27cf5 567abd71 7bd6f3f2 0faaf017
933c0cdf 217310f0 befdcacd 47aa9be7 7f7d4d73 f8ab43c9 42c99821 157f5d1f
2a712831 df96db60 109ab5f9 777426cc 120300f9 96ef0585 4f66398c 8679e11f
19f91412 01aede10 c2cbadba 788def8e 7472bb67 fcecb977 43358063 c803aa43
4c7eec63 67174a5b 95298973 1cdbf33f af02e173 fbd843ea 724ae857 0397351c
414d3ecc c356404e 017886f3 efd3d705 756ea808 cdb13e9a 3b70164e e39b72cb
f21e90d3 057a30d6 332629fb c2c36fd9 139856de e5d53aa8 74f6889b 5e544fb2
338b4ff7 fa49f74c fd06315c d6af3e23 4a0de970 1f39bf8d b3b5a42a 257c070e
f02f2bd6 605d8674 be9ea508 741c6a3a c23d6909 4a81a7c0 98fd3a4b 35ddca23
387afc0b a41d0dac 72ee952f dda2f04d 859de283 f313650f 91d7c50d 6a69f26b
2669e1b9 95a59413 cbe0b04c a2078bcf 74959f9a e3574a85 77900304 a3db1f8c
2632d613 56b7eaf1 ce0e1410 734c3dfd 69fe77bd 254f8fda d02ce9cd e9998073
fa830760 c13abe96 7739d21b 0abea39c f5fed6ad 321f5552 1c1c9d60 12f37ecd
a5fa8639 fe9c143c c569662e c43c7d0b 6c022d91 082cac99 8254b0ba 24efd0b0
403563a5 b231753b 06be7854 f617041b 29db3522 8db13e8e efbe2efb 21dae244
7482f6ed 2021d15f 65a76008 db2ecdf5 ec6892c2 848f2a3f aa8edbaf b0878023
f9bfeb10 212697c5 f03795e2 5d825d5c 02a05fcc b94432c4 4962d965 541d276c
30a45d5e bc0b3fe2 b4313eac 580abb6f dcf22073 29bc017f 66f92975 a4fba0dd
934686b4 0c621a27 b1aa24da 659b7dac 257bdd5d ea9db2d4 543def3d cf4c4b95
c1ea4e89 74896b1d b61631b5 065770cf 36a08d83 b495f9a5 ba192af7 ba95d0c0
a0efed4f e196a322 d93d81fa abae05c0 3ed56901 e768c57c 01c3cfc9 3b267a73
5f045fd9 290174a9 166a7a67 5bfceff2 a5c0597d 2f1f5620 e8baf8d2 b71cfab8
cf140db2 0488b436 3fc76e9e 33db4b45 e91af648 a0ae6649 02f7a64e 37a9ff78
7f3212db 31b5b73c 76e5d814 7a4026ba 7ba63260 4b2dfd8b cbee49fc 00f1e1af
0d62610a a27da1c8 0f929d90 7ac69c4d 02f5f356 f69b6b2d c61b184d 09da245a
de61234d 90f3dfc1 cfd0af21 7b3a96fe 5bc01aa3 07027abd f22a9278 5c3e207f
7a78e6d6 efef3282 fc5af681 15376f9e 07fbf5e8 51134e94 b2b8fb55 3fb35dac
3c49f912 ac2ea153 3a9c60b8 deec62e4 6ad4584e c698805f 1fa53d22 9df0cb1b
f423324e 5ba20f55 9fc7ca00 af2cc899 3ebb7913 dd14e96c 3f2472a6 46ce9f74
932e1feb 27d39e82 7593424b 4156eb36 2bd310d8 4b6cc863 2f6eea99 e32e8ca3
93fe8c8d b8989222 c711f912 fba1bb80 3f29cac2 7f892e28 f0d3d9d5 0c2b061b
60bc4e58 e52f1c73 7b3b7ff9 542af3a2 d4169b5e cf8216ca e2c27fba 10f5b675
8c81ecd9 231d93e6 8b623c7a d53395dd 6c8d7876 2ca4efd4 027f8d12 6bfc2fd7
7a5cf053 a1ad5a76 83a930f7 12b18be2 d50504f7 76c93069 c30073fa 0204c9a7
cc914e1d 2a6fae68 47b07be4 edd90a77 e7872f7c 4c8ad7cb 0b2a7cf2 93902db9
223c3ca7 e1496ce0 0ef60190 bdf6ce3a 61d82a7f aca26b7f 673b53f3 228a498c
85173dd6 bb9bbcea c4247ac3 26388787 ad54d753 64838d89 e826e9fd 35a67efe
b91b4483 f958eb75 96707c1b 15166416 f09fb78e 219ea573 67fc41c1 dc91de52
b43e1670 1180d875 225cd178 413f0b8b 3a7040ad 025b32a9 0d0c963a 619b63cc
4e951dca 5ec10255 02c21d35 263530e6 41886b97 7a1576da 4b005653 bbf08ddb
3437ab92 7a722fca 443d694f 483727dd a09db561 9e5bf560 59b73398 4d08a40a
1ad3ea2b 74c9269e bc40a341 61f2be10 bf44b364 f11cac30 2a235274 1d74937d
b2c3e153 e96416db b40bcc54 1c255b2d 29756931 e51fa664 1dca0619 f3fd7f07
9b0bd10f a92cd047 486eef2e 810bd369 5aab61a6 c5f4d29c c1de5152 0931665a
2c9895a7 1ba78dd0 dcd5f914 8073e2c7 20a605f2 10192081 618c3e7a b3696a46
f3988a31 1c26b357 c349172a d2492de4 09637abc 9fa8c2aa d4c89c0b 427cad75
9870d979 8d80ba03 85fb2521 75c58605 3aa85740 327f8da5 26b8fc5b 56747315
e9b77fb4 9afc646f 311e2c81 260b5944 a3f40565 b6f1801b 07eda7f7 c98c65fc
a70b4fdf 08e22c56 27ce1ca1 ee033bc6 b1573f7f 35297b78 5b7723bb 47d00a25
fdd2eae8 d25985e5 04e47e93 a21aae6d 3268e947 6493a5bb c9138fea d23e6d23
13d14119 66cfc6c1 5ec52cbb f3cb965a 8a2c6d37 4a62f6d9 d9819009 26a22ec0
6f0b8b00 fddd4990 c01577e3 5e109ddc a0fc4e89 4066939d c00b5ec7 bd12dc57
ikev2_msg_decrypt: integrity checksum length 16
6a56e16d e7e0cfa1 b3581be5 41028f95
ikev2_msg_decrypt: integrity check succeeded
6a56e16d e7e0cfa1 b3581be5 41028f95
ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
25000021 03000000 696e6472 61406361 2e74656c 65636f6d 6c6f6262 792e636f
6d290004 42043082 04393082 0321a003 02010202 082fc4d9 c96de04c b3300d06
092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652 311a3018
06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014 06035504
070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54 656c6563
6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06 03550403
0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130 32303930
39353333 335a170d 32323032 30393039 35333333 5a30818a 310b3009 06035504
06130245 53311230 10060355 04080c09 43617461 6c756e79 61311b30 19060355
04070c12 73616e74 20506572 65206465 20526962 65733116 30140603 55040a0c
0d54656c 65636f6d 204c6f62 6279310d 300b0603 55040b0c 0456504e 43312330
21060355 04030c1a 52542d30 312e6361 742e7465 6c65636f 6d6c6f62 62792e63
6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282
010100a3 db48a4b0 40b55682 81326f75 39065825 9ea9852b 6eeaa601 c4c692fa
80b16e5e bbcf8072 947ac073 f9b8e372 87cfbc6d 4002f200 d6daf70c 040b1a3f
1a8dfae5 3df72d9a d249803e a1a6b1dc 2f43a6f5 6b930198 a10b79e4 4acbf30f
68aa8f3e 7f06a0cb 17283584 502629de 0bc50868 75202485 56bab2fe d1c4ca7a
ee08c458 74618b80 d82d0fd8 f95e4444 b6d445b7 223e6529 459e672b be640500
3ddfec49 1e6192e6 6c0e57cf 937f3728 c29cb9c7 d9bce970 aa0370fb 7e19e3f7
150b2d2d 706c32e0 986d78bc 0b25eeff fe27707e 1bd36caa c844fafd 792795cb
8b919b40 d9906ed7 dccc1192 b1d18453 6d567b6b a9f5cbed b27899a5 cd7514c1
eaea1b02 03010001 a381a430 81a13013 0603551d 25040c30 0a06082b 06010505
07030230 1d060355 1d0e0416 0414d277 dc485c0f 9c282246 c877c363 d3883d07
ed9d301f 0603551d 23041830 1680142a c5939e9b 0361a9a9 b61eb388 3d40c58e
e44f5030 24060355 1d11041d 301b8119 696e6472 61406361 2e74656c 65636f6d
6c6f6262 792e636f 6d302406 09608648 0186f842 010d0417 16154765 6e657261
74656420 62792052 6f757465 724f5330 0d06092a 864886f7 0d01010b 05000382
01010056 c2f37bdf fba9a57a 17b5dcd9 062632b3 5bd7cd5e 0182b1e4 fb23bba8
8d2b0005 a406253c c28dea45 91ea8961 99b38e2b 30816fb9 3ad824f0 b9992412
dc584ec1 a3f52bc1 0a9a198f da49baf6 40d3ac5d 136095cd 7ed56814 3413d831
8e782e4c 4d1c1c82 e0ecb3ae 46254ee7 4f840f39 fcb19fde 7e5d94ad 05ac9caf
376ed1d5 e6bd774a 45cd4b20 26cc2e37 163c029c 33a41a2a 8f0f1ef8 f799327b
4c4265af ef9ab66c 11f73fcf 2d1724b7 acb365d9 7e922035 d1e7a807 f5020ce6
da69dc25 55824ce4 1c28e334 5583d13c f1a79f1e 248fe4ff dd32fa34 0d0e870d
a3654381 4118362c 99b00024 570a5104 3058d09a e9a66d6e 294a297e 805c506d
ce832b26 00000800 00400027 00005504 d240096d 782460df c9e68072 dc0bc444
6fab51ba d240096d 782460df c9e68072 dc0bc444 6fab51ba 3b6a7f0c 2f567b94
1954764f bfae24cd 40d9ea01 a467a75b d9f8d81b 482a9316 39c96dc0 98337349
2f000118 0e000000 0f300d06 092a8648 86f70d01 010b0500 90c6695a d9d6c62c
3e505609 b65cbd2e dddc6748 2000e932 8feb7562 6aa9cc0f fc3b450b c7ade4c3
5bb244b8 dde138d9 b426d18b 4b223f57 c6e1b9a0 ca823b9f 91baf1b6 f60e4478
1ebc7b0c 620f7125 566bee11 f722a9a8 67ac1750 bec0d809 6a8c81f5 3bf1543c
971d19e7 dcc64da6 f0561c20 625bad51 82df9602 0ccadab0 a724e075 23dbf1a7
6a7fe64a ed7eaf53 0af9801a ff12cbc2 81c8a736 d2666ea9 fdf3a1d4 2a189db4
f9e7b176 bb77295b 60a1de4c 0bceb1ec d2e18a19 661dddd2 39708878 7b6703b8
8d48f246 4f62cc89 287a3075 064101b4 6211f38b 63bcaa56 116f9002 4c0c2310
727cac08 0d69c4dd 11841c97 0f9ba3ed f33fdacf 1ae431a3 29000010 01000000
00010000 00030000 21000008 00004007 2c000064 00000060 01030409 c977da0e
0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0 0300000c 0100000c
800e0100 03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008
03000002 03000008 03000005 00000008 05000000 2d000018 01000000 072f0010
0000ffff 00000000 ffffffff 29000018 01000000 072f0010 0000ffff 9b8af71b
9b8af71b 29000008 0000400c 29000018 0000400e 2a029003 00b70a85 105cb394
07f03ae0 29000008 00004021 00000008 00004024 39d1f768 e83c6b61 ae20470b
ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length 33
ikev2_pld_id: id UFQDN/-->HOSTNAME-ES<---@-->CA<--- length 29
ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY critical 0x00 length 1090
ikev2_pld_cert: type X509_CERT length 1085
30820439 30820321 a0030201 0202082f c4d9c96d e04cb330 0d06092a 864886f7
0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303230 39303935 3333335a
170d3232 30323039 30393533 33335a30 818a310b 30090603 55040613 02455331
12301006 03550408 0c094361 74616c75 6e796131 1b301906 03550407 0c127361
6e742050 65726520 64652052 69626573 31163014 06035504 0a0c0d54 656c6563
6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 23302106 03550403
0c1a5254 2d30312e 6361742e 74656c65 636f6d6c 6f626279 2e636f6d 30820122
300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 00a3db48
a4b040b5 56828132 6f753906 58259ea9 852b6eea a601c4c6 92fa80b1 6e5ebbcf
8072947a c073f9b8 e37287cf bc6d4002 f200d6da f70c040b 1a3f1a8d fae53df7
2d9ad249 803ea1a6 b1dc2f43 a6f56b93 0198a10b 79e44acb f30f68aa 8f3e7f06
a0cb1728 35845026 29de0bc5 08687520 248556ba b2fed1c4 ca7aee08 c4587461
8b80d82d 0fd8f95e 4444b6d4 45b7223e 6529459e 672bbe64 05003ddf ec491e61
92e66c0e 57cf937f 3728c29c b9c7d9bc e970aa03 70fb7e19 e3f7150b 2d2d706c
32e0986d 78bc0b25 eefffe27 707e1bd3 6caac844 fafd7927 95cb8b91 9b40d990
6ed7dccc 1192b1d1 84536d56 7b6ba9f5 cbedb278 99a5cd75 14c1eaea 1b020301
0001a381 a43081a1 30130603 551d2504 0c300a06 082b0601 05050703 02301d06
03551d0e 04160414 d277dc48 5c0f9c28 2246c877 c363d388 3d07ed9d 301f0603
551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40 c58ee44f 50302406
03551d11 041d301b 8119696e 64726140 63612e74 656c6563 6f6d6c6f 6262792e
636f6d30 24060960 86480186 f842010d 04171615 47656e65 72617465 64206279
20526f75 7465724f 53300d06 092a8648 86f70d01 010b0500 03820101 0056c2f3
7bdffba9 a57a17b5 dcd90626 32b35bd7 cd5e0182 b1e4fb23 bba88d2b 0005a406
253cc28d ea4591ea 896199b3 8e2b3081 6fb93ad8 24f0b999 2412dc58 4ec1a3f5
2bc10a9a 198fda49 baf640d3 ac5d1360 95cd7ed5 68143413 d8318e78 2e4c4d1c
1c82e0ec b3ae4625 4ee74f84 0f39fcb1 9fde7e5d 94ad05ac 9caf376e d1d5e6bd
774a45cd 4b2026cc 2e37163c 029c33a4 1a2a8f0f 1ef8f799 327b4c42 65afef9a
b66c11f7 3fcf2d17 24b7acb3 65d97e92 2035d1e7 a807f502 0ce6da69 dc255582
4ce41c28 e3345583 d13cf1a7 9f1e248f e4ffdd32 fa340d0e 870da365 43814118
362c99b0 0024570a 51043058 d09ae9a6 6d6e294a 297e805c 506dce83 2b
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH critical 0x00 length 85
ikev2_pld_certreq: type X509_CERT length 80
d240096d 782460df c9e68072 dc0bc444 6fab51ba d240096d 782460df c9e68072
dc0bc444 6fab51ba 3b6a7f0c 2f567b94 1954764f bfae24cd 40d9ea01 a467a75b
d9f8d81b 482a9316 39c96dc0 98337349
ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
ikev2_pld_auth: method SIG length 272
0f300d06 092a8648 86f70d01 010b0500 90c6695a d9d6c62c 3e505609 b65cbd2e
dddc6748 2000e932 8feb7562 6aa9cc0f fc3b450b c7ade4c3 5bb244b8 dde138d9
b426d18b 4b223f57 c6e1b9a0 ca823b9f 91baf1b6 f60e4478 1ebc7b0c 620f7125
566bee11 f722a9a8 67ac1750 bec0d809 6a8c81f5 3bf1543c 971d19e7 dcc64da6
f0561c20 625bad51 82df9602 0ccadab0 a724e075 23dbf1a7 6a7fe64a ed7eaf53
0af9801a ff12cbc2 81c8a736 d2666ea9 fdf3a1d4 2a189db4 f9e7b176 bb77295b
60a1de4c 0bceb1ec d2e18a19 661dddd2 39708878 7b6703b8 8d48f246 4f62cc89
287a3075 064101b4 6211f38b 63bcaa56 116f9002 4c0c2310 727cac08 0d69c4dd
11841c97 0f9ba3ed f33fdacf 1ae431a3
ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 16
ikev2_pld_cp: type REQUEST length 8
00010000 00030000
ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 100
ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP spisize 4 xforms 9 spi 0xc977da0e
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_384_192
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_512_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id AES_XCBC_96
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 24
ikev2_pld_notify: protoid NONE spisize 0 type ADDITIONAL_IP6_ADDRESS
2a029003 00b70a85 105cb394 07f03ae0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type IKEV2_MESSAGE_ID_SYNC_SUPPORTED
