iphone安装自动生成的证书之后连上IKEv2，手动立马执行断开操作，无法再次马上连上，需要等待一段时间之后才能再次连接成功

[ericshunhawk]

任务列表

• [x ] 我已阅读 自述文件
• [x ] 我已阅读 重要提示
• [x ] 我已按照说明 配置 VPN 客户端
• [x ] 我检查了 故障排除 以及 VPN 状态
• [x ] 我搜索了已有的 Issues
• [x ] 这个 bug 是关于 VPN 安装脚本，而不是 IPsec VPN 本身

问题描述 使用清楚简明的语言描述这个 bug。

iphone安装自动生成的证书之后连上IKEv2，手动立马执行断开操作，无法再次马上连上，需要等待一段时间之后才能再次连接成功

重现步骤 重现该 bug 的步骤：

1. ...
2. ...

期待的正确结果 简要地描述你期望的正确结果。

日志 检查日志及 VPN 状态，并添加错误日志以帮助解释该问题（如果适用）。

Nov 25 12:38:49 vpn xl2tpd[8739]: Not looking for kernel SAref support. Nov 25 12:38:49 vpn xl2tpd[8739]: Using l2tp kernel support. Nov 25 12:38:49 vpn xl2tpd[8724]: Starting xl2tpd: xl2tpd. Nov 25 12:38:49 vpn xl2tpd[8743]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:8743 Nov 25 12:38:49 vpn xl2tpd[8743]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 12:38:49 vpn xl2tpd[8743]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 12:38:49 vpn xl2tpd[8743]: Inherited by Jeff McAdams, (C) 2002 Nov 25 12:38:49 vpn xl2tpd[8743]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 12:38:49 vpn xl2tpd[8743]: Listening on IP address 0.0.0.0, port 1701 Nov 25 12:39:42 vpn xl2tpd[8743]: death_handler: Fatal signal 15 received Nov 25 12:39:42 vpn xl2tpd[19697]: Stopping xl2tpd: xl2tpd. Nov 25 12:39:42 vpn systemd[1]: xl2tpd.service: Succeeded. Nov 25 12:39:42 vpn xl2tpd[19706]: Not looking for kernel SAref support. Nov 25 12:39:42 vpn xl2tpd[19706]: Using l2tp kernel support. Nov 25 12:39:42 vpn xl2tpd[19707]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:19707 Nov 25 12:39:42 vpn xl2tpd[19702]: Starting xl2tpd: xl2tpd. Nov 25 12:39:42 vpn xl2tpd[19707]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 12:39:42 vpn xl2tpd[19707]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 12:39:42 vpn xl2tpd[19707]: Inherited by Jeff McAdams, (C) 2002 Nov 25 12:39:42 vpn xl2tpd[19707]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 12:39:42 vpn xl2tpd[19707]: Listening on IP address 0.0.0.0, port 1701 Nov 25 13:23:30 vpn xl2tpd[19707]: death_handler: Fatal signal 15 received Nov 25 13:23:30 vpn xl2tpd[29373]: Stopping xl2tpd: xl2tpd. Nov 25 13:23:30 vpn systemd[1]: xl2tpd.service: Succeeded. Nov 25 13:23:30 vpn xl2tpd[29383]: Not looking for kernel SAref support. Nov 25 13:23:30 vpn xl2tpd[29383]: Using l2tp kernel support. Nov 25 13:23:30 vpn xl2tpd[29384]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:29384 Nov 25 13:23:30 vpn xl2tpd[29384]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 13:23:30 vpn xl2tpd[29379]: Starting xl2tpd: xl2tpd. Nov 25 13:23:30 vpn xl2tpd[29384]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 13:23:30 vpn xl2tpd[29384]: Inherited by Jeff McAdams, (C) 2002 Nov 25 13:23:30 vpn xl2tpd[29384]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 13:23:30 vpn xl2tpd[29384]: Listening on IP address 0.0.0.0, port 1701 Nov 25 13:25:32 vpn xl2tpd[29384]: death_handler: Fatal signal 15 received Nov 25 13:25:32 vpn xl2tpd[30666]: Stopping xl2tpd: xl2tpd. Nov 25 13:25:32 vpn systemd[1]: xl2tpd.service: Succeeded. Nov 25 13:25:32 vpn xl2tpd[30676]: Not looking for kernel SAref support. Nov 25 13:25:32 vpn xl2tpd[30676]: Using l2tp kernel support. Nov 25 13:25:32 vpn xl2tpd[30671]: Starting xl2tpd: xl2tpd. Nov 25 13:25:32 vpn xl2tpd[30677]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:30677 Nov 25 13:25:32 vpn xl2tpd[30677]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 13:25:32 vpn xl2tpd[30677]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 13:25:32 vpn xl2tpd[30677]: Inherited by Jeff McAdams, (C) 2002 Nov 25 13:25:32 vpn xl2tpd[30677]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 13:25:32 vpn xl2tpd[30677]: Listening on IP address 0.0.0.0, port 1701 Nov 25 21:48:32 vpn xl2tpd[1226]: Not looking for kernel SAref support. Nov 25 21:48:32 vpn xl2tpd[1218]: Starting xl2tpd: xl2tpd. Nov 25 21:48:32 vpn xl2tpd[1226]: Using l2tp kernel support. Nov 25 21:48:32 vpn xl2tpd[1231]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:1231 Nov 25 21:48:32 vpn xl2tpd[1231]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 21:48:32 vpn xl2tpd[1231]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 21:48:32 vpn xl2tpd[1231]: Inherited by Jeff McAdams, (C) 2002 Nov 25 21:48:32 vpn xl2tpd[1231]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 21:48:32 vpn xl2tpd[1231]: Listening on IP address 0.0.0.0, port 1701 Nov 25 21:48:46 vpn xl2tpd[1231]: death_handler: Fatal signal 15 received Nov 25 21:48:46 vpn xl2tpd[1920]: Stopping xl2tpd: xl2tpd. Nov 25 21:48:46 vpn systemd[1]: xl2tpd.service: Succeeded. Nov 25 21:48:46 vpn xl2tpd[1930]: Not looking for kernel SAref support. Nov 25 21:48:46 vpn xl2tpd[1930]: Using l2tp kernel support. Nov 25 21:48:46 vpn xl2tpd[1926]: Starting xl2tpd: xl2tpd. Nov 25 21:48:46 vpn xl2tpd[1931]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:1931 Nov 25 21:48:46 vpn xl2tpd[1931]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 21:48:46 vpn xl2tpd[1931]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 21:48:46 vpn xl2tpd[1931]: Inherited by Jeff McAdams, (C) 2002 Nov 25 21:48:46 vpn xl2tpd[1931]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 21:48:46 vpn xl2tpd[1931]: Listening on IP address 0.0.0.0, port 1701 Nov 25 21:51:12 vpn xl2tpd[1225]: Not looking for kernel SAref support. Nov 25 21:51:12 vpn xl2tpd[1225]: Using l2tp kernel support. Nov 25 21:51:12 vpn xl2tpd[1220]: Starting xl2tpd: xl2tpd. Nov 25 21:51:12 vpn xl2tpd[1229]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:1229 Nov 25 21:51:12 vpn xl2tpd[1229]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 21:51:12 vpn xl2tpd[1229]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 21:51:12 vpn xl2tpd[1229]: Inherited by Jeff McAdams, (C) 2002 Nov 25 21:51:12 vpn xl2tpd[1229]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 21:51:12 vpn xl2tpd[1229]: Listening on IP address 0.0.0.0, port 1701 Nov 25 21:51:26 vpn xl2tpd[1229]: death_handler: Fatal signal 15 received Nov 25 21:51:26 vpn xl2tpd[1628]: Stopping xl2tpd: xl2tpd. Nov 25 21:51:26 vpn systemd[1]: xl2tpd.service: Succeeded. Nov 25 21:51:26 vpn xl2tpd[1638]: Not looking for kernel SAref support. Nov 25 21:51:26 vpn xl2tpd[1638]: Using l2tp kernel support. Nov 25 21:51:26 vpn xl2tpd[1633]: Starting xl2tpd: xl2tpd. Nov 25 21:51:26 vpn xl2tpd[1639]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:1639 Nov 25 21:51:26 vpn xl2tpd[1639]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Nov 25 21:51:26 vpn xl2tpd[1639]: Forked by Scott Balmos and David Stipp, (C) 2001 Nov 25 21:51:26 vpn xl2tpd[1639]: Inherited by Jeff McAdams, (C) 2002 Nov 25 21:51:26 vpn xl2tpd[1639]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Nov 25 21:51:26 vpn xl2tpd[1639]: Listening on IP address 0.0.0.0, port 1701

服务器信息（请填写以下信息）

• 操作系统: Ubuntu 20
• 服务提供商（如果适用）: 无

客户端信息（请填写以下信息）

• 设备: iPhone 12Pro Max
• 操作系统: 15.1.1
• VPN 模式: IKEv2

其它信息 添加关于该 bug 的其它信息。

[hwdsl2]

@ericshunhawk 你好！你提供的日志没有包含 IPsec 连接日志，只有 xl2tpd 日志。请运行以下命令检查 IPsec 日志：

# Ubuntu & Debian
grep pluto /var/log/auth.log
# CentOS/RHEL, Rocky Linux, AlmaLinux & Amazon Linux 2
grep pluto /var/log/secure

另外使用 iPhone 测试无法重现你所说的问题。请提供更多信息。

[ericshunhawk]

@ericshunhawk 你好！你提供的日志没有包含 IPsec 连接日志，只有 xl2tpd 日志。请运行以下命令检查 IPsec 日志：

# Ubuntu & Debian
grep pluto /var/log/auth.log
# CentOS/RHEL, Rocky Linux, AlmaLinux & Amazon Linux 2
grep pluto /var/log/secure

