[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] Issue with Debian 10
From: Jaehong Park <jaehong.park () illumio ! com>
Date: 2021-03-08 13:55:33
Message-ID: 4F0799CE-2F5C-436A-8541-B2FF304C6D33 () illumio ! com
[Download RAW message or body]
I am testing Debain 10 + Strongswan and facing an issue.
Test on StrongSwan 5.7.2 as well as the latest 5.9.2.
Debian 10, iproute2-ss190107
Here is My ipsec statusall dump.
Status of IKE charon daemon (strongSwan 5.7.2, Linux 4.19.0-14-amd64, x86_64):
uptime: 2 minutes, since Mar 06 06:58:27 2021
malloc: sbrk 1490944, mmap 0, used 542624, free 948320
worker threads: 27 of 32 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 5
loaded plugins: charon aes des sha2 sha1 md5 random nonce x509 revocation pubkey \
pkcs1 pkcs7 pkcs8 pkcs12 sshkey pem openssl curve25519 xcbc hmac attr kernel-netlink \
socket-default stroke vici updown error-notify counters Listening IP addresses:
192.168.41.134
fd15:4ba5:5a2b:1002:20c:29ff:fec9:4812
Connections:
4.192-168-41-165.32.0.0.0.0: %any...192.168.41.165 IKEv2, dpddelay=30s
4.192-168-41-165.32.0.0.0.0: local: uses pre-shared key authentication
4.192-168-41-165.32.0.0.0.0: remote: uses pre-shared key authentication
4.192-168-41-165.32.0.0.0.0: child: dynamic === dynamic TRANSPORT, dpdaction=hold
4.192-168-41-171.32.0.0.0.0: %any...192.168.41.171 IKEv2, dpddelay=30s
4.192-168-41-171.32.0.0.0.0: local: uses pre-shared key authentication
4.192-168-41-171.32.0.0.0.0: remote: uses pre-shared key authentication
4.192-168-41-171.32.0.0.0.0: child: dynamic === dynamic TRANSPORT, dpdaction=hold
Routed Connections:
4.192-168-41-171.32.0.0.0.0{2}: ROUTED, TRANSPORT, reqid 2
4.192-168-41-171.32.0.0.0.0{2}: 192.168.41.134/32 === 192.168.41.171/32
4.192-168-41-165.32.0.0.0.0{1}: ROUTED, TRANSPORT, reqid 1
4.192-168-41-165.32.0.0.0.0{1}: 192.168.41.134/32 === 192.168.41.165/32
Security Associations (1 up, 0 connecting):
4.192-168-41-165.32.0.0.0.0[1]: ESTABLISHED 24 seconds ago, \
192.168.41.134[192.168.41.134]...192.168.41.165[192.168.41.165] \
4.192-168-41-165.32.0.0.0.0[1]: IKEv2 SPIs: b33bd09fad5378b2_i* b38186e382910f98_r, \
pre-shared key reauthentication in 2 hours 4.192-168-41-165.32.0.0.0.0[1]: IKE \
proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 \
4.192-168-41-165.32.0.0.0.0{3}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c2aaff7b_i \
cb007cdb_o 4.192-168-41-165.32.0.0.0.0{3}: AES_CBC_256/HMAC_SHA1_96, 192 bytes_i (3 \
pkts, 21s ago), 192 bytes_o (3 pkts, 21s ago), rekeying in 46 minutes \
4.192-168-41-165.32.0.0.0.0{3}: 192.168.41.134/32 === 192.168.41.165/32
now if I stop charon all together, and this is my charon.log
2021-03-06T07:05:21-0800 00[DMN] signal of type SIGINT received. Shutting down
2021-03-06T07:05:21-0800 00[MGR] going to destroy IKE_SA manager and all managed \
IKE_SA's 2021-03-06T07:05:21-0800 00[MGR] set driveout flags for all stored IKE_SA's
