search

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.13k stars 6.31k forks source link

请问,如果服务器外网网络是动态DDNS,且在运行ikev2.sh时手动指定了域名 #1068

Closed ericshunhawk closed 2 years ago

ericshunhawk commented 2 years ago

任务列表

问题描述

问题1:如果服务器外网网络是动态DDNS,且在运行ikev2.sh时手动指定了域名,那么/etc/ipsec.d/ikev2.conf配置文件里面的leftid需要改为公网IP么?因为我是这是动态的IP地址,不定时变IP地址。

image

问题2:我之前问过这个问题#1054, 经过半个多月的测试,发现不管是wifi还是运营商4g 5g网络环境下,macos ios系统采用ikev2证书方式都会出现连上vpn之后手动断开连接,无法再次连接的情况,需要等待至少20分钟以后才能连上的情况。环境为esxi7.0安装的openwrt作为软路由在防火墙中映射500,4500,1701端口到虚拟机ubuntu20.04(未安装防火墙)。

root@vpn:~# service ipsec status ● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2021-12-17 11:59:52 CST; 22min ago Docs: man:ipsec(8) man:pluto(8) man:ipsec.conf(5) Process: 32144 ExecStartPre=/usr/local/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS) Process: 32147 ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS) Process: 32388 ExecStartPre=/usr/local/sbin/ipsec --checknss (code=exited, status=0/SUCCESS) Process: 32389 ExecStartPre=/usr/local/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS) Main PID: 32400 (pluto) Status: "Startup completed." Tasks: 3 (limit: 1071) Memory: 4.3M CGroup: /system.slice/ipsec.service └─32400 /usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork

Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200: 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200: 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200: 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200: 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=007b4d09 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x007b4d09 <0x6> Dec 17 12:02:50 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #2: ESP traffic information: in=1KB out=1KB Dec 17 12:02:50 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.429702s and NOT sending notification Dec 17 12:02:50 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200: deleting connection instance with peer 171.219.19.200 {isakmp=#0/ipsec=#0} Dec 17 12:07:47 vpn pluto[32400]: destroying root certificate cache

重现步骤 重现该 bug 的步骤:

  1. ...
  2. ...

期待的正确结果 简要地描述你期望的正确结果。

日志 检查日志及 VPN 状态,并添加错误日志以帮助解释该问题(如果适用)。

root@vpn:~# more syslog Dec 17 11:42:13 vpn xl2tpd[31622]: Stopping xl2tpd: xl2tpd. Dec 17 11:42:13 vpn xl2tpd[1688]: death_handler: Fatal signal 15 received Dec 17 11:42:13 vpn systemd[1]: xl2tpd.service: Succeeded. Dec 17 11:55:44 vpn xl2tpd[21909]: Not looking for kernel SAref support. Dec 17 11:55:44 vpn xl2tpd[21909]: Using l2tp kernel support. Dec 17 11:55:44 vpn xl2tpd[21894]: Starting xl2tpd: xl2tpd. Dec 17 11:55:44 vpn xl2tpd[21913]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:21913 Dec 17 11:55:44 vpn xl2tpd[21913]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Dec 17 11:55:44 vpn xl2tpd[21913]: Forked by Scott Balmos and David Stipp, (C) 2001 Dec 17 11:55:44 vpn xl2tpd[21913]: Inherited by Jeff McAdams, (C) 2002 Dec 17 11:55:44 vpn xl2tpd[21913]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Dec 17 11:55:44 vpn xl2tpd[21913]: Listening on IP address 0.0.0.0, port 1701 Dec 17 11:56:25 vpn xl2tpd[21913]: death_handler: Fatal signal 15 received Dec 17 11:56:25 vpn xl2tpd[27155]: Stopping xl2tpd: xl2tpd. Dec 17 11:56:25 vpn systemd[1]: xl2tpd.service: Succeeded. Dec 17 11:56:25 vpn xl2tpd[27165]: Not looking for kernel SAref support. Dec 17 11:56:25 vpn xl2tpd[27165]: Using l2tp kernel support. Dec 17 11:56:25 vpn xl2tpd[27161]: Starting xl2tpd: xl2tpd. Dec 17 11:56:25 vpn xl2tpd[27166]: xl2tpd version xl2tpd-1.3.12 started on vpn PID:27166 Dec 17 11:56:25 vpn xl2tpd[27166]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Dec 17 11:56:25 vpn xl2tpd[27166]: Forked by Scott Balmos and David Stipp, (C) 2001 Dec 17 11:56:25 vpn xl2tpd[27166]: Inherited by Jeff McAdams, (C) 2002 Dec 17 11:56:25 vpn xl2tpd[27166]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Dec 17 11:56:25 vpn xl2tpd[27166]: Listening on IP address 0.0.0.0, port 1701