另外使用 iPhone 测试无法重现你所说的问题。请提供更多信息。

感谢回复 日志如下：

Nov 25 12:39:42 vpn pluto[19687]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 12:39:42 vpn pluto[19687]: FIPS Mode: NO
Nov 25 12:39:42 vpn pluto[19687]: NSS crypto library initialized
Nov 25 12:39:42 vpn pluto[19687]: FIPS mode disabled for pluto daemon
Nov 25 12:39:42 vpn pluto[19687]: FIPS HMAC integrity support [disabled]
Nov 25 12:39:42 vpn pluto[19687]: libcap-ng support [enabled]
Nov 25 12:39:42 vpn pluto[19687]: Linux audit support [disabled]
Nov 25 12:39:42 vpn pluto[19687]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19687
Nov 25 12:39:42 vpn pluto[19687]: core dump dir: /run/pluto
Nov 25 12:39:42 vpn pluto[19687]: secrets file: /etc/ipsec.secrets
Nov 25 12:39:42 vpn pluto[19687]: leak-detective enabled
Nov 25 12:39:42 vpn pluto[19687]: NSS crypto [enabled]
Nov 25 12:39:42 vpn pluto[19687]: XAUTH PAM support [enabled]
Nov 25 12:39:42 vpn pluto[19687]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 12:39:42 vpn pluto[19687]: NAT-Traversal support  [enabled]
Nov 25 12:39:42 vpn pluto[19687]: Encryption algorithms:
Nov 25 12:39:42 vpn pluto[19687]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 12:39:42 vpn pluto[19687]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 12:39:42 vpn pluto[19687]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 12:39:42 vpn pluto[19687]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 12:39:42 vpn pluto[19687]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:39:42 vpn pluto[19687]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 12:39:42 vpn pluto[19687]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 12:39:42 vpn pluto[19687]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 12:39:42 vpn pluto[19687]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 12:39:42 vpn pluto[19687]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 12:39:42 vpn pluto[19687]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 12:39:42 vpn pluto[19687]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 12:39:42 vpn pluto[19687]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:39:42 vpn pluto[19687]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 12:39:42 vpn pluto[19687]: Hash algorithms:
Nov 25 12:39:42 vpn pluto[19687]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 12:39:42 vpn pluto[19687]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 12:39:42 vpn pluto[19687]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 12:39:42 vpn pluto[19687]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 12:39:42 vpn pluto[19687]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 12:39:42 vpn pluto[19687]: PRF algorithms:
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 12:39:42 vpn pluto[19687]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 12:39:42 vpn pluto[19687]: Integrity algorithms:
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 12:39:42 vpn pluto[19687]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 12:39:42 vpn pluto[19687]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 12:39:42 vpn pluto[19687]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 12:39:42 vpn pluto[19687]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 12:39:42 vpn pluto[19687]: DH algorithms:
Nov 25 12:39:42 vpn pluto[19687]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 12:39:42 vpn pluto[19687]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 12:39:42 vpn pluto[19687]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 12:39:42 vpn pluto[19687]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 12:39:42 vpn pluto[19687]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 12:39:42 vpn pluto[19687]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 12:39:42 vpn pluto[19687]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 12:39:42 vpn pluto[19687]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 12:39:42 vpn pluto[19687]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 12:39:42 vpn pluto[19687]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 12:39:42 vpn pluto[19687]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 12:39:42 vpn pluto[19687]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 12:39:42 vpn pluto[19687]: testing CAMELLIA_CBC:
Nov 25 12:39:42 vpn pluto[19687]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:39:42 vpn pluto[19687]: testing AES_GCM_16:
Nov 25 12:39:42 vpn pluto[19687]:   empty string
Nov 25 12:39:42 vpn pluto[19687]:   one block
Nov 25 12:39:42 vpn pluto[19687]:   two blocks
Nov 25 12:39:42 vpn pluto[19687]:   two blocks with associated data
Nov 25 12:39:42 vpn pluto[19687]: testing AES_CTR:
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 12:39:42 vpn pluto[19687]: testing AES_CBC:
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 12:39:42 vpn pluto[19687]: testing AES_XCBC:
Nov 25 12:39:42 vpn pluto[19687]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 12:39:42 vpn pluto[19687]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 12:39:42 vpn pluto[19687]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 12:39:42 vpn pluto[19687]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 12:39:42 vpn pluto[19687]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 12:39:42 vpn pluto[19687]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 12:39:42 vpn pluto[19687]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 12:39:42 vpn pluto[19687]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 12:39:42 vpn pluto[19687]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 12:39:42 vpn pluto[19687]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 12:39:42 vpn pluto[19687]: testing HMAC_MD5:
Nov 25 12:39:42 vpn pluto[19687]:   RFC 2104: MD5_HMAC test 1
Nov 25 12:39:42 vpn pluto[19687]:   RFC 2104: MD5_HMAC test 2
Nov 25 12:39:42 vpn pluto[19687]:   RFC 2104: MD5_HMAC test 3
Nov 25 12:39:42 vpn pluto[19687]: 2 CPU cores online
Nov 25 12:39:42 vpn pluto[19687]: starting up 2 helper threads
Nov 25 12:39:42 vpn pluto[19687]: started thread for helper 0
Nov 25 12:39:42 vpn pluto[19687]: started thread for helper 1
Nov 25 12:39:42 vpn pluto[19687]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 12:39:42 vpn pluto[19687]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 12:39:42 vpn pluto[19687]: watchdog: sending probes every 100 secs
Nov 25 12:39:42 vpn pluto[19687]: seccomp security not supported
Nov 25 12:39:42 vpn pluto[19687]: seccomp security for helper not supported
Nov 25 12:39:42 vpn pluto[19687]: "l2tp-psk": added IKEv1 connection
Nov 25 12:39:42 vpn pluto[19687]: "xauth-psk": added IKEv1 connection
Nov 25 12:39:42 vpn pluto[19687]: listening for IKE messages
Nov 25 12:39:42 vpn pluto[19687]: Kernel supports NIC esp-hw-offload
Nov 25 12:39:42 vpn pluto[19687]: adding UDP interface ens160 192.168.10.19:500
Nov 25 12:39:42 vpn pluto[19687]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 12:39:42 vpn pluto[19687]: adding UDP interface lo 127.0.0.1:500
Nov 25 12:39:42 vpn pluto[19687]: adding UDP interface lo 127.0.0.1:4500
Nov 25 12:39:42 vpn pluto[19687]: adding UDP interface lo [::1]:500
Nov 25 12:39:42 vpn pluto[19687]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 12:39:42 vpn pluto[19687]: seccomp security for helper not supported
Nov 25 12:39:42 vpn pluto[19687]: loading secrets from "/etc/ipsec.secrets"
Nov 25 12:40:51 vpn pluto[19687]: shutting down
Nov 25 12:40:51 vpn pluto[19687]: forgetting secrets
Nov 25 12:40:51 vpn pluto[19687]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 12:40:51 vpn pluto[19687]: shutting down interface lo [::1]:500
Nov 25 12:40:51 vpn pluto[19687]: shutting down interface lo 127.0.0.1:4500
Nov 25 12:40:51 vpn pluto[19687]: shutting down interface lo 127.0.0.1:500
Nov 25 12:40:51 vpn pluto[19687]: shutting down interface ens160 192.168.10.19:4500
Nov 25 12:40:51 vpn pluto[19687]: shutting down interface ens160 192.168.10.19:500
Nov 25 12:40:51 vpn pluto[19687]: leak detective found no leaks
Nov 25 12:40:51 vpn pluto[20115]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 12:40:51 vpn pluto[20115]: FIPS Mode: NO
Nov 25 12:40:51 vpn pluto[20115]: NSS crypto library initialized
Nov 25 12:40:51 vpn pluto[20115]: FIPS mode disabled for pluto daemon
Nov 25 12:40:51 vpn pluto[20115]: FIPS HMAC integrity support [disabled]
Nov 25 12:40:51 vpn pluto[20115]: libcap-ng support [enabled]
Nov 25 12:40:51 vpn pluto[20115]: Linux audit support [disabled]
Nov 25 12:40:51 vpn pluto[20115]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:20115
Nov 25 12:40:51 vpn pluto[20115]: core dump dir: /run/pluto
Nov 25 12:40:51 vpn pluto[20115]: secrets file: /etc/ipsec.secrets
Nov 25 12:40:51 vpn pluto[20115]: leak-detective enabled
Nov 25 12:40:51 vpn pluto[20115]: NSS crypto [enabled]
Nov 25 12:40:51 vpn pluto[20115]: XAUTH PAM support [enabled]
Nov 25 12:40:51 vpn pluto[20115]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 12:40:51 vpn pluto[20115]: NAT-Traversal support  [enabled]
Nov 25 12:40:51 vpn pluto[20115]: Encryption algorithms:
Nov 25 12:40:51 vpn pluto[20115]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 12:40:51 vpn pluto[20115]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 12:40:51 vpn pluto[20115]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 12:40:51 vpn pluto[20115]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 12:40:51 vpn pluto[20115]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:40:51 vpn pluto[20115]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 12:40:51 vpn pluto[20115]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 12:40:51 vpn pluto[20115]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 12:40:51 vpn pluto[20115]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 12:40:51 vpn pluto[20115]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 12:40:51 vpn pluto[20115]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 12:40:51 vpn pluto[20115]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 12:40:51 vpn pluto[20115]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:40:51 vpn pluto[20115]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 12:40:51 vpn pluto[20115]: Hash algorithms:
Nov 25 12:40:51 vpn pluto[20115]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 12:40:51 vpn pluto[20115]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 12:40:51 vpn pluto[20115]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 12:40:51 vpn pluto[20115]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 12:40:51 vpn pluto[20115]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 12:40:51 vpn pluto[20115]: PRF algorithms:
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 12:40:51 vpn pluto[20115]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 12:40:51 vpn pluto[20115]: Integrity algorithms:
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 12:40:51 vpn pluto[20115]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 12:40:51 vpn pluto[20115]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 12:40:51 vpn pluto[20115]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 12:40:51 vpn pluto[20115]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 12:40:51 vpn pluto[20115]: DH algorithms:
Nov 25 12:40:51 vpn pluto[20115]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 12:40:51 vpn pluto[20115]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 12:40:51 vpn pluto[20115]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 12:40:51 vpn pluto[20115]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 12:40:51 vpn pluto[20115]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 12:40:51 vpn pluto[20115]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 12:40:51 vpn pluto[20115]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 12:40:51 vpn pluto[20115]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 12:40:51 vpn pluto[20115]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 12:40:51 vpn pluto[20115]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 12:40:51 vpn pluto[20115]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 12:40:51 vpn pluto[20115]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 12:40:51 vpn pluto[20115]: testing CAMELLIA_CBC:
Nov 25 12:40:51 vpn pluto[20115]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:40:51 vpn pluto[20115]: testing AES_GCM_16:
Nov 25 12:40:51 vpn pluto[20115]:   empty string
Nov 25 12:40:51 vpn pluto[20115]:   one block
Nov 25 12:40:51 vpn pluto[20115]:   two blocks
Nov 25 12:40:51 vpn pluto[20115]:   two blocks with associated data
Nov 25 12:40:51 vpn pluto[20115]: testing AES_CTR:
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 12:40:51 vpn pluto[20115]: testing AES_CBC:
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 12:40:51 vpn pluto[20115]: testing AES_XCBC:
Nov 25 12:40:51 vpn pluto[20115]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 12:40:51 vpn pluto[20115]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 12:40:51 vpn pluto[20115]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 12:40:51 vpn pluto[20115]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 12:40:51 vpn pluto[20115]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 12:40:51 vpn pluto[20115]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 12:40:51 vpn pluto[20115]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 12:40:51 vpn pluto[20115]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 12:40:51 vpn pluto[20115]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 12:40:51 vpn pluto[20115]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 12:40:51 vpn pluto[20115]: testing HMAC_MD5:
Nov 25 12:40:51 vpn pluto[20115]:   RFC 2104: MD5_HMAC test 1
Nov 25 12:40:51 vpn pluto[20115]:   RFC 2104: MD5_HMAC test 2
Nov 25 12:40:51 vpn pluto[20115]:   RFC 2104: MD5_HMAC test 3
Nov 25 12:40:51 vpn pluto[20115]: 2 CPU cores online
Nov 25 12:40:51 vpn pluto[20115]: starting up 2 helper threads
Nov 25 12:40:51 vpn pluto[20115]: started thread for helper 0
Nov 25 12:40:51 vpn pluto[20115]: started thread for helper 1
Nov 25 12:40:51 vpn pluto[20115]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 12:40:51 vpn pluto[20115]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 12:40:51 vpn pluto[20115]: watchdog: sending probes every 100 secs
Nov 25 12:40:51 vpn pluto[20115]: seccomp security not supported
Nov 25 12:40:51 vpn pluto[20115]: seccomp security for helper not supported
Nov 25 12:40:51 vpn pluto[20115]: seccomp security for helper not supported
Nov 25 12:40:51 vpn pluto[20115]: "l2tp-psk": added IKEv1 connection
Nov 25 12:40:51 vpn pluto[20115]: "xauth-psk": added IKEv1 connection
Nov 25 12:40:51 vpn pluto[20115]: "ikev2-cp": loaded private key matching left certificate '110.184.15.78'
Nov 25 12:40:51 vpn pluto[20115]: "ikev2-cp": added IKEv2 connection
Nov 25 12:40:51 vpn pluto[20115]: listening for IKE messages
Nov 25 12:40:51 vpn pluto[20115]: Kernel supports NIC esp-hw-offload
Nov 25 12:40:51 vpn pluto[20115]: adding UDP interface ens160 192.168.10.19:500
Nov 25 12:40:51 vpn pluto[20115]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 12:40:51 vpn pluto[20115]: adding UDP interface lo 127.0.0.1:500
Nov 25 12:40:51 vpn pluto[20115]: adding UDP interface lo 127.0.0.1:4500
Nov 25 12:40:51 vpn pluto[20115]: adding UDP interface lo [::1]:500
Nov 25 12:40:51 vpn pluto[20115]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 12:40:51 vpn pluto[20115]: forgetting secrets
Nov 25 12:40:51 vpn pluto[20115]: loading secrets from "/etc/ipsec.secrets"
Nov 25 12:46:47 vpn pluto[20115]: shutting down
Nov 25 12:46:47 vpn pluto[20115]: forgetting secrets
Nov 25 12:46:47 vpn pluto[20115]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 12:46:47 vpn pluto[20115]: shutting down interface lo [::1]:500
Nov 25 12:46:47 vpn pluto[20115]: shutting down interface lo 127.0.0.1:4500
Nov 25 12:46:47 vpn pluto[20115]: shutting down interface lo 127.0.0.1:500
Nov 25 12:46:47 vpn pluto[20115]: shutting down interface ens160 192.168.10.19:4500
Nov 25 12:46:47 vpn pluto[20115]: shutting down interface ens160 192.168.10.19:500
Nov 25 12:46:47 vpn pluto[20115]: leak detective found no leaks
Nov 25 12:46:47 vpn pluto[20710]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 12:46:47 vpn pluto[20710]: FIPS Mode: NO
Nov 25 12:46:47 vpn pluto[20710]: NSS crypto library initialized
Nov 25 12:46:47 vpn pluto[20710]: FIPS mode disabled for pluto daemon
Nov 25 12:46:47 vpn pluto[20710]: FIPS HMAC integrity support [disabled]
Nov 25 12:46:47 vpn pluto[20710]: libcap-ng support [enabled]
Nov 25 12:46:47 vpn pluto[20710]: Linux audit support [disabled]
Nov 25 12:46:47 vpn pluto[20710]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:20710
Nov 25 12:46:47 vpn pluto[20710]: core dump dir: /run/pluto
Nov 25 12:46:47 vpn pluto[20710]: secrets file: /etc/ipsec.secrets
Nov 25 12:46:47 vpn pluto[20710]: leak-detective enabled
Nov 25 12:46:47 vpn pluto[20710]: NSS crypto [enabled]
Nov 25 12:46:47 vpn pluto[20710]: XAUTH PAM support [enabled]
Nov 25 12:46:47 vpn pluto[20710]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 12:46:47 vpn pluto[20710]: NAT-Traversal support  [enabled]
Nov 25 12:46:47 vpn pluto[20710]: Encryption algorithms:
Nov 25 12:46:47 vpn pluto[20710]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 12:46:47 vpn pluto[20710]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 12:46:47 vpn pluto[20710]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 12:46:47 vpn pluto[20710]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 12:46:47 vpn pluto[20710]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:46:47 vpn pluto[20710]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 12:46:47 vpn pluto[20710]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 12:46:47 vpn pluto[20710]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 12:46:47 vpn pluto[20710]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 12:46:47 vpn pluto[20710]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 12:46:47 vpn pluto[20710]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 12:46:47 vpn pluto[20710]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 12:46:47 vpn pluto[20710]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:46:47 vpn pluto[20710]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 12:46:47 vpn pluto[20710]: Hash algorithms:
Nov 25 12:46:47 vpn pluto[20710]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 12:46:47 vpn pluto[20710]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 12:46:47 vpn pluto[20710]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 12:46:47 vpn pluto[20710]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 12:46:47 vpn pluto[20710]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 12:46:47 vpn pluto[20710]: PRF algorithms:
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 12:46:47 vpn pluto[20710]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 12:46:47 vpn pluto[20710]: Integrity algorithms:
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 12:46:47 vpn pluto[20710]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 12:46:47 vpn pluto[20710]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 12:46:47 vpn pluto[20710]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 12:46:47 vpn pluto[20710]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 12:46:47 vpn pluto[20710]: DH algorithms:
Nov 25 12:46:47 vpn pluto[20710]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 12:46:47 vpn pluto[20710]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 12:46:47 vpn pluto[20710]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 12:46:47 vpn pluto[20710]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 12:46:47 vpn pluto[20710]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 12:46:47 vpn pluto[20710]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 12:46:47 vpn pluto[20710]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 12:46:47 vpn pluto[20710]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 12:46:47 vpn pluto[20710]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 12:46:47 vpn pluto[20710]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 12:46:47 vpn pluto[20710]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 12:46:47 vpn pluto[20710]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 12:46:47 vpn pluto[20710]: testing CAMELLIA_CBC:
Nov 25 12:46:47 vpn pluto[20710]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:46:47 vpn pluto[20710]: testing AES_GCM_16:
Nov 25 12:46:47 vpn pluto[20710]:   empty string
Nov 25 12:46:47 vpn pluto[20710]:   one block
Nov 25 12:46:47 vpn pluto[20710]:   two blocks
Nov 25 12:46:47 vpn pluto[20710]:   two blocks with associated data
Nov 25 12:46:47 vpn pluto[20710]: testing AES_CTR:
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 12:46:47 vpn pluto[20710]: testing AES_CBC:
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 12:46:47 vpn pluto[20710]: testing AES_XCBC:
Nov 25 12:46:47 vpn pluto[20710]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 12:46:47 vpn pluto[20710]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 12:46:47 vpn pluto[20710]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 12:46:47 vpn pluto[20710]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 12:46:47 vpn pluto[20710]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 12:46:47 vpn pluto[20710]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 12:46:47 vpn pluto[20710]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 12:46:47 vpn pluto[20710]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 12:46:47 vpn pluto[20710]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 12:46:47 vpn pluto[20710]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 12:46:47 vpn pluto[20710]: testing HMAC_MD5:
Nov 25 12:46:47 vpn pluto[20710]:   RFC 2104: MD5_HMAC test 1
Nov 25 12:46:47 vpn pluto[20710]:   RFC 2104: MD5_HMAC test 2
Nov 25 12:46:47 vpn pluto[20710]:   RFC 2104: MD5_HMAC test 3
Nov 25 12:46:47 vpn pluto[20710]: 2 CPU cores online
Nov 25 12:46:47 vpn pluto[20710]: starting up 2 helper threads
Nov 25 12:46:47 vpn pluto[20710]: started thread for helper 0
Nov 25 12:46:47 vpn pluto[20710]: seccomp security for helper not supported
Nov 25 12:46:47 vpn pluto[20710]: started thread for helper 1
Nov 25 12:46:47 vpn pluto[20710]: seccomp security for helper not supported
Nov 25 12:46:47 vpn pluto[20710]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 12:46:47 vpn pluto[20710]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 12:46:47 vpn pluto[20710]: watchdog: sending probes every 100 secs
Nov 25 12:46:47 vpn pluto[20710]: seccomp security not supported
Nov 25 12:46:47 vpn pluto[20710]: "l2tp-psk": added IKEv1 connection
Nov 25 12:46:47 vpn pluto[20710]: "xauth-psk": added IKEv1 connection
Nov 25 12:46:47 vpn pluto[20710]: listening for IKE messages
Nov 25 12:46:47 vpn pluto[20710]: Kernel supports NIC esp-hw-offload
Nov 25 12:46:47 vpn pluto[20710]: adding UDP interface ens160 192.168.10.19:500
Nov 25 12:46:47 vpn pluto[20710]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 12:46:47 vpn pluto[20710]: adding UDP interface lo 127.0.0.1:500
Nov 25 12:46:47 vpn pluto[20710]: adding UDP interface lo 127.0.0.1:4500
Nov 25 12:46:47 vpn pluto[20710]: adding UDP interface lo [::1]:500
Nov 25 12:46:47 vpn pluto[20710]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 12:46:47 vpn pluto[20710]: loading secrets from "/etc/ipsec.secrets"
Nov 25 12:48:30 vpn pluto[20710]: shutting down
Nov 25 12:48:30 vpn pluto[20710]: forgetting secrets
Nov 25 12:48:30 vpn pluto[20710]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 12:48:30 vpn pluto[20710]: shutting down interface lo [::1]:500
Nov 25 12:48:30 vpn pluto[20710]: shutting down interface lo 127.0.0.1:4500
Nov 25 12:48:30 vpn pluto[20710]: shutting down interface lo 127.0.0.1:500
Nov 25 12:48:30 vpn pluto[20710]: shutting down interface ens160 192.168.10.19:4500
Nov 25 12:48:30 vpn pluto[20710]: shutting down interface ens160 192.168.10.19:500
Nov 25 12:48:30 vpn pluto[20710]: leak detective found no leaks
Nov 25 12:48:31 vpn pluto[21148]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 12:48:31 vpn pluto[21148]: FIPS Mode: NO
Nov 25 12:48:31 vpn pluto[21148]: NSS crypto library initialized
Nov 25 12:48:31 vpn pluto[21148]: FIPS mode disabled for pluto daemon
Nov 25 12:48:31 vpn pluto[21148]: FIPS HMAC integrity support [disabled]
Nov 25 12:48:31 vpn pluto[21148]: libcap-ng support [enabled]
Nov 25 12:48:31 vpn pluto[21148]: Linux audit support [disabled]
Nov 25 12:48:31 vpn pluto[21148]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21148
Nov 25 12:48:31 vpn pluto[21148]: core dump dir: /run/pluto
Nov 25 12:48:31 vpn pluto[21148]: secrets file: /etc/ipsec.secrets
Nov 25 12:48:31 vpn pluto[21148]: leak-detective enabled
Nov 25 12:48:31 vpn pluto[21148]: NSS crypto [enabled]
Nov 25 12:48:31 vpn pluto[21148]: XAUTH PAM support [enabled]
Nov 25 12:48:31 vpn pluto[21148]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 12:48:31 vpn pluto[21148]: NAT-Traversal support  [enabled]
Nov 25 12:48:31 vpn pluto[21148]: Encryption algorithms:
Nov 25 12:48:31 vpn pluto[21148]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 12:48:31 vpn pluto[21148]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 12:48:31 vpn pluto[21148]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 12:48:31 vpn pluto[21148]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 12:48:31 vpn pluto[21148]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:48:31 vpn pluto[21148]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 12:48:31 vpn pluto[21148]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 12:48:31 vpn pluto[21148]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 12:48:31 vpn pluto[21148]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 12:48:31 vpn pluto[21148]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 12:48:31 vpn pluto[21148]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 12:48:31 vpn pluto[21148]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 12:48:31 vpn pluto[21148]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 12:48:31 vpn pluto[21148]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 12:48:31 vpn pluto[21148]: Hash algorithms:
Nov 25 12:48:31 vpn pluto[21148]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 12:48:31 vpn pluto[21148]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 12:48:31 vpn pluto[21148]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 12:48:31 vpn pluto[21148]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 12:48:31 vpn pluto[21148]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 12:48:31 vpn pluto[21148]: PRF algorithms:
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 12:48:31 vpn pluto[21148]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 12:48:31 vpn pluto[21148]: Integrity algorithms:
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 12:48:31 vpn pluto[21148]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 12:48:31 vpn pluto[21148]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 12:48:31 vpn pluto[21148]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 12:48:31 vpn pluto[21148]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 12:48:31 vpn pluto[21148]: DH algorithms:
Nov 25 12:48:31 vpn pluto[21148]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 12:48:31 vpn pluto[21148]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 12:48:31 vpn pluto[21148]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 12:48:31 vpn pluto[21148]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 12:48:31 vpn pluto[21148]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 12:48:31 vpn pluto[21148]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 12:48:31 vpn pluto[21148]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 12:48:31 vpn pluto[21148]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 12:48:31 vpn pluto[21148]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 12:48:31 vpn pluto[21148]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 12:48:31 vpn pluto[21148]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 12:48:31 vpn pluto[21148]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 12:48:31 vpn pluto[21148]: testing CAMELLIA_CBC:
Nov 25 12:48:31 vpn pluto[21148]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Camellia: 16 bytes with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Camellia: 16 bytes with 256-bit key
Nov 25 12:48:31 vpn pluto[21148]: testing AES_GCM_16:
Nov 25 12:48:31 vpn pluto[21148]:   empty string
Nov 25 12:48:31 vpn pluto[21148]:   one block
Nov 25 12:48:31 vpn pluto[21148]:   two blocks
Nov 25 12:48:31 vpn pluto[21148]:   two blocks with associated data
Nov 25 12:48:31 vpn pluto[21148]: testing AES_CTR:
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 12:48:31 vpn pluto[21148]: testing AES_CBC:
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 12:48:31 vpn pluto[21148]: testing AES_XCBC:
Nov 25 12:48:31 vpn pluto[21148]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 12:48:31 vpn pluto[21148]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 12:48:31 vpn pluto[21148]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 12:48:31 vpn pluto[21148]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 12:48:31 vpn pluto[21148]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 12:48:31 vpn pluto[21148]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 12:48:31 vpn pluto[21148]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 12:48:31 vpn pluto[21148]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 12:48:31 vpn pluto[21148]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 12:48:31 vpn pluto[21148]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 12:48:31 vpn pluto[21148]: testing HMAC_MD5:
Nov 25 12:48:31 vpn pluto[21148]:   RFC 2104: MD5_HMAC test 1
Nov 25 12:48:31 vpn pluto[21148]:   RFC 2104: MD5_HMAC test 2
Nov 25 12:48:31 vpn pluto[21148]:   RFC 2104: MD5_HMAC test 3
Nov 25 12:48:31 vpn pluto[21148]: 2 CPU cores online
Nov 25 12:48:31 vpn pluto[21148]: starting up 2 helper threads
Nov 25 12:48:31 vpn pluto[21148]: started thread for helper 0
Nov 25 12:48:31 vpn pluto[21148]: started thread for helper 1
Nov 25 12:48:31 vpn pluto[21148]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 12:48:31 vpn pluto[21148]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 12:48:31 vpn pluto[21148]: watchdog: sending probes every 100 secs
Nov 25 12:48:31 vpn pluto[21148]: seccomp security not supported
Nov 25 12:48:31 vpn pluto[21148]: seccomp security for helper not supported
Nov 25 12:48:31 vpn pluto[21148]: seccomp security for helper not supported
Nov 25 12:48:31 vpn pluto[21148]: "l2tp-psk": added IKEv1 connection
Nov 25 12:48:31 vpn pluto[21148]: "xauth-psk": added IKEv1 connection
Nov 25 12:48:31 vpn pluto[21148]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 12:48:31 vpn pluto[21148]: "ikev2-cp": added IKEv2 connection
Nov 25 12:48:31 vpn pluto[21148]: listening for IKE messages
Nov 25 12:48:31 vpn pluto[21148]: Kernel supports NIC esp-hw-offload
Nov 25 12:48:31 vpn pluto[21148]: adding UDP interface ens160 192.168.10.19:500
Nov 25 12:48:31 vpn pluto[21148]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 12:48:31 vpn pluto[21148]: adding UDP interface lo 127.0.0.1:500
Nov 25 12:48:31 vpn pluto[21148]: adding UDP interface lo 127.0.0.1:4500
Nov 25 12:48:31 vpn pluto[21148]: adding UDP interface lo [::1]:500
Nov 25 12:48:31 vpn pluto[21148]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 12:48:31 vpn pluto[21148]: forgetting secrets
Nov 25 12:48:31 vpn pluto[21148]: loading secrets from "/etc/ipsec.secrets"
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 13:09:30 vpn pluto[21148]: loading root certificate cache
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70 #1: reloaded private key matching left certificate 'mshome.cn'
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70 #1: switched from "ikev2-cp"[1] 170.219.41.70 to "ikev2-cp"
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[1] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70 #1: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@vpnclient' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 13:09:30 vpn pluto[21148]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=01b61e02 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 13:09:30 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x01b61e02 <0x22c1d6e5 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=170.219.41.70:15485 DPD=active}
Nov 25 13:12:58 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70 #2: ESP traffic information: in=322KB out=3MB
Nov 25 13:12:58 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 207.511352s and NOT sending notification
Nov 25 13:12:58 vpn pluto[21148]: "ikev2-cp"[2] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 13:13:02 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 13:13:02 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:13:02 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:13:02 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:13:02 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:13:02 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 13:13:02 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 13:14:30 vpn pluto[21148]: destroying root certificate cache
Nov 25 13:16:22 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70 #3: deleting incomplete state after 200 seconds
Nov 25 13:16:22 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70 #3: deleting state (STATE_V2_PARENT_R1) aged 200.00823s and NOT sending notification
Nov 25 13:16:22 vpn pluto[21148]: "ikev2-cp"[3] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 13:18:23 vpn pluto[21148]: shutting down
Nov 25 13:18:23 vpn pluto[21148]: forgetting secrets
Nov 25 13:18:23 vpn pluto[21148]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:18:23 vpn pluto[21148]: shutting down interface lo [::1]:500
Nov 25 13:18:23 vpn pluto[21148]: shutting down interface lo 127.0.0.1:4500
Nov 25 13:18:23 vpn pluto[21148]: shutting down interface lo 127.0.0.1:500
Nov 25 13:18:23 vpn pluto[21148]: shutting down interface ens160 192.168.10.19:4500
Nov 25 13:18:23 vpn pluto[21148]: shutting down interface ens160 192.168.10.19:500
Nov 25 13:18:23 vpn pluto[21148]: leak detective found no leaks
Nov 25 13:18:24 vpn pluto[23129]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 13:18:24 vpn pluto[23129]: FIPS Mode: NO
Nov 25 13:18:24 vpn pluto[23129]: NSS crypto library initialized
Nov 25 13:18:24 vpn pluto[23129]: FIPS mode disabled for pluto daemon
Nov 25 13:18:24 vpn pluto[23129]: FIPS HMAC integrity support [disabled]
Nov 25 13:18:24 vpn pluto[23129]: libcap-ng support [enabled]
Nov 25 13:18:24 vpn pluto[23129]: Linux audit support [disabled]
Nov 25 13:18:24 vpn pluto[23129]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23129
Nov 25 13:18:24 vpn pluto[23129]: core dump dir: /run/pluto
Nov 25 13:18:24 vpn pluto[23129]: secrets file: /etc/ipsec.secrets
Nov 25 13:18:24 vpn pluto[23129]: leak-detective enabled
Nov 25 13:18:24 vpn pluto[23129]: NSS crypto [enabled]
Nov 25 13:18:24 vpn pluto[23129]: XAUTH PAM support [enabled]
Nov 25 13:18:24 vpn pluto[23129]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 13:18:24 vpn pluto[23129]: NAT-Traversal support  [enabled]
Nov 25 13:18:24 vpn pluto[23129]: Encryption algorithms:
Nov 25 13:18:24 vpn pluto[23129]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 13:18:24 vpn pluto[23129]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 13:18:24 vpn pluto[23129]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 13:18:24 vpn pluto[23129]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 13:18:24 vpn pluto[23129]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:18:24 vpn pluto[23129]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 13:18:24 vpn pluto[23129]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 13:18:24 vpn pluto[23129]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 13:18:24 vpn pluto[23129]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 13:18:24 vpn pluto[23129]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 13:18:24 vpn pluto[23129]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 13:18:24 vpn pluto[23129]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 13:18:24 vpn pluto[23129]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:18:24 vpn pluto[23129]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 13:18:24 vpn pluto[23129]: Hash algorithms:
Nov 25 13:18:24 vpn pluto[23129]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 13:18:24 vpn pluto[23129]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 13:18:24 vpn pluto[23129]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 13:18:24 vpn pluto[23129]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 13:18:24 vpn pluto[23129]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 13:18:24 vpn pluto[23129]: PRF algorithms:
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 13:18:24 vpn pluto[23129]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 13:18:24 vpn pluto[23129]: Integrity algorithms:
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 13:18:24 vpn pluto[23129]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 13:18:24 vpn pluto[23129]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 13:18:24 vpn pluto[23129]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 13:18:24 vpn pluto[23129]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 13:18:24 vpn pluto[23129]: DH algorithms:
Nov 25 13:18:24 vpn pluto[23129]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 13:18:24 vpn pluto[23129]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 13:18:24 vpn pluto[23129]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 13:18:24 vpn pluto[23129]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 13:18:24 vpn pluto[23129]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 13:18:24 vpn pluto[23129]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 13:18:24 vpn pluto[23129]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 13:18:24 vpn pluto[23129]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 13:18:24 vpn pluto[23129]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 13:18:24 vpn pluto[23129]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 13:18:24 vpn pluto[23129]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 13:18:24 vpn pluto[23129]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 13:18:24 vpn pluto[23129]: testing CAMELLIA_CBC:
Nov 25 13:18:24 vpn pluto[23129]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:18:24 vpn pluto[23129]: testing AES_GCM_16:
Nov 25 13:18:24 vpn pluto[23129]:   empty string
Nov 25 13:18:24 vpn pluto[23129]:   one block
Nov 25 13:18:24 vpn pluto[23129]:   two blocks
Nov 25 13:18:24 vpn pluto[23129]:   two blocks with associated data
Nov 25 13:18:24 vpn pluto[23129]: testing AES_CTR:
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 13:18:24 vpn pluto[23129]: testing AES_CBC:
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 13:18:24 vpn pluto[23129]: testing AES_XCBC:
Nov 25 13:18:24 vpn pluto[23129]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 13:18:24 vpn pluto[23129]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 13:18:24 vpn pluto[23129]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 13:18:24 vpn pluto[23129]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 13:18:24 vpn pluto[23129]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 13:18:24 vpn pluto[23129]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 13:18:24 vpn pluto[23129]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 13:18:24 vpn pluto[23129]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 13:18:24 vpn pluto[23129]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 13:18:24 vpn pluto[23129]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 13:18:24 vpn pluto[23129]: testing HMAC_MD5:
Nov 25 13:18:24 vpn pluto[23129]:   RFC 2104: MD5_HMAC test 1
Nov 25 13:18:24 vpn pluto[23129]:   RFC 2104: MD5_HMAC test 2
Nov 25 13:18:24 vpn pluto[23129]:   RFC 2104: MD5_HMAC test 3
Nov 25 13:18:24 vpn pluto[23129]: 2 CPU cores online
Nov 25 13:18:24 vpn pluto[23129]: starting up 2 helper threads
Nov 25 13:18:24 vpn pluto[23129]: started thread for helper 0
Nov 25 13:18:24 vpn pluto[23129]: started thread for helper 1
Nov 25 13:18:24 vpn pluto[23129]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 13:18:24 vpn pluto[23129]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 13:18:24 vpn pluto[23129]: watchdog: sending probes every 100 secs
Nov 25 13:18:24 vpn pluto[23129]: seccomp security not supported
Nov 25 13:18:24 vpn pluto[23129]: "l2tp-psk": added IKEv1 connection
Nov 25 13:18:24 vpn pluto[23129]: "xauth-psk": added IKEv1 connection
Nov 25 13:18:24 vpn pluto[23129]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 13:18:24 vpn pluto[23129]: "ikev2-cp": added IKEv2 connection
Nov 25 13:18:24 vpn pluto[23129]: listening for IKE messages
Nov 25 13:18:24 vpn pluto[23129]: Kernel supports NIC esp-hw-offload
Nov 25 13:18:24 vpn pluto[23129]: adding UDP interface ens160 192.168.10.19:500
Nov 25 13:18:24 vpn pluto[23129]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 13:18:24 vpn pluto[23129]: adding UDP interface lo 127.0.0.1:500
Nov 25 13:18:24 vpn pluto[23129]: adding UDP interface lo 127.0.0.1:4500