2021-03-06T07:05:21-0800 00[MGR] wait for all threads to leave IKE_SA's
2021-03-06T07:05:21-0800 00[MGR] delete all IKE_SA's
2021-03-06T07:05:21-0800 00[IKE] queueing IKE_DELETE task
2021-03-06T07:05:21-0800 00[IKE] activating new tasks
2021-03-06T07:05:21-0800 00[IKE] activating IKE_DELETE task
2021-03-06T07:05:21-0800 00[IKE] deleting IKE_SA 4.192-168-41-165.32.0.0.0.0[2] \
between 192.168.41.134[192.168.41.134]...192.168.41.165[192.168.41.165] \
2021-03-06T07:05:21-0800 00[ENC] added payload of type DELETE to message \
2021-03-06T07:05:21-0800 00[IKE] IKE_SA 4.192-168-41-165.32.0.0.0.0[2] state change: \
ESTABLISHED => DELETING 2021-03-06T07:05:21-0800 00[IKE] sending DELETE for IKE_SA \
4.192-168-41-165.32.0.0.0.0[2] 2021-03-06T07:05:21-0800 00[ENC] order payloads in \
message 2021-03-06T07:05:21-0800 00[ENC] added payload of type DELETE to message
2021-03-06T07:05:21-0800 00[ENC] generating INFORMATIONAL request 2 [ D ]
2021-03-06T07:05:21-0800 00[ENC] insert payload DELETE into encrypted payload
2021-03-06T07:05:21-0800 00[ENC] generating payload of type HEADER
2021-03-06T07:05:21-0800 00[ENC] generating rule 0 IKE_SPI
2021-03-06T07:05:21-0800 00[ENC] generating rule 1 IKE_SPI
2021-03-06T07:05:21-0800 00[ENC] generating rule 2 U_INT_8
2021-03-06T07:05:21-0800 00[ENC] generating rule 3 U_INT_4
2021-03-06T07:05:21-0800 00[ENC] generating rule 4 U_INT_4
2021-03-06T07:05:21-0800 00[ENC] generating rule 5 U_INT_8
2021-03-06T07:05:21-0800 00[ENC] generating rule 6 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 7 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 8 FLAG
2021-03-06T07:05:21-0800 00[ENC] generating rule 9 FLAG
2021-03-06T07:05:21-0800 00[ENC] generating rule 10 FLAG
2021-03-06T07:05:21-0800 00[ENC] generating rule 11 FLAG
2021-03-06T07:05:21-0800 00[ENC] generating rule 12 FLAG
2021-03-06T07:05:21-0800 00[ENC] generating rule 13 FLAG
2021-03-06T07:05:21-0800 00[ENC] generating rule 14 U_INT_32
2021-03-06T07:05:21-0800 00[ENC] generating rule 15 HEADER_LENGTH
2021-03-06T07:05:21-0800 00[ENC] generating HEADER payload finished
2021-03-06T07:05:21-0800 00[ENC] generating payload of type DELETE
2021-03-06T07:05:21-0800 00[ENC] generating rule 0 U_INT_8
2021-03-06T07:05:21-0800 00[ENC] generating rule 1 FLAG
2021-03-06T07:05:21-0800 00[ENC] generating rule 2 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 3 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 4 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 5 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 6 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 7 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 8 RESERVED_BIT
2021-03-06T07:05:21-0800 00[ENC] generating rule 9 PAYLOAD_LENGTH
2021-03-06T07:05:21-0800 00[ENC] generating rule 10 U_INT_8
2021-03-06T07:05:21-0800 00[ENC] generating rule 11 U_INT_8
2021-03-06T07:05:21-0800 00[ENC] generating rule 12 U_INT_16