ikev2_handle_notifies: mobike enabled
sa_stateok: SA_INIT flags 0x0000, require 0x0000
spi=0x0469346daf3de27d: sa_state: SA_INIT -> AUTH_REQUEST
policy_lookup: peerid '-->HOSTNAME-ES<---@-->CA<---'
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0)
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 256 <-> 256)
proposals_match: xform 1 <-> 1 (1): DH ECP_256 (keylength 0 <-> 0)
proposals_negotiate: score 4
policy_lookup: setting policy '-->HOST_ES<--'
ikev2_policy2id: srcid UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_msg_auth: responder auth data length 343
0469346d af3de27d 0d2bd80b 33716e8b 21202220 00000000 00000117 22000030
0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008
0300000c 00000008 04000013 28000048 00130000 ed32cc33 a1c1f3e4 c329be29
204ed03e 6e9e1876 83f5091a 473e6760 1094d7b0 bd194dab ae9679cd 8cbd9274
c5fe49ff 7052d6af 0a88ce33 9572aea8 88f00245 29000024 88dca6c3 8051bf74
ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208 2900001c 00004004
53c4df3b fb1245a1 7e79116a f711383f 30f19a17 2600001c 00004005 df418d07
a3ae1d49 debedc53 f3a64f26 bcb0aeee 29000019 04d24009 6d782460 dfc9e680
72dc0bc4 446fab51 ba000000 0e000040 2f000200 030004cb ba93f2c3 9b68d38f
dec63336 9fb0f076 6b97d8ac 6c71754e dfc408ec 3c8805f1 6ddc94ea 5f3b4adb
53c1e470 d3b3cb0b 9ed8bf5d ed1fc393 00620e9f 491958
ca_setauth: switching SIG_ANY to SIG
ca_setauth: auth length 343
proposals_match: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256
proposals_match: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256)
proposals_match: xform 1 <-> 1 (2): ESN NONE (keylength 0 <-> 0)
proposals_negotiate: score 4
proposals_negotiate: score 1: ENCR AES_CBC 256
proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128
proposals_negotiate: score 2: ESN NONE
sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
config_free_proposals: free 0x5a9044b6e00
ca_getreq: found CA /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=-->CA<---
ca_x509_subjectaltname_do: did not find subjectAltName in certificate
ca_getreq: found local certificate /C=US/ST=Texas/L=Dallas/O=Telecom Lobby/OU=VPNC/CN=-->CERT-US<---
_dsa_sign_encode: signature scheme 0 selected
_dsa_sign_encode: signature scheme 0 selected
_dsa_sign_encode: signature scheme 0 selected
ca_setauth: auth length 272
ca_validate_pubkey: could not open public key pubkeys/ufqdn/-->HOSTNAME-ES<---@-->CA<---
ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de Ribes/O=Telecom Lobby/OU=VPNC/CN=-->HOST_ES<-- ok
ikev2_getimsgdata: imsg 22 rspi 0x0d2bd80b33716e8b ispi 0x0469346daf3de27d initiator 0 sa valid type 4 data length 1065
ikev2_dispatch_cert: cert type X509_CERT length 1065, ok
sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_getimsgdata: imsg 28 rspi 0x0d2bd80b33716e8b ispi 0x0469346daf3de27d initiator 0 sa valid type 14 data length 272
ikev2_dispatch_cert: AUTH type 14 len 272
sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_getimsgdata: imsg 23 rspi 0x0d2bd80b33716e8b ispi 0x0469346daf3de27d initiator 0 sa valid type 4 data length 1085
ikev2_msg_auth: initiator auth data length 1120
0469346d af3de27d 00000000 00000000 21202208 00000000 00000420 22000340
02000160 01010025 0300000c 0100000c 800e0080 0300000c 0100000c 800e00c0
0300000c 0100000c 800e0100 0300000c 01000017 800e0080 0300000c 01000017
800e00c0 0300000c 01000017 800e0100 0300000c 0100000d 800e0080 0300000c
0100000d 800e00c0 0300000c 0100000d 800e0100 0300000c 01000018 800e0080
0300000c 01000018 800e00c0 0300000c 01000018 800e0100 03000008 01000003
03000008 0300000c 03000008 0300000d 03000008 0300000e 03000008 03000002
03000008 03000005 03000008 03000008 03000008 02000005 03000008 02000006
03000008 02000007 03000008 02000004 03000008 02000008 03000008 02000002
03000008 04000013 03000008 04000014 03000008 04000015 03000008 0400001c
03000008 0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f
03000008 04000010 03000008 04000011 03000008 04000012 00000008 0400000e
000001dc 0201002d 0300000c 01000014 800e0080 0300000c 01000014 800e00c0
0300000c 01000014 800e0100 0300000c 01000010 800e0080 0300000c 01000010
800e00c0 0300000c 01000010 800e0100 0300000c 0100001b 800e0080 0300000c
0100001b 800e00c0 0300000c 0100001b 800e0100 0300000c 01000013 800e0080
0300000c 01000013 800e00c0 0300000c 01000013 800e0100 0300000c 01000012
800e0080 0300000c 01000012 800e00c0 0300000c 01000012 800e0100 0300000c
0100000e 800e0080 0300000c 0100000e 800e00c0 0300000c 0100000e 800e0100
0300000c 0100000f 800e0080 0300000c 0100000f 800e00c0 0300000c 0100000f
800e0100 0300000c 01000019 800e0080 0300000c 01000019 800e00c0 0300000c
01000019 800e0100 0300000c 0100001a 800e0080 0300000c 0100001a 800e00c0
0300000c 0100001a 800e0100 03000008 02000005 03000008 02000006 03000008
02000007 03000008 02000004 03000008 02000008 03000008 02000002 03000008
04000013 03000008 04000014 03000008 04000015 03000008 0400001c 03000008
0400001d 03000008 0400001e 03000008 0400001f 03000008 0400000f 03000008
04000010 03000008 04000011 03000008 04000012 00000008 0400000e 28000048
00130000 1d7e318b 838e8797 aba3010d 3739e240 84dbfd09 5567a715 7e8ea13a
16bd8693 d56d97e1 7b683f88 057b66d5 64f10592 3bfa482b 28216145 09de4ff5
36f7e3cd 29000024 cbba93f2 c39b68d3 8fdec633 369fb0f0 766b97d8 ac6c7175
4edfc408 ec3c8805 2900001c 00004004 2cae4948 7eb54c08 73046c2c 4f162702
662f6758 2900001c 00004005 e284914c eab8f0ba 6dd9e5f7 778e6b29 cbade815
29000008 0000402e 29000010 0000402f 00020003 00040005 00000008 00004016
88dca6c3 8051bf74 ed54bf43 c12ef3cc 80f294df 76395ef3 20bd7fe9 3e6e3208
56f39dad 220d5ae2 c33f92bd 19235e6c 0badc3a7 c1f34783 de32597f 7a92cc45
ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
_dsa_verify_init: signature scheme 0 selected
ikev2_msg_authverify: authentication successful
spi=0x0469346daf3de27d: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
ikev2_dispatch_cert: peer certificate is valid
sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa (required 0x003b cert,certvalid,auth,authvalid,sa)
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
spi=0x0469346daf3de27d: sa_state: AUTH_SUCCESS -> VALID
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
ikev2_sa_tag: (0)
ikev2_childsa_negotiate: proposal 1
ikev2_childsa_negotiate: key material length 128
ikev2_prfplus: T1 with 32 bytes
ae53d4df 824b8c24 5b85f124 31b5b4fe 052e8952 cb9e4ef0 9743531c 2e0948e9
ikev2_prfplus: T2 with 32 bytes
969881ea e031275d e508f818 c4179caf 14b504b0 09c1ff7d f0aa6c86 ba90f279
ikev2_prfplus: T3 with 32 bytes
99b1a9d8 45e7d499 d1c33ca9 63d625bb 1467fd16 2218ef2d e9f06e68 aac608af
ikev2_prfplus: T4 with 32 bytes
c37cbce8 5c53098a 0bb8bcd6 25539cef 99bab221 b5d6647e ba75fc3f 0c1e4e26
ikev2_prfplus: Tn with 128 bytes
ae53d4df 824b8c24 5b85f124 31b5b4fe 052e8952 cb9e4ef0 9743531c 2e0948e9
969881ea e031275d e508f818 c4179caf 14b504b0 09c1ff7d f0aa6c86 ba90f279
99b1a9d8 45e7d499 d1c33ca9 63d625bb 1467fd16 2218ef2d e9f06e68 aac608af
c37cbce8 5c53098a 0bb8bcd6 25539cef 99bab221 b5d6647e ba75fc3f 0c1e4e26
pfkey_sa_getspi: spi 0x15c92cc6
pfkey_sa_init: new spi 0x15c92cc6
ikev2_next_payload: length 37 nextpayload CERT
ikev2_next_payload: length 1070 nextpayload AUTH
ikev2_next_payload: length 280 nextpayload CP
ikev2_next_payload: length 8 nextpayload NOTIFY
ikev2_add_notify: done
ikev2_next_payload: length 8 nextpayload NOTIFY
ikev2_add_notify: done
ikev2_next_payload: length 8 nextpayload SA
ikev2_add_proposals: length 40
ikev2_next_payload: length 44 nextpayload TSi
ikev2_next_payload: length 24 nextpayload TSr
ikev2_next_payload: length 24 nextpayload NONE
ikev2_next_payload: length 1540 nextpayload IDr
ikev2_msg_encrypt: decrypted length 1503
25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
2a864886 f70d0101 0b0500a1 ad203756 08e8bf95 a644250c a72c2e08 95b40311
23aa0f57 ddede788 a7c5d57c c8a5e852 13be661d 049db647 ddccac99 acbeab37
1d0a6b61 1a7084fb 5550d19e 4b84ad40 6048bc9d 8bdc8aba f646d800 177a3c34
54729a77 0e95bc75 4706eacc be9418da 5c62cd75 e6402f6f 7b7f67b9 9b45cd0a
54e193fe 2128d002 c65341ac 683194c8 493ab0d2 3e96a269 37ec086b 53b68378
20fd3a63 af3e9e99 f817ed57 256aa7cf f3d80bfd 41dec827 bf61ddaa b5fef960
3c364f16 1736a468 3089621e 1f75e5c1 b505c190 c36d9e37 87bcd3d6 e267447f
5e32b121 5e70bcf0 4319b6a5 f7704241 490269fe cd62e256 df4f191f 32581803
f2167696 e366dbd1 81b12829 00000802 00000029 00000800 00400721 00000800
00400c2c 00002c00 00002801 03040315 c92cc603 00000c01 00000c80 0e010003
00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b
ikev2_msg_encrypt: padded length 1504
25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
2a864886 f70d0101 0b0500a1 ad203756 08e8bf95 a644250c a72c2e08 95b40311
23aa0f57 ddede788 a7c5d57c c8a5e852 13be661d 049db647 ddccac99 acbeab37
1d0a6b61 1a7084fb 5550d19e 4b84ad40 6048bc9d 8bdc8aba f646d800 177a3c34
54729a77 0e95bc75 4706eacc be9418da 5c62cd75 e6402f6f 7b7f67b9 9b45cd0a
54e193fe 2128d002 c65341ac 683194c8 493ab0d2 3e96a269 37ec086b 53b68378
20fd3a63 af3e9e99 f817ed57 256aa7cf f3d80bfd 41dec827 bf61ddaa b5fef960
3c364f16 1736a468 3089621e 1f75e5c1 b505c190 c36d9e37 87bcd3d6 e267447f
5e32b121 5e70bcf0 4319b6a5 f7704241 490269fe cd62e256 df4f191f 32581803
f2167696 e366dbd1 81b12829 00000802 00000029 00000800 00400721 00000800
00400c2c 00002c00 00002801 03040315 c92cc603 00000c01 00000c80 0e010003
00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
ikev2_msg_encrypt: length 1504, padding 0, output length 1536
a6a752d6 e1549dcb 49518dc4 2b8d34d4 08bb2cd7 f12a36be 5c422dd3 e99f461e
228d49be 4e182aaa 185c2dcc b8ca6c0c da007f8e 2a14a761 6505d770 297e7ae4
5ca1777c 115d5b31 ef514716 48ddd96f 97ddca65 014ea722 c4189519 54662d86
f352874a e1275f05 33f0fc33 d34a757e bf5a0b6c c7631a6f 0aee4ffc a64988b6
e7bfe1f5 f8363fa6 7d380965 f2c2d676 ac8e986d 8cac825a d0d3956b 6780cc02
8119d49d fb23e24a 30baf8e6 39be476a 4c33ddd7 14c5b78c c4ae9bce 193c73d9
f050ed08 11b4a90c 18163ce6 71204a91 ba92ea6c f4cb678a 7d41bcd7 24d19d69
b0cdced0 5c515973 387a27b9 ed9ad001 e1603ff6 c0a267b7 034d3a7e 02e87540
3a948da4 81d9b501 58bffb9c 084a903c 8ff0d7fc e6b6d3eb 33dbfcfd 470a77bb
d841a227 747ef48c 6d7be20d 6288c86c 4fb6cdd1 cfaf759b fe307b1f 5afd176b
a24ead98 b6d78f69 90d47367 ccfe4a12 e6f9b094 ce7352d5 b29440a7 d469de4c
c77c77b1 ab394f6f e3650a7c 6ecb5db0 7950742b be1e1043 2f9bd579 48e0a728
2b82cfe1 e7739ed3 e61c2706 2620fd58 be3850ac 88e162aa 1b4980ae e427bf48
bc1d5714 faf96f43 b4833c11 74e97043 e2dc4467 792cbde6 36a1f262 35f54774
3dec4326 00e022dd 9e503582 602c901f e844c261 89758816 1847c837 a3c34f7b
09ca99ec ed06abf0 ad2ef504 48bdffb3 e70b8b01 2ea40183 15ddd188 ad06e908
ef4dfdaf ad464c0a 99e422d9 d5170ca3 a594c5fe a0aedb03 abf692b8 81869972
7be78c86 4f0aa5a7 40d27ed8 78b2861a eddd59cd 35e71df1 ebcb924f 461e3934
78be8780 310b9d6a 9c282c6e b5d7d14f 6f266343 0eb98bc4 c7354a59 139a2f85
5f2c2cc1 88f074cd 276382a2 d64a8de7 78469b84 b14f391a fee90b6f c6bdb3b4
ccb0be6b f2ebd711 aff0201f 55e9b28d 58e016d9 6a6a1cde fdf3ccee 6bb0b1af
041cdf00 1f561499 b0192a8e 1fee1f3d e0448ebf 9b356ae4 a5de9d96 04f76ef1
2e2e34a4 f61f27a1 ff6d0855 ac365be3 91786828 5a751dfa 8035d9bf 882ea2a6
5aa10d66 676a9855 89a7477f d445ac29 f92766f2 300122bf 6b8b2ef0 153158e3
02bbf851 c56917ed f920111f ad17825f 002ea8e1 8ace0476 6ae6b050 5869f5f6
eb670675 33986715 e7fa9337 531a9dd5 c45f50e4 af5ff151 57b00392 e6fadbfe
b56c92e0 436c1705 577c2e9c ee60963d 5fe47a08 32dd8dcf 661a9758 2b5f5ea9
b56beb56 e416fcec da6a7d81 efbc62f4 22430986 4366aa7e e07549cb 107e98eb
3a413d1c 0b77c190 228751e8 41000cf8 aaae72e2 efc0fb53 9627893f dc0f7b31
ed690696 f33fedd9 9ece214a 5746fbc3 9bed46ef 8f491bfe 2cb25481 f24f2be8
864de508 7b1c183e a5e36104 bc281366 0166fa76 99ebe3bb fb57e763 8d1b142e
66c558b7 6621791f c5377dad 95fb9c5e daa3e0fe 47685067 3893ff36 36e93f44
b0f81e71 f5a13673 62fbb537 3ddf5938 51b795ad 5dc43086 c7358435 c6613977