Nov 25 13:18:24 vpn pluto[23129]: adding UDP interface lo [::1]:500
Nov 25 13:18:24 vpn pluto[23129]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:18:24 vpn pluto[23129]: seccomp security for helper not supported
Nov 25 13:18:24 vpn pluto[23129]: seccomp security for helper not supported
Nov 25 13:18:24 vpn pluto[23129]: forgetting secrets
Nov 25 13:18:24 vpn pluto[23129]: loading secrets from "/etc/ipsec.secrets"
Nov 25 13:21:32 vpn pluto[23129]: shutting down
Nov 25 13:21:32 vpn pluto[23129]: forgetting secrets
Nov 25 13:21:32 vpn pluto[23129]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:21:32 vpn pluto[23129]: shutting down interface lo [::1]:500
Nov 25 13:21:32 vpn pluto[23129]: shutting down interface lo 127.0.0.1:4500
Nov 25 13:21:32 vpn pluto[23129]: shutting down interface lo 127.0.0.1:500
Nov 25 13:21:32 vpn pluto[23129]: shutting down interface ens160 192.168.10.19:4500
Nov 25 13:21:32 vpn pluto[23129]: shutting down interface ens160 192.168.10.19:500
Nov 25 13:21:32 vpn pluto[23129]: leak detective found no leaks
Nov 25 13:21:32 vpn pluto[27980]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 13:21:32 vpn pluto[27980]: FIPS Mode: NO
Nov 25 13:21:32 vpn pluto[27980]: NSS crypto library initialized
Nov 25 13:21:32 vpn pluto[27980]: FIPS mode disabled for pluto daemon
Nov 25 13:21:32 vpn pluto[27980]: FIPS HMAC integrity support [disabled]
Nov 25 13:21:32 vpn pluto[27980]: libcap-ng support [enabled]
Nov 25 13:21:32 vpn pluto[27980]: Linux audit support [disabled]
Nov 25 13:21:32 vpn pluto[27980]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:27980
Nov 25 13:21:32 vpn pluto[27980]: core dump dir: /run/pluto
Nov 25 13:21:32 vpn pluto[27980]: secrets file: /etc/ipsec.secrets
Nov 25 13:21:32 vpn pluto[27980]: leak-detective enabled
Nov 25 13:21:32 vpn pluto[27980]: NSS crypto [enabled]
Nov 25 13:21:32 vpn pluto[27980]: XAUTH PAM support [enabled]
Nov 25 13:21:32 vpn pluto[27980]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 13:21:32 vpn pluto[27980]: NAT-Traversal support  [enabled]
Nov 25 13:21:32 vpn pluto[27980]: Encryption algorithms:
Nov 25 13:21:32 vpn pluto[27980]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 13:21:32 vpn pluto[27980]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 13:21:32 vpn pluto[27980]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 13:21:32 vpn pluto[27980]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 13:21:32 vpn pluto[27980]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:21:32 vpn pluto[27980]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 13:21:32 vpn pluto[27980]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 13:21:32 vpn pluto[27980]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 13:21:32 vpn pluto[27980]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 13:21:32 vpn pluto[27980]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 13:21:32 vpn pluto[27980]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 13:21:32 vpn pluto[27980]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 13:21:32 vpn pluto[27980]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:21:32 vpn pluto[27980]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 13:21:32 vpn pluto[27980]: Hash algorithms:
Nov 25 13:21:32 vpn pluto[27980]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 13:21:32 vpn pluto[27980]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 13:21:32 vpn pluto[27980]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 13:21:32 vpn pluto[27980]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 13:21:32 vpn pluto[27980]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 13:21:32 vpn pluto[27980]: PRF algorithms:
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 13:21:32 vpn pluto[27980]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 13:21:32 vpn pluto[27980]: Integrity algorithms:
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 13:21:32 vpn pluto[27980]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 13:21:32 vpn pluto[27980]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 13:21:32 vpn pluto[27980]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 13:21:32 vpn pluto[27980]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 13:21:32 vpn pluto[27980]: DH algorithms:
Nov 25 13:21:32 vpn pluto[27980]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 13:21:32 vpn pluto[27980]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 13:21:32 vpn pluto[27980]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 13:21:32 vpn pluto[27980]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 13:21:32 vpn pluto[27980]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 13:21:32 vpn pluto[27980]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 13:21:32 vpn pluto[27980]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 13:21:32 vpn pluto[27980]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 13:21:32 vpn pluto[27980]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 13:21:32 vpn pluto[27980]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 13:21:32 vpn pluto[27980]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 13:21:32 vpn pluto[27980]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 13:21:32 vpn pluto[27980]: testing CAMELLIA_CBC:
Nov 25 13:21:32 vpn pluto[27980]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:21:32 vpn pluto[27980]: testing AES_GCM_16:
Nov 25 13:21:32 vpn pluto[27980]:   empty string
Nov 25 13:21:32 vpn pluto[27980]:   one block
Nov 25 13:21:32 vpn pluto[27980]:   two blocks
Nov 25 13:21:32 vpn pluto[27980]:   two blocks with associated data
Nov 25 13:21:32 vpn pluto[27980]: testing AES_CTR:
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 13:21:32 vpn pluto[27980]: testing AES_CBC:
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 13:21:32 vpn pluto[27980]: testing AES_XCBC:
Nov 25 13:21:32 vpn pluto[27980]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 13:21:32 vpn pluto[27980]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 13:21:32 vpn pluto[27980]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 13:21:32 vpn pluto[27980]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 13:21:32 vpn pluto[27980]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 13:21:32 vpn pluto[27980]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 13:21:32 vpn pluto[27980]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 13:21:32 vpn pluto[27980]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 13:21:32 vpn pluto[27980]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 13:21:32 vpn pluto[27980]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 13:21:32 vpn pluto[27980]: testing HMAC_MD5:
Nov 25 13:21:32 vpn pluto[27980]:   RFC 2104: MD5_HMAC test 1
Nov 25 13:21:32 vpn pluto[27980]:   RFC 2104: MD5_HMAC test 2
Nov 25 13:21:32 vpn pluto[27980]:   RFC 2104: MD5_HMAC test 3
Nov 25 13:21:32 vpn pluto[27980]: 2 CPU cores online
Nov 25 13:21:32 vpn pluto[27980]: starting up 2 helper threads
Nov 25 13:21:32 vpn pluto[27980]: started thread for helper 0
Nov 25 13:21:32 vpn pluto[27980]: started thread for helper 1
Nov 25 13:21:32 vpn pluto[27980]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 13:21:32 vpn pluto[27980]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 13:21:32 vpn pluto[27980]: watchdog: sending probes every 100 secs
Nov 25 13:21:32 vpn pluto[27980]: seccomp security not supported
Nov 25 13:21:32 vpn pluto[27980]: seccomp security for helper not supported
Nov 25 13:21:32 vpn pluto[27980]: seccomp security for helper not supported
Nov 25 13:21:32 vpn pluto[27980]: "l2tp-psk": added IKEv1 connection
Nov 25 13:21:32 vpn pluto[27980]: "xauth-psk": added IKEv1 connection
Nov 25 13:21:32 vpn pluto[27980]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 13:21:32 vpn pluto[27980]: "ikev2-cp": added IKEv2 connection
Nov 25 13:21:32 vpn pluto[27980]: listening for IKE messages
Nov 25 13:21:32 vpn pluto[27980]: Kernel supports NIC esp-hw-offload
Nov 25 13:21:32 vpn pluto[27980]: adding UDP interface ens160 192.168.10.19:500
Nov 25 13:21:32 vpn pluto[27980]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 13:21:32 vpn pluto[27980]: adding UDP interface lo 127.0.0.1:500
Nov 25 13:21:32 vpn pluto[27980]: adding UDP interface lo 127.0.0.1:4500
Nov 25 13:21:32 vpn pluto[27980]: adding UDP interface lo [::1]:500
Nov 25 13:21:32 vpn pluto[27980]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:21:32 vpn pluto[27980]: forgetting secrets
Nov 25 13:21:32 vpn pluto[27980]: loading secrets from "/etc/ipsec.secrets"
Nov 25 13:23:30 vpn pluto[27980]: shutting down
Nov 25 13:23:30 vpn pluto[27980]: forgetting secrets
Nov 25 13:23:30 vpn pluto[27980]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:23:30 vpn pluto[27980]: shutting down interface lo [::1]:500
Nov 25 13:23:30 vpn pluto[27980]: shutting down interface lo 127.0.0.1:4500
Nov 25 13:23:30 vpn pluto[27980]: shutting down interface lo 127.0.0.1:500
Nov 25 13:23:30 vpn pluto[27980]: shutting down interface ens160 192.168.10.19:4500
Nov 25 13:23:30 vpn pluto[27980]: shutting down interface ens160 192.168.10.19:500
Nov 25 13:23:30 vpn pluto[27980]: leak detective found no leaks
Nov 25 13:23:30 vpn pluto[29364]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 13:23:30 vpn pluto[29364]: FIPS Mode: NO
Nov 25 13:23:30 vpn pluto[29364]: NSS crypto library initialized
Nov 25 13:23:30 vpn pluto[29364]: FIPS mode disabled for pluto daemon
Nov 25 13:23:30 vpn pluto[29364]: FIPS HMAC integrity support [disabled]
Nov 25 13:23:30 vpn pluto[29364]: libcap-ng support [enabled]
Nov 25 13:23:30 vpn pluto[29364]: Linux audit support [disabled]
Nov 25 13:23:30 vpn pluto[29364]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:29364
Nov 25 13:23:30 vpn pluto[29364]: core dump dir: /run/pluto
Nov 25 13:23:30 vpn pluto[29364]: secrets file: /etc/ipsec.secrets
Nov 25 13:23:30 vpn pluto[29364]: leak-detective enabled
Nov 25 13:23:30 vpn pluto[29364]: NSS crypto [enabled]
Nov 25 13:23:30 vpn pluto[29364]: XAUTH PAM support [enabled]
Nov 25 13:23:30 vpn pluto[29364]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 13:23:30 vpn pluto[29364]: NAT-Traversal support  [enabled]
Nov 25 13:23:30 vpn pluto[29364]: Encryption algorithms:
Nov 25 13:23:30 vpn pluto[29364]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 13:23:30 vpn pluto[29364]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 13:23:30 vpn pluto[29364]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 13:23:30 vpn pluto[29364]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 13:23:30 vpn pluto[29364]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:23:30 vpn pluto[29364]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 13:23:30 vpn pluto[29364]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 13:23:30 vpn pluto[29364]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 13:23:30 vpn pluto[29364]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 13:23:30 vpn pluto[29364]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 13:23:30 vpn pluto[29364]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 13:23:30 vpn pluto[29364]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 13:23:30 vpn pluto[29364]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:23:30 vpn pluto[29364]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 13:23:30 vpn pluto[29364]: Hash algorithms:
Nov 25 13:23:30 vpn pluto[29364]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 13:23:30 vpn pluto[29364]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 13:23:30 vpn pluto[29364]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 13:23:30 vpn pluto[29364]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 13:23:30 vpn pluto[29364]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 13:23:30 vpn pluto[29364]: PRF algorithms:
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 13:23:30 vpn pluto[29364]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 13:23:30 vpn pluto[29364]: Integrity algorithms:
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 13:23:30 vpn pluto[29364]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 13:23:30 vpn pluto[29364]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 13:23:30 vpn pluto[29364]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 13:23:30 vpn pluto[29364]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 13:23:30 vpn pluto[29364]: DH algorithms:
Nov 25 13:23:30 vpn pluto[29364]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 13:23:30 vpn pluto[29364]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 13:23:30 vpn pluto[29364]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 13:23:30 vpn pluto[29364]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 13:23:30 vpn pluto[29364]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 13:23:30 vpn pluto[29364]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 13:23:30 vpn pluto[29364]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 13:23:30 vpn pluto[29364]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 13:23:30 vpn pluto[29364]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 13:23:30 vpn pluto[29364]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 13:23:30 vpn pluto[29364]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 13:23:30 vpn pluto[29364]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 13:23:30 vpn pluto[29364]: testing CAMELLIA_CBC:
Nov 25 13:23:30 vpn pluto[29364]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:23:30 vpn pluto[29364]: testing AES_GCM_16:
Nov 25 13:23:30 vpn pluto[29364]:   empty string
Nov 25 13:23:30 vpn pluto[29364]:   one block
Nov 25 13:23:30 vpn pluto[29364]:   two blocks
Nov 25 13:23:30 vpn pluto[29364]:   two blocks with associated data
Nov 25 13:23:30 vpn pluto[29364]: testing AES_CTR:
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 13:23:30 vpn pluto[29364]: testing AES_CBC:
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 13:23:30 vpn pluto[29364]: testing AES_XCBC:
Nov 25 13:23:30 vpn pluto[29364]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 13:23:30 vpn pluto[29364]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 13:23:30 vpn pluto[29364]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 13:23:30 vpn pluto[29364]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 13:23:30 vpn pluto[29364]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 13:23:30 vpn pluto[29364]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 13:23:30 vpn pluto[29364]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 13:23:30 vpn pluto[29364]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 13:23:30 vpn pluto[29364]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 13:23:30 vpn pluto[29364]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 13:23:30 vpn pluto[29364]: testing HMAC_MD5:
Nov 25 13:23:30 vpn pluto[29364]:   RFC 2104: MD5_HMAC test 1
Nov 25 13:23:30 vpn pluto[29364]:   RFC 2104: MD5_HMAC test 2
Nov 25 13:23:30 vpn pluto[29364]:   RFC 2104: MD5_HMAC test 3
Nov 25 13:23:30 vpn pluto[29364]: 2 CPU cores online
Nov 25 13:23:30 vpn pluto[29364]: starting up 2 helper threads
Nov 25 13:23:30 vpn pluto[29364]: started thread for helper 0
Nov 25 13:23:30 vpn pluto[29364]: started thread for helper 1
Nov 25 13:23:30 vpn pluto[29364]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 13:23:30 vpn pluto[29364]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 13:23:30 vpn pluto[29364]: seccomp security for helper not supported
Nov 25 13:23:30 vpn pluto[29364]: seccomp security for helper not supported
Nov 25 13:23:30 vpn pluto[29364]: watchdog: sending probes every 100 secs
Nov 25 13:23:30 vpn pluto[29364]: seccomp security not supported
Nov 25 13:23:30 vpn pluto[29364]: "l2tp-psk": added IKEv1 connection
Nov 25 13:23:30 vpn pluto[29364]: "xauth-psk": added IKEv1 connection
Nov 25 13:23:30 vpn pluto[29364]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 13:23:30 vpn pluto[29364]: "ikev2-cp": added IKEv2 connection
Nov 25 13:23:30 vpn pluto[29364]: listening for IKE messages
Nov 25 13:23:30 vpn pluto[29364]: Kernel supports NIC esp-hw-offload
Nov 25 13:23:30 vpn pluto[29364]: adding UDP interface ens160 192.168.10.19:500
Nov 25 13:23:30 vpn pluto[29364]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 13:23:30 vpn pluto[29364]: adding UDP interface lo 127.0.0.1:500
Nov 25 13:23:30 vpn pluto[29364]: adding UDP interface lo 127.0.0.1:4500
Nov 25 13:23:30 vpn pluto[29364]: adding UDP interface lo [::1]:500
Nov 25 13:23:30 vpn pluto[29364]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:23:30 vpn pluto[29364]: forgetting secrets
Nov 25 13:23:30 vpn pluto[29364]: loading secrets from "/etc/ipsec.secrets"
Nov 25 13:25:32 vpn pluto[29364]: shutting down
Nov 25 13:25:32 vpn pluto[29364]: forgetting secrets
Nov 25 13:25:32 vpn pluto[29364]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:25:32 vpn pluto[29364]: shutting down interface lo [::1]:500
Nov 25 13:25:32 vpn pluto[29364]: shutting down interface lo 127.0.0.1:4500
Nov 25 13:25:32 vpn pluto[29364]: shutting down interface lo 127.0.0.1:500
Nov 25 13:25:32 vpn pluto[29364]: shutting down interface ens160 192.168.10.19:4500
Nov 25 13:25:32 vpn pluto[29364]: shutting down interface ens160 192.168.10.19:500
Nov 25 13:25:32 vpn pluto[29364]: leak detective found no leaks
Nov 25 13:25:32 vpn pluto[30657]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 13:25:32 vpn pluto[30657]: FIPS Mode: NO
Nov 25 13:25:32 vpn pluto[30657]: NSS crypto library initialized
Nov 25 13:25:32 vpn pluto[30657]: FIPS mode disabled for pluto daemon
Nov 25 13:25:32 vpn pluto[30657]: FIPS HMAC integrity support [disabled]
Nov 25 13:25:32 vpn pluto[30657]: libcap-ng support [enabled]
Nov 25 13:25:32 vpn pluto[30657]: Linux audit support [disabled]
Nov 25 13:25:32 vpn pluto[30657]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:30657
Nov 25 13:25:32 vpn pluto[30657]: core dump dir: /run/pluto
Nov 25 13:25:32 vpn pluto[30657]: secrets file: /etc/ipsec.secrets
Nov 25 13:25:32 vpn pluto[30657]: leak-detective enabled
Nov 25 13:25:32 vpn pluto[30657]: NSS crypto [enabled]
Nov 25 13:25:32 vpn pluto[30657]: XAUTH PAM support [enabled]
Nov 25 13:25:32 vpn pluto[30657]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 13:25:32 vpn pluto[30657]: NAT-Traversal support  [enabled]
Nov 25 13:25:32 vpn pluto[30657]: Encryption algorithms:
Nov 25 13:25:32 vpn pluto[30657]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 13:25:32 vpn pluto[30657]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 13:25:32 vpn pluto[30657]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 13:25:32 vpn pluto[30657]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 13:25:32 vpn pluto[30657]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:25:32 vpn pluto[30657]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 13:25:32 vpn pluto[30657]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 13:25:32 vpn pluto[30657]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 13:25:32 vpn pluto[30657]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 13:25:32 vpn pluto[30657]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 13:25:32 vpn pluto[30657]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 13:25:32 vpn pluto[30657]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 13:25:32 vpn pluto[30657]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:25:32 vpn pluto[30657]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 13:25:32 vpn pluto[30657]: Hash algorithms:
Nov 25 13:25:32 vpn pluto[30657]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 13:25:32 vpn pluto[30657]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 13:25:32 vpn pluto[30657]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 13:25:32 vpn pluto[30657]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 13:25:32 vpn pluto[30657]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 13:25:32 vpn pluto[30657]: PRF algorithms:
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 13:25:32 vpn pluto[30657]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 13:25:32 vpn pluto[30657]: Integrity algorithms:
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 13:25:32 vpn pluto[30657]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 13:25:32 vpn pluto[30657]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 13:25:32 vpn pluto[30657]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 13:25:32 vpn pluto[30657]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 13:25:32 vpn pluto[30657]: DH algorithms:
Nov 25 13:25:32 vpn pluto[30657]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 13:25:32 vpn pluto[30657]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 13:25:32 vpn pluto[30657]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 13:25:32 vpn pluto[30657]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 13:25:32 vpn pluto[30657]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 13:25:32 vpn pluto[30657]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 13:25:32 vpn pluto[30657]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 13:25:32 vpn pluto[30657]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 13:25:32 vpn pluto[30657]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 13:25:32 vpn pluto[30657]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 13:25:32 vpn pluto[30657]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 13:25:32 vpn pluto[30657]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 13:25:32 vpn pluto[30657]: testing CAMELLIA_CBC:
Nov 25 13:25:32 vpn pluto[30657]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:25:32 vpn pluto[30657]: testing AES_GCM_16:
Nov 25 13:25:32 vpn pluto[30657]:   empty string
Nov 25 13:25:32 vpn pluto[30657]:   one block
Nov 25 13:25:32 vpn pluto[30657]:   two blocks
Nov 25 13:25:32 vpn pluto[30657]:   two blocks with associated data
Nov 25 13:25:32 vpn pluto[30657]: testing AES_CTR:
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 13:25:32 vpn pluto[30657]: testing AES_CBC:
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 13:25:32 vpn pluto[30657]: testing AES_XCBC:
Nov 25 13:25:32 vpn pluto[30657]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 13:25:32 vpn pluto[30657]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 13:25:32 vpn pluto[30657]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 13:25:32 vpn pluto[30657]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 13:25:32 vpn pluto[30657]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 13:25:32 vpn pluto[30657]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 13:25:32 vpn pluto[30657]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 13:25:32 vpn pluto[30657]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 13:25:32 vpn pluto[30657]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 13:25:32 vpn pluto[30657]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 13:25:32 vpn pluto[30657]: testing HMAC_MD5:
Nov 25 13:25:32 vpn pluto[30657]:   RFC 2104: MD5_HMAC test 1
Nov 25 13:25:32 vpn pluto[30657]:   RFC 2104: MD5_HMAC test 2
Nov 25 13:25:32 vpn pluto[30657]:   RFC 2104: MD5_HMAC test 3
Nov 25 13:25:32 vpn pluto[30657]: 2 CPU cores online
Nov 25 13:25:32 vpn pluto[30657]: starting up 2 helper threads
Nov 25 13:25:32 vpn pluto[30657]: started thread for helper 0
Nov 25 13:25:32 vpn pluto[30657]: started thread for helper 1
Nov 25 13:25:32 vpn pluto[30657]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 13:25:32 vpn pluto[30657]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 13:25:32 vpn pluto[30657]: watchdog: sending probes every 100 secs
Nov 25 13:25:32 vpn pluto[30657]: seccomp security not supported
Nov 25 13:25:32 vpn pluto[30657]: "l2tp-psk": added IKEv1 connection
Nov 25 13:25:32 vpn pluto[30657]: "xauth-psk": added IKEv1 connection
Nov 25 13:25:32 vpn pluto[30657]: seccomp security for helper not supported
Nov 25 13:25:32 vpn pluto[30657]: seccomp security for helper not supported
Nov 25 13:25:32 vpn pluto[30657]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 13:25:32 vpn pluto[30657]: "ikev2-cp": added IKEv2 connection
Nov 25 13:25:32 vpn pluto[30657]: listening for IKE messages
Nov 25 13:25:32 vpn pluto[30657]: Kernel supports NIC esp-hw-offload
Nov 25 13:25:32 vpn pluto[30657]: adding UDP interface ens160 192.168.10.19:500
Nov 25 13:25:32 vpn pluto[30657]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 13:25:32 vpn pluto[30657]: adding UDP interface lo 127.0.0.1:500
Nov 25 13:25:32 vpn pluto[30657]: adding UDP interface lo 127.0.0.1:4500
Nov 25 13:25:32 vpn pluto[30657]: adding UDP interface lo [::1]:500
Nov 25 13:25:32 vpn pluto[30657]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:25:32 vpn pluto[30657]: forgetting secrets
Nov 25 13:25:32 vpn pluto[30657]: loading secrets from "/etc/ipsec.secrets"
Nov 25 13:32:14 vpn pluto[30657]: shutting down
Nov 25 13:32:14 vpn pluto[30657]: forgetting secrets
Nov 25 13:32:14 vpn pluto[30657]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:32:14 vpn pluto[30657]: shutting down interface lo [::1]:500
Nov 25 13:32:14 vpn pluto[30657]: shutting down interface lo 127.0.0.1:4500
Nov 25 13:32:14 vpn pluto[30657]: shutting down interface lo 127.0.0.1:500
Nov 25 13:32:14 vpn pluto[30657]: shutting down interface ens160 192.168.10.19:4500
Nov 25 13:32:14 vpn pluto[30657]: shutting down interface ens160 192.168.10.19:500
Nov 25 13:32:14 vpn pluto[30657]: leak detective found no leaks
Nov 25 13:32:15 vpn pluto[31370]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 13:32:15 vpn pluto[31370]: FIPS Mode: NO
Nov 25 13:32:15 vpn pluto[31370]: NSS crypto library initialized
Nov 25 13:32:15 vpn pluto[31370]: FIPS mode disabled for pluto daemon
Nov 25 13:32:15 vpn pluto[31370]: FIPS HMAC integrity support [disabled]
Nov 25 13:32:15 vpn pluto[31370]: libcap-ng support [enabled]
Nov 25 13:32:15 vpn pluto[31370]: Linux audit support [disabled]
Nov 25 13:32:15 vpn pluto[31370]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:31370
Nov 25 13:32:15 vpn pluto[31370]: core dump dir: /run/pluto
Nov 25 13:32:15 vpn pluto[31370]: secrets file: /etc/ipsec.secrets
Nov 25 13:32:15 vpn pluto[31370]: leak-detective enabled
Nov 25 13:32:15 vpn pluto[31370]: NSS crypto [enabled]
Nov 25 13:32:15 vpn pluto[31370]: XAUTH PAM support [enabled]
Nov 25 13:32:15 vpn pluto[31370]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 13:32:15 vpn pluto[31370]: NAT-Traversal support  [enabled]
Nov 25 13:32:15 vpn pluto[31370]: Encryption algorithms:
Nov 25 13:32:15 vpn pluto[31370]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 13:32:15 vpn pluto[31370]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 13:32:15 vpn pluto[31370]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 13:32:15 vpn pluto[31370]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 13:32:15 vpn pluto[31370]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:32:15 vpn pluto[31370]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 13:32:15 vpn pluto[31370]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 13:32:15 vpn pluto[31370]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 13:32:15 vpn pluto[31370]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 13:32:15 vpn pluto[31370]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 13:32:15 vpn pluto[31370]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 13:32:15 vpn pluto[31370]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 13:32:15 vpn pluto[31370]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:32:15 vpn pluto[31370]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 13:32:15 vpn pluto[31370]: Hash algorithms:
Nov 25 13:32:15 vpn pluto[31370]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 13:32:15 vpn pluto[31370]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 13:32:15 vpn pluto[31370]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 13:32:15 vpn pluto[31370]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 13:32:15 vpn pluto[31370]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 13:32:15 vpn pluto[31370]: PRF algorithms:
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 13:32:15 vpn pluto[31370]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 13:32:15 vpn pluto[31370]: Integrity algorithms:
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 13:32:15 vpn pluto[31370]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 13:32:15 vpn pluto[31370]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 13:32:15 vpn pluto[31370]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 13:32:15 vpn pluto[31370]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 13:32:15 vpn pluto[31370]: DH algorithms:
Nov 25 13:32:15 vpn pluto[31370]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 13:32:15 vpn pluto[31370]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 13:32:15 vpn pluto[31370]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 13:32:15 vpn pluto[31370]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 13:32:15 vpn pluto[31370]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 13:32:15 vpn pluto[31370]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 13:32:15 vpn pluto[31370]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 13:32:15 vpn pluto[31370]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 13:32:15 vpn pluto[31370]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 13:32:15 vpn pluto[31370]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 13:32:15 vpn pluto[31370]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 13:32:15 vpn pluto[31370]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 13:32:15 vpn pluto[31370]: testing CAMELLIA_CBC:
Nov 25 13:32:15 vpn pluto[31370]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:32:15 vpn pluto[31370]: testing AES_GCM_16:
Nov 25 13:32:15 vpn pluto[31370]:   empty string
Nov 25 13:32:15 vpn pluto[31370]:   one block
Nov 25 13:32:15 vpn pluto[31370]:   two blocks
Nov 25 13:32:15 vpn pluto[31370]:   two blocks with associated data
Nov 25 13:32:15 vpn pluto[31370]: testing AES_CTR:
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 13:32:15 vpn pluto[31370]: testing AES_CBC:
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 13:32:15 vpn pluto[31370]: testing AES_XCBC:
Nov 25 13:32:15 vpn pluto[31370]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 13:32:15 vpn pluto[31370]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 13:32:15 vpn pluto[31370]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 13:32:15 vpn pluto[31370]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 13:32:15 vpn pluto[31370]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 13:32:15 vpn pluto[31370]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 13:32:15 vpn pluto[31370]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 13:32:15 vpn pluto[31370]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 13:32:15 vpn pluto[31370]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 13:32:15 vpn pluto[31370]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 13:32:15 vpn pluto[31370]: testing HMAC_MD5:
Nov 25 13:32:15 vpn pluto[31370]:   RFC 2104: MD5_HMAC test 1
Nov 25 13:32:15 vpn pluto[31370]:   RFC 2104: MD5_HMAC test 2
Nov 25 13:32:15 vpn pluto[31370]:   RFC 2104: MD5_HMAC test 3
Nov 25 13:32:15 vpn pluto[31370]: 2 CPU cores online
Nov 25 13:32:15 vpn pluto[31370]: starting up 2 helper threads
Nov 25 13:32:15 vpn pluto[31370]: started thread for helper 0
Nov 25 13:32:15 vpn pluto[31370]: started thread for helper 1
Nov 25 13:32:15 vpn pluto[31370]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 13:32:15 vpn pluto[31370]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 13:32:15 vpn pluto[31370]: watchdog: sending probes every 100 secs
Nov 25 13:32:15 vpn pluto[31370]: seccomp security not supported
Nov 25 13:32:15 vpn pluto[31370]: "l2tp-psk": added IKEv1 connection
Nov 25 13:32:15 vpn pluto[31370]: "xauth-psk": added IKEv1 connection
Nov 25 13:32:15 vpn pluto[31370]: listening for IKE messages
Nov 25 13:32:15 vpn pluto[31370]: Kernel supports NIC esp-hw-offload
Nov 25 13:32:15 vpn pluto[31370]: adding UDP interface ens160 192.168.10.19:500
Nov 25 13:32:15 vpn pluto[31370]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 13:32:15 vpn pluto[31370]: adding UDP interface lo 127.0.0.1:500
Nov 25 13:32:15 vpn pluto[31370]: adding UDP interface lo 127.0.0.1:4500
Nov 25 13:32:15 vpn pluto[31370]: adding UDP interface lo [::1]:500
Nov 25 13:32:15 vpn pluto[31370]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:32:15 vpn pluto[31370]: seccomp security for helper not supported
Nov 25 13:32:15 vpn pluto[31370]: seccomp security for helper not supported
Nov 25 13:32:15 vpn pluto[31370]: loading secrets from "/etc/ipsec.secrets"
Nov 25 13:36:32 vpn pluto[31370]: shutting down
Nov 25 13:36:32 vpn pluto[31370]: forgetting secrets
Nov 25 13:36:32 vpn pluto[31370]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:36:32 vpn pluto[31370]: shutting down interface lo [::1]:500
Nov 25 13:36:32 vpn pluto[31370]: shutting down interface lo 127.0.0.1:4500
Nov 25 13:36:32 vpn pluto[31370]: shutting down interface lo 127.0.0.1:500
Nov 25 13:36:32 vpn pluto[31370]: shutting down interface ens160 192.168.10.19:4500
Nov 25 13:36:32 vpn pluto[31370]: shutting down interface ens160 192.168.10.19:500
Nov 25 13:36:32 vpn pluto[31370]: leak detective found no leaks
Nov 25 13:36:32 vpn pluto[31963]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 13:36:32 vpn pluto[31963]: FIPS Mode: NO
Nov 25 13:36:32 vpn pluto[31963]: NSS crypto library initialized
Nov 25 13:36:32 vpn pluto[31963]: FIPS mode disabled for pluto daemon
Nov 25 13:36:32 vpn pluto[31963]: FIPS HMAC integrity support [disabled]
Nov 25 13:36:32 vpn pluto[31963]: libcap-ng support [enabled]
Nov 25 13:36:32 vpn pluto[31963]: Linux audit support [disabled]
Nov 25 13:36:32 vpn pluto[31963]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:31963
Nov 25 13:36:32 vpn pluto[31963]: core dump dir: /run/pluto
Nov 25 13:36:32 vpn pluto[31963]: secrets file: /etc/ipsec.secrets
Nov 25 13:36:32 vpn pluto[31963]: leak-detective enabled
Nov 25 13:36:32 vpn pluto[31963]: NSS crypto [enabled]
Nov 25 13:36:32 vpn pluto[31963]: XAUTH PAM support [enabled]
Nov 25 13:36:32 vpn pluto[31963]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 13:36:32 vpn pluto[31963]: NAT-Traversal support  [enabled]
Nov 25 13:36:32 vpn pluto[31963]: Encryption algorithms:
Nov 25 13:36:32 vpn pluto[31963]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 13:36:32 vpn pluto[31963]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 13:36:32 vpn pluto[31963]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 13:36:32 vpn pluto[31963]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 13:36:32 vpn pluto[31963]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:36:32 vpn pluto[31963]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 13:36:32 vpn pluto[31963]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 13:36:32 vpn pluto[31963]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 13:36:32 vpn pluto[31963]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 13:36:32 vpn pluto[31963]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 13:36:32 vpn pluto[31963]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 13:36:32 vpn pluto[31963]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 13:36:32 vpn pluto[31963]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:36:32 vpn pluto[31963]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 13:36:32 vpn pluto[31963]: Hash algorithms:
Nov 25 13:36:32 vpn pluto[31963]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 13:36:32 vpn pluto[31963]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 13:36:32 vpn pluto[31963]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 13:36:32 vpn pluto[31963]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 13:36:32 vpn pluto[31963]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 13:36:32 vpn pluto[31963]: PRF algorithms:
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 13:36:32 vpn pluto[31963]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 13:36:32 vpn pluto[31963]: Integrity algorithms:
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 13:36:32 vpn pluto[31963]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 13:36:32 vpn pluto[31963]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 13:36:32 vpn pluto[31963]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 13:36:32 vpn pluto[31963]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 13:36:32 vpn pluto[31963]: DH algorithms:
Nov 25 13:36:32 vpn pluto[31963]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 13:36:32 vpn pluto[31963]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 13:36:32 vpn pluto[31963]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 13:36:32 vpn pluto[31963]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 13:36:32 vpn pluto[31963]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 13:36:32 vpn pluto[31963]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 13:36:32 vpn pluto[31963]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 13:36:32 vpn pluto[31963]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 13:36:32 vpn pluto[31963]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 13:36:32 vpn pluto[31963]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 13:36:32 vpn pluto[31963]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 13:36:32 vpn pluto[31963]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 13:36:32 vpn pluto[31963]: testing CAMELLIA_CBC:
Nov 25 13:36:32 vpn pluto[31963]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:36:32 vpn pluto[31963]: testing AES_GCM_16:
Nov 25 13:36:32 vpn pluto[31963]:   empty string
Nov 25 13:36:32 vpn pluto[31963]:   one block
Nov 25 13:36:32 vpn pluto[31963]:   two blocks
Nov 25 13:36:32 vpn pluto[31963]:   two blocks with associated data
Nov 25 13:36:32 vpn pluto[31963]: testing AES_CTR:
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 13:36:32 vpn pluto[31963]: testing AES_CBC:
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 13:36:32 vpn pluto[31963]: testing AES_XCBC:
Nov 25 13:36:32 vpn pluto[31963]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 13:36:32 vpn pluto[31963]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 13:36:32 vpn pluto[31963]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 13:36:32 vpn pluto[31963]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 13:36:32 vpn pluto[31963]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 13:36:32 vpn pluto[31963]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 13:36:32 vpn pluto[31963]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 13:36:32 vpn pluto[31963]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 13:36:32 vpn pluto[31963]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 13:36:32 vpn pluto[31963]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 13:36:32 vpn pluto[31963]: testing HMAC_MD5:
Nov 25 13:36:32 vpn pluto[31963]:   RFC 2104: MD5_HMAC test 1
Nov 25 13:36:32 vpn pluto[31963]:   RFC 2104: MD5_HMAC test 2
Nov 25 13:36:32 vpn pluto[31963]:   RFC 2104: MD5_HMAC test 3
Nov 25 13:36:32 vpn pluto[31963]: 2 CPU cores online
Nov 25 13:36:32 vpn pluto[31963]: starting up 2 helper threads
Nov 25 13:36:32 vpn pluto[31963]: started thread for helper 0
Nov 25 13:36:32 vpn pluto[31963]: started thread for helper 1
Nov 25 13:36:32 vpn pluto[31963]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 13:36:32 vpn pluto[31963]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 13:36:32 vpn pluto[31963]: watchdog: sending probes every 100 secs
Nov 25 13:36:32 vpn pluto[31963]: seccomp security not supported
Nov 25 13:36:32 vpn pluto[31963]: "l2tp-psk": added IKEv1 connection
Nov 25 13:36:32 vpn pluto[31963]: "xauth-psk": added IKEv1 connection
Nov 25 13:36:32 vpn pluto[31963]: seccomp security for helper not supported
Nov 25 13:36:32 vpn pluto[31963]: seccomp security for helper not supported
Nov 25 13:36:32 vpn pluto[31963]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 13:36:32 vpn pluto[31963]: "ikev2-cp": added IKEv2 connection
Nov 25 13:36:32 vpn pluto[31963]: listening for IKE messages
Nov 25 13:36:32 vpn pluto[31963]: Kernel supports NIC esp-hw-offload
Nov 25 13:36:32 vpn pluto[31963]: adding UDP interface ens160 192.168.10.19:500
Nov 25 13:36:32 vpn pluto[31963]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 13:36:32 vpn pluto[31963]: adding UDP interface lo 127.0.0.1:500
Nov 25 13:36:32 vpn pluto[31963]: adding UDP interface lo 127.0.0.1:4500
Nov 25 13:36:32 vpn pluto[31963]: adding UDP interface lo [::1]:500
Nov 25 13:36:32 vpn pluto[31963]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:36:32 vpn pluto[31963]: forgetting secrets
Nov 25 13:36:32 vpn pluto[31963]: loading secrets from "/etc/ipsec.secrets"
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 13:38:35 vpn pluto[31963]: loading root certificate cache
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70 #1: reloaded private key matching left certificate 'mshome.cn'
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70 #1: switched from "ikev2-cp"[1] 170.219.41.70 to "ikev2-cp"
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[1] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70 #1: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 13:38:35 vpn pluto[31963]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0db5ed2d chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 13:38:35 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0db5ed2d <0x83bb5e10 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=170.219.41.70:15112 DPD=active}