2021-03-06T07:05:21-0800 00[ENC] generating rule 13 CHUNK_DATA
2021-03-06T07:05:21-0800 00[ENC] generating DELETE payload finished
2021-03-06T07:05:21-0800 00[ENC] generated content in encrypted payload
2021-03-06T07:05:21-0800 00[ENC] generating payload of type ENCRYPTED
2021-03-06T07:05:21-0800 00[ENC] generating rule 0 U_INT_8
2021-03-06T07:05:21-0800 00[ENC] generating rule 1 U_INT_8
2021-03-06T07:05:21-0800 00[ENC] generating rule 2 PAYLOAD_LENGTH
2021-03-06T07:05:21-0800 00[ENC] generating rule 3 CHUNK_DATA
2021-03-06T07:05:21-0800 00[ENC] generating ENCRYPTED payload finished
2021-03-06T07:05:21-0800 00[NET] sending packet: from 192.168.41.134[500] to \
192.168.41.165[500] (80 bytes) 2021-03-06T07:05:21-0800 00[MGR] destroy all entries
2021-03-06T07:05:21-0800 00[IKE] IKE_SA 4.192-168-41-165.32.0.0.0.0[2] state change: \
DELETING => DESTROYING 2021-03-06T07:05:21-0800 00[CHD] CHILD_SA \
4.192-168-41-165.32.0.0.0.0{4} state change: INSTALLED => DESTROYING \
2021-03-06T07:05:21-0800 00[KNL] deleting policy 192.168.41.134/32 === \
192.168.41.165/32 out 2021-03-06T07:05:21-0800 00[KNL] policy still used by another \
CHILD_SA, not removed 2021-03-06T07:05:21-0800 00[KNL] updating policy \
192.168.41.134/32 === 192.168.41.165/32 out [priority 367232, refcount 1] \
2021-03-06T07:05:21-0800 00[KNL] deleting policy 192.168.41.165/32 === \
192.168.41.134/32 in 2021-03-06T07:05:21-0800 00[KNL] policy still used by another \
CHILD_SA, not removed 2021-03-06T07:05:21-0800 00[KNL] updating policy \
192.168.41.165/32 === 192.168.41.134/32 in [priority 367232, refcount 1] \
2021-03-06T07:05:21-0800 00[KNL] deleting SAD entry with SPI ccb74d1a \
2021-03-06T07:05:21-0800 00[KNL] deleted SAD entry with SPI ccb74d1a \
2021-03-06T07:05:21-0800 00[KNL] deleting SAD entry with SPI cc0ef0a7 \
2021-03-06T07:05:21-0800 00[KNL] deleted SAD entry with SPI cc0ef0a7 \
2021-03-06T07:05:21-0800 00[CHD] CHILD_SA 4.192-168-41-171.32.0.0.0.0{2} state \
change: ROUTED => DESTROYING 2021-03-06T07:05:21-0800 00[KNL] deleting policy \
192.168.41.134/32 === 192.168.41.171/32 out 2021-03-06T07:05:21-0800 00[KNL] deleting \
policy 192.168.41.171/32 === 192.168.41.134/32 in 2021-03-06T07:05:21-0800 00[CHD] \
CHILD_SA 4.192-168-41-165.32.0.0.0.0{1} state change: ROUTED => DESTROYING \
2021-03-06T07:05:21-0800 00[KNL] deleting policy 192.168.41.134/32 === \
192.168.41.165/32 out 2021-03-06T07:05:21-0800 00[KNL] deleting policy \
192.168.41.165/32 === 192.168.41.134/32 in 2021-03-06T07:05:21-0800 04[NET] sending \
packet: from 192.168.41.134[500] to 192.168.41.165[500] 2021-03-06T07:05:21-0800 \
01[JOB] next event in 3s 999ms, waiting 2021-03-06T07:05:21-0800 02[JOB] terminated \
worker thread 02 2021-03-06T07:05:21-0800 03[JOB] terminated worker thread 03
2021-03-06T07:05:21-0800 01[JOB] terminated worker thread 01
2021-03-06T07:05:21-0800 04[JOB] terminated worker thread 04
According to the charon log above, I see it attempt to delete.