服务器信息(请填写以下信息)

客户端信息(请填写以下信息)

其它信息 添加关于该 bug 的其它信息。

ericshunhawk commented 2 years ago 
Dec 15 10:35:38 vpn pluto[1731]: shutting down
Dec 15 10:35:38 vpn pluto[1731]: forgetting secrets
Dec 15 10:35:38 vpn pluto[1731]: shutting down interface lo 127.0.0.1:4500
Dec 15 10:35:38 vpn pluto[1731]: shutting down interface lo 127.0.0.1:500
Dec 15 10:35:38 vpn pluto[1731]: leak detective found no leaks
Dec 15 10:35:38 vpn pluto[184801]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 15 10:35:38 vpn pluto[184801]: FIPS Mode: NO
Dec 15 10:35:38 vpn pluto[184801]: NSS crypto library initialized
Dec 15 10:35:38 vpn pluto[184801]: FIPS mode disabled for pluto daemon
Dec 15 10:35:38 vpn pluto[184801]: FIPS HMAC integrity support [disabled]
Dec 15 10:35:38 vpn pluto[184801]: libcap-ng support [enabled]
Dec 15 10:35:38 vpn pluto[184801]: Linux audit support [disabled]
Dec 15 10:35:38 vpn pluto[184801]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:184801
Dec 15 10:35:38 vpn pluto[184801]: core dump dir: /run/pluto
Dec 15 10:35:38 vpn pluto[184801]: secrets file: /etc/ipsec.secrets
Dec 15 10:35:38 vpn pluto[184801]: leak-detective enabled
Dec 15 10:35:38 vpn pluto[184801]: NSS crypto [enabled]
Dec 15 10:35:38 vpn pluto[184801]: XAUTH PAM support [enabled]
Dec 15 10:35:38 vpn pluto[184801]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 15 10:35:38 vpn pluto[184801]: NAT-Traversal support  [enabled]
Dec 15 10:35:38 vpn pluto[184801]: Encryption algorithms:
Dec 15 10:35:38 vpn pluto[184801]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 15 10:35:38 vpn pluto[184801]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 15 10:35:38 vpn pluto[184801]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 15 10:35:38 vpn pluto[184801]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 15 10:35:38 vpn pluto[184801]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 15 10:35:38 vpn pluto[184801]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 15 10:35:38 vpn pluto[184801]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 15 10:35:38 vpn pluto[184801]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 15 10:35:38 vpn pluto[184801]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 15 10:35:38 vpn pluto[184801]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 15 10:35:38 vpn pluto[184801]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 15 10:35:38 vpn pluto[184801]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 15 10:35:38 vpn pluto[184801]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 15 10:35:38 vpn pluto[184801]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 15 10:35:38 vpn pluto[184801]: Hash algorithms:
Dec 15 10:35:38 vpn pluto[184801]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 15 10:35:38 vpn pluto[184801]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 15 10:35:38 vpn pluto[184801]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 15 10:35:38 vpn pluto[184801]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 15 10:35:38 vpn pluto[184801]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 15 10:35:38 vpn pluto[184801]: PRF algorithms:
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 15 10:35:38 vpn pluto[184801]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 15 10:35:38 vpn pluto[184801]: Integrity algorithms:
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 15 10:35:38 vpn pluto[184801]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 15 10:35:38 vpn pluto[184801]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 15 10:35:38 vpn pluto[184801]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 15 10:35:38 vpn pluto[184801]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 15 10:35:38 vpn pluto[184801]: DH algorithms:
Dec 15 10:35:38 vpn pluto[184801]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 15 10:35:38 vpn pluto[184801]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 15 10:35:38 vpn pluto[184801]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 15 10:35:38 vpn pluto[184801]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 15 10:35:38 vpn pluto[184801]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 15 10:35:38 vpn pluto[184801]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 15 10:35:38 vpn pluto[184801]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 15 10:35:38 vpn pluto[184801]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 15 10:35:38 vpn pluto[184801]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 15 10:35:38 vpn pluto[184801]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 15 10:35:38 vpn pluto[184801]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 15 10:35:38 vpn pluto[184801]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 15 10:35:38 vpn pluto[184801]: testing CAMELLIA_CBC:
Dec 15 10:35:38 vpn pluto[184801]:   Camellia: 16 bytes with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Camellia: 16 bytes with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Camellia: 16 bytes with 256-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Camellia: 16 bytes with 256-bit key
Dec 15 10:35:38 vpn pluto[184801]: testing AES_GCM_16:
Dec 15 10:35:38 vpn pluto[184801]:   empty string
Dec 15 10:35:38 vpn pluto[184801]:   one block
Dec 15 10:35:38 vpn pluto[184801]:   two blocks
Dec 15 10:35:38 vpn pluto[184801]:   two blocks with associated data
Dec 15 10:35:38 vpn pluto[184801]: testing AES_CTR:
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 15 10:35:38 vpn pluto[184801]: testing AES_CBC:
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 15 10:35:38 vpn pluto[184801]: testing AES_XCBC:
Dec 15 10:35:38 vpn pluto[184801]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 15 10:35:38 vpn pluto[184801]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 15 10:35:38 vpn pluto[184801]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 15 10:35:38 vpn pluto[184801]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
ericshunhawk commented 2 years ago 