09a150f8 060b206a 55bd6962 a1bde382 4610c59f 47506c76 0a9de946 dc4fc0d9
5f4f0793 1a6cdbc4 4446c3c9 124e40c1 be0368f7 4ba84114 6cf632f0 ae1d4a11
b2178d11 a1dcf03d 09a6f49c cdd66215 3c7cba51 8393427d 32fd356c 9a0c6cfb
bd920a47 8daa8348 e80a1c46 3e2011a1 afed128c 2fefd140 c67558a3 f8588e41
1b9e191c a3e55328 ff19e330 4effaebe 457243d9 9d5beff1 896f8057 469a526e
99930122 ba7529ce 3125e5a5 e5056a46 3ff6e6a1 aca6fa04 62a4a38f 5b9b5e4e
caad06db c5c9603b 4f7f2994 88bae7fe e71962db b8636ad7 d90fa90c ba85b59f
015d6052 34777c2b df56913c b48a52b1 4685de6b 4673a9dd a07d3712 6bc3c190
03c9a944 889038bd 4b38b2fc bc282452 a4a19498 cfd76ab4 22f3054f 7b99a552
9ee49438 0072ed29 10739caf 751dbe65 0c839186 e25624ce 0704103a 94e1df67
233da2a5 c3512fa2 1d42638f 2a59b0ba 95124798 8ea8f4f0 f59638a7 c480d079
8c94e51c 326c40e9 33bb781a c3632955 ddc8a71b 7d5a4aa7 732ddedc dd01930f
d44b1032 2f40163b 2d8e0a46 90a61964 efac2e7c 810d1e1d bc41ee23 c368f7bb
dfb401d4 0b91b1ab 9a6a6821 46d83131 7e8183c7 d2d16b35 79e1963e 9d8b6702
75d339ea c92005b2 c7fdf71f d6db09ec 00000000 00000000 00000000 00000000
ikev2_msg_integr: message length 1568
0469346d af3de27d 0d2bd80b 33716e8b 2e202320 00000001 00000620 24000604
a6a752d6 e1549dcb 49518dc4 2b8d34d4 08bb2cd7 f12a36be 5c422dd3 e99f461e
228d49be 4e182aaa 185c2dcc b8ca6c0c da007f8e 2a14a761 6505d770 297e7ae4
5ca1777c 115d5b31 ef514716 48ddd96f 97ddca65 014ea722 c4189519 54662d86
f352874a e1275f05 33f0fc33 d34a757e bf5a0b6c c7631a6f 0aee4ffc a64988b6
e7bfe1f5 f8363fa6 7d380965 f2c2d676 ac8e986d 8cac825a d0d3956b 6780cc02
8119d49d fb23e24a 30baf8e6 39be476a 4c33ddd7 14c5b78c c4ae9bce 193c73d9
f050ed08 11b4a90c 18163ce6 71204a91 ba92ea6c f4cb678a 7d41bcd7 24d19d69
b0cdced0 5c515973 387a27b9 ed9ad001 e1603ff6 c0a267b7 034d3a7e 02e87540
3a948da4 81d9b501 58bffb9c 084a903c 8ff0d7fc e6b6d3eb 33dbfcfd 470a77bb
d841a227 747ef48c 6d7be20d 6288c86c 4fb6cdd1 cfaf759b fe307b1f 5afd176b
a24ead98 b6d78f69 90d47367 ccfe4a12 e6f9b094 ce7352d5 b29440a7 d469de4c
c77c77b1 ab394f6f e3650a7c 6ecb5db0 7950742b be1e1043 2f9bd579 48e0a728
2b82cfe1 e7739ed3 e61c2706 2620fd58 be3850ac 88e162aa 1b4980ae e427bf48
bc1d5714 faf96f43 b4833c11 74e97043 e2dc4467 792cbde6 36a1f262 35f54774
3dec4326 00e022dd 9e503582 602c901f e844c261 89758816 1847c837 a3c34f7b
09ca99ec ed06abf0 ad2ef504 48bdffb3 e70b8b01 2ea40183 15ddd188 ad06e908
ef4dfdaf ad464c0a 99e422d9 d5170ca3 a594c5fe a0aedb03 abf692b8 81869972
7be78c86 4f0aa5a7 40d27ed8 78b2861a eddd59cd 35e71df1 ebcb924f 461e3934
78be8780 310b9d6a 9c282c6e b5d7d14f 6f266343 0eb98bc4 c7354a59 139a2f85
5f2c2cc1 88f074cd 276382a2 d64a8de7 78469b84 b14f391a fee90b6f c6bdb3b4
ccb0be6b f2ebd711 aff0201f 55e9b28d 58e016d9 6a6a1cde fdf3ccee 6bb0b1af
041cdf00 1f561499 b0192a8e 1fee1f3d e0448ebf 9b356ae4 a5de9d96 04f76ef1
2e2e34a4 f61f27a1 ff6d0855 ac365be3 91786828 5a751dfa 8035d9bf 882ea2a6
5aa10d66 676a9855 89a7477f d445ac29 f92766f2 300122bf 6b8b2ef0 153158e3
02bbf851 c56917ed f920111f ad17825f 002ea8e1 8ace0476 6ae6b050 5869f5f6
eb670675 33986715 e7fa9337 531a9dd5 c45f50e4 af5ff151 57b00392 e6fadbfe
b56c92e0 436c1705 577c2e9c ee60963d 5fe47a08 32dd8dcf 661a9758 2b5f5ea9
b56beb56 e416fcec da6a7d81 efbc62f4 22430986 4366aa7e e07549cb 107e98eb
3a413d1c 0b77c190 228751e8 41000cf8 aaae72e2 efc0fb53 9627893f dc0f7b31
ed690696 f33fedd9 9ece214a 5746fbc3 9bed46ef 8f491bfe 2cb25481 f24f2be8
864de508 7b1c183e a5e36104 bc281366 0166fa76 99ebe3bb fb57e763 8d1b142e
66c558b7 6621791f c5377dad 95fb9c5e daa3e0fe 47685067 3893ff36 36e93f44
b0f81e71 f5a13673 62fbb537 3ddf5938 51b795ad 5dc43086 c7358435 c6613977
09a150f8 060b206a 55bd6962 a1bde382 4610c59f 47506c76 0a9de946 dc4fc0d9
5f4f0793 1a6cdbc4 4446c3c9 124e40c1 be0368f7 4ba84114 6cf632f0 ae1d4a11
b2178d11 a1dcf03d 09a6f49c cdd66215 3c7cba51 8393427d 32fd356c 9a0c6cfb
bd920a47 8daa8348 e80a1c46 3e2011a1 afed128c 2fefd140 c67558a3 f8588e41
1b9e191c a3e55328 ff19e330 4effaebe 457243d9 9d5beff1 896f8057 469a526e
99930122 ba7529ce 3125e5a5 e5056a46 3ff6e6a1 aca6fa04 62a4a38f 5b9b5e4e
caad06db c5c9603b 4f7f2994 88bae7fe e71962db b8636ad7 d90fa90c ba85b59f
015d6052 34777c2b df56913c b48a52b1 4685de6b 4673a9dd a07d3712 6bc3c190
03c9a944 889038bd 4b38b2fc bc282452 a4a19498 cfd76ab4 22f3054f 7b99a552
9ee49438 0072ed29 10739caf 751dbe65 0c839186 e25624ce 0704103a 94e1df67
233da2a5 c3512fa2 1d42638f 2a59b0ba 95124798 8ea8f4f0 f59638a7 c480d079
8c94e51c 326c40e9 33bb781a c3632955 ddc8a71b 7d5a4aa7 732ddedc dd01930f
d44b1032 2f40163b 2d8e0a46 90a61964 efac2e7c 810d1e1d bc41ee23 c368f7bb
dfb401d4 0b91b1ab 9a6a6821 46d83131 7e8183c7 d2d16b35 79e1963e 9d8b6702
75d339ea c92005b2 c7fdf71f d6db09ec 00000000 00000000 00000000 00000000
ikev2_msg_integr: integrity checksum length 16
619120f7 dd187aa4 9edaaf0d 901701c4 875b992f af439f91 a7fc3c59 1920b751
ikev2_pld_parse: header ispi 0x0469346daf3de27d rspi 0x0d2bd80b33716e8b nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568 response 1
ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1540
ikev2_msg_decrypt: IV length 16
a6a752d6 e1549dcb 49518dc4 2b8d34d4
ikev2_msg_decrypt: encrypted payload length 1504
08bb2cd7 f12a36be 5c422dd3 e99f461e 228d49be 4e182aaa 185c2dcc b8ca6c0c
da007f8e 2a14a761 6505d770 297e7ae4 5ca1777c 115d5b31 ef514716 48ddd96f
97ddca65 014ea722 c4189519 54662d86 f352874a e1275f05 33f0fc33 d34a757e
bf5a0b6c c7631a6f 0aee4ffc a64988b6 e7bfe1f5 f8363fa6 7d380965 f2c2d676
ac8e986d 8cac825a d0d3956b 6780cc02 8119d49d fb23e24a 30baf8e6 39be476a
4c33ddd7 14c5b78c c4ae9bce 193c73d9 f050ed08 11b4a90c 18163ce6 71204a91
ba92ea6c f4cb678a 7d41bcd7 24d19d69 b0cdced0 5c515973 387a27b9 ed9ad001
e1603ff6 c0a267b7 034d3a7e 02e87540 3a948da4 81d9b501 58bffb9c 084a903c
8ff0d7fc e6b6d3eb 33dbfcfd 470a77bb d841a227 747ef48c 6d7be20d 6288c86c
4fb6cdd1 cfaf759b fe307b1f 5afd176b a24ead98 b6d78f69 90d47367 ccfe4a12
e6f9b094 ce7352d5 b29440a7 d469de4c c77c77b1 ab394f6f e3650a7c 6ecb5db0
7950742b be1e1043 2f9bd579 48e0a728 2b82cfe1 e7739ed3 e61c2706 2620fd58
be3850ac 88e162aa 1b4980ae e427bf48 bc1d5714 faf96f43 b4833c11 74e97043
e2dc4467 792cbde6 36a1f262 35f54774 3dec4326 00e022dd 9e503582 602c901f
e844c261 89758816 1847c837 a3c34f7b 09ca99ec ed06abf0 ad2ef504 48bdffb3
e70b8b01 2ea40183 15ddd188 ad06e908 ef4dfdaf ad464c0a 99e422d9 d5170ca3
a594c5fe a0aedb03 abf692b8 81869972 7be78c86 4f0aa5a7 40d27ed8 78b2861a
eddd59cd 35e71df1 ebcb924f 461e3934 78be8780 310b9d6a 9c282c6e b5d7d14f
6f266343 0eb98bc4 c7354a59 139a2f85 5f2c2cc1 88f074cd 276382a2 d64a8de7
78469b84 b14f391a fee90b6f c6bdb3b4 ccb0be6b f2ebd711 aff0201f 55e9b28d
58e016d9 6a6a1cde fdf3ccee 6bb0b1af 041cdf00 1f561499 b0192a8e 1fee1f3d
e0448ebf 9b356ae4 a5de9d96 04f76ef1 2e2e34a4 f61f27a1 ff6d0855 ac365be3
91786828 5a751dfa 8035d9bf 882ea2a6 5aa10d66 676a9855 89a7477f d445ac29
f92766f2 300122bf 6b8b2ef0 153158e3 02bbf851 c56917ed f920111f ad17825f
002ea8e1 8ace0476 6ae6b050 5869f5f6 eb670675 33986715 e7fa9337 531a9dd5
c45f50e4 af5ff151 57b00392 e6fadbfe b56c92e0 436c1705 577c2e9c ee60963d
5fe47a08 32dd8dcf 661a9758 2b5f5ea9 b56beb56 e416fcec da6a7d81 efbc62f4
22430986 4366aa7e e07549cb 107e98eb 3a413d1c 0b77c190 228751e8 41000cf8
aaae72e2 efc0fb53 9627893f dc0f7b31 ed690696 f33fedd9 9ece214a 5746fbc3
9bed46ef 8f491bfe 2cb25481 f24f2be8 864de508 7b1c183e a5e36104 bc281366
0166fa76 99ebe3bb fb57e763 8d1b142e 66c558b7 6621791f c5377dad 95fb9c5e
daa3e0fe 47685067 3893ff36 36e93f44 b0f81e71 f5a13673 62fbb537 3ddf5938
51b795ad 5dc43086 c7358435 c6613977 09a150f8 060b206a 55bd6962 a1bde382
4610c59f 47506c76 0a9de946 dc4fc0d9 5f4f0793 1a6cdbc4 4446c3c9 124e40c1
be0368f7 4ba84114 6cf632f0 ae1d4a11 b2178d11 a1dcf03d 09a6f49c cdd66215
3c7cba51 8393427d 32fd356c 9a0c6cfb bd920a47 8daa8348 e80a1c46 3e2011a1
afed128c 2fefd140 c67558a3 f8588e41 1b9e191c a3e55328 ff19e330 4effaebe
457243d9 9d5beff1 896f8057 469a526e 99930122 ba7529ce 3125e5a5 e5056a46
3ff6e6a1 aca6fa04 62a4a38f 5b9b5e4e caad06db c5c9603b 4f7f2994 88bae7fe
e71962db b8636ad7 d90fa90c ba85b59f 015d6052 34777c2b df56913c b48a52b1
4685de6b 4673a9dd a07d3712 6bc3c190 03c9a944 889038bd 4b38b2fc bc282452
a4a19498 cfd76ab4 22f3054f 7b99a552 9ee49438 0072ed29 10739caf 751dbe65
0c839186 e25624ce 0704103a 94e1df67 233da2a5 c3512fa2 1d42638f 2a59b0ba
95124798 8ea8f4f0 f59638a7 c480d079 8c94e51c 326c40e9 33bb781a c3632955
ddc8a71b 7d5a4aa7 732ddedc dd01930f d44b1032 2f40163b 2d8e0a46 90a61964
efac2e7c 810d1e1d bc41ee23 c368f7bb dfb401d4 0b91b1ab 9a6a6821 46d83131
7e8183c7 d2d16b35 79e1963e 9d8b6702 75d339ea c92005b2 c7fdf71f d6db09ec
ikev2_msg_decrypt: integrity checksum length 16
619120f7 dd187aa4 9edaaf0d 901701c4
ikev2_msg_decrypt: integrity check succeeded
619120f7 dd187aa4 9edaaf0d 901701c4
ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 0
25000025 03000000 73617261 73776174 69406361 2e74656c 65636f6d 6c6f6262
792e636f 6d270004 2e043082 04253082 030da003 02010202 082d419f 457a3999
7e300d06 092a8648 86f70d01 010b0500 30818631 0b300906 03550406 13024652
311a3018 06035504 080c1153 65696e65 2d536169 6e742d44 656e6973 31163014
06035504 070c0d41 75626572 76696c6c 69657273 31163014 06035504 0a0c0d54
656c6563 6f6d204c 6f626279 310d300b 06035504 0b0c0456 504e4331 1c301a06
03550403 0c136361 2e74656c 65636f6d 6c6f6262 792e636f 6d301e17 0d323130
32313230 39313934 355a170d 32323032 31323039 31393435 5a307331 0b300906
03550406 13025553 310e300c 06035504 080c0554 65786173 310f300d 06035504
070c0644 616c6c61 73311630 14060355 040a0c0d 54656c65 636f6d20 4c6f6262
79310d30 0b060355 040b0c04 56504e43 311c301a 06035504 030c1375 732e7465
6c65636f 6d6c6f62 62792e63 6f6d3082 0122300d 06092a86 4886f70d 01010105
00038201 0f003082 010a0282 010100c7 84ffdbc6 ca9aab05 55975ce7 484c5f8b
5417aa70 0ac36cd1 e397ed2e e4eef84c 596f06c3 c5fa2144 26587d21 cefc5efc
87bda9d6 ab329460 9275ff9c 40792a2b 4873e34a 6c797f37 4c14f906 b9bf6a5b
fef940de 51b065be 749b0274 50bbc0e2 762254fa b93ae31d 51d15d6f 390cdd31
12cfea40 fea65853 323bf49a 99bbe29d e6dc6c42 a43889f7 d125f105 68c9a35c
afb594ef 78bc12e7 ac8186ac 32f2b242 b0931f67 b67c3509 108e50c8 57c14a6f
99adddbb 8ff09f38 c1344641 15cc086b 0a7f3656 c52914e9 284774ce 82aac909
39d5e327 b0cdbf3c 22f8644c ec88f1a1 e44be4ac 5dc761cb be9bd51b 5b757c1e
1eebc42a 00337ed0 c1f90476 f6447502 03010001 a381a830 81a53013 0603551d
25040c30 0a06082b 06010505 07030230 1d060355 1d0e0416 041403e0 e5527553
00f35eb7 ff71c90b cd94778d a6c4301f 0603551d 23041830 1680142a c5939e9b
0361a9a9 b61eb388 3d40c58e e44f5030 28060355 1d110421 301f811d 73617261
73776174 69406361 2e74656c 65636f6d 6c6f6262 792e636f 6d302406 09608648
0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465 724f5330
0d06092a 864886f7 0d01010b 05000382 01010028 d73860f9 b6fe28fc e31f9381
6f2e3957 0762ef66 5d53ae0d 1c248650 83c845d7 4f3166a9 199a034d b37d826e
06c893f2 97848d79 3c2cb200 fb35ecfd 38dffe92 6862680a 61453918 2c17b83a
7b118f89 550aab8f ce59d05a 1aa2182c 5aa39c9a a04e88a5 0faac7cf aab46b51
e223be57 c3bbaa72 7546c67b b30062c4 db14e86c 058ad002 13e38ee4 d586b2bc
9d640bc4 21d6ec33 cbc3a066 df6bcb65 a5df7292 12a519e1 71784460 0b99a4e0
0234a29e 245440f2 1cfb1128 2b680441 a12e3da2 3ee16467 b6f1ede2 0e2259ae
0235c1f0 feb64808 4db676d5 3cbf1451 214948d2 99288835 9c46d2b0 e98b0fac
ca745b4a 3882e778 2f85e8eb 8fc5e406 736b8a2f 0001180e 0000000f 300d0609
2a864886 f70d0101 0b0500a1 ad203756 08e8bf95 a644250c a72c2e08 95b40311
23aa0f57 ddede788 a7c5d57c c8a5e852 13be661d 049db647 ddccac99 acbeab37
1d0a6b61 1a7084fb 5550d19e 4b84ad40 6048bc9d 8bdc8aba f646d800 177a3c34
54729a77 0e95bc75 4706eacc be9418da 5c62cd75 e6402f6f 7b7f67b9 9b45cd0a
54e193fe 2128d002 c65341ac 683194c8 493ab0d2 3e96a269 37ec086b 53b68378
20fd3a63 af3e9e99 f817ed57 256aa7cf f3d80bfd 41dec827 bf61ddaa b5fef960
3c364f16 1736a468 3089621e 1f75e5c1 b505c190 c36d9e37 87bcd3d6 e267447f
5e32b121 5e70bcf0 4319b6a5 f7704241 490269fe cd62e256 df4f191f 32581803
f2167696 e366dbd1 81b12829 00000802 00000029 00000800 00400721 00000800