However when I dump ip xfrm pol, the policy stays, and will never be removed without \
manual intervention. Anybody seen this kind of issue in any other platform?
root@debian10:/opt/illumio_ven/bin# ip xfrm pol
src 192.168.41.165/32 dst 192.168.41.134/32
dir in priority 367232 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 1 mode transport
src 192.168.41.134/32 dst 192.168.41.165/32
dir out priority 367232 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 1 mode transport
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: \
after-white-space;" class=""> I am testing Debain 10 + Strongswan and facing an \
issue. <div class=""><br class="">
</div>
<div class="">Test on StrongSwan 5.7.2 as well as the latest 5.9.2.</div>
<div class=""><br class="">
</div>
<div class="">Debian 10, iproute2-ss190107</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">Here is My ipsec statusall dump.</div>
<div class=""><br class="">
</div>
<div class="">
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">Status of IKE charon daemon (strongSwan 5.7.2, Linux \
4.19.0-14-amd64, x86_64):</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: no-common-ligatures;"> \
uptime: 2 minutes, since Mar 06 06:58:27 2021</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;"> malloc: sbrk 1490944, mmap 0, used 542624, free \
948320</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;"> worker threads: 27 of 32 \
idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 5</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;"> loaded plugins: charon aes des sha2 sha1 md5 random \
nonce x509 revocation pubkey pkcs1 pkcs7 pkcs8 pkcs12 sshkey pem openssl curve25519 \
xcbc hmac attr kernel-netlink socket-default stroke vici updown error-notify \
counters</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">Listening IP \
addresses:</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;"> \
192.168.41.134</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;"> \
fd15:4ba5:5a2b:1002:20c:29ff:fec9:4812</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">Connections:</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0: %any...192.168.41.165 \
IKEv2, dpddelay=30s</span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">4.192-168-41-165.32.0.0.0.0: \
local: uses pre-shared key authentication</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0: remote: uses pre-shared key \
authentication</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">4.192-168-41-165.32.0.0.0.0: \
child: dynamic === dynamic TRANSPORT, dpdaction=hold</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-171.32.0.0.0.0: %any...192.168.41.171 \
IKEv2, dpddelay=30s</span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">4.192-168-41-171.32.0.0.0.0: \
local: uses pre-shared key authentication</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-171.32.0.0.0.0: remote: uses pre-shared key \
authentication</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">4.192-168-41-171.32.0.0.0.0: \
child: dynamic === dynamic TRANSPORT, dpdaction=hold</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">Routed Connections:</span></div> <div class="" style="margin: \
0px; font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-171.32.0.0.0.0{2}: ROUTED, TRANSPORT, reqid \
2</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">4.192-168-41-171.32.0.0.0.0{2}: \
192.168.41.134/32 === 192.168.41.171/32</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0{1}: ROUTED, TRANSPORT, reqid \
1</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">4.192-168-41-165.32.0.0.0.0{1}: \
192.168.41.134/32 === 192.168.41.165/32</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">Security Associations (1 up, 0 connecting):</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0[1]: ESTABLISHED 24 seconds ago, \
192.168.41.134[192.168.41.134]...192.168.41.165[192.168.41.165]</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0[1]: IKEv2 SPIs: b33bd09fad5378b2_i* \
b38186e382910f98_r, pre-shared key reauthentication in 2 hours</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0[1]: IKE proposal: \
AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0{3}: INSTALLED, TRANSPORT, \
reqid 1, ESP SPIs: c2aaff7b_i cb007cdb_o</span></div> <div class="" style="margin: \
0px; font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">4.192-168-41-165.32.0.0.0.0{3}: AES_CBC_256/HMAC_SHA1_96, \
192 bytes_i (3 pkts, 21s ago), 192 bytes_o (3 pkts, 21s ago), rekeying in 46 \
minutes</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">4.192-168-41-165.32.0.0.0.0{3}: \
192.168.41.134/32 === 192.168.41.165/32</span></div> </div>
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;"><br class=""> </span></div>
<div class=""><br class="">
</div>
<div class="">now if I stop charon all together, and this is my charon.log</div>
<div class=""><br class="">
</div>
<div class="">
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[DMN] signal of type SIGINT \
received. Shutting down</span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[MGR] \
going to destroy IKE_SA manager and all managed IKE_SA's</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[MGR] set driveout flags for all \
stored IKE_SA's</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[MGR] \