Dec 15 10:35:38 vpn pluto[184801]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 15 10:35:38 vpn pluto[184801]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 15 10:35:38 vpn pluto[184801]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 15 10:35:38 vpn pluto[184801]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 15 10:35:38 vpn pluto[184801]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 15 10:35:38 vpn pluto[184801]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 15 10:35:38 vpn pluto[184801]: testing HMAC_MD5:
Dec 15 10:35:38 vpn pluto[184801]:   RFC 2104: MD5_HMAC test 1
Dec 15 10:35:38 vpn pluto[184801]:   RFC 2104: MD5_HMAC test 2
Dec 15 10:35:38 vpn pluto[184801]:   RFC 2104: MD5_HMAC test 3
Dec 15 10:35:38 vpn pluto[184801]: 2 CPU cores online
Dec 15 10:35:38 vpn pluto[184801]: starting up 2 helper threads
Dec 15 10:35:38 vpn pluto[184801]: started thread for helper 0
Dec 15 10:35:38 vpn pluto[184801]: started thread for helper 1
Dec 15 10:35:38 vpn pluto[184801]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 15 10:35:38 vpn pluto[184801]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 15 10:35:38 vpn pluto[184801]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 15 10:35:38 vpn pluto[184801]: watchdog: sending probes every 100 secs
Dec 15 10:35:38 vpn pluto[184801]: seccomp security not supported
Dec 15 10:35:38 vpn pluto[184801]: "l2tp-psk": added IKEv1 connection
Dec 15 10:35:38 vpn pluto[184801]: "xauth-psk": added IKEv1 connection
Dec 15 10:35:38 vpn pluto[184801]: "ikev2-cp": loaded private key matching left certificate 'hspage.cn'
Dec 15 10:35:38 vpn pluto[184801]: "ikev2-cp": added IKEv2 connection
Dec 15 10:35:38 vpn pluto[184801]: listening for IKE messages
Dec 15 10:35:38 vpn pluto[184801]: Kernel supports NIC esp-hw-offload
Dec 15 10:35:38 vpn pluto[184801]: adding UDP interface ens160 192.168.10.19:500
Dec 15 10:35:38 vpn pluto[184801]: adding UDP interface ens160 192.168.10.19:4500
Dec 15 10:35:38 vpn pluto[184801]: adding UDP interface lo 127.0.0.1:500
Dec 15 10:35:38 vpn pluto[184801]: adding UDP interface lo 127.0.0.1:4500
Dec 15 10:35:38 vpn pluto[184801]: adding UDP interface ens160 [fdb9:ae62:c2de:4:20c:29ff:febb:d119]:500
Dec 15 10:35:38 vpn pluto[184801]: forgetting secrets
Dec 15 10:35:38 vpn pluto[184801]: loading secrets from "/etc/ipsec.secrets"
Dec 15 10:35:38 vpn pluto[184801]: seccomp security for helper not supported
Dec 15 10:35:38 vpn pluto[184801]: seccomp security for helper not supported
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 15 10:36:34 vpn pluto[184801]: loading root certificate cache
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53 #1: reloaded private key matching left certificate 'hspage.cn'
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53 #1: switched from "ikev2-cp"[1] 171.218.43.53 to "ikev2-cp"
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[1] 171.218.43.53: deleting connection instance with peer 171.218.43.53 {isakmp=#0/ipsec=#0}
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@12pm' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 15 10:36:34 vpn pluto[184801]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=034e816b chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 15 10:36:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x034e816b <0x21305c0a xfrm=AES_GCM_16_128-NONE NATOA=none NATD=171.218.43.53:44650 DPD=active}
Dec 15 10:38:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 10:38:35 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 10:41:01 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 15 10:41:01 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:41:01 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:41:01 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:41:01 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:41:01 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 15 10:41:01 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121 #3: switched from "ikev2-cp"[3] 118.112.59.121 to "ikev2-cp"
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[3] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121 #3: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 15 10:41:02 vpn pluto[184801]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0c1fa301 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 15 10:41:02 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121 #4: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0c1fa301 <0x46e22d1c xfrm=AES_GCM_16_128-NONE NATOA=none NATD=118.112.59.121:15391 DPD=active}
Dec 15 10:46:02 vpn pluto[184801]: destroying root certificate cache
Dec 15 10:51:06 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121 #4: ESP traffic information: in=1MB out=38MB
Dec 15 10:51:06 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121 #3: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 604.598497s and NOT sending notification
Dec 15 10:51:06 vpn pluto[184801]: "ikev2-cp"[4] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 15 10:51:09 vpn pluto[184801]: loading root certificate cache
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121 #5: switched from "ikev2-cp"[5] 118.112.59.121 to "ikev2-cp"
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[5] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121 #5: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0c826551 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 15 10:51:09 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121 #6: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0c826551 <0x868702c5 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=118.112.59.121:15391 DPD=active}
Dec 15 10:55:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 10:56:09 vpn pluto[184801]: destroying root certificate cache
Dec 15 11:01:18 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121 #6: ESP traffic information: in=5MB out=59MB
Dec 15 11:01:18 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121 #5: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 609.504107s and NOT sending notification