00400c2c 00002c00 00002801 03040315 c92cc603 00000c01 00000c80 0e010003
00000803 00000c00 00000805 0000002d 00001801 00000007 2f001000 00ffff51
2c202f51 2c202f00 00001801 00000007 2f001000 00ffff9b 8af71b9b 8af71b00
ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length 37
ikev2_pld_id: id UFQDN/-->HOSTNAME-US<---@-->CA<--- length 33
ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 length 1070
ikev2_pld_cert: type X509_CERT length 1065
30820425 3082030d a0030201 0202082d 419f457a 39997e30 0d06092a 864886f7
0d01010b 05003081 86310b30 09060355 04061302 4652311a 30180603 5504080c
11536569 6e652d53 61696e74 2d44656e 69733116 30140603 5504070c 0d417562
65727669 6c6c6965 72733116 30140603 55040a0c 0d54656c 65636f6d 204c6f62
6279310d 300b0603 55040b0c 0456504e 43311c30 1a060355 04030c13 63612e74
656c6563 6f6d6c6f 6262792e 636f6d30 1e170d32 31303231 32303931 3934355a
170d3232 30323132 30393139 34355a30 73310b30 09060355 04061302 5553310e
300c0603 5504080c 05546578 6173310f 300d0603 5504070c 0644616c 6c617331
16301406 0355040a 0c0d5465 6c65636f 6d204c6f 62627931 0d300b06 0355040b
0c045650 4e43311c 301a0603 5504030c 1375732e 74656c65 636f6d6c 6f626279
2e636f6d 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
02820101 00c784ff dbc6ca9a ab055597 5ce7484c 5f8b5417 aa700ac3 6cd1e397
ed2ee4ee f84c596f 06c3c5fa 21442658 7d21cefc 5efc87bd a9d6ab32 94609275
ff9c4079 2a2b4873 e34a6c79 7f374c14 f906b9bf 6a5bfef9 40de51b0 65be749b
027450bb c0e27622 54fab93a e31d51d1 5d6f390c dd3112cf ea40fea6 5853323b
f49a99bb e29de6dc 6c42a438 89f7d125 f10568c9 a35cafb5 94ef78bc 12e7ac81
86ac32f2 b242b093 1f67b67c 3509108e 50c857c1 4a6f99ad ddbb8ff0 9f38c134
464115cc 086b0a7f 3656c529 14e92847 74ce82aa c90939d5 e327b0cd bf3c22f8
644cec88 f1a1e44b e4ac5dc7 61cbbe9b d51b5b75 7c1e1eeb c42a0033 7ed0c1f9
0476f644 75020301 0001a381 a83081a5 30130603 551d2504 0c300a06 082b0601
05050703 02301d06 03551d0e 04160414 03e0e552 755300f3 5eb7ff71 c90bcd94
778da6c4 301f0603 551d2304 18301680 142ac593 9e9b0361 a9a9b61e b3883d40
c58ee44f 50302806 03551d11 0421301f 811d7361 72617377 61746940 63612e74
656c6563 6f6d6c6f 6262792e 636f6d30 24060960 86480186 f842010d 04171615
47656e65 72617465 64206279 20526f75 7465724f 53300d06 092a8648 86f70d01
010b0500 03820101 0028d738 60f9b6fe 28fce31f 93816f2e 39570762 ef665d53
ae0d1c24 865083c8 45d74f31 66a9199a 034db37d 826e06c8 93f29784 8d793c2c
b200fb35 ecfd38df fe926862 680a6145 39182c17 b83a7b11 8f89550a ab8fce59
d05a1aa2 182c5aa3 9c9aa04e 88a50faa c7cfaab4 6b51e223 be57c3bb aa727546
c67bb300 62c4db14 e86c058a d00213e3 8ee4d586 b2bc9d64 0bc421d6 ec33cbc3
a066df6b cb65a5df 729212a5 19e17178 44600b99 a4e00234 a29e2454 40f21cfb
11282b68 0441a12e 3da23ee1 6467b6f1 ede20e22 59ae0235 c1f0feb6 48084db6
76d53cbf 14512149 48d29928 88359c46 d2b0e98b 0facca74 5b4a3882 e7782f85
e8eb8fc5 e406736b 8a
ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 280
ikev2_pld_auth: method SIG length 272
0f300d06 092a8648 86f70d01 010b0500 a1ad2037 5608e8bf 95a64425 0ca72c2e
0895b403 1123aa0f 57ddede7 88a7c5d5 7cc8a5e8 5213be66 1d049db6 47ddccac
99acbeab 371d0a6b 611a7084 fb5550d1 9e4b84ad 406048bc 9d8bdc8a baf646d8
00177a3c 3454729a 770e95bc 754706ea ccbe9418 da5c62cd 75e6402f 6f7b7f67
b99b45cd 0a54e193 fe2128d0 02c65341 ac683194 c8493ab0 d23e96a2 6937ec08
6b53b683 7820fd3a 63af3e9e 99f817ed 57256aa7 cff3d80b fd41dec8 27bf61dd
aab5fef9 603c364f 161736a4 68308962 1e1f75e5 c1b505c1 90c36d9e 3787bcd3
d6e26744 7f5e32b1 215e70bc f04319b6 a5f77042 41490269 fecd62e2 56df4f19
1f325818 03f21676 96e366db d181b128
ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_cp: type REPLY length 0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44
ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi 0x15c92cc6
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->NODE_ES<-- end -->NODE_ES<--
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24
ikev2_pld_tss: count 1 length 16
ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport 0 endport 65535
ikev2_pld_ts: start -->HOST-US<--- end -->HOST-US<---
spi=0x0469346daf3de27d: send IKE_AUTH res 1 peer -->NODE_ES<--:4500 local -->HOST-US<---:4500, 1568 bytes, NAT-T
pfkey_sa_add: update spi 0x15c92cc6
ikev2_childsa_enable: loaded CHILD SA spi 0x15c92cc6
pfkey_sa_add: add spi 0xc977da0e
ikev2_childsa_enable: loaded CHILD SA spi 0xc977da0e
ikev2_childsa_enable: loaded flow 0x5a9867fe400
ikev2_childsa_enable: loaded flow 0x5a9cf4ec000
ikev2_childsa_enable: remember SA peer -->NODE_ES<--:4500
spi=0x0469346daf3de27d: ikev2_childsa_enable: loaded SPIs: 0x15c92cc6, 0xc977da0e
spi=0x0469346daf3de27d: ikev2_childsa_enable: loaded flows: ESP--->HOST-US<---/32=-->NODE_ES<--/32(47)
spi=0x0469346daf3de27d: sa_state: VALID -> ESTABLISHED from -->NODE_ES<--:4500 to -->HOST-US<---:4500 policy '-->HOST_ES<--'
spi=0x0469346daf3de27d: established peer -->NODE_ES<--:4500[UFQDN/-->HOSTNAME-ES<---@-->CA<---] local -->HOST-US<---:4500[UFQDN/-->HOSTNAME-US<---@-->CA<---] policy '-->HOST_ES<--' as responder
pfkey_sa_lookup: last_used 1614670222
ikev2_ike_sa_alive: incoming CHILD SA spi 0x15c92cc6 last used 0 second(s) ago
pfkey_sa_lookup: last_used 1614670236
ikev2_ike_sa_alive: incoming CHILD SA spi 0x15c92cc6 last used 1 second(s) ago
pfkey_sa_lookup: last_used 1614670252
ikev2_ike_sa_alive: incoming CHILD SA spi 0x15c92cc6 last used 0 second(s) ago

Here you are the debug of the PTP between ES and US.

I've obtained it using:

/sbin/iked -dvvv 2>&1 | /usr/bin/tee /root/iked_debug.txt

Thank you.

PS: in this debug connection drop one time.

On Mon, Mar 1, 2021 at 12:13 PM Stuart Henderson <stu@spacehopper.org>
wrote:

> Lots of information here but none of it is useful to look into the problem
> from the iked side. An iked verbose log _showing the error_ is really what
> is needed to do anything else.
>
>
> On 2021/03/01 12:05, Riccardo Giuntoli wrote:
> > Ok. I've reduced the strongswan configuration. By the way when
> connecting to an OpenIKED as
> > initiator I've got a lot of errors. Now I've got a couple of scripts
> that control the PTP IPSEC
> > IKE2 connections and I can work, but I'm preparing an ISP based upon
> IPSEC and it's very
> > important to me got a solution.
> > What I can add is that I've searched in *BSD based router/firewall
> distribution like OPNsense
> > and what I've found is that they don't use OpenIKED but strongswan.
> Strongswan seems to be the
> > piece of software more tunable. Now this is my configuration:
>
> Not surprising it is more tunable, it is nearly 20x the code size ;)
>
> > ca XXX
> > cacert=/etc/ipsec.d/cacerts/ca.XXX.crt
> > auto=add
> >
> > conn %default
> > keyexchange=ikev2
> > auto=start
> > reauth=no
> > dpdaction=clear
> > closeaction=clear
> > type=transport
> >
> > conn telecomlobby-jp
> > left=%defaultroute
> > leftsourceip=%config4
> > leftauth=pubkey
> > leftid=%indra@ca.XXX
> > leftprotoport=gre
> > leftupdown=/config/ipsec/ESJP-updown.sh
> >
> > right=YYY
> > rightsubnet=YYY
> > rightauth=pubkey
> > rightid=%jp.XXX
> > rightcert=/etc/ipsec.d/certs/jp.XXX.crt
> > rightprotoport=gre
> >
> > This is my updown:
> >
> > #!/bin/bash
> >
> > set -o nounset
> > set -o errexit
> >
> > TUN_IFACE="tun2"
> >
> > case "${PLUTO_VERB}" in
> > up-host)
> > echo "Putting interface ${TUN_IFACE} up"
> > ifconfig $TUN_IFACE up
> > echo "Disabling IPsec policy (SPD) for ${TUN_IFACE}"
> > sysctl -w "net.ipv4.conf.${TUN_IFACE}.disable_policy=1"
> > echo "Accepting gre keepalive"
> > sysctl -w "net.ipv4.conf.${TUN_IFACE}.accept_local=1"
> > ;;
> > down-host)
> > ifconfig $TUN_IFACE down
> > ;;
> > esac
> >
> > And this is my crontab script in the linux box that control the endpoint
> on the GRE interface:
> >
> > #!/bin/bash
> > ROUTER_IP=YYY
> > IPSEC="telecomlobby-jp"
> > GRE="tun2"
> >
> > PING_RESULT=$(/usr/bin/fping -I$GRE $ROUTER_IP 2>&1)
> > ALIVE="alive"
> > STATUS=$(/usr/sbin/ipsec status $IPSEC)
> > ESTABLISHED="INSTALLED"
> >
> > if [[ "$PING_RESULT" != *"$ALIVE"* ]]; then
> > if [[ "$STATUS" == *"$ESTABLISHED"* ]]; then
> > /usr/sbin/ipsec stroke down-nb $IPSEC
> > /usr/sbin/ipsec up $IPSEC
> > else
> > /usr/sbin/ipsec up $IPSEC
> > fi
> > fi
> >
> > This is the OpenBSD part:
> >
> > set dpd_check_interval 15
> > #set cert_partial_chain
> >
> > ikev2 "RT-01.cat.telecomlobby.com" passive transport \
> > proto gre \
> > from XXX to ZZZ \
> > local jp.telecomlobby.com peer any \
> > ikesa auth hmac-sha2-256 enc aes-256 group ecp256 \
> > childsa auth hmac-sha2-256 enc aes-256 group ecp256 \
> > srcid "shiva@ca.telecomlobby.com" \
> > ikelifetime 86400 lifetime 3600
> >
> > Next there is some control about the other side public address because
> it is a dynamic one:
> >
> > # Global Configuration
> >
> > init-state auto
> >
> > JPES_up = "gre1.link.up"
> > newip = '( "[[ $(dig +short @8.8.8.8 cat-01.ZZZ) != $(ifconfig gre1 |
> grep tunnel | cut -d ' '
> > -f5;exit;}\') ]]" every 126)'
> >
> > # States
> >
> > state auto {
> > if (! $JPES_up) {
> > run "logger -t ifstated '(auto) US-ES down'"
> > set-state JPES_down
> > }
> > }
> >
> >
> > state JPES_down {
> > run "mail -s 'JPES down' root@localhost"
> > run "logger JPES down"
> > if ($newip) {
> > run "/root/Bin/change_endpoint.sh gre1"
> > run "rcctl restart ospfd"
> > }
> > }
> >
> > root@shiva:/root/Bin# cat change_endpoint.sh
>
> >
>
> >
>
> > #!/bin/ksh
> >
> > NEWIP=$(dig +short @8.8.8.8 cat-01.ZZZ)
> > OLDIP=$(ifconfig $1 | grep tunnel | cut -d ' ' -f5)
> >
> > echo "updating PF"
> > sed -i 's/$OLDIP/$NEWIP/g' /etc/pf.conf
> > pfctl -f /etc/pf.conf
> > echo "updating IKED"
> > sed -i 's/$OLDIP/$NEWIP/g' /etc/iked.conf
> > ipsecctl -f /etc/iked.conf
> > echo "updating GRE"
> > sed -i 's/$OLDIP/$NEWIP/g' /etc/hostname.$1
> > ifconfig $1 destroy
> > sh /etc/netstart $1
> >
> > Connection simply drop, in log you can appreciate in the charon side:
> >
> > Mar 1 10:27:06 06[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50065}
> > Mar 1 10:28:05 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50066}
> > Mar 1 10:28:05 09[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50067}
> > Mar 1 10:29:05 13[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50068}
> > Mar 1 10:29:05 11[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50069}
> > Mar 1 10:30:05 06[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50070}
> > Mar 1 10:30:05 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50071}
> > Mar 1 10:31:06 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50072}
> > Mar 1 10:31:06 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50073}
> > Mar 1 10:32:05 08[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50074}
> > Mar 1 10:32:05 05[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50075}
> > Mar 1 10:33:06 09[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50076}
> > Mar 1 10:33:06 14[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50077}
> > Mar 1 10:34:05 07[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50078}
> > Mar 1 10:34:05 09[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50079}
> > Mar 1 10:35:06 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50080}
> > Mar 1 10:35:06 15[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50081}
> > Mar 1 10:36:05 15[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50083}
> > Mar 1 10:36:05 12[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50084}
> > Mar 1 10:37:06 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50085}
> > Mar 1 10:37:06 08[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50086}
> > Mar 1 10:38:05 13[IKE] <telecomlobby-uk|841> establishing CHILD_SA
> telecomlobby-uk{50087}
> > Mar 1 10:38:05 12[IKE] <telecomlobby-jp|842> establishing CHILD_SA
> telecomlobby-jp{50088}
> >
> > has you can see those are two of the three PTP.
> >
> > If you want I've got a pcap or access but in private.