wait for all threads to leave IKE_SA's</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[MGR] delete all \
IKE_SA's</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[IKE] \
queueing IKE_DELETE task</span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[IKE] \
activating new tasks</span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[IKE] \
activating IKE_DELETE task</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[IKE] deleting IKE_SA \
4.192-168-41-165.32.0.0.0.0[2] between \
192.168.41.134[192.168.41.134]...192.168.41.165[192.168.41.165]</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] added payload of type DELETE \
to message</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[IKE] \
IKE_SA 4.192-168-41-165.32.0.0.0.0[2] state change: ESTABLISHED => \
DELETING</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[IKE] \
sending DELETE for IKE_SA 4.192-168-41-165.32.0.0.0.0[2]</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] order payloads in \
message</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
added payload of type DELETE to message</span></div> <div class="" style="margin: \
0px; font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating INFORMATIONAL \
request 2 [ D ]</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
insert payload DELETE into encrypted payload</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating payload of type \
HEADER</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 0 IKE_SPI</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 1 \
IKE_SPI</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 2 U_INT_8</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 3 \
U_INT_4</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 4 U_INT_4</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 5 \
U_INT_8</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 6 RESERVED_BIT</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 7 \
RESERVED_BIT</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 8 FLAG</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 9 \
FLAG</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 10 FLAG</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 11 \
FLAG</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 12 FLAG</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 13 \
FLAG</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 14 U_INT_32</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 15 \
HEADER_LENGTH</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating HEADER payload finished</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating payload of type \
DELETE</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 0 U_INT_8</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 1 \
FLAG</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 2 RESERVED_BIT</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 3 \
RESERVED_BIT</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 4 RESERVED_BIT</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 5 \
RESERVED_BIT</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 6 RESERVED_BIT</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 7 \
RESERVED_BIT</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 8 RESERVED_BIT</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 10 \
U_INT_8</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 11 U_INT_8</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 12 \
U_INT_16</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 13 CHUNK_DATA</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating DELETE payload \
finished</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generated content in encrypted payload</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating payload of type \
ENCRYPTED</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 0 U_INT_8</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 1 \
U_INT_8</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating rule 2 PAYLOAD_LENGTH</span></div> <div class="" style="margin: \
0px; font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] generating rule 3 \
CHUNK_DATA</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[ENC] \
generating ENCRYPTED payload finished</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[NET] sending packet: from \
192.168.41.134[500] to 192.168.41.165[500] (80 bytes)</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[MGR] destroy all \
entries</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[IKE] \
IKE_SA 4.192-168-41-165.32.0.0.0.0[2] state change: DELETING => \
DESTROYING</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[CHD] \
CHILD_SA 4.192-168-41-165.32.0.0.0.0{4} state change: INSTALLED => \
DESTROYING</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] \
deleting policy 192.168.41.134/32 === 192.168.41.165/32 out</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] policy still used by another \
CHILD_SA, not removed</span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] \
updating policy 192.168.41.134/32 === 192.168.41.165/32 out [priority 367232, \
refcount 1]</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] \
deleting policy 192.168.41.165/32 === 192.168.41.134/32 in</span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] policy still used by another \
CHILD_SA, not removed</span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] \