Nov 25 13:38:53 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70 #2: ESP traffic information: in=38KB out=51KB
Nov 25 13:38:53 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 18.628467s and NOT sending notification
Nov 25 13:38:53 vpn pluto[31963]: "ikev2-cp"[2] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 13:40:21 vpn pluto[31963]: shutting down
Nov 25 13:40:21 vpn pluto[31963]: destroying root certificate cache
Nov 25 13:40:21 vpn pluto[31963]: forgetting secrets
Nov 25 13:40:21 vpn pluto[31963]: shutting down interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:40:21 vpn pluto[31963]: shutting down interface lo [::1]:500
Nov 25 13:40:21 vpn pluto[31963]: shutting down interface lo 127.0.0.1:4500
Nov 25 13:40:21 vpn pluto[31963]: shutting down interface lo 127.0.0.1:500
Nov 25 13:40:21 vpn pluto[31963]: shutting down interface ens160 192.168.10.19:4500
Nov 25 13:40:21 vpn pluto[31963]: shutting down interface ens160 192.168.10.19:500
Nov 25 13:40:21 vpn pluto[31963]: leak detective found no leaks
Nov 25 13:40:21 vpn pluto[32626]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 13:40:21 vpn pluto[32626]: FIPS Mode: NO
Nov 25 13:40:21 vpn pluto[32626]: NSS crypto library initialized
Nov 25 13:40:21 vpn pluto[32626]: FIPS mode disabled for pluto daemon
Nov 25 13:40:21 vpn pluto[32626]: FIPS HMAC integrity support [disabled]
Nov 25 13:40:21 vpn pluto[32626]: libcap-ng support [enabled]
Nov 25 13:40:21 vpn pluto[32626]: Linux audit support [disabled]
Nov 25 13:40:21 vpn pluto[32626]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:32626
Nov 25 13:40:21 vpn pluto[32626]: core dump dir: /run/pluto
Nov 25 13:40:21 vpn pluto[32626]: secrets file: /etc/ipsec.secrets
Nov 25 13:40:21 vpn pluto[32626]: leak-detective enabled
Nov 25 13:40:21 vpn pluto[32626]: NSS crypto [enabled]
Nov 25 13:40:21 vpn pluto[32626]: XAUTH PAM support [enabled]
Nov 25 13:40:21 vpn pluto[32626]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 13:40:21 vpn pluto[32626]: NAT-Traversal support  [enabled]
Nov 25 13:40:21 vpn pluto[32626]: Encryption algorithms:
Nov 25 13:40:21 vpn pluto[32626]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 13:40:21 vpn pluto[32626]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 13:40:21 vpn pluto[32626]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 13:40:21 vpn pluto[32626]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 13:40:21 vpn pluto[32626]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:40:21 vpn pluto[32626]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 13:40:21 vpn pluto[32626]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 13:40:21 vpn pluto[32626]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 13:40:21 vpn pluto[32626]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 13:40:21 vpn pluto[32626]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 13:40:21 vpn pluto[32626]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 13:40:21 vpn pluto[32626]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 13:40:21 vpn pluto[32626]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 13:40:21 vpn pluto[32626]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 13:40:21 vpn pluto[32626]: Hash algorithms:
Nov 25 13:40:21 vpn pluto[32626]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 13:40:21 vpn pluto[32626]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 13:40:21 vpn pluto[32626]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 13:40:21 vpn pluto[32626]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 13:40:21 vpn pluto[32626]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 13:40:21 vpn pluto[32626]: PRF algorithms:
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 13:40:21 vpn pluto[32626]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 13:40:21 vpn pluto[32626]: Integrity algorithms:
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 13:40:21 vpn pluto[32626]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 13:40:21 vpn pluto[32626]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 13:40:21 vpn pluto[32626]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 13:40:21 vpn pluto[32626]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 13:40:21 vpn pluto[32626]: DH algorithms:
Nov 25 13:40:21 vpn pluto[32626]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 13:40:21 vpn pluto[32626]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 13:40:21 vpn pluto[32626]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 13:40:21 vpn pluto[32626]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 13:40:21 vpn pluto[32626]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 13:40:21 vpn pluto[32626]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 13:40:21 vpn pluto[32626]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 13:40:21 vpn pluto[32626]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 13:40:21 vpn pluto[32626]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 13:40:21 vpn pluto[32626]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 13:40:21 vpn pluto[32626]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 13:40:21 vpn pluto[32626]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 13:40:21 vpn pluto[32626]: testing CAMELLIA_CBC:
Nov 25 13:40:21 vpn pluto[32626]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Camellia: 16 bytes with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Camellia: 16 bytes with 256-bit key
Nov 25 13:40:21 vpn pluto[32626]: testing AES_GCM_16:
Nov 25 13:40:21 vpn pluto[32626]:   empty string
Nov 25 13:40:21 vpn pluto[32626]:   one block
Nov 25 13:40:21 vpn pluto[32626]:   two blocks
Nov 25 13:40:21 vpn pluto[32626]:   two blocks with associated data
Nov 25 13:40:21 vpn pluto[32626]: testing AES_CTR:
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 13:40:21 vpn pluto[32626]: testing AES_CBC:
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 13:40:21 vpn pluto[32626]: testing AES_XCBC:
Nov 25 13:40:21 vpn pluto[32626]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 13:40:21 vpn pluto[32626]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 13:40:21 vpn pluto[32626]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 13:40:21 vpn pluto[32626]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 13:40:21 vpn pluto[32626]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 13:40:21 vpn pluto[32626]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 13:40:21 vpn pluto[32626]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 13:40:21 vpn pluto[32626]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 13:40:21 vpn pluto[32626]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 13:40:21 vpn pluto[32626]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 13:40:21 vpn pluto[32626]: testing HMAC_MD5:
Nov 25 13:40:21 vpn pluto[32626]:   RFC 2104: MD5_HMAC test 1
Nov 25 13:40:21 vpn pluto[32626]:   RFC 2104: MD5_HMAC test 2
Nov 25 13:40:21 vpn pluto[32626]:   RFC 2104: MD5_HMAC test 3
Nov 25 13:40:21 vpn pluto[32626]: 2 CPU cores online
Nov 25 13:40:21 vpn pluto[32626]: starting up 2 helper threads
Nov 25 13:40:21 vpn pluto[32626]: started thread for helper 0
Nov 25 13:40:21 vpn pluto[32626]: started thread for helper 1
Nov 25 13:40:21 vpn pluto[32626]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 13:40:21 vpn pluto[32626]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 13:40:21 vpn pluto[32626]: watchdog: sending probes every 100 secs
Nov 25 13:40:21 vpn pluto[32626]: seccomp security not supported
Nov 25 13:40:21 vpn pluto[32626]: "l2tp-psk": added IKEv1 connection
Nov 25 13:40:21 vpn pluto[32626]: "xauth-psk": added IKEv1 connection
Nov 25 13:40:21 vpn pluto[32626]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 13:40:21 vpn pluto[32626]: "ikev2-cp": added IKEv2 connection
Nov 25 13:40:21 vpn pluto[32626]: listening for IKE messages
Nov 25 13:40:21 vpn pluto[32626]: Kernel supports NIC esp-hw-offload
Nov 25 13:40:21 vpn pluto[32626]: adding UDP interface ens160 192.168.10.19:500
Nov 25 13:40:21 vpn pluto[32626]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 13:40:21 vpn pluto[32626]: adding UDP interface lo 127.0.0.1:500
Nov 25 13:40:21 vpn pluto[32626]: adding UDP interface lo 127.0.0.1:4500
Nov 25 13:40:21 vpn pluto[32626]: adding UDP interface lo [::1]:500
Nov 25 13:40:21 vpn pluto[32626]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Nov 25 13:40:21 vpn pluto[32626]: seccomp security for helper not supported
Nov 25 13:40:21 vpn pluto[32626]: seccomp security for helper not supported
Nov 25 13:40:21 vpn pluto[32626]: forgetting secrets
Nov 25 13:40:21 vpn pluto[32626]: loading secrets from "/etc/ipsec.secrets"
Nov 25 21:48:32 vpn pluto[1211]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 21:48:32 vpn pluto[1211]: FIPS Mode: NO
Nov 25 21:48:32 vpn pluto[1211]: NSS crypto library initialized
Nov 25 21:48:32 vpn pluto[1211]: FIPS mode disabled for pluto daemon
Nov 25 21:48:32 vpn pluto[1211]: FIPS HMAC integrity support [disabled]
Nov 25 21:48:32 vpn pluto[1211]: libcap-ng support [enabled]
Nov 25 21:48:32 vpn pluto[1211]: Linux audit support [disabled]
Nov 25 21:48:32 vpn pluto[1211]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1211
Nov 25 21:48:32 vpn pluto[1211]: core dump dir: /run/pluto
Nov 25 21:48:32 vpn pluto[1211]: secrets file: /etc/ipsec.secrets
Nov 25 21:48:32 vpn pluto[1211]: leak-detective enabled
Nov 25 21:48:32 vpn pluto[1211]: NSS crypto [enabled]
Nov 25 21:48:32 vpn pluto[1211]: XAUTH PAM support [enabled]
Nov 25 21:48:32 vpn pluto[1211]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 21:48:32 vpn pluto[1211]: NAT-Traversal support  [enabled]
Nov 25 21:48:32 vpn pluto[1211]: Encryption algorithms:
Nov 25 21:48:32 vpn pluto[1211]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 21:48:32 vpn pluto[1211]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 21:48:32 vpn pluto[1211]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 21:48:32 vpn pluto[1211]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 21:48:32 vpn pluto[1211]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:48:32 vpn pluto[1211]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 21:48:32 vpn pluto[1211]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 21:48:32 vpn pluto[1211]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 21:48:32 vpn pluto[1211]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 21:48:32 vpn pluto[1211]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 21:48:32 vpn pluto[1211]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 21:48:32 vpn pluto[1211]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 21:48:32 vpn pluto[1211]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:48:32 vpn pluto[1211]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 21:48:32 vpn pluto[1211]: Hash algorithms:
Nov 25 21:48:32 vpn pluto[1211]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 21:48:32 vpn pluto[1211]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 21:48:32 vpn pluto[1211]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 21:48:32 vpn pluto[1211]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 21:48:32 vpn pluto[1211]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 21:48:32 vpn pluto[1211]: PRF algorithms:
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 21:48:32 vpn pluto[1211]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 21:48:32 vpn pluto[1211]: Integrity algorithms:
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 21:48:32 vpn pluto[1211]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 21:48:32 vpn pluto[1211]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 21:48:32 vpn pluto[1211]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 21:48:32 vpn pluto[1211]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 21:48:32 vpn pluto[1211]: DH algorithms:
Nov 25 21:48:32 vpn pluto[1211]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 21:48:32 vpn pluto[1211]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 21:48:32 vpn pluto[1211]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 21:48:32 vpn pluto[1211]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 21:48:32 vpn pluto[1211]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 21:48:32 vpn pluto[1211]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 21:48:32 vpn pluto[1211]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 21:48:32 vpn pluto[1211]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 21:48:32 vpn pluto[1211]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 21:48:32 vpn pluto[1211]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 21:48:32 vpn pluto[1211]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 21:48:32 vpn pluto[1211]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 21:48:32 vpn pluto[1211]: testing CAMELLIA_CBC:
Nov 25 21:48:32 vpn pluto[1211]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:48:32 vpn pluto[1211]: testing AES_GCM_16:
Nov 25 21:48:32 vpn pluto[1211]:   empty string
Nov 25 21:48:32 vpn pluto[1211]:   one block
Nov 25 21:48:32 vpn pluto[1211]:   two blocks
Nov 25 21:48:32 vpn pluto[1211]:   two blocks with associated data
Nov 25 21:48:32 vpn pluto[1211]: testing AES_CTR:
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 21:48:32 vpn pluto[1211]: testing AES_CBC:
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 21:48:32 vpn pluto[1211]: testing AES_XCBC:
Nov 25 21:48:32 vpn pluto[1211]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 21:48:32 vpn pluto[1211]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 21:48:32 vpn pluto[1211]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 21:48:32 vpn pluto[1211]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 21:48:32 vpn pluto[1211]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 21:48:32 vpn pluto[1211]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 21:48:32 vpn pluto[1211]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 21:48:32 vpn pluto[1211]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 21:48:32 vpn pluto[1211]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 21:48:32 vpn pluto[1211]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 21:48:32 vpn pluto[1211]: testing HMAC_MD5:
Nov 25 21:48:32 vpn pluto[1211]:   RFC 2104: MD5_HMAC test 1
Nov 25 21:48:32 vpn pluto[1211]:   RFC 2104: MD5_HMAC test 2
Nov 25 21:48:32 vpn pluto[1211]:   RFC 2104: MD5_HMAC test 3
Nov 25 21:48:32 vpn pluto[1211]: 2 CPU cores online
Nov 25 21:48:32 vpn pluto[1211]: starting up 2 helper threads
Nov 25 21:48:32 vpn pluto[1211]: started thread for helper 0
Nov 25 21:48:32 vpn pluto[1211]: started thread for helper 1
Nov 25 21:48:32 vpn pluto[1211]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 21:48:32 vpn pluto[1211]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Nov 25 21:48:32 vpn pluto[1211]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 21:48:32 vpn pluto[1211]: watchdog: sending probes every 100 secs
Nov 25 21:48:32 vpn pluto[1211]: seccomp security for helper not supported
Nov 25 21:48:32 vpn pluto[1211]: seccomp security for helper not supported
Nov 25 21:48:32 vpn pluto[1211]: seccomp security not supported
Nov 25 21:48:32 vpn pluto[1211]: "l2tp-psk": added IKEv1 connection
Nov 25 21:48:32 vpn pluto[1211]: "xauth-psk": added IKEv1 connection
Nov 25 21:48:32 vpn pluto[1211]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 21:48:32 vpn pluto[1211]: "ikev2-cp": added IKEv2 connection
Nov 25 21:48:32 vpn pluto[1211]: listening for IKE messages
Nov 25 21:48:32 vpn pluto[1211]: Kernel supports NIC esp-hw-offload
Nov 25 21:48:32 vpn pluto[1211]: adding UDP interface ens160 192.168.10.19:500
Nov 25 21:48:32 vpn pluto[1211]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 21:48:32 vpn pluto[1211]: adding UDP interface lo 127.0.0.1:500
Nov 25 21:48:32 vpn pluto[1211]: adding UDP interface lo 127.0.0.1:4500
Nov 25 21:48:32 vpn pluto[1211]: forgetting secrets
Nov 25 21:48:32 vpn pluto[1211]: loading secrets from "/etc/ipsec.secrets"
Nov 25 21:48:46 vpn pluto[1211]: shutting down
Nov 25 21:48:46 vpn pluto[1211]: forgetting secrets
Nov 25 21:48:46 vpn pluto[1211]: shutting down interface lo 127.0.0.1:4500
Nov 25 21:48:46 vpn pluto[1211]: shutting down interface lo 127.0.0.1:500
Nov 25 21:48:46 vpn pluto[1211]: shutting down interface ens160 192.168.10.19:4500
Nov 25 21:48:46 vpn pluto[1211]: shutting down interface ens160 192.168.10.19:500
Nov 25 21:48:46 vpn pluto[1211]: leak detective found no leaks
Nov 25 21:48:46 vpn pluto[1912]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 21:48:46 vpn pluto[1912]: FIPS Mode: NO
Nov 25 21:48:46 vpn pluto[1912]: NSS crypto library initialized
Nov 25 21:48:46 vpn pluto[1912]: FIPS mode disabled for pluto daemon
Nov 25 21:48:46 vpn pluto[1912]: FIPS HMAC integrity support [disabled]
Nov 25 21:48:46 vpn pluto[1912]: libcap-ng support [enabled]
Nov 25 21:48:46 vpn pluto[1912]: Linux audit support [disabled]
Nov 25 21:48:46 vpn pluto[1912]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1912
Nov 25 21:48:46 vpn pluto[1912]: core dump dir: /run/pluto
Nov 25 21:48:46 vpn pluto[1912]: secrets file: /etc/ipsec.secrets
Nov 25 21:48:46 vpn pluto[1912]: leak-detective enabled
Nov 25 21:48:46 vpn pluto[1912]: NSS crypto [enabled]
Nov 25 21:48:46 vpn pluto[1912]: XAUTH PAM support [enabled]
Nov 25 21:48:46 vpn pluto[1912]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 21:48:46 vpn pluto[1912]: NAT-Traversal support  [enabled]
Nov 25 21:48:46 vpn pluto[1912]: Encryption algorithms:
Nov 25 21:48:46 vpn pluto[1912]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 21:48:46 vpn pluto[1912]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 21:48:46 vpn pluto[1912]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 21:48:46 vpn pluto[1912]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 21:48:46 vpn pluto[1912]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:48:46 vpn pluto[1912]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 21:48:46 vpn pluto[1912]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 21:48:46 vpn pluto[1912]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 21:48:46 vpn pluto[1912]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 21:48:46 vpn pluto[1912]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 21:48:46 vpn pluto[1912]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 21:48:46 vpn pluto[1912]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 21:48:46 vpn pluto[1912]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:48:46 vpn pluto[1912]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 21:48:46 vpn pluto[1912]: Hash algorithms:
Nov 25 21:48:46 vpn pluto[1912]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 21:48:46 vpn pluto[1912]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 21:48:46 vpn pluto[1912]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 21:48:46 vpn pluto[1912]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 21:48:46 vpn pluto[1912]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 21:48:46 vpn pluto[1912]: PRF algorithms:
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 21:48:46 vpn pluto[1912]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 21:48:46 vpn pluto[1912]: Integrity algorithms:
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 21:48:46 vpn pluto[1912]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 21:48:46 vpn pluto[1912]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 21:48:46 vpn pluto[1912]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 21:48:46 vpn pluto[1912]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 21:48:46 vpn pluto[1912]: DH algorithms:
Nov 25 21:48:46 vpn pluto[1912]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 21:48:46 vpn pluto[1912]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 21:48:46 vpn pluto[1912]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 21:48:46 vpn pluto[1912]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 21:48:46 vpn pluto[1912]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 21:48:46 vpn pluto[1912]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 21:48:46 vpn pluto[1912]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 21:48:46 vpn pluto[1912]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 21:48:46 vpn pluto[1912]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 21:48:46 vpn pluto[1912]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 21:48:46 vpn pluto[1912]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 21:48:46 vpn pluto[1912]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519

[ericshunhawk]

Nov 25 21:48:46 vpn pluto[1912]: testing CAMELLIA_CBC:
Nov 25 21:48:46 vpn pluto[1912]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:48:46 vpn pluto[1912]: testing AES_GCM_16:
Nov 25 21:48:46 vpn pluto[1912]:   empty string
Nov 25 21:48:46 vpn pluto[1912]:   one block
Nov 25 21:48:46 vpn pluto[1912]:   two blocks
Nov 25 21:48:46 vpn pluto[1912]:   two blocks with associated data
Nov 25 21:48:46 vpn pluto[1912]: testing AES_CTR:
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 21:48:46 vpn pluto[1912]: testing AES_CBC:
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 21:48:46 vpn pluto[1912]: testing AES_XCBC:
Nov 25 21:48:46 vpn pluto[1912]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 21:48:46 vpn pluto[1912]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 21:48:46 vpn pluto[1912]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 21:48:46 vpn pluto[1912]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 21:48:46 vpn pluto[1912]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 21:48:46 vpn pluto[1912]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 21:48:46 vpn pluto[1912]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 21:48:46 vpn pluto[1912]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 21:48:46 vpn pluto[1912]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 21:48:46 vpn pluto[1912]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 21:48:46 vpn pluto[1912]: testing HMAC_MD5:
Nov 25 21:48:46 vpn pluto[1912]:   RFC 2104: MD5_HMAC test 1
Nov 25 21:48:46 vpn pluto[1912]:   RFC 2104: MD5_HMAC test 2
Nov 25 21:48:46 vpn pluto[1912]:   RFC 2104: MD5_HMAC test 3
Nov 25 21:48:46 vpn pluto[1912]: 2 CPU cores online
Nov 25 21:48:46 vpn pluto[1912]: starting up 2 helper threads
Nov 25 21:48:46 vpn pluto[1912]: started thread for helper 0
Nov 25 21:48:46 vpn pluto[1912]: started thread for helper 1
Nov 25 21:48:46 vpn pluto[1912]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 21:48:46 vpn pluto[1912]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Nov 25 21:48:46 vpn pluto[1912]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 21:48:46 vpn pluto[1912]: watchdog: sending probes every 100 secs
Nov 25 21:48:46 vpn pluto[1912]: seccomp security not supported
Nov 25 21:48:46 vpn pluto[1912]: seccomp security for helper not supported
Nov 25 21:48:46 vpn pluto[1912]: "l2tp-psk": added IKEv1 connection
Nov 25 21:48:46 vpn pluto[1912]: "xauth-psk": added IKEv1 connection
Nov 25 21:48:46 vpn pluto[1912]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 21:48:46 vpn pluto[1912]: "ikev2-cp": added IKEv2 connection
Nov 25 21:48:46 vpn pluto[1912]: listening for IKE messages
Nov 25 21:48:46 vpn pluto[1912]: Kernel supports NIC esp-hw-offload
Nov 25 21:48:46 vpn pluto[1912]: adding UDP interface ens160 192.168.10.19:500
Nov 25 21:48:46 vpn pluto[1912]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 21:48:46 vpn pluto[1912]: adding UDP interface lo 127.0.0.1:500
Nov 25 21:48:46 vpn pluto[1912]: adding UDP interface lo 127.0.0.1:4500
Nov 25 21:48:46 vpn pluto[1912]: seccomp security for helper not supported
Nov 25 21:48:46 vpn pluto[1912]: forgetting secrets
Nov 25 21:48:46 vpn pluto[1912]: loading secrets from "/etc/ipsec.secrets"
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 21:49:52 vpn pluto[1912]: loading root certificate cache
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70 #1: reloaded private key matching left certificate 'mshome.cn'
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70 #1: switched from "ikev2-cp"[1] 170.219.41.70 to "ikev2-cp"
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[1] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70 #1: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 21:49:52 vpn pluto[1912]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=00acdd5d chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 21:49:52 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x00acdd5d <0xa6fc80b0 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=170.219.41.70:15185 DPD=active}
Nov 25 21:49:55 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70 #2: ESP traffic information: in=631B out=257B
Nov 25 21:49:55 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 3.048038s and NOT sending notification
Nov 25 21:49:55 vpn pluto[1912]: "ikev2-cp"[2] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 21:50:49 vpn pluto[1912]: shutting down
Nov 25 21:50:49 vpn pluto[1912]: destroying root certificate cache
Nov 25 21:50:49 vpn pluto[1912]: forgetting secrets
Nov 25 21:50:49 vpn pluto[1912]: shutting down interface lo 127.0.0.1:4500
Nov 25 21:50:49 vpn pluto[1912]: shutting down interface lo 127.0.0.1:500
Nov 25 21:50:49 vpn pluto[1912]: shutting down interface ens160 192.168.10.19:4500
Nov 25 21:50:49 vpn pluto[1912]: shutting down interface ens160 192.168.10.19:500
Nov 25 21:50:49 vpn pluto[1912]: leak detective found no leaks
Nov 25 21:50:50 vpn pluto[3416]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 21:50:50 vpn pluto[3416]: FIPS Mode: NO
Nov 25 21:50:50 vpn pluto[3416]: NSS crypto library initialized
Nov 25 21:50:50 vpn pluto[3416]: FIPS mode disabled for pluto daemon
Nov 25 21:50:50 vpn pluto[3416]: FIPS HMAC integrity support [disabled]
Nov 25 21:50:50 vpn pluto[3416]: libcap-ng support [enabled]
Nov 25 21:50:50 vpn pluto[3416]: Linux audit support [disabled]
Nov 25 21:50:50 vpn pluto[3416]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:3416
Nov 25 21:50:50 vpn pluto[3416]: core dump dir: /run/pluto
Nov 25 21:50:50 vpn pluto[3416]: secrets file: /etc/ipsec.secrets
Nov 25 21:50:50 vpn pluto[3416]: leak-detective enabled
Nov 25 21:50:50 vpn pluto[3416]: NSS crypto [enabled]
Nov 25 21:50:50 vpn pluto[3416]: XAUTH PAM support [enabled]
Nov 25 21:50:50 vpn pluto[3416]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 21:50:50 vpn pluto[3416]: NAT-Traversal support  [enabled]
Nov 25 21:50:50 vpn pluto[3416]: Encryption algorithms:
Nov 25 21:50:50 vpn pluto[3416]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 21:50:50 vpn pluto[3416]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 21:50:50 vpn pluto[3416]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 21:50:50 vpn pluto[3416]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 21:50:50 vpn pluto[3416]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:50:50 vpn pluto[3416]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 21:50:50 vpn pluto[3416]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 21:50:50 vpn pluto[3416]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 21:50:50 vpn pluto[3416]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 21:50:50 vpn pluto[3416]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 21:50:50 vpn pluto[3416]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 21:50:50 vpn pluto[3416]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 21:50:50 vpn pluto[3416]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:50:50 vpn pluto[3416]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 21:50:50 vpn pluto[3416]: Hash algorithms:
Nov 25 21:50:50 vpn pluto[3416]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 21:50:50 vpn pluto[3416]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 21:50:50 vpn pluto[3416]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 21:50:50 vpn pluto[3416]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 21:50:50 vpn pluto[3416]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 21:50:50 vpn pluto[3416]: PRF algorithms:
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 21:50:50 vpn pluto[3416]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 21:50:50 vpn pluto[3416]: Integrity algorithms:
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 21:50:50 vpn pluto[3416]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 21:50:50 vpn pluto[3416]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 21:50:50 vpn pluto[3416]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 21:50:50 vpn pluto[3416]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 21:50:50 vpn pluto[3416]: DH algorithms:
Nov 25 21:50:50 vpn pluto[3416]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 21:50:50 vpn pluto[3416]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 21:50:50 vpn pluto[3416]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 21:50:50 vpn pluto[3416]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 21:50:50 vpn pluto[3416]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 21:50:50 vpn pluto[3416]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 21:50:50 vpn pluto[3416]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 21:50:50 vpn pluto[3416]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 21:50:50 vpn pluto[3416]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 21:50:50 vpn pluto[3416]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 21:50:50 vpn pluto[3416]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 21:50:50 vpn pluto[3416]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 21:50:50 vpn pluto[3416]: testing CAMELLIA_CBC:
Nov 25 21:50:50 vpn pluto[3416]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:50:50 vpn pluto[3416]: testing AES_GCM_16:
Nov 25 21:50:50 vpn pluto[3416]:   empty string
Nov 25 21:50:50 vpn pluto[3416]:   one block
Nov 25 21:50:50 vpn pluto[3416]:   two blocks
Nov 25 21:50:50 vpn pluto[3416]:   two blocks with associated data
Nov 25 21:50:50 vpn pluto[3416]: testing AES_CTR:
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 21:50:50 vpn pluto[3416]: testing AES_CBC:
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 21:50:50 vpn pluto[3416]: testing AES_XCBC:
Nov 25 21:50:50 vpn pluto[3416]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 21:50:50 vpn pluto[3416]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 21:50:50 vpn pluto[3416]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 21:50:50 vpn pluto[3416]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 21:50:50 vpn pluto[3416]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 21:50:50 vpn pluto[3416]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 21:50:50 vpn pluto[3416]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 21:50:50 vpn pluto[3416]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 21:50:50 vpn pluto[3416]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 21:50:50 vpn pluto[3416]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 21:50:50 vpn pluto[3416]: testing HMAC_MD5:
Nov 25 21:50:50 vpn pluto[3416]:   RFC 2104: MD5_HMAC test 1
Nov 25 21:50:50 vpn pluto[3416]:   RFC 2104: MD5_HMAC test 2
Nov 25 21:50:50 vpn pluto[3416]:   RFC 2104: MD5_HMAC test 3
Nov 25 21:50:50 vpn pluto[3416]: 2 CPU cores online
Nov 25 21:50:50 vpn pluto[3416]: starting up 2 helper threads
Nov 25 21:50:50 vpn pluto[3416]: started thread for helper 0
Nov 25 21:50:50 vpn pluto[3416]: seccomp security for helper not supported
Nov 25 21:50:50 vpn pluto[3416]: started thread for helper 1
Nov 25 21:50:50 vpn pluto[3416]: seccomp security for helper not supported
Nov 25 21:50:50 vpn pluto[3416]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 21:50:50 vpn pluto[3416]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Nov 25 21:50:50 vpn pluto[3416]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 21:50:50 vpn pluto[3416]: watchdog: sending probes every 100 secs
Nov 25 21:50:50 vpn pluto[3416]: seccomp security not supported
Nov 25 21:50:50 vpn pluto[3416]: "l2tp-psk": added IKEv1 connection
Nov 25 21:50:50 vpn pluto[3416]: "xauth-psk": added IKEv1 connection
Nov 25 21:50:50 vpn pluto[3416]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 21:50:50 vpn pluto[3416]: "ikev2-cp": added IKEv2 connection
Nov 25 21:50:50 vpn pluto[3416]: listening for IKE messages
Nov 25 21:50:50 vpn pluto[3416]: Kernel supports NIC esp-hw-offload
Nov 25 21:50:50 vpn pluto[3416]: adding UDP interface ens160 192.168.10.19:500
Nov 25 21:50:50 vpn pluto[3416]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 21:50:50 vpn pluto[3416]: adding UDP interface lo 127.0.0.1:500
Nov 25 21:50:50 vpn pluto[3416]: adding UDP interface lo 127.0.0.1:4500
Nov 25 21:50:50 vpn pluto[3416]: forgetting secrets
Nov 25 21:50:50 vpn pluto[3416]: loading secrets from "/etc/ipsec.secrets"
Nov 25 21:51:12 vpn pluto[1211]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 21:51:12 vpn pluto[1211]: FIPS Mode: NO
Nov 25 21:51:12 vpn pluto[1211]: NSS crypto library initialized
Nov 25 21:51:12 vpn pluto[1211]: FIPS mode disabled for pluto daemon
Nov 25 21:51:12 vpn pluto[1211]: FIPS HMAC integrity support [disabled]
Nov 25 21:51:12 vpn pluto[1211]: libcap-ng support [enabled]
Nov 25 21:51:12 vpn pluto[1211]: Linux audit support [disabled]
Nov 25 21:51:12 vpn pluto[1211]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1211
Nov 25 21:51:12 vpn pluto[1211]: core dump dir: /run/pluto
Nov 25 21:51:12 vpn pluto[1211]: secrets file: /etc/ipsec.secrets
Nov 25 21:51:12 vpn pluto[1211]: leak-detective enabled
Nov 25 21:51:12 vpn pluto[1211]: NSS crypto [enabled]
Nov 25 21:51:12 vpn pluto[1211]: XAUTH PAM support [enabled]
Nov 25 21:51:12 vpn pluto[1211]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 21:51:12 vpn pluto[1211]: NAT-Traversal support  [enabled]
Nov 25 21:51:12 vpn pluto[1211]: Encryption algorithms:
Nov 25 21:51:12 vpn pluto[1211]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 21:51:12 vpn pluto[1211]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 21:51:12 vpn pluto[1211]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 21:51:12 vpn pluto[1211]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 21:51:12 vpn pluto[1211]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:51:12 vpn pluto[1211]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 21:51:12 vpn pluto[1211]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 21:51:12 vpn pluto[1211]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 21:51:12 vpn pluto[1211]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 21:51:12 vpn pluto[1211]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 21:51:12 vpn pluto[1211]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 21:51:12 vpn pluto[1211]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 21:51:12 vpn pluto[1211]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:51:12 vpn pluto[1211]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 21:51:12 vpn pluto[1211]: Hash algorithms:
Nov 25 21:51:12 vpn pluto[1211]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 21:51:12 vpn pluto[1211]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 21:51:12 vpn pluto[1211]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 21:51:12 vpn pluto[1211]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 21:51:12 vpn pluto[1211]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 21:51:12 vpn pluto[1211]: PRF algorithms:
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 21:51:12 vpn pluto[1211]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 21:51:12 vpn pluto[1211]: Integrity algorithms:
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 21:51:12 vpn pluto[1211]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 21:51:12 vpn pluto[1211]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 21:51:12 vpn pluto[1211]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 21:51:12 vpn pluto[1211]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 21:51:12 vpn pluto[1211]: DH algorithms:
Nov 25 21:51:12 vpn pluto[1211]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 21:51:12 vpn pluto[1211]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 21:51:12 vpn pluto[1211]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 21:51:12 vpn pluto[1211]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 21:51:12 vpn pluto[1211]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 21:51:12 vpn pluto[1211]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 21:51:12 vpn pluto[1211]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 21:51:12 vpn pluto[1211]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 21:51:12 vpn pluto[1211]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 21:51:12 vpn pluto[1211]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 21:51:12 vpn pluto[1211]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 21:51:12 vpn pluto[1211]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 21:51:12 vpn pluto[1211]: testing CAMELLIA_CBC:
Nov 25 21:51:12 vpn pluto[1211]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:51:12 vpn pluto[1211]: testing AES_GCM_16:
Nov 25 21:51:12 vpn pluto[1211]:   empty string
Nov 25 21:51:12 vpn pluto[1211]:   one block
Nov 25 21:51:12 vpn pluto[1211]:   two blocks
Nov 25 21:51:12 vpn pluto[1211]:   two blocks with associated data
Nov 25 21:51:12 vpn pluto[1211]: testing AES_CTR:
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 21:51:12 vpn pluto[1211]: testing AES_CBC:
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 21:51:12 vpn pluto[1211]: testing AES_XCBC:
Nov 25 21:51:12 vpn pluto[1211]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 21:51:12 vpn pluto[1211]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 21:51:12 vpn pluto[1211]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 21:51:12 vpn pluto[1211]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 21:51:12 vpn pluto[1211]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 21:51:12 vpn pluto[1211]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 21:51:12 vpn pluto[1211]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 21:51:12 vpn pluto[1211]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 21:51:12 vpn pluto[1211]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 21:51:12 vpn pluto[1211]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 21:51:12 vpn pluto[1211]: testing HMAC_MD5:
Nov 25 21:51:12 vpn pluto[1211]:   RFC 2104: MD5_HMAC test 1
Nov 25 21:51:12 vpn pluto[1211]:   RFC 2104: MD5_HMAC test 2
Nov 25 21:51:12 vpn pluto[1211]:   RFC 2104: MD5_HMAC test 3
Nov 25 21:51:12 vpn pluto[1211]: 2 CPU cores online
Nov 25 21:51:12 vpn pluto[1211]: starting up 2 helper threads
Nov 25 21:51:12 vpn pluto[1211]: started thread for helper 0
Nov 25 21:51:12 vpn pluto[1211]: started thread for helper 1
Nov 25 21:51:12 vpn pluto[1211]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 21:51:12 vpn pluto[1211]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Nov 25 21:51:12 vpn pluto[1211]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 21:51:12 vpn pluto[1211]: watchdog: sending probes every 100 secs
Nov 25 21:51:12 vpn pluto[1211]: seccomp security not supported
Nov 25 21:51:12 vpn pluto[1211]: seccomp security for helper not supported
Nov 25 21:51:12 vpn pluto[1211]: seccomp security for helper not supported
Nov 25 21:51:12 vpn pluto[1211]: "l2tp-psk": added IKEv1 connection
Nov 25 21:51:12 vpn pluto[1211]: "xauth-psk": added IKEv1 connection
Nov 25 21:51:12 vpn pluto[1211]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 21:51:12 vpn pluto[1211]: "ikev2-cp": added IKEv2 connection
Nov 25 21:51:12 vpn pluto[1211]: listening for IKE messages
Nov 25 21:51:12 vpn pluto[1211]: Kernel supports NIC esp-hw-offload
Nov 25 21:51:12 vpn pluto[1211]: adding UDP interface ens160 192.168.10.19:500
Nov 25 21:51:12 vpn pluto[1211]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 21:51:12 vpn pluto[1211]: adding UDP interface lo 127.0.0.1:500
Nov 25 21:51:12 vpn pluto[1211]: adding UDP interface lo 127.0.0.1:4500
Nov 25 21:51:12 vpn pluto[1211]: forgetting secrets
Nov 25 21:51:12 vpn pluto[1211]: loading secrets from "/etc/ipsec.secrets"
Nov 25 21:51:26 vpn pluto[1211]: shutting down
Nov 25 21:51:26 vpn pluto[1211]: forgetting secrets
Nov 25 21:51:26 vpn pluto[1211]: shutting down interface lo 127.0.0.1:4500
Nov 25 21:51:26 vpn pluto[1211]: shutting down interface lo 127.0.0.1:500
Nov 25 21:51:26 vpn pluto[1211]: shutting down interface ens160 192.168.10.19:4500
Nov 25 21:51:26 vpn pluto[1211]: shutting down interface ens160 192.168.10.19:500
Nov 25 21:51:26 vpn pluto[1211]: leak detective found no leaks
Nov 25 21:51:26 vpn pluto[1620]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 21:51:26 vpn pluto[1620]: FIPS Mode: NO
Nov 25 21:51:26 vpn pluto[1620]: NSS crypto library initialized
Nov 25 21:51:26 vpn pluto[1620]: FIPS mode disabled for pluto daemon
Nov 25 21:51:26 vpn pluto[1620]: FIPS HMAC integrity support [disabled]
Nov 25 21:51:26 vpn pluto[1620]: libcap-ng support [enabled]
Nov 25 21:51:26 vpn pluto[1620]: Linux audit support [disabled]
Nov 25 21:51:26 vpn pluto[1620]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1620
Nov 25 21:51:26 vpn pluto[1620]: core dump dir: /run/pluto
Nov 25 21:51:26 vpn pluto[1620]: secrets file: /etc/ipsec.secrets
Nov 25 21:51:26 vpn pluto[1620]: leak-detective enabled
Nov 25 21:51:26 vpn pluto[1620]: NSS crypto [enabled]
Nov 25 21:51:26 vpn pluto[1620]: XAUTH PAM support [enabled]
Nov 25 21:51:26 vpn pluto[1620]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 21:51:26 vpn pluto[1620]: NAT-Traversal support  [enabled]
Nov 25 21:51:26 vpn pluto[1620]: Encryption algorithms:
Nov 25 21:51:26 vpn pluto[1620]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 21:51:26 vpn pluto[1620]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 21:51:26 vpn pluto[1620]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 21:51:26 vpn pluto[1620]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 21:51:26 vpn pluto[1620]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:51:26 vpn pluto[1620]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 21:51:26 vpn pluto[1620]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 21:51:26 vpn pluto[1620]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 21:51:26 vpn pluto[1620]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 21:51:26 vpn pluto[1620]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 21:51:26 vpn pluto[1620]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 21:51:26 vpn pluto[1620]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 21:51:26 vpn pluto[1620]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:51:26 vpn pluto[1620]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 21:51:26 vpn pluto[1620]: Hash algorithms:
Nov 25 21:51:26 vpn pluto[1620]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 21:51:26 vpn pluto[1620]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 21:51:26 vpn pluto[1620]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 21:51:26 vpn pluto[1620]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 21:51:26 vpn pluto[1620]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 21:51:26 vpn pluto[1620]: PRF algorithms:
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 21:51:26 vpn pluto[1620]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 21:51:26 vpn pluto[1620]: Integrity algorithms:
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 21:51:26 vpn pluto[1620]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 21:51:26 vpn pluto[1620]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 21:51:26 vpn pluto[1620]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 21:51:26 vpn pluto[1620]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 21:51:26 vpn pluto[1620]: DH algorithms:
Nov 25 21:51:26 vpn pluto[1620]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 21:51:26 vpn pluto[1620]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 21:51:26 vpn pluto[1620]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 21:51:26 vpn pluto[1620]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 21:51:26 vpn pluto[1620]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 21:51:26 vpn pluto[1620]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 21:51:26 vpn pluto[1620]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 21:51:26 vpn pluto[1620]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 21:51:26 vpn pluto[1620]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 21:51:26 vpn pluto[1620]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 21:51:26 vpn pluto[1620]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 21:51:26 vpn pluto[1620]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 21:51:26 vpn pluto[1620]: testing CAMELLIA_CBC:
Nov 25 21:51:26 vpn pluto[1620]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:51:26 vpn pluto[1620]: testing AES_GCM_16:
Nov 25 21:51:26 vpn pluto[1620]:   empty string
Nov 25 21:51:26 vpn pluto[1620]:   one block
Nov 25 21:51:26 vpn pluto[1620]:   two blocks
Nov 25 21:51:26 vpn pluto[1620]:   two blocks with associated data
Nov 25 21:51:26 vpn pluto[1620]: testing AES_CTR:
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 21:51:26 vpn pluto[1620]: testing AES_CBC:
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 21:51:26 vpn pluto[1620]: testing AES_XCBC:
Nov 25 21:51:26 vpn pluto[1620]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 21:51:26 vpn pluto[1620]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 21:51:26 vpn pluto[1620]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 21:51:26 vpn pluto[1620]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 21:51:26 vpn pluto[1620]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 21:51:26 vpn pluto[1620]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 21:51:26 vpn pluto[1620]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 21:51:26 vpn pluto[1620]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 21:51:26 vpn pluto[1620]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 21:51:26 vpn pluto[1620]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 21:51:26 vpn pluto[1620]: testing HMAC_MD5:
Nov 25 21:51:26 vpn pluto[1620]:   RFC 2104: MD5_HMAC test 1
Nov 25 21:51:26 vpn pluto[1620]:   RFC 2104: MD5_HMAC test 2
Nov 25 21:51:26 vpn pluto[1620]:   RFC 2104: MD5_HMAC test 3
Nov 25 21:51:26 vpn pluto[1620]: 2 CPU cores online
Nov 25 21:51:26 vpn pluto[1620]: starting up 2 helper threads
Nov 25 21:51:26 vpn pluto[1620]: started thread for helper 0
Nov 25 21:51:26 vpn pluto[1620]: seccomp security for helper not supported
Nov 25 21:51:26 vpn pluto[1620]: started thread for helper 1
Nov 25 21:51:26 vpn pluto[1620]: seccomp security for helper not supported
Nov 25 21:51:26 vpn pluto[1620]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 21:51:26 vpn pluto[1620]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Nov 25 21:51:26 vpn pluto[1620]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 21:51:26 vpn pluto[1620]: watchdog: sending probes every 100 secs
Nov 25 21:51:26 vpn pluto[1620]: seccomp security not supported
Nov 25 21:51:26 vpn pluto[1620]: "l2tp-psk": added IKEv1 connection
Nov 25 21:51:26 vpn pluto[1620]: "xauth-psk": added IKEv1 connection
Nov 25 21:51:26 vpn pluto[1620]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 21:51:26 vpn pluto[1620]: "ikev2-cp": added IKEv2 connection
Nov 25 21:51:26 vpn pluto[1620]: listening for IKE messages
Nov 25 21:51:26 vpn pluto[1620]: Kernel supports NIC esp-hw-offload
Nov 25 21:51:26 vpn pluto[1620]: adding UDP interface ens160 192.168.10.19:500
Nov 25 21:51:26 vpn pluto[1620]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 21:51:26 vpn pluto[1620]: adding UDP interface lo 127.0.0.1:500
Nov 25 21:51:26 vpn pluto[1620]: adding UDP interface lo 127.0.0.1:4500
Nov 25 21:51:26 vpn pluto[1620]: forgetting secrets
Nov 25 21:51:26 vpn pluto[1620]: loading secrets from "/etc/ipsec.secrets"
Nov 25 21:53:40 vpn pluto[1620]: shutting down
Nov 25 21:53:40 vpn pluto[1620]: forgetting secrets
Nov 25 21:53:40 vpn pluto[1620]: shutting down interface lo 127.0.0.1:4500
Nov 25 21:53:40 vpn pluto[1620]: shutting down interface lo 127.0.0.1:500
Nov 25 21:53:40 vpn pluto[1620]: shutting down interface ens160 192.168.10.19:4500
Nov 25 21:53:40 vpn pluto[1620]: shutting down interface ens160 192.168.10.19:500
Nov 25 21:53:40 vpn pluto[1620]: leak detective found no leaks
Nov 25 21:53:40 vpn pluto[2242]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 25 21:53:40 vpn pluto[2242]: FIPS Mode: NO
Nov 25 21:53:40 vpn pluto[2242]: NSS crypto library initialized
Nov 25 21:53:40 vpn pluto[2242]: FIPS mode disabled for pluto daemon
Nov 25 21:53:40 vpn pluto[2242]: FIPS HMAC integrity support [disabled]
Nov 25 21:53:40 vpn pluto[2242]: libcap-ng support [enabled]
Nov 25 21:53:40 vpn pluto[2242]: Linux audit support [disabled]
Nov 25 21:53:40 vpn pluto[2242]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2242
Nov 25 21:53:40 vpn pluto[2242]: core dump dir: /run/pluto
Nov 25 21:53:40 vpn pluto[2242]: secrets file: /etc/ipsec.secrets
Nov 25 21:53:40 vpn pluto[2242]: leak-detective enabled
Nov 25 21:53:40 vpn pluto[2242]: NSS crypto [enabled]
Nov 25 21:53:40 vpn pluto[2242]: XAUTH PAM support [enabled]
Nov 25 21:53:40 vpn pluto[2242]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 25 21:53:40 vpn pluto[2242]: NAT-Traversal support  [enabled]
Nov 25 21:53:40 vpn pluto[2242]: Encryption algorithms:
Nov 25 21:53:40 vpn pluto[2242]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 25 21:53:40 vpn pluto[2242]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 25 21:53:40 vpn pluto[2242]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 25 21:53:40 vpn pluto[2242]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 25 21:53:40 vpn pluto[2242]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:53:40 vpn pluto[2242]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 25 21:53:40 vpn pluto[2242]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 25 21:53:40 vpn pluto[2242]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 25 21:53:40 vpn pluto[2242]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 25 21:53:40 vpn pluto[2242]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 25 21:53:40 vpn pluto[2242]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 25 21:53:40 vpn pluto[2242]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 25 21:53:40 vpn pluto[2242]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Nov 25 21:53:40 vpn pluto[2242]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 25 21:53:40 vpn pluto[2242]: Hash algorithms:
Nov 25 21:53:40 vpn pluto[2242]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Nov 25 21:53:40 vpn pluto[2242]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 25 21:53:40 vpn pluto[2242]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 25 21:53:40 vpn pluto[2242]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 25 21:53:40 vpn pluto[2242]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 25 21:53:40 vpn pluto[2242]: PRF algorithms:
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 25 21:53:40 vpn pluto[2242]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 25 21:53:40 vpn pluto[2242]: Integrity algorithms:
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 25 21:53:40 vpn pluto[2242]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Nov 25 21:53:40 vpn pluto[2242]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 25 21:53:40 vpn pluto[2242]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 25 21:53:40 vpn pluto[2242]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 25 21:53:40 vpn pluto[2242]: DH algorithms:
Nov 25 21:53:40 vpn pluto[2242]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 25 21:53:40 vpn pluto[2242]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 25 21:53:40 vpn pluto[2242]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 25 21:53:40 vpn pluto[2242]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 25 21:53:40 vpn pluto[2242]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 25 21:53:40 vpn pluto[2242]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 25 21:53:40 vpn pluto[2242]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 25 21:53:40 vpn pluto[2242]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 25 21:53:40 vpn pluto[2242]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 25 21:53:40 vpn pluto[2242]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 25 21:53:40 vpn pluto[2242]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 25 21:53:40 vpn pluto[2242]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 25 21:53:40 vpn pluto[2242]: testing CAMELLIA_CBC:
Nov 25 21:53:40 vpn pluto[2242]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Camellia: 16 bytes with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Camellia: 16 bytes with 256-bit key
Nov 25 21:53:40 vpn pluto[2242]: testing AES_GCM_16:
Nov 25 21:53:40 vpn pluto[2242]:   empty string
Nov 25 21:53:40 vpn pluto[2242]:   one block
Nov 25 21:53:40 vpn pluto[2242]:   two blocks
Nov 25 21:53:40 vpn pluto[2242]:   two blocks with associated data
Nov 25 21:53:40 vpn pluto[2242]: testing AES_CTR:
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 25 21:53:40 vpn pluto[2242]: testing AES_CBC:
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 25 21:53:40 vpn pluto[2242]: testing AES_XCBC:
Nov 25 21:53:40 vpn pluto[2242]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 25 21:53:40 vpn pluto[2242]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 25 21:53:40 vpn pluto[2242]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 25 21:53:40 vpn pluto[2242]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 25 21:53:40 vpn pluto[2242]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 25 21:53:40 vpn pluto[2242]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 25 21:53:40 vpn pluto[2242]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 25 21:53:40 vpn pluto[2242]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 25 21:53:40 vpn pluto[2242]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 25 21:53:40 vpn pluto[2242]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 25 21:53:40 vpn pluto[2242]: testing HMAC_MD5:
Nov 25 21:53:40 vpn pluto[2242]:   RFC 2104: MD5_HMAC test 1
Nov 25 21:53:40 vpn pluto[2242]:   RFC 2104: MD5_HMAC test 2
Nov 25 21:53:40 vpn pluto[2242]:   RFC 2104: MD5_HMAC test 3
Nov 25 21:53:40 vpn pluto[2242]: 2 CPU cores online
Nov 25 21:53:40 vpn pluto[2242]: starting up 2 helper threads
Nov 25 21:53:40 vpn pluto[2242]: started thread for helper 0
Nov 25 21:53:40 vpn pluto[2242]: seccomp security for helper not supported
Nov 25 21:53:40 vpn pluto[2242]: started thread for helper 1
Nov 25 21:53:40 vpn pluto[2242]: seccomp security for helper not supported
Nov 25 21:53:40 vpn pluto[2242]: using Linux xfrm kernel support code on #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021
Nov 25 21:53:40 vpn pluto[2242]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Nov 25 21:53:40 vpn pluto[2242]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 25 21:53:40 vpn pluto[2242]: watchdog: sending probes every 100 secs
Nov 25 21:53:40 vpn pluto[2242]: seccomp security not supported
Nov 25 21:53:40 vpn pluto[2242]: "l2tp-psk": failed to add IKEv1 connection: global ikev1-policy does not allow IKEv1 connections
Nov 25 21:53:40 vpn pluto[2242]: "xauth-psk": failed to add IKEv1 connection: global ikev1-policy does not allow IKEv1 connections
Nov 25 21:53:40 vpn pluto[2242]: "ikev2-cp": loaded private key matching left certificate 'mshome.cn'
Nov 25 21:53:40 vpn pluto[2242]: "ikev2-cp": added IKEv2 connection
Nov 25 21:53:40 vpn pluto[2242]: listening for IKE messages
Nov 25 21:53:40 vpn pluto[2242]: Kernel supports NIC esp-hw-offload
Nov 25 21:53:40 vpn pluto[2242]: adding UDP interface ens160 192.168.10.19:500
Nov 25 21:53:40 vpn pluto[2242]: adding UDP interface ens160 192.168.10.19:4500
Nov 25 21:53:40 vpn pluto[2242]: adding UDP interface lo 127.0.0.1:500
Nov 25 21:53:40 vpn pluto[2242]: adding UDP interface lo 127.0.0.1:4500
Nov 25 21:53:40 vpn pluto[2242]: forgetting secrets
Nov 25 21:53:40 vpn pluto[2242]: loading secrets from "/etc/ipsec.secrets"
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 21:55:47 vpn pluto[2242]: loading root certificate cache
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70 #1: reloaded private key matching left certificate 'mshome.cn'
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70 #1: switched from "ikev2-cp"[1] 170.219.41.70 to "ikev2-cp"
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[1] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70 #1: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 21:55:47 vpn pluto[2242]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 21:55:47 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0100a985 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 21:55:48 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0100a985 <0xae39c8a6 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=170.219.41.70:15226 DPD=active}
Nov 25 21:56:48 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Nov 25 21:56:49 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Nov 25 21:59:55 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70 #2: ESP traffic information: in=614KB out=2MB
Nov 25 21:59:55 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 247.496743s and NOT sending notification
Nov 25 21:59:55 vpn pluto[2242]: "ikev2-cp"[2] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70 #3: switched from "ikev2-cp"[3] 170.219.41.70 to "ikev2-cp"
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[3] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70 #3: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=00e87fc5 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 22:00:00 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70 #4: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x00e87fc5 <0xb3f3f8d0 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=170.219.41.70:15226 DPD=active}
Nov 25 22:00:07 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70 #4: ESP traffic information: in=509B out=409B
Nov 25 22:00:07 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70 #3: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 7.210107s and NOT sending notification
Nov 25 22:00:07 vpn pluto[2242]: "ikev2-cp"[4] 170.219.41.70: deleting connection instance with peer 170.219.41.70 {isakmp=#0/ipsec=#0}
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89 #5: switched from "ikev2-cp"[5] 171.228.117.89 to "ikev2-cp"
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[5] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89 #5: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:02:23 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0474f064 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 22:02:24 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89 #6: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0474f064 <0xcde1b527 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=171.228.117.89:62388 DPD=active}
Nov 25 22:02:30 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89 #6: ESP traffic information: in=6KB out=21KB
Nov 25 22:02:30 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89 #5: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 6.53234s and NOT sending notification
Nov 25 22:02:30 vpn pluto[2242]: "ikev2-cp"[6] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:07:23 vpn pluto[2242]: destroying root certificate cache
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89 #7: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89 #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89 #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 22:09:51 vpn pluto[2242]: loading root certificate cache
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89 #7: switched from "ikev2-cp"[7] 171.228.117.89 to "ikev2-cp"
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[7] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89 #7: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89 #8: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0f3b97ed chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 22:09:51 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89 #8: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0f3b97ed <0x7d38efb2 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=171.228.117.89:62496 DPD=active}
Nov 25 22:09:54 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89 #8: ESP traffic information: in=613B out=305B
Nov 25 22:09:54 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89 #7: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 3.370494s and NOT sending notification
Nov 25 22:09:54 vpn pluto[2242]: "ikev2-cp"[8] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:14:51 vpn pluto[2242]: destroying root certificate cache
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89 #9: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89 #9: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89 #9: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 22:17:29 vpn pluto[2242]: loading root certificate cache
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89 #9: switched from "ikev2-cp"[9] 171.228.117.89 to "ikev2-cp"
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[9] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89 #9: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89 #10: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0bb71ff5 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 22:17:29 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89 #10: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0bb71ff5 <0xccf5a178 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=171.228.117.89:62026 DPD=active}
Nov 25 22:17:32 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89 #10: ESP traffic information: in=304B out=186B
Nov 25 22:17:32 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89 #9: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.990037s and NOT sending notification
Nov 25 22:17:32 vpn pluto[2242]: "ikev2-cp"[10] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:22:29 vpn pluto[2242]: destroying root certificate cache
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89: local IKE proposals (IKE SA responder matching remote proposals): 
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89 #11: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89 #11: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89 #11: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Nov 25 22:27:21 vpn pluto[2242]: loading root certificate cache
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89 #11: switched from "ikev2-cp"[11] 171.228.117.89 to "ikev2-cp"
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[11] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89 #11: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@iphone' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89 #12: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0f0dfcf9 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Nov 25 22:27:21 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89 #12: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0f0dfcf9 <0x405f4f5a xfrm=AES_GCM_16_128-NONE NATOA=none NATD=171.228.117.89:62036 DPD=active}
Nov 25 22:28:04 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89 #12: ESP traffic information: in=35KB out=305KB
Nov 25 22:28:04 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89 #11: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 43.116231s and NOT sending notification
Nov 25 22:28:04 vpn pluto[2242]: "ikev2-cp"[12] 171.228.117.89: deleting connection instance with peer 171.228.117.89 {isakmp=#0/ipsec=#0}
Nov 25 22:32:21 vpn pluto[2242]: destroying root certificate cache

[ericshunhawk]

经过测试, iphone通过连wifi断开vpn之后立马再次连接没有问题, 只有在4G或者5G网络状态下有这个问题.

用tail -f /var/log/auth.log 查看日志的时候，断开连接显示deleting connection instance with peer，再次点击连接vpn，日志没有任何变化。

[ericshunhawk]

https://user-images.githubusercontent.com/18033606/143546261-cf706b47-66fb-4260-b1da-7660507e203f.mp4

这个录制的iphone视频可以参考，谢谢。

[hwdsl2]

@ericshunhawk 我觉得可能是你的 4G/5G 运营商的问题，不是 VPN 服务器的原因。我按照你上面的说明在 5G 网络下测试过了，无法重现此问题，断开后立即重新连接可以成功连接。另外你的日志里没有明显的错误。

[ericshunhawk]

@ericshunhawk 我觉得可能是你的 4G/5G 运营商的问题，不是 VPN 服务器的原因。我按照你上面的说明在 5G 网络下测试过了，无法重现此问题，断开后立即重新连接可以成功连接。另外你的日志里没有明显的错误。

谢谢