> >
> > Nice regards,
> >
> >
> >
> >
> > On Mon, Feb 22, 2021 at 8:06 PM Tobias Heider <tobias.heider@stusta.de>
> wrote:
> >
> > On Mon, Feb 22, 2021 at 03:59:53PM +0100, Riccardo Giuntoli wrote:
> > > Ok. In the log you can appreciate.
> > >
> > > UK-HOST one OpenBSD machine connected to three openbsd, one
> mikrotik and
> > > one VyOS. The VyOS is CAT-HOST
> > >
> > > Kind regards
> >
> > The log looks fine but it doesn't seem to contain the error message
> you
> > sent earlier.
> > Can you try reproducing the bug and then send a log containing the
> error
> > message and everything that happened before?
> >
> > >
> > >
> > > On Mon, Feb 22, 2021 at 12:02 PM Stuart Henderson <
> stu@spacehopper.org>
> > > wrote:
> > >
> > > > On 2021-02-22, Riccardo Giuntoli <taglio@gmail.com> wrote:
> > > > > Ok I've got the same error on three different OpenBSD, tell me
> what error
> > > > > do you want or if you want an access.
> > > >
> > > > It would be a good start to run iked in the foreground with iked
> -vvd and
> > > > show the log from there.
> > > >
> > > >
> > > >
> > >
> > > --
> > > Name: Riccardo Giuntoli
> > > Email: taglio@gmail.com
> > > Location: sant Pere de Ribes, BCN, Spain
> > > PGP Key: 0x67123739
> > > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
> > > Key server: hkp://wwwkeys.eu.pgp.net
> >
> > > create_ike: using signature for peer --FR--
> > > create_ike: using signature for peer
> > > ikev2 "--CAT-HOST--" passive transport esp proto gre inet from
> --UK-- to --CAT-- local
> > --UK-- peer any ikesa enc aes-256 prf
> hmac-sha2-256,hmac-sha2-384,hmac-sha2-512,hmac-sha1
> > auth hmac-sha2-256 group ecp256 childsa enc aes-256 auth
> hmac-sha2-256 group ecp256
> > esn,noesn srcid --UK-ID-- ikelifetime 86400 lifetime 3600 bytes
> 536870912 signature
> > > /etc/iked.conf: loaded 4 configuration rules
> > > ca_privkey_serialize: type RSA_KEY length 1191
> > > ca_pubkey_serialize: type RSA_KEY length 270
> > > ca_privkey_to_method: type RSA_KEY method RSA_SIG
> > > ca_getkey: received private key type RSA_KEY length 1191
> > > ca_getkey: received public key type RSA_KEY length 270
> > > ca_dispatch_parent: config reset
> > > ca_reload: loaded ca file ca.crt
> > > ca_reload: /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom
> Lobby/OU=VPNC/CN=
> > --CA-HOST--
> > > ca_reload: loaded 1 ca certificate
> > > ca_reload: loaded cert file --FR-HOST--.crt
> > > ca_reload: loaded cert file --UK-HOST--.crt
> > > config_getpolicy: received policy
> > > config_getpolicy: received policy
> > > config_getpolicy: received policy
> > > config_getpolicy: received policy
> > > config_getpfkey: received pfkey fd 3
> > > config_getcompile: compilation done
> > > config_getsocket: received socket fd 4
> > > config_getsocket: received socket fd 5
> > > config_getsocket: received socket fd 6
> > > config_getsocket: received socket fd 7
> > > config_getstatic: dpd_check_interval 15
> > > config_getstatic: no enforcesingleikesa
> > > config_getstatic: no fragmentation
> > > config_getstatic: mobike
> > > config_getstatic: nattport 4500
> > > ca_validate_cert:
> /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=
> > --FR-HOST-- ok
> > > ca_validate_cert: /C=UK/ST=England/L=London/O=Telecom
> Lobby/OU=VPNC/CN=--UK-HOST-- ok
> > > ca_reload: local cert type X509_CERT
> > > config_getocsp: ocsp_url none tolerate 0 maxage -1
> > > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> > > ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> --FR--:500 local --UK--:500, 96
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > ikev2_init_recv: unknown SA
> > > ikev2_init_ike_sa: initiating "--FR-HOST--"
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_add_proposals: length 68
> > > ikev2_next_payload: length 72 nextpayload KE
> > > ikev2_next_payload: length 104 nextpayload NONCE
> > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > ikev2_nat_detection: local source 0xf2043da59221143f
> 0x0000000000000000 --UK--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_nat_detection: local destination 0xf2043da59221143f
> 0x0000000000000000 --FR--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_next_payload: length 14 nextpayload NONE
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x0000000000000000 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310
> response 0
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 72
> > > ikev2_pld_sa: more 0 reserved 0 length 68 proposal #1 protoid IKE
> spisize 0 xforms 7 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA1
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 104
> > > ikev2_pld_ke: dh group ECP_384 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 14
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > spi=0xf2043da59221143f: send IKE_SA_INIT req 0 peer --FR--:500
> local --UK--:500, 310
> > bytes
> > > spi=0xf2043da59221143f: sa_state: INIT -> SA_INIT
> > > ikev2_init_ike_sa: initiating "--US-HOST--"
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_add_proposals: length 36
> > > ikev2_next_payload: length 40 nextpayload KE
> > > ikev2_next_payload: length 136 nextpayload NONCE
> > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > ikev2_nat_detection: local source 0x22cd85777285bb53
> 0x0000000000000000 --UK--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_nat_detection: local destination 0x22cd85777285bb53
> 0x0000000000000000
> > --US-IP--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_next_payload: length 14 nextpayload NONE
> > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> 0x0000000000000000 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310
> response 0
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 40
> > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE
> spisize 0 xforms 3 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 136
> > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 14
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > spi=0x22cd85777285bb53: send IKE_SA_INIT req 0 peer --US-IP--:500
> local --UK--:500, 310
> > bytes
> > > spi=0x22cd85777285bb53: sa_state: INIT -> SA_INIT
> > > ikev2_init_ike_sa: initiating "--JP-HOST--"
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_add_proposals: length 36
> > > ikev2_next_payload: length 40 nextpayload KE
> > > ikev2_next_payload: length 136 nextpayload NONCE
> > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > ikev2_nat_detection: local source 0x67cb9c572ac8b67e
> 0x0000000000000000 --UK--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_nat_detection: local destination 0x67cb9c572ac8b67e
> 0x0000000000000000
> > --JP-IP--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_next_payload: length 14 nextpayload NONE
> > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> 0x0000000000000000 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 310
> response 0
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 40
> > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE
> spisize 0 xforms 3 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 136
> > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 14
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > spi=0x67cb9c572ac8b67e: send IKE_SA_INIT req 0 peer --JP-IP--:500
> local --UK--:500, 310
> > bytes
> > > spi=0x67cb9c572ac8b67e: sa_state: INIT -> SA_INIT
> > > spi=0xf2043da59221143f: recv IKE_SA_INIT res 0 peer --FR--:500
> local --UK--:500, 213
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 213
> response 1
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 48
> > > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_384
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 104
> > > ikev2_pld_ke: dh group ECP_384 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload CERTREQ critical
> 0x00 length 28
> > > ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00
> length 5
> > > ikev2_pld_certreq: type X509_CERT length 0
> > > ikev2_pld_certreq: invalid length 0
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth)
> > > proposals_negotiate: score 4
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > spi=0xf2043da59221143f: ikev2_sa_keys: DHSECRET with 48 bytes
> > > ikev2_sa_keys: SKEYSEED with 32 bytes
> > > spi=0xf2043da59221143f: ikev2_sa_keys: S with 72 bytes
> > > ikev2_prfplus: T1 with 32 bytes
> > > ikev2_prfplus: T2 with 32 bytes
> > > ikev2_prfplus: T3 with 32 bytes
> > > ikev2_prfplus: T4 with 32 bytes
> > > ikev2_prfplus: T5 with 32 bytes
> > > ikev2_prfplus: T6 with 32 bytes
> > > ikev2_prfplus: T7 with 32 bytes
> > > ikev2_prfplus: Tn with 224 bytes
> > > ikev2_sa_keys: SK_d with 32 bytes
> > > ikev2_sa_keys: SK_ai with 32 bytes
> > > ikev2_sa_keys: SK_ar with 32 bytes
> > > ikev2_sa_keys: SK_ei with 32 bytes
> > > ikev2_sa_keys: SK_er with 32 bytes
> > > ikev2_sa_keys: SK_pi with 32 bytes
> > > ikev2_sa_keys: SK_pr with 32 bytes
> > > ikev2_msg_auth: initiator auth data length 366
> > > ca_setauth: switching SIG to RSA_SIG(*)
> > > ca_setauth: auth length 366
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > config_free_proposals: free 0x3c27ccfe800
> > > ca_getreq: found CA
> /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > =--CA-HOST--
> > > ca_x509_subjectaltname_do: did not find subjectAltName in
> certificate
> > > ca_getreq: found local certificate
> /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > --UK-HOST--
> > > ca_setauth: auth length 256
> > > ikev2_getimsgdata: imsg 22 rspi 0x1f43bd64d771a4e5 ispi
> 0xf2043da59221143f initiator 1 sa
> > valid type 4 data length 1064
> > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009
> cert,auth)
> > > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > > ikev2_getimsgdata: imsg 28 rspi 0x1f43bd64d771a4e5 ispi
> 0xf2043da59221143f initiator 1 sa
> > valid type 1 data length 256
> > > ikev2_dispatch_cert: AUTH type 1 len 256
> > > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009
> cert,auth)
> > > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > > ikev2_next_payload: length 35 nextpayload CERT
> > > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > > ikev2_add_certreq: type X509_CERT length 21
> > > ikev2_next_payload: length 25 nextpayload AUTH
> > > ikev2_next_payload: length 264 nextpayload NOTIFY
> > > ikev2_add_notify: done
> > > ikev2_next_payload: length 8 nextpayload SA
> > > pfkey_sa_getspi: spi 0x8f3bad08
> > > pfkey_sa_init: new spi 0x8f3bad08
> > > ikev2_add_proposals: length 48
> > > ikev2_next_payload: length 52 nextpayload TSi
> > > ikev2_next_payload: length 24 nextpayload TSr
> > > ikev2_next_payload: length 24 nextpayload NONE
> > > ikev2_next_payload: length 1540 nextpayload IDi
> > > ikev2_msg_encrypt: decrypted length 1501
> > > ikev2_msg_encrypt: padded length 1504
> > > ikev2_msg_encrypt: length 1502, padding 2, output length 1536
> > > ikev2_msg_integr: message length 1568
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1568
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> length 1540
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 1504
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 2
> > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> critical 0x00 length 35
> > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ
> critical 0x00 length 1069
> > > ikev2_pld_cert: type X509_CERT length 1064
> > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> critical 0x00 length 25
> > > ikev2_pld_certreq: type X509_CERT length 20
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> critical 0x00 length 264
> > > ikev2_pld_auth: method RSA_SIG length 256
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 52
> > > ikev2_pld_sa: more 0 reserved 0 length 48 proposal #1 protoid ESP
> spisize 4 xforms 4 spi
> > 0x8f3bad08
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --FR-- end --FR--
> > > spi=0xf2043da59221143f: send IKE_AUTH req 1 peer --FR--:500 local
> --UK--:500, 1568 bytes
> > > spi=0xf2043da59221143f: recv IKE_AUTH res 1 peer --FR--:500 local
> --UK--:500, 1552 bytes,
> > policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1552
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload CERT critical 0x00
> length 1524
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 1488
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 1488/1488 padding 8
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload IDr
> critical 0x00 length 1084
> > > ikev2_pld_cert: type X509_CERT length 1079
> > > ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH
> critical 0x00 length 31
> > > ikev2_pld_id: id UFQDN/uma@--CA-HOST-- length 27
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload TSi
> critical 0x00 length 264
> > > ikev2_pld_auth: method RSA_SIG length 256
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload SA critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --FR-- end --FR--
> > > ikev2_pld_payloads: decrypted payload SA nextpayload NOTIFY
> critical 0x00 length 44
> > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
> spisize 4 xforms 3 spi
> > 0x066d9db6
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > spi=0xf2043da59221143f: sa_state: SA_INIT -> AUTH_REQUEST
> > > proposals_negotiate: score 4
> > > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required
> 0x0032
> > certvalid,authvalid,sa)
> > > config_free_proposals: free 0x3c27ccfe580
> > > ca_validate_pubkey: could not open public key pubkeys/ufqdn/uma@
> --CA-HOST--
> > > ca_validate_cert:
> /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN=
> > --FR-HOST-- ok
> > > ikev2_getimsgdata: imsg 23 rspi 0x1f43bd64d771a4e5 ispi
> 0xf2043da59221143f initiator 1 sa
> > valid type 4 data length 1079
> > > ikev2_msg_auth: responder auth data length 277
> > > ikev2_msg_authverify: method RSA_SIG keylen 1079 type X509_CERT
> > > ikev2_msg_authverify: authentication successful
> > > spi=0xf2043da59221143f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> (required 0x0032
> > certvalid,authvalid,sa)
> > > ikev2_dispatch_cert: peer certificate is valid
> > > sa_stateflags: 0x003d -> 0x003f
> cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> > certvalid,authvalid,sa)
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > spi=0xf2043da59221143f: sa_state: AUTH_SUCCESS -> VALID
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > ikev2_sa_tag: (0)
> > > ikev2_childsa_negotiate: proposal 1
> > > ikev2_childsa_negotiate: key material length 128
> > > ikev2_prfplus: T1 with 32 bytes
> > > ikev2_prfplus: T2 with 32 bytes
> > > ikev2_prfplus: T3 with 32 bytes
> > > ikev2_prfplus: T4 with 32 bytes
> > > ikev2_prfplus: Tn with 128 bytes
> > > pfkey_sa_add: add spi 0x066d9db6
> > > ikev2_childsa_enable: loaded CHILD SA spi 0x066d9db6
> > > pfkey_sa_add: update spi 0x8f3bad08
> > > ikev2_childsa_enable: loaded CHILD SA spi 0x8f3bad08
> > > ikev2_childsa_enable: loaded flow 0x3c27dfd9800
> > > ikev2_childsa_enable: loaded flow 0x3c27dfda000
> > > ikev2_childsa_enable: remember SA peer --FR--:500
> > > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded SPIs:
> 0x066d9db6, 0x8f3bad08
> > > spi=0xf2043da59221143f: ikev2_childsa_enable: loaded flows:
> ESP---UK--/32=--FR--/32(47)
> > > spi=0xf2043da59221143f: sa_state: VALID -> ESTABLISHED from
> --FR--:500 to --UK--:500
> > policy '--FR-HOST--'
> > > spi=0xf2043da59221143f: established peer --FR--:500[UFQDN/uma@--CA-HOST--]
> local
> > --UK--:500[UFQDN/--UK-ID--] policy '--FR-HOST--' as initiator
> > > spi=0x22cd85777285bb53: recv IKE_SA_INIT res 0 peer --US-IP--:500
> local --UK--:500, 335
> > bytes, policy '--US-HOST--'
> > > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f
> > > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> 0x84c59f1c8f60d03f nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 335
> response 1
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 40
> > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE
> spisize 0 xforms 3 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 136
> > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_nat_detection: peer source 0x22cd85777285bb53
> 0x84c59f1c8f60d03f --US-IP--:500
> > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_nat_detection: peer destination 0x22cd85777285bb53
> 0x84c59f1c8f60d03f --UK--:500
> > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> 0x00 length 25
> > > ikev2_pld_certreq: type X509_CERT length 20
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 14
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth)
> > > proposals_negotiate: score 3
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > spi=0x22cd85777285bb53: ikev2_sa_keys: DHSECRET with 64 bytes
> > > ikev2_sa_keys: SKEYSEED with 64 bytes
> > > spi=0x22cd85777285bb53: ikev2_sa_keys: S with 80 bytes
> > > ikev2_prfplus: T1 with 64 bytes
> > > ikev2_prfplus: T2 with 64 bytes
> > > ikev2_prfplus: T3 with 64 bytes
> > > ikev2_prfplus: T4 with 64 bytes
> > > ikev2_prfplus: T5 with 64 bytes
> > > ikev2_prfplus: Tn with 320 bytes
> > > ikev2_sa_keys: SK_d with 64 bytes
> > > ikev2_sa_keys: SK_ei with 36 bytes
> > > ikev2_sa_keys: SK_er with 36 bytes
> > > ikev2_sa_keys: SK_pi with 64 bytes
> > > ikev2_sa_keys: SK_pr with 64 bytes
> > > ikev2_msg_auth: initiator auth data length 406
> > > ca_setauth: switching SIG_ANY to SIG
> > > ca_setauth: auth length 406
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > config_free_proposals: free 0x3c27dfd8300
> > > ca_getreq: found CA
> /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > =--CA-HOST--
> > > ca_x509_subjectaltname_do: did not find subjectAltName in
> certificate
> > > ca_getreq: found local certificate
> /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > --UK-HOST--
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > ca_setauth: auth length 272
> > > ikev2_getimsgdata: imsg 22 rspi 0x84c59f1c8f60d03f ispi
> 0x22cd85777285bb53 initiator 1 sa
> > valid type 4 data length 1064
> > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009
> cert,auth)
> > > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > > ikev2_getimsgdata: imsg 28 rspi 0x84c59f1c8f60d03f ispi
> 0x22cd85777285bb53 initiator 1 sa
> > valid type 14 data length 272
> > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009
> cert,auth)
> > > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > > ikev2_next_payload: length 35 nextpayload CERT
> > > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > > ikev2_add_certreq: type X509_CERT length 21
> > > ikev2_next_payload: length 25 nextpayload AUTH
> > > ikev2_next_payload: length 280 nextpayload NOTIFY
> > > ikev2_add_notify: done
> > > ikev2_next_payload: length 8 nextpayload SA
> > > pfkey_sa_getspi: spi 0xfc41aa70
> > > pfkey_sa_init: new spi 0xfc41aa70
> > > ikev2_add_proposals: length 40
> > > ikev2_next_payload: length 44 nextpayload TSi
> > > ikev2_next_payload: length 24 nextpayload TSr
> > > ikev2_next_payload: length 24 nextpayload NONE
> > > ikev2_next_payload: length 1534 nextpayload IDi
> > > ikev2_msg_encrypt: decrypted length 1509
> > > ikev2_msg_encrypt: padded length 1510
> > > ikev2_msg_encrypt: length 1510, padding 0, output length 1530
> > > ikev2_msg_integr: message length 1562
> > > ikev2_msg_integr: integrity checksum length 12
> > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> 0x84c59f1c8f60d03f nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> length 1534
> > > ikev2_msg_decrypt: IV length 8
> > > ikev2_msg_decrypt: encrypted payload length 1510
> > > ikev2_msg_decrypt: integrity checksum length 12
> > > ikev2_msg_decrypt: AAD length 32
> > > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0
> > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> critical 0x00 length 35
> > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ
> critical 0x00 length 1069
> > > ikev2_pld_cert: type X509_CERT length 1064
> > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> critical 0x00 length 25
> > > ikev2_pld_certreq: type X509_CERT length 20
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> critical 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 44
> > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
> spisize 4 xforms 3 spi
> > 0xfc41aa70
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CHACHA20_POLY1305
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --US-IP-- end --US-IP--
> > > spi=0x22cd85777285bb53: send IKE_AUTH req 1 peer --US-IP--:500
> local --UK--:500, 1562
> > bytes
> > > spi=0x22cd85777285bb53: recv IKE_AUTH res 1 peer --US-IP--:500
> local --UK--:500, 1532
> > bytes, policy '--US-HOST--'
> > > ikev2_recv: ispi 0x22cd85777285bb53 rspi 0x84c59f1c8f60d03f
> > > ikev2_recv: updated SA to peer --US-IP--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0x22cd85777285bb53 rspi
> 0x84c59f1c8f60d03f nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1532
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> length 1504
> > > ikev2_msg_decrypt: IV length 8
> > > ikev2_msg_decrypt: encrypted payload length 1480
> > > ikev2_msg_decrypt: integrity checksum length 12
> > > ikev2_msg_decrypt: AAD length 32
> > > ikev2_msg_decrypt: decrypted payload length 1480/1480 padding 0
> > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> critical 0x00 length 37
> > > ikev2_pld_id: id UFQDN/saraswati@--CA-HOST-- length 33
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> critical 0x00 length 1070
> > > ikev2_pld_cert: type X509_CERT length 1065
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> critical 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 36
> > > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid ESP
> spisize 4 xforms 2 spi
> > 0xd1bfd520
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CHACHA20_POLY1305
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --US-IP-- end --US-IP--
> > > spi=0x22cd85777285bb53: sa_state: SA_INIT -> AUTH_REQUEST
> > > proposals_negotiate: score 2
> > > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required
> 0x0032
> > certvalid,authvalid,sa)
> > > config_free_proposals: free 0x3c27dfd8980
> > > ca_validate_pubkey: could not open public key
> pubkeys/ufqdn/saraswati@--CA-HOST--
> > > ca_validate_cert: /C=US/ST=Texas/L=Dallas/O=Telecom
> Lobby/OU=VPNC/CN=--US-HOST-- ok
> > > ikev2_getimsgdata: imsg 23 rspi 0x84c59f1c8f60d03f ispi
> 0x22cd85777285bb53 initiator 1 sa
> > valid type 4 data length 1065
> > > ikev2_msg_auth: responder auth data length 431
> > > ikev2_msg_authverify: method SIG keylen 1065 type X509_CERT
> > > _dsa_verify_init: signature scheme 0 selected
> > > ikev2_msg_authverify: authentication successful
> > > spi=0x22cd85777285bb53: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> (required 0x0032
> > certvalid,authvalid,sa)
> > > ikev2_dispatch_cert: peer certificate is valid
> > > sa_stateflags: 0x003d -> 0x003f
> cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> > certvalid,authvalid,sa)
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > spi=0x22cd85777285bb53: sa_state: AUTH_SUCCESS -> VALID
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > ikev2_sa_tag: (0)
> > > ikev2_childsa_negotiate: proposal 1
> > > ikev2_childsa_negotiate: key material length 72
> > > ikev2_prfplus: T1 with 64 bytes
> > > ikev2_prfplus: T2 with 64 bytes
> > > ikev2_prfplus: Tn with 128 bytes
> > > pfkey_sa_add: add spi 0xd1bfd520
> > > ikev2_childsa_enable: loaded CHILD SA spi 0xd1bfd520
> > > pfkey_sa_add: update spi 0xfc41aa70
> > > ikev2_childsa_enable: loaded CHILD SA spi 0xfc41aa70
> > > ikev2_childsa_enable: loaded flow 0x3c2c0b8f800
> > > ikev2_childsa_enable: loaded flow 0x3c27dfda400
> > > ikev2_childsa_enable: remember SA peer --US-IP--:500
> > > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded SPIs:
> 0xd1bfd520, 0xfc41aa70
> > > spi=0x22cd85777285bb53: ikev2_childsa_enable: loaded flows:
> ESP---UK--/32=--US-IP--/32
> > (47)
> > > spi=0x22cd85777285bb53: sa_state: VALID -> ESTABLISHED from
> --US-IP--:500 to --UK--:500
> > policy '--US-HOST--'
> > > spi=0x22cd85777285bb53: established peer
> --US-IP--:500[UFQDN/saraswati@--CA-HOST--] local
> > --UK--:500[UFQDN/--UK-ID--] policy '--US-HOST--' as initiator
> > > spi=0x67cb9c572ac8b67e: recv IKE_SA_INIT res 0 peer --JP-IP--:500
> local --UK--:500, 335
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7
> > > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> 0x2c3aab6ceed004e7 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 335
> response 1
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 40
> > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid IKE
> spisize 0 xforms 3 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 136
> > > ikev2_pld_ke: dh group BRAINPOOL_P512R1 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_nat_detection: peer source 0x67cb9c572ac8b67e
> 0x2c3aab6ceed004e7 --JP-IP--:500
> > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_nat_detection: peer destination 0x67cb9c572ac8b67e
> 0x2c3aab6ceed004e7 --UK--:500
> > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> 0x00 length 25
> > > ikev2_pld_certreq: type X509_CERT length 20
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 14
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > sa_stateflags: 0x0000 -> 0x0004 certreq (required 0x0009 cert,auth)
> > > proposals_negotiate: score 3
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: DHSECRET with 64 bytes
> > > ikev2_sa_keys: SKEYSEED with 64 bytes
> > > spi=0x67cb9c572ac8b67e: ikev2_sa_keys: S with 80 bytes
> > > ikev2_prfplus: T1 with 64 bytes
> > > ikev2_prfplus: T2 with 64 bytes
> > > ikev2_prfplus: T3 with 64 bytes
> > > ikev2_prfplus: T4 with 64 bytes
> > > ikev2_prfplus: T5 with 64 bytes
> > > ikev2_prfplus: Tn with 320 bytes
> > > ikev2_sa_keys: SK_d with 64 bytes
> > > ikev2_sa_keys: SK_ei with 36 bytes
> > > ikev2_sa_keys: SK_er with 36 bytes
> > > ikev2_sa_keys: SK_pi with 64 bytes
> > > ikev2_sa_keys: SK_pr with 64 bytes
> > > ikev2_msg_auth: initiator auth data length 406
> > > ca_setauth: switching SIG_ANY to SIG
> > > ca_setauth: auth length 406
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0009 cert,auth
> > > config_free_proposals: free 0x3c2a56dad00
> > > ca_getreq: found CA
> /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > =--CA-HOST--
> > > ca_x509_subjectaltname_do: did not find subjectAltName in
> certificate
> > > ca_getreq: found local certificate
> /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > --UK-HOST--
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > ca_setauth: auth length 272
> > > ikev2_getimsgdata: imsg 22 rspi 0x2c3aab6ceed004e7 ispi
> 0x67cb9c572ac8b67e initiator 1 sa
> > valid type 4 data length 1064
> > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > sa_stateflags: 0x0004 -> 0x0005 cert,certreq (required 0x0009
> cert,auth)
> > > sa_stateok: SA_INIT flags 0x0001, require 0x0009 cert,auth
> > > ikev2_getimsgdata: imsg 28 rspi 0x2c3aab6ceed004e7 ispi
> 0x67cb9c572ac8b67e initiator 1 sa
> > valid type 14 data length 272
> > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > sa_stateflags: 0x0005 -> 0x000d cert,certreq,auth (required 0x0009
> cert,auth)
> > > sa_stateok: SA_INIT flags 0x0009, require 0x0009 cert,auth
> > > ikev2_next_payload: length 35 nextpayload CERT
> > > ikev2_next_payload: length 1069 nextpayload CERTREQ
> > > ikev2_add_certreq: type X509_CERT length 21
> > > ikev2_next_payload: length 25 nextpayload AUTH
> > > ikev2_next_payload: length 280 nextpayload NOTIFY
> > > ikev2_add_notify: done
> > > ikev2_next_payload: length 8 nextpayload SA
> > > pfkey_sa_getspi: spi 0x4701e9b5
> > > pfkey_sa_init: new spi 0x4701e9b5
> > > ikev2_add_proposals: length 40
> > > ikev2_next_payload: length 44 nextpayload TSi
> > > ikev2_next_payload: length 24 nextpayload TSr
> > > ikev2_next_payload: length 24 nextpayload NONE
> > > ikev2_next_payload: length 1534 nextpayload IDi
> > > ikev2_msg_encrypt: decrypted length 1509
> > > ikev2_msg_encrypt: padded length 1510
> > > ikev2_msg_encrypt: length 1510, padding 0, output length 1530
> > > ikev2_msg_integr: message length 1562
> > > ikev2_msg_integr: integrity checksum length 12
> > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> 0x2c3aab6ceed004e7 nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1562
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> length 1534
> > > ikev2_msg_decrypt: IV length 8
> > > ikev2_msg_decrypt: encrypted payload length 1510
> > > ikev2_msg_decrypt: integrity checksum length 12
> > > ikev2_msg_decrypt: AAD length 32
> > > ikev2_msg_decrypt: decrypted payload length 1510/1510 padding 0
> > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> critical 0x00 length 35
> > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ
> critical 0x00 length 1069
> > > ikev2_pld_cert: type X509_CERT length 1064
> > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> critical 0x00 length 25
> > > ikev2_pld_certreq: type X509_CERT length 20
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> critical 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 44
> > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
> spisize 4 xforms 3 spi
> > 0x4701e9b5
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CHACHA20_POLY1305
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --JP-IP-- end --JP-IP--
> > > spi=0x67cb9c572ac8b67e: send IKE_AUTH req 1 peer --JP-IP--:500
> local --UK--:500, 1562
> > bytes
> > > spi=0x67cb9c572ac8b67e: recv IKE_AUTH res 1 peer --JP-IP--:500
> local --UK--:500, 1527
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x67cb9c572ac8b67e rspi 0x2c3aab6ceed004e7
> > > ikev2_recv: updated SA to peer --JP-IP--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0x67cb9c572ac8b67e rspi
> 0x2c3aab6ceed004e7 nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1527
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> length 1499
> > > ikev2_msg_decrypt: IV length 8
> > > ikev2_msg_decrypt: encrypted payload length 1475
> > > ikev2_msg_decrypt: integrity checksum length 12
> > > ikev2_msg_decrypt: AAD length 32
> > > ikev2_msg_decrypt: decrypted payload length 1475/1475 padding 0
> > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> critical 0x00 length 33
> > > ikev2_pld_id: id UFQDN/shiva@--CA-HOST-- length 29
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> critical 0x00 length 1069
> > > ikev2_pld_cert: type X509_CERT length 1064
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload NOTIFY
> critical 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 36
> > > ikev2_pld_sa: more 0 reserved 0 length 32 proposal #1 protoid ESP
> spisize 4 xforms 2 spi
> > 0xb1bffe2d
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CHACHA20_POLY1305
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id ESN
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --JP-IP-- end --JP-IP--
> > > spi=0x67cb9c572ac8b67e: sa_state: SA_INIT -> AUTH_REQUEST
> > > proposals_negotiate: score 2
> > > sa_stateflags: 0x000d -> 0x002d cert,certreq,auth,sa (required
> 0x0032
> > certvalid,authvalid,sa)
> > > config_free_proposals: free 0x3c31292ac00
> > > ca_validate_pubkey: could not open public key pubkeys/ufqdn/shiva@
> --CA-HOST--
> > > ca_validate_cert: /C=JP/ST=Tokyo/L=Heiwajima/O=Telecom
> Lobby/OU=VPNC/CN=--JP-HOST-- ok
> > > ikev2_getimsgdata: imsg 23 rspi 0x2c3aab6ceed004e7 ispi
> 0x67cb9c572ac8b67e initiator 1 sa
> > valid type 4 data length 1064
> > > ikev2_msg_auth: responder auth data length 431
> > > ikev2_msg_authverify: method SIG keylen 1064 type X509_CERT
> > > _dsa_verify_init: signature scheme 0 selected
> > > ikev2_msg_authverify: authentication successful
> > > spi=0x67cb9c572ac8b67e: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> (required 0x0032
> > certvalid,authvalid,sa)
> > > ikev2_dispatch_cert: peer certificate is valid
> > > sa_stateflags: 0x003d -> 0x003f
> cert,certvalid,certreq,auth,authvalid,sa (required 0x0032
> > certvalid,authvalid,sa)
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > spi=0x67cb9c572ac8b67e: sa_state: AUTH_SUCCESS -> VALID
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > sa_stateok: VALID flags 0x0032, require 0x0032
> certvalid,authvalid,sa
> > > ikev2_sa_tag: (0)
> > > ikev2_childsa_negotiate: proposal 1
> > > ikev2_childsa_negotiate: key material length 72
> > > ikev2_prfplus: T1 with 64 bytes
> > > ikev2_prfplus: T2 with 64 bytes
> > > ikev2_prfplus: Tn with 128 bytes
> > > pfkey_sa_add: add spi 0xb1bffe2d
> > > ikev2_childsa_enable: loaded CHILD SA spi 0xb1bffe2d
> > > pfkey_sa_add: update spi 0x4701e9b5
> > > ikev2_childsa_enable: loaded CHILD SA spi 0x4701e9b5
> > > ikev2_childsa_enable: loaded flow 0x3c2eec20c00
> > > ikev2_childsa_enable: loaded flow 0x3c324182000
> > > ikev2_childsa_enable: remember SA peer --JP-IP--:500
> > > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded SPIs:
> 0xb1bffe2d, 0x4701e9b5
> > > spi=0x67cb9c572ac8b67e: ikev2_childsa_enable: loaded flows:
> ESP---UK--/32=--JP-IP--/32
> > (47)
> > > spi=0x67cb9c572ac8b67e: sa_state: VALID -> ESTABLISHED from
> --JP-IP--:500 to --UK--:500
> > policy '--JP-HOST--'
> > > spi=0x67cb9c572ac8b67e: established peer --JP-IP--:500[UFQDN/shiva@--CA-HOST--]
> local
> > --UK--:500[UFQDN/--UK-ID--] policy '--JP-HOST--' as initiator
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> --FR--:500 local --UK--:500, 96
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > ikev2_init_recv: unknown SA
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> --FR--:500 local --UK--:500, 96
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > ikev2_init_recv: unknown SA
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> --FR--:500 local --UK--:500, 96
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > ikev2_init_recv: unknown SA
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 0 peer --FR--:500
> local --UK--:500, 112
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 0 length 112
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 84
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 48
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 0 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 0 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003184
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003184
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003183
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 3
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003183
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 3
> second(s) ago
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xf94ce3fc2e48f7f2: recv IKE_SA_INIT req 0 peer --CAT--:500
> local --UK--:500, 1056
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x0000000000000000
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> 0x0000000000000000 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056
> response 0
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 832
> > > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE
> spisize 0 xforms 37
> > spi 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA1_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> AES_XCBC_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> AES_CMAC_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P256R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P384R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE
> spisize 0 xforms 45
> > spi 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P256R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P384R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 72
> > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_nat_detection: peer source 0xf94ce3fc2e48f7f2
> 0x0000000000000000 --CAT--:500
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_nat_detection: peer destination 0xf94ce3fc2e48f7f2
> 0x0000000000000000 --UK--:500
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> FRAGMENTATION_SUPPORTED
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 16
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> > > proposals_negotiate: score 4
> > > proposals_negotiate: score 0
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xf94ce3fc2e48f7f2: sa_state: INIT -> SA_INIT
> > > proposals_negotiate: score 4
> > > proposals_negotiate: score 0
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: DHSECRET with 32 bytes
> > > ikev2_sa_keys: SKEYSEED with 32 bytes
> > > spi=0xf94ce3fc2e48f7f2: ikev2_sa_keys: S with 80 bytes
> > > ikev2_prfplus: T1 with 32 bytes
> > > ikev2_prfplus: T2 with 32 bytes
> > > ikev2_prfplus: T3 with 32 bytes
> > > ikev2_prfplus: T4 with 32 bytes
> > > ikev2_prfplus: T5 with 32 bytes
> > > ikev2_prfplus: T6 with 32 bytes
> > > ikev2_prfplus: T7 with 32 bytes
> > > ikev2_prfplus: Tn with 224 bytes
> > > ikev2_sa_keys: SK_d with 32 bytes
> > > ikev2_sa_keys: SK_ai with 32 bytes
> > > ikev2_sa_keys: SK_ar with 32 bytes
> > > ikev2_sa_keys: SK_ei with 32 bytes
> > > ikev2_sa_keys: SK_er with 32 bytes
> > > ikev2_sa_keys: SK_pi with 32 bytes
> > > ikev2_sa_keys: SK_pr with 32 bytes
> > > ikev2_add_proposals: length 44
> > > ikev2_next_payload: length 48 nextpayload KE
> > > ikev2_next_payload: length 72 nextpayload NONCE
> > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > ikev2_nat_detection: local source 0xf94ce3fc2e48f7f2
> 0x1d51ac7d723a726d --UK--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_nat_detection: local destination 0xf94ce3fc2e48f7f2
> 0x1d51ac7d723a726d --CAT--:500
> > > ikev2_next_payload: length 28 nextpayload CERTREQ
> > > ikev2_add_certreq: type X509_CERT length 21
> > > ikev2_next_payload: length 25 nextpayload NOTIFY
> > > ikev2_next_payload: length 14 nextpayload NONE
> > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> 0x1d51ac7d723a726d nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279
> response 1
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 48
> > > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 72
> > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> 0x00 length 25
> > > ikev2_pld_certreq: type X509_CERT length 20
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 14
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > spi=0xf94ce3fc2e48f7f2: send IKE_SA_INIT res 0 peer --CAT--:500
> local --UK--:500, 279
> > bytes
> > > config_free_proposals: free 0x3c31292ae80
> > > config_free_proposals: free 0x3c31292a880
> > > spi=0xf94ce3fc2e48f7f2: recv IKE_AUTH req 1 peer --CAT--:4500
> local --UK--:4500, 1792
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d
> > > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> 0x1d51ac7d723a726d nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> length 1764
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 1728
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
> > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> critical 0x00 length 33
> > > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY
> critical 0x00 length 1090
> > > ikev2_pld_cert: type X509_CERT length 1085
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> critical 0x00 length 85
> > > ikev2_pld_certreq: type X509_CERT length 80
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical
> 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> critical 0x00 length 16
> > > ikev2_pld_cp: type REQUEST length 8
> > > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 100
> > > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP
> spisize 4 xforms 9 spi
> > 0xc9f9084d
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA1_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> AES_XCBC_96
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 24
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> ADDITIONAL_IP6_ADDRESS
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> EAP_ONLY_AUTHENTICATION
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > > ikev2_handle_notifies: mobike enabled
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > spi=0xf94ce3fc2e48f7f2: sa_state: SA_INIT -> AUTH_REQUEST
> > > policy_lookup: peerid 'indra@--CA-HOST--'
> > > proposals_negotiate: score 4
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_msg_auth: responder auth data length 343
> > > ca_setauth: switching SIG_ANY to SIG
> > > ca_setauth: auth length 343
> > > proposals_negotiate: score 4
> > > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > config_free_proposals: free 0x3c31292a480
> > > ca_getreq: found CA
> /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > =--CA-HOST--
> > > ca_x509_subjectaltname_do: did not find subjectAltName in
> certificate
> > > ca_getreq: found local certificate
> /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > --UK-HOST--
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > ca_setauth: auth length 272
> > > ca_validate_pubkey: could not open public key pubkeys/ufqdn/indra@
> --CA-HOST--
> > > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de
> Ribes/O=Telecom Lobby/OU=VPNC/CN=
> > --CAT-HOST-- ok
> > > ikev2_getimsgdata: imsg 22 rspi 0x1d51ac7d723a726d ispi
> 0xf94ce3fc2e48f7f2 initiator 0 sa
> > valid type 4 data length 1064
> > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_getimsgdata: imsg 28 rspi 0x1d51ac7d723a726d ispi
> 0xf94ce3fc2e48f7f2 initiator 0 sa
> > valid type 14 data length 272
> > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required
> 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_getimsgdata: imsg 23 rspi 0x1d51ac7d723a726d ispi
> 0xf94ce3fc2e48f7f2 initiator 0 sa
> > valid type 4 data length 1085
> > > ikev2_msg_auth: initiator auth data length 1120
> > > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > > _dsa_verify_init: signature scheme 0 selected
> > > ikev2_msg_authverify: authentication successful
> > > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_dispatch_cert: peer certificate is valid
> > > sa_stateflags: 0x003d -> 0x003f
> cert,certvalid,certreq,auth,authvalid,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > > spi=0xf94ce3fc2e48f7f2: sa_state: AUTH_SUCCESS -> VALID
> > > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > > ikev2_sa_tag: (0)
> > > ikev2_childsa_negotiate: proposal 1
> > > ikev2_childsa_negotiate: key material length 128
> > > ikev2_prfplus: T1 with 32 bytes
> > > ikev2_prfplus: T2 with 32 bytes
> > > ikev2_prfplus: T3 with 32 bytes
> > > ikev2_prfplus: T4 with 32 bytes
> > > ikev2_prfplus: Tn with 128 bytes
> > > pfkey_sa_getspi: spi 0xba75d84f
> > > pfkey_sa_init: new spi 0xba75d84f
> > > ikev2_next_payload: length 35 nextpayload CERT
> > > ikev2_next_payload: length 1069 nextpayload AUTH
> > > ikev2_next_payload: length 280 nextpayload CP
> > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > ikev2_add_notify: done
> > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > ikev2_add_notify: done
> > > ikev2_next_payload: length 8 nextpayload SA
> > > ikev2_add_proposals: length 40
> > > ikev2_next_payload: length 44 nextpayload TSi
> > > ikev2_next_payload: length 24 nextpayload TSr
> > > ikev2_next_payload: length 24 nextpayload NONE
> > > ikev2_next_payload: length 1540 nextpayload IDr
> > > ikev2_msg_encrypt: decrypted length 1500
> > > ikev2_msg_encrypt: padded length 1504
> > > ikev2_msg_encrypt: length 1501, padding 3, output length 1536
> > > ikev2_msg_integr: message length 1568
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> 0x1d51ac7d723a726d nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> length 1540
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 1504
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3
> > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> critical 0x00 length 35
> > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> critical 0x00 length 1069
> > > ikev2_pld_cert: type X509_CERT length 1064
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical
> 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_cp: type REPLY length 0
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 44
> > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
> spisize 4 xforms 3 spi
> > 0xba75d84f
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --CAT-- end --CAT--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > spi=0xf94ce3fc2e48f7f2: send IKE_AUTH res 1 peer --CAT--:4500
> local --UK--:4500, 1568
> > bytes, NAT-T
> > > pfkey_sa_add: update spi 0xba75d84f
> > > ikev2_childsa_enable: loaded CHILD SA spi 0xba75d84f
> > > pfkey_sa_add: add spi 0xc9f9084d
> > > ikev2_childsa_enable: loaded CHILD SA spi 0xc9f9084d
> > > ikev2_childsa_enable: loaded flow 0x3c324182800
> > > ikev2_childsa_enable: loaded flow 0x3c2eec20400
> > > ikev2_childsa_enable: remember SA peer --CAT--:4500
> > > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded SPIs:
> 0xba75d84f, 0xc9f9084d
> > > spi=0xf94ce3fc2e48f7f2: ikev2_childsa_enable: loaded flows:
> ESP---UK--/32=--CAT--/32(47)
> > > spi=0xf94ce3fc2e48f7f2: sa_state: VALID -> ESTABLISHED from
> --CAT--:4500 to --UK--:4500
> > policy '--CAT-HOST--'
> > > spi=0xf94ce3fc2e48f7f2: established peer --CAT--:4500[UFQDN/indra@--CA-HOST--]
> local
> > --UK--:4500[UFQDN/--UK-ID--] policy '--CAT-HOST--' as responder
> > > pfkey_sa_lookup: last_used 1614003186
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003186
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0
> second(s) ago
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4428 peer
> --FR--:500 local --UK--:500, 96
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > ikev2_init_recv: unknown SA
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xc5881d3ed32f5801: recv INFORMATIONAL req 4429 peer
> --FR--:500 local --UK--:500, 240
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xc5881d3ed32f5801 rspi 0xfcad33aa65954d8e
> > > ikev2_init_recv: unknown SA
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 1 peer --FR--:500
> local --UK--:500, 128
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 1 length 128
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 100
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 64
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 1 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 1 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003199
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003199
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003198
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 3
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003198
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 3
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003201
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003201
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003201
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0
> second(s) ago
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 2 peer --FR--:500
> local --UK--:500, 144
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 2 length 144
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 116
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 80
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 2 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 2 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003214
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003214
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003216
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003216
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003216
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003216
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003216
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0
> second(s) ago
> > > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > > ikev2_init_ike_sa: "--US-HOST--" is already active
> > > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 3 peer --FR--:500
> local --UK--:500, 112
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 3 length 112
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 84
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 48
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 3 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 3 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003229
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003229
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003231
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003231
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003231
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003231
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003231
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0
> second(s) ago
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 4 peer --FR--:500
> local --UK--:500, 128
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 4 length 128
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 100
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 64
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 4 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 4 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003244
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003245
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003246
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003246
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003246
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003246
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003246
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0
> second(s) ago
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 5 peer --FR--:500
> local --UK--:500, 96
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 5 length 96
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 68
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 32
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 5 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 5 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003259
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003259
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003261
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003261
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003261
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003261
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003261
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 0
> second(s) ago
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0xb3a689d63d247dd3: recv INFORMATIONAL req 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xb3a689d63d247dd3 rspi 0x3ec4e46becafef14
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 6 peer --FR--:500
> local --UK--:500, 96
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 6 length 96
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 68
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 32
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 6 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 6 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003275
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003275
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003276
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003276
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003276
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003276
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003275
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > > ikev2_init_ike_sa: "--US-HOST--" is already active
> > > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 7 peer --FR--:500
> local --UK--:500, 112
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 7 length 112
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 84
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 48
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 7 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 7 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003290
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003290
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003291
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003291
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003291
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003291
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003290
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 8 peer --FR--:500
> local --UK--:500, 144
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 8 length 144
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 116
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 80
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 80/80 padding 79
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 8 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 8 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003305
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003305
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003306
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003306
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003306
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003306
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003305
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 9 peer --FR--:500
> local --UK--:500, 160
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 9 length 160
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 132
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 96
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 9 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 9 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003319
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003320
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003321
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003321
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003321
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003321
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003320
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 10 peer --FR--:500
> local --UK--:500, 96
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 10 length 96
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 68
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 32
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 10 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 10 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003334
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003335
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003336
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003336
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003336
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003336
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003335
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > policy_lookup: setting policy '--JP-HOST--'
> > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> --JP-IP--:500 local --UK--:500, 57
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > ikev2_init_recv: unknown SA
> > > policy_lookup: setting policy '--JP-HOST--'
> > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> --JP-IP--:500 local --UK--:500, 57
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > ikev2_init_recv: unknown SA
> > > policy_lookup: setting policy '--JP-HOST--'
> > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> --JP-IP--:500 local --UK--:500, 57
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > ikev2_init_recv: unknown SA
> > > ikev2_init_ike_sa: "--FR-HOST--" is already active
> > > ikev2_init_ike_sa: "--US-HOST--" is already active
> > > ikev2_init_ike_sa: "--JP-HOST--" is already active
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 11 peer --FR--:500
> local --UK--:500, 96
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 11 length 96
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 68
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 32
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 32/32 padding 31
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 11 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 11 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003349
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003350
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003351
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003351
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003350
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xba75d84f last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003351
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003350
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > policy_lookup: setting policy '--JP-HOST--'
> > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> --JP-IP--:500 local --UK--:500, 57
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > ikev2_init_recv: unknown SA
> > > spi=0xf94ce3fc2e48f7f2: recv INFORMATIONAL req 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0xf94ce3fc2e48f7f2 rspi 0x1d51ac7d723a726d
> > > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> 0x1d51ac7d723a726d nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x08 msgid 2 length 80
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 7
> > > ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE
> critical 0x00 length 8
> > > ikev2_pld_delete: proto IKE spisize 0 nspi 0
> > > ikev2_next_payload: length 4 nextpayload NONE
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 4
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 5, padding 11, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf94ce3fc2e48f7f2 rspi
> 0x1d51ac7d723a726d nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x20 msgid 2 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 11
> > > spi=0xf94ce3fc2e48f7f2: send INFORMATIONAL res 2 peer --CAT--:4500
> local --UK--:4500, 80
> > bytes, NAT-T
> > > spi=0xf94ce3fc2e48f7f2: ikev2_ikesa_recv_delete: received delete
> > > spi=0xf94ce3fc2e48f7f2: sa_state: ESTABLISHED -> CLOSED from
> --CAT--:4500 to --UK--:4500
> > policy '--CAT-HOST--'
> > > ikev2_recv: closing SA
> > > spi=0xf94ce3fc2e48f7f2: sa_free: received delete
> > > config_free_proposals: free 0x3c27ccfe800
> > > config_free_proposals: free 0x3c31292a600
> > > config_free_childsas: free 0x3c2db888f00
> > > config_free_childsas: free 0x3c300bf3e00
> > > sa_free_flows: free 0x3c324182800
> > > sa_free_flows: free 0x3c2eec20400
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0x87993e0d839b617f: recv IKE_SA_INIT req 0 peer --CAT--:500
> local --UK--:500, 1056
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0x87993e0d839b617f rspi 0x0000000000000000
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> 0x0000000000000000 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 1056
> response 0
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 832
> > > ikev2_pld_sa: more 2 reserved 0 length 352 proposal #1 protoid IKE
> spisize 0 xforms 37
> > spi 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CTR
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA1_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> AES_XCBC_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> AES_CMAC_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P256R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P384R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > > ikev2_pld_sa: more 0 reserved 0 length 476 proposal #2 protoid IKE
> spisize 0 xforms 45
> > spi 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_16
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_GCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_GCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> AES_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_8