updating policy 192.168.41.165/32 === 192.168.41.134/32 in [priority 367232, refcount \
1]</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] \
deleting SAD entry with SPI ccb74d1a</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] deleted SAD entry with SPI \
ccb74d1a</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] \
deleting SAD entry with SPI cc0ef0a7</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] deleted SAD entry with SPI \
cc0ef0a7</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[CHD] \
CHILD_SA 4.192-168-41-171.32.0.0.0.0{2} state change: ROUTED => \
DESTROYING</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] \
deleting policy 192.168.41.134/32 === 192.168.41.171/32 out</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[KNL] deleting policy \
192.168.41.171/32 === 192.168.41.134/32 in</span></div> <div class="" style="margin: \
0px; font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 00[CHD] CHILD_SA \
4.192-168-41-165.32.0.0.0.0{1} state change: ROUTED => DESTROYING</span></div> \
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; background-color: rgb(29, 31, 33);"> \
<span class="" style="font-variant-ligatures: no-common-ligatures;"><font \
color="#e32400" class="">2021-03-06T07:05:21-0800 00[KNL] deleting policy \
192.168.41.134/32 === 192.168.41.165/32 out</font></span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; background-color: rgb(29, 31, 33);"> <span \
class="" style="font-variant-ligatures: no-common-ligatures;"><font color="#e32400" \
class="">2021-03-06T07:05:21-0800 00[KNL] deleting policy 192.168.41.165/32 === \
192.168.41.134/32 in</font></span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 04[NET] sending packet: from \
192.168.41.134[500] to 192.168.41.165[500]</span></div> <div class="" style="margin: \
0px; font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 01[JOB] next event in 3s 999ms, \
waiting</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 02[JOB] \
terminated worker thread 02</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 03[JOB] terminated worker thread \
03</span></div> <div class="" style="margin: 0px; font-stretch: normal; font-size: \
14px; line-height: normal; font-family: "Cascadia Code"; color: rgb(183, \
187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">2021-03-06T07:05:21-0800 01[JOB] \
terminated worker thread 01</span></div> <div class="" style="margin: 0px; \
font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">2021-03-06T07:05:21-0800 04[JOB] terminated worker thread \
04</span></div> </div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">According to the charon log above, I see it attempt to delete.</div>
<div class="">However when I dump ip xfrm pol, the policy stays, and will never be \
removed without manual intervention. Anybody seen this kind of issue in any other \
platform?</div> <div class=""><br class="">
</div>
<div class="">
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">root@debian10:/opt/illumio_ven/bin# ip xfrm pol</span></div> \
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;">src 192.168.41.165/32 dst 192.168.41.134/32 </span></div> \
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;"><span class="Apple-tab-span" style="white-space: \
pre;"></span>dir in priority 367232 ptype main </span></div> <div class="" \
style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: normal; \
font-family: "Cascadia Code"; color: rgb(183, 187, 183); background-color: \
rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;"><span class="Apple-tab-span" style="white-space: \
pre;"></span>tmpl src 0.0.0.0 dst 0.0.0.0</span></div> <div class="" style="margin: \
0px; font-stretch: normal; font-size: 14px; line-height: normal; font-family: \
"Cascadia Code"; color: rgb(183, 187, 183); background-color: rgb(29, 31, \
33);"> <span class="" style="font-variant-ligatures: no-common-ligatures;"><span \
class="Apple-tab-span" style="white-space: pre;"></span>proto esp reqid 1 mode \
transport</span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;">src 192.168.41.134/32 dst \
192.168.41.165/32 </span></div> <div class="" style="margin: 0px; font-stretch: \
normal; font-size: 14px; line-height: normal; font-family: "Cascadia Code"; \
color: rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" \
style="white-space: pre;"></span>dir out priority 367232 ptype \
main </span></div> <div class="" style="margin: 0px; font-stretch: normal; \
font-size: 14px; line-height: normal; font-family: "Cascadia Code"; color: \
rgb(183, 187, 183); background-color: rgb(29, 31, 33);"> <span class="" \
style="font-variant-ligatures: no-common-ligatures;"><span class="Apple-tab-span" \
style="white-space: pre;"></span>tmpl src 0.0.0.0 dst 0.0.0.0</span></div> <div \
class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;"><span class="Apple-tab-span" style="white-space: \
pre;"></span>proto esp reqid 1 mode transport</span></div> </div>
<div class="" style="margin: 0px; font-stretch: normal; font-size: 14px; line-height: \
normal; font-family: "Cascadia Code"; color: rgb(183, 187, 183); \
background-color: rgb(29, 31, 33);"> <span class="" style="font-variant-ligatures: \
no-common-ligatures;"><br class=""> </span></div>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic