client side not able to connect.

it is work before, but not recently, try to rebuilt, but same issue, log as below. is it not working on Chinese recently?

2023-05-23T07:36:02.503140+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2023-05-23T07:36:02.504740+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2023-05-23T07:36:02.590387+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} 2023-05-23T07:36:02.591466+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@vpnclient' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' 2023-05-23T07:36:02.597057+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0a9ac0bf chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] 2023-05-23T07:36:02.597406+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0a9ac0bf <0x06896c55 xfrm=AES_GCM_16_128-NONE NATD=116.21.204.196:4500 DPD=active} 2023-05-23T07:36:03.595822+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response 2023-05-23T07:36:05.600565+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response 2023-05-23T07:36:07.114312+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[1] 116.21.204.196 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response 2023-05-23T07:36:09.603923+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response 2023-05-23T07:36:17.611342+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response 2023-05-23T07:36:33.101349+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response 2023-05-23T07:36:33.603093+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response 2023-05-23T07:36:33.651664+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #7: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2023-05-23T07:36:33.653252+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2023-05-23T07:36:33.740912+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} 2023-05-23T07:36:33.741940+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #7: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@vpnclient' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' 2023-05-23T07:36:33.747594+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #8: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=06bbd1a9 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] 2023-05-23T07:36:33.747942+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #8: responder established Child SA using #7; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x06bbd1a9 <0x8c4a5ade xfrm=AES_GCM_16_128-NONE NATD=116.21.204.196:4500 DPD=active} 2023-05-23T07:36:34.605017+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response 2023-05-23T07:36:34.748245+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #7: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response 2023-05-23T07:36:36.607920+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response 2023-05-23T07:36:36.750112+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #7: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response 2023-05-23T07:36:38.243637+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response 2023-05-23T07:36:40.608983+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response 2023-05-23T07:36:40.757786+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #7: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response 2023-05-23T07:36:48.616634+00:00 db91a76f5700 pluto[1105]: "ikev2-cp"[2] 116.21.204.196 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response

hwdsl2 / docker-ipsec-vpn-server

client side not able to connect. #381