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id
> CAMELLIA_CCM_12
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_512
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_XCBC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id AES128_CMAC
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_384
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id ECP_521
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P256R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P384R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id
> BRAINPOOL_P512R1
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id CURVE25519
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_3072
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_4096
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_6144
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_8192
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 72
> > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_nat_detection: peer source 0x87993e0d839b617f
> 0x0000000000000000 --CAT--:500
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_nat_detection: peer destination 0x87993e0d839b617f
> 0x0000000000000000 --UK--:500
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> FRAGMENTATION_SUPPORTED
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 16
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > ikev2_pld_notify: signature hash SHA2_256 (2)
> > > ikev2_pld_notify: signature hash SHA2_384 (3)
> > > ikev2_pld_notify: signature hash SHA2_512 (4)
> > > ikev2_pld_notify: signature hash <UNKNOWN:5> (5)
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
> > > proposals_negotiate: score 4
> > > proposals_negotiate: score 0
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > spi=0x87993e0d839b617f: sa_state: INIT -> SA_INIT
> > > proposals_negotiate: score 4
> > > proposals_negotiate: score 0
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
> > > spi=0x87993e0d839b617f: ikev2_sa_keys: DHSECRET with 32 bytes
> > > ikev2_sa_keys: SKEYSEED with 32 bytes
> > > spi=0x87993e0d839b617f: ikev2_sa_keys: S with 80 bytes
> > > ikev2_prfplus: T1 with 32 bytes
> > > ikev2_prfplus: T2 with 32 bytes
> > > ikev2_prfplus: T3 with 32 bytes
> > > ikev2_prfplus: T4 with 32 bytes
> > > ikev2_prfplus: T5 with 32 bytes
> > > ikev2_prfplus: T6 with 32 bytes
> > > ikev2_prfplus: T7 with 32 bytes
> > > ikev2_prfplus: Tn with 224 bytes
> > > ikev2_sa_keys: SK_d with 32 bytes
> > > ikev2_sa_keys: SK_ai with 32 bytes
> > > ikev2_sa_keys: SK_ar with 32 bytes
> > > ikev2_sa_keys: SK_ei with 32 bytes
> > > ikev2_sa_keys: SK_er with 32 bytes
> > > ikev2_sa_keys: SK_pi with 32 bytes
> > > ikev2_sa_keys: SK_pr with 32 bytes
> > > ikev2_add_proposals: length 44
> > > ikev2_next_payload: length 48 nextpayload KE
> > > ikev2_next_payload: length 72 nextpayload NONCE
> > > ikev2_next_payload: length 36 nextpayload NOTIFY
> > > ikev2_nat_detection: local source 0x87993e0d839b617f
> 0xbd5bf5ce26784624 --UK--:500
> > > ikev2_next_payload: length 28 nextpayload NOTIFY
> > > ikev2_nat_detection: local destination 0x87993e0d839b617f
> 0xbd5bf5ce26784624 --CAT--:500
> > > ikev2_next_payload: length 28 nextpayload CERTREQ
> > > ikev2_add_certreq: type X509_CERT length 21
> > > ikev2_next_payload: length 25 nextpayload NOTIFY
> > > ikev2_next_payload: length 14 nextpayload NONE
> > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> 0xbd5bf5ce26784624 nextpayload SA
> > version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 279
> response 1
> > > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length
> 48
> > > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
> spisize 0 xforms 4 spi
> > 0
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id
> HMAC_SHA2_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256
> > > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00
> length 72
> > > ikev2_pld_ke: dh group ECP_256 reserved 0
> > > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00
> length 36
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_SOURCE_IP
> > > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical
> 0x00 length 28
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> NAT_DETECTION_DESTINATION_IP
> > > ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical
> 0x00 length 25
> > > ikev2_pld_certreq: type X509_CERT length 20
> > > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00
> length 14
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> SIGNATURE_HASH_ALGORITHMS
> > > spi=0x87993e0d839b617f: send IKE_SA_INIT res 0 peer --CAT--:500
> local --UK--:500, 279
> > bytes
> > > config_free_proposals: free 0x3c2ef864700
> > > config_free_proposals: free 0x3c2a56da100
> > > spi=0x87993e0d839b617f: recv IKE_AUTH req 1 peer --CAT--:4500
> local --UK--:4500, 1792
> > bytes, policy '--CAT-HOST--'
> > > ikev2_recv: ispi 0x87993e0d839b617f rspi 0xbd5bf5ce26784624
> > > ikev2_recv: updated SA to peer --CAT--:4500 local --UK--:4500
> > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> 0xbd5bf5ce26784624 nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1792
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00
> length 1764
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 1728
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 1728/1728 padding 11
> > > ikev2_pld_payloads: decrypted payload IDi nextpayload CERT
> critical 0x00 length 33
> > > ikev2_pld_id: id UFQDN/indra@--CA-HOST-- length 29
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload NOTIFY
> critical 0x00 length 1090
> > > ikev2_pld_cert: type X509_CERT length 1085
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload CERTREQ
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT
> > > ikev2_pld_payloads: decrypted payload CERTREQ nextpayload AUTH
> critical 0x00 length 85
> > > ikev2_pld_certreq: type X509_CERT length 80
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical
> 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> critical 0x00 length 16
> > > ikev2_pld_cp: type REQUEST length 8
> > > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
> > > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 100
> > > ikev2_pld_sa: more 0 reserved 0 length 96 proposal #1 protoid ESP
> spisize 4 xforms 9 spi
> > 0xc0567d8f
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_384_192
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_512_256
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA1_96
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> AES_XCBC_96
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 24
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> ADDITIONAL_IP6_ADDRESS
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> EAP_ONLY_AUTHENTICATION
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type
> IKEV2_MESSAGE_ID_SYNC_SUPPORTED
> > > ikev2_handle_notifies: mobike enabled
> > > sa_stateok: SA_INIT flags 0x0000, require 0x0000
> > > spi=0x87993e0d839b617f: sa_state: SA_INIT -> AUTH_REQUEST
> > > policy_lookup: peerid 'indra@--CA-HOST--'
> > > proposals_negotiate: score 4
> > > policy_lookup: setting policy '--CAT-HOST--'
> > > ikev2_policy2id: srcid UFQDN/--UK-ID-- length 31
> > > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_msg_auth: responder auth data length 343
> > > ca_setauth: switching SIG_ANY to SIG
> > > ca_setauth: auth length 343
> > > proposals_negotiate: score 4
> > > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > config_free_proposals: free 0x3c2ef864180
> > > ca_getreq: found CA
> /C=FR/ST=Seine-Saint-Denis/L=Aubervilliers/O=Telecom Lobby/OU=VPNC/CN
> > =--CA-HOST--
> > > ca_x509_subjectaltname_do: did not find subjectAltName in
> certificate
> > > ca_getreq: found local certificate
> /C=UK/ST=England/L=London/O=Telecom Lobby/OU=VPNC/CN=
> > --UK-HOST--
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > _dsa_sign_encode: signature scheme 0 selected
> > > ca_setauth: auth length 272
> > > ca_validate_pubkey: could not open public key pubkeys/ufqdn/indra@
> --CA-HOST--
> > > ca_validate_cert: /C=ES/ST=Catalunya/L=sant Pere de
> Ribes/O=Telecom Lobby/OU=VPNC/CN=
> > --CAT-HOST-- ok
> > > ikev2_getimsgdata: imsg 22 rspi 0xbd5bf5ce26784624 ispi
> 0x87993e0d839b617f initiator 0 sa
> > valid type 4 data length 1064
> > > ikev2_dispatch_cert: cert type X509_CERT length 1064, ok
> > > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_getimsgdata: imsg 28 rspi 0xbd5bf5ce26784624 ispi
> 0x87993e0d839b617f initiator 0 sa
> > valid type 14 data length 272
> > > ikev2_dispatch_cert: AUTH type 14 len 272
> > > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required
> 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_getimsgdata: imsg 23 rspi 0xbd5bf5ce26784624 ispi
> 0x87993e0d839b617f initiator 0 sa
> > valid type 4 data length 1085
> > > ikev2_msg_auth: initiator auth data length 1120
> > > ikev2_msg_authverify: method SIG keylen 1085 type X509_CERT
> > > _dsa_verify_init: signature scheme 0 selected
> > > ikev2_msg_authverify: authentication successful
> > > spi=0x87993e0d839b617f: sa_state: AUTH_REQUEST -> AUTH_SUCCESS
> > > sa_stateflags: 0x002d -> 0x003d cert,certreq,auth,authvalid,sa
> (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > ikev2_dispatch_cert: peer certificate is valid
> > > sa_stateflags: 0x003d -> 0x003f
> cert,certvalid,certreq,auth,authvalid,sa (required 0x003b
> > cert,certvalid,auth,authvalid,sa)
> > > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > > spi=0x87993e0d839b617f: sa_state: AUTH_SUCCESS -> VALID
> > > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > > sa_stateok: VALID flags 0x003b, require 0x003b
> cert,certvalid,auth,authvalid,sa
> > > ikev2_sa_tag: (0)
> > > ikev2_childsa_negotiate: proposal 1
> > > ikev2_childsa_negotiate: key material length 128
> > > ikev2_prfplus: T1 with 32 bytes
> > > ikev2_prfplus: T2 with 32 bytes
> > > ikev2_prfplus: T3 with 32 bytes
> > > ikev2_prfplus: T4 with 32 bytes
> > > ikev2_prfplus: Tn with 128 bytes
> > > pfkey_sa_getspi: spi 0x41a9644f
> > > pfkey_sa_init: new spi 0x41a9644f
> > > ikev2_next_payload: length 35 nextpayload CERT
> > > ikev2_next_payload: length 1069 nextpayload AUTH
> > > ikev2_next_payload: length 280 nextpayload CP
> > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > ikev2_add_notify: done
> > > ikev2_next_payload: length 8 nextpayload NOTIFY
> > > ikev2_add_notify: done
> > > ikev2_next_payload: length 8 nextpayload SA
> > > ikev2_add_proposals: length 40
> > > ikev2_next_payload: length 44 nextpayload TSi
> > > ikev2_next_payload: length 24 nextpayload TSr
> > > ikev2_next_payload: length 24 nextpayload NONE
> > > ikev2_next_payload: length 1540 nextpayload IDr
> > > ikev2_msg_encrypt: decrypted length 1500
> > > ikev2_msg_encrypt: padded length 1504
> > > ikev2_msg_encrypt: length 1501, padding 3, output length 1536
> > > ikev2_msg_integr: message length 1568
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0x87993e0d839b617f rspi
> 0xbd5bf5ce26784624 nextpayload SK
> > version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1568
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00
> length 1540
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 1504
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 1504/1504 padding 3
> > > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT
> critical 0x00 length 35
> > > ikev2_pld_id: id UFQDN/--UK-ID-- length 31
> > > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH
> critical 0x00 length 1069
> > > ikev2_pld_cert: type X509_CERT length 1064
> > > ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical
> 0x00 length 280
> > > ikev2_pld_auth: method SIG length 272
> > > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_cp: type REPLY length 0
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type USE_TRANSPORT_MODE
> > > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA
> critical 0x00 length 8
> > > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED
> > > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical
> 0x00 length 44
> > > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
> spisize 4 xforms 3 spi
> > 0x41a9644f
> > > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
> > > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
> > > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id
> HMAC_SHA2_256_128
> > > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
> > > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
> 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --CAT-- end --CAT--
> > > ikev2_pld_payloads: decrypted payload TSr nextpayload NONE
> critical 0x00 length 24
> > > ikev2_pld_tss: count 1 length 16
> > > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 47 length 16 startport
> 0 endport 65535
> > > ikev2_pld_ts: start --UK-- end --UK--
> > > spi=0x87993e0d839b617f: send IKE_AUTH res 1 peer --CAT--:4500
> local --UK--:4500, 1568
> > bytes, NAT-T
> > > pfkey_sa_add: update spi 0x41a9644f
> > > ikev2_childsa_enable: loaded CHILD SA spi 0x41a9644f
> > > pfkey_sa_add: add spi 0xc0567d8f
> > > ikev2_childsa_enable: loaded CHILD SA spi 0xc0567d8f
> > > ikev2_childsa_enable: loaded flow 0x3c324182400
> > > ikev2_childsa_enable: loaded flow 0x3c2eec20000
> > > ikev2_childsa_enable: remember SA peer --CAT--:4500
> > > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded SPIs:
> 0x41a9644f, 0xc0567d8f
> > > spi=0x87993e0d839b617f: ikev2_childsa_enable: loaded flows:
> ESP---UK--/32=--CAT--/32(47)
> > > spi=0x87993e0d839b617f: sa_state: VALID -> ESTABLISHED from
> --CAT--:4500 to --UK--:4500
> > policy '--CAT-HOST--'
> > > spi=0x87993e0d839b617f: established peer --CAT--:4500[UFQDN/indra@--CA-HOST--]
> local
> > --UK--:4500[UFQDN/--UK-ID--] policy '--CAT-HOST--' as responder
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 12 peer --FR--:500
> local --UK--:500, 112
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 12 length 112
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 84
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 48
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 48/48 padding 47
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 12 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 12 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003365
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003365
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003366
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003366
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003366
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003365
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > policy_lookup: setting policy '--JP-HOST--'
> > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> --JP-IP--:500 local --UK--:500, 57
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > ikev2_init_recv: unknown SA
> > > pfkey_sa_lookup: last_used 1614003379
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used 1
> second(s) ago
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 13 peer --FR--:500
> local --UK--:500, 128
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 13 length 128
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 100
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 64
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 64/64 padding 63
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 13 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 13 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003380
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003380
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003381
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003381
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003381
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003380
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > policy_lookup: setting policy '--US-HOST--'
> > > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer
> --US-IP--:500 local --UK--:500, 57
> > bytes, policy '--US-HOST--'
> > > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > > ikev2_init_recv: unknown SA
> > > pfkey_sa_lookup: last_used 1614003392
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x41a9644f last used 3
> second(s) ago
> > > spi=0xf2043da59221143f: recv INFORMATIONAL req 14 peer --FR--:500
> local --UK--:500, 160
> > bytes, policy '--FR-HOST--'
> > > ikev2_recv: ispi 0xf2043da59221143f rspi 0x1f43bd64d771a4e5
> > > ikev2_recv: updated SA to peer --FR--:500 local --UK--:500
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x00 msgid 14 length 160
> response 0
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 132
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 96
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 96/96 padding 95
> > > ikev2_next_payload: length 52 nextpayload NONE
> > > ikev2_msg_encrypt: decrypted length 0
> > > ikev2_msg_encrypt: padded length 16
> > > ikev2_msg_encrypt: length 1, padding 15, output length 48
> > > ikev2_msg_integr: message length 80
> > > ikev2_msg_integr: integrity checksum length 16
> > > ikev2_pld_parse: header ispi 0xf2043da59221143f rspi
> 0x1f43bd64d771a4e5 nextpayload SK
> > version 0x20 exchange INFORMATIONAL flags 0x28 msgid 14 length 80
> response 1
> > > ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00
> length 52
> > > ikev2_msg_decrypt: IV length 16
> > > ikev2_msg_decrypt: encrypted payload length 16
> > > ikev2_msg_decrypt: integrity checksum length 16
> > > ikev2_msg_decrypt: integrity check succeeded
> > > ikev2_msg_decrypt: decrypted payload length 16/16 padding 15
> > > spi=0xf2043da59221143f: send INFORMATIONAL res 14 peer --FR--:500
> local --UK--:500, 80
> > bytes
> > > pfkey_sa_lookup: last_used 1614003394
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0x066d9db6 last used 1
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003394
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x8f3bad08 last used 1
> second(s) ago
> > > policy_lookup: setting policy '--US-HOST--'
> > > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer
> --US-IP--:500 local --UK--:500, 57
> > bytes, policy '--US-HOST--'
> > > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > > ikev2_init_recv: unknown SA
> > > pfkey_sa_lookup: last_used 1614003396
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xd1bfd520 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003396
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0xfc41aa70 last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003396
> > > ikev2_ike_sa_alive: outgoing CHILD SA spi 0xb1bffe2d last used 0
> second(s) ago
> > > pfkey_sa_lookup: last_used 1614003395
> > > ikev2_ike_sa_alive: incoming CHILD SA spi 0x4701e9b5 last used 1
> second(s) ago
> > > policy_lookup: setting policy '--US-HOST--'
> > > spi=0xe6cf431822ad3dc9: recv INFORMATIONAL req 53 peer
> --US-IP--:500 local --UK--:500, 57
> > bytes, policy '--US-HOST--'
> > > ikev2_recv: ispi 0xe6cf431822ad3dc9 rspi 0x338f3945413a685a
> > > ikev2_init_recv: unknown SA
> > > policy_lookup: setting policy '--JP-HOST--'
> > > spi=0x52b68ffd0ebb1984: recv INFORMATIONAL req 93 peer
> --JP-IP--:500 local --UK--:500, 57
> > bytes, policy '--JP-HOST--'
> > > ikev2_recv: ispi 0x52b68ffd0ebb1984 rspi 0xebcdfe906b83921a
> > > ikev2_init_recv: unknown SA
> > > ca exiting, pid 842
> > > control exiting, pid 64161
> > > ikev2 exiting, pid 15623
> > > parent terminating
> >
> >
> >
> >
> > --
> > Name: Riccardo Giuntoli
> > Email: taglio@gmail.com
> > Location: sant Pere de Ribes, BCN, Spain
> > PGP Key: 0x67123739
> > PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
> > Key server: hkp://wwwkeys.eu.pgp.net
>


--
Name: Riccardo Giuntoli
Email: taglio@gmail.com
Location: sant Pere de Ribes, BCN, Spain
PGP Key: 0x67123739
PGP Fingerprint: CE75 16B5 D855 842FAB54 FB5C DDC6 4640 6712 3739
Key server: hkp://wwwkeys.eu.pgp.net