Dec 15 11:01:18 vpn pluto[184801]: "ikev2-cp"[6] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 15 11:02:34 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 11:02:35 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 11:02:36 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 15 11:10:35 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 11:15:35 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 11:21:35 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 11:29:35 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 11:30:35 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 11:33:05 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 12:03:05 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 12:07:06 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 12:14:06 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 12:15:06 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:12:37 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:12:37 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 13:13:37 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:13:37 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 13:14:37 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:16:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:16:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 13:17:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:17:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 13:18:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:18:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 13:19:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:28:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:28:08 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 13:29:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:30:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:31:07 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 13:31:08 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 13:31:09 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 15 13:31:11 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec 15 13:31:15 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec 15 13:31:23 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec 15 13:31:39 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec 15 13:32:11 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: STATE_V2_ESTABLISHED_IKE_SA: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec 15 13:32:11 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: liveness action - clearing connection kind CK_INSTANCE
Dec 15 13:32:11 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #2: ESP traffic information: in=10MB out=588MB
Dec 15 13:32:11 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 10537.229954s and sending notification
Dec 15 13:32:11 vpn pluto[184801]: "ikev2-cp"[2] 171.218.43.53: deleting connection instance with peer 171.218.43.53 {isakmp=#0/ipsec=#0}
Dec 15 15:09:38 vpn pluto[184801]: "l2tp-psk"[1] 65.49.20.96 #7: responding to Main Mode from unknown peer 65.49.20.96:39710
Dec 15 15:09:38 vpn pluto[184801]: "l2tp-psk"[1] 65.49.20.96 #7: OAKLEY_CAST_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Dec 15 15:09:38 vpn pluto[184801]: "l2tp-psk"[1] 65.49.20.96 #7: no acceptable Oakley Transform
Dec 15 15:09:38 vpn pluto[184801]: "l2tp-psk"[1] 65.49.20.96 #7: sending notification NO_PROPOSAL_CHOSEN to 65.49.20.96:39710
Dec 15 15:35:32 vpn pluto[184801]: packet from 146.88.240.4:42039: dropping packet with mangled IKE header: 0-byte length of ISAKMP Message is smaller than minimum
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121 #8: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121 #8: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121 #8: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 15 16:09:32 vpn pluto[184801]: loading root certificate cache
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121 #8: switched from "ikev2-cp"[7] 118.112.59.121 to "ikev2-cp"
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[7] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #9: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=02e7e652 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 15 16:09:32 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #9: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x02e7e652 <0x85b04ccb xfrm=AES_GCM_16_128-NONE NATOA=none NATD=118.112.59.121:14082 DPD=active}
Dec 15 16:14:32 vpn pluto[184801]: destroying root certificate cache
Dec 15 18:23:05 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 15 18:23:05 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 15 18:23:06 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 15 18:23:08 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec 15 18:23:12 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec 15 18:23:20 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec 15 18:23:36 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec 15 18:24:08 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: STATE_V2_ESTABLISHED_IKE_SA: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec 15 18:24:08 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: liveness action - clearing connection kind CK_INSTANCE
Dec 15 18:24:08 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #9: ESP traffic information: in=2MB out=18MB
Dec 15 18:24:08 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121 #8: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 8076.448267s and sending notification
Dec 15 18:24:09 vpn pluto[184801]: "ikev2-cp"[8] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 15 19:07:15 vpn pluto[184801]: packet from 118.112.59.121:13765: INFORMATIONAL message request has no corresponding IKE SA
Dec 15 19:07:18 vpn pluto[184801]: message repeated 3 times: [ packet from 118.112.59.121:13765: INFORMATIONAL message request has no corresponding IKE SA]
Dec 15 19:07:19 vpn pluto[184801]: packet from 118.112.59.121:13765: INFORMATIONAL message request has no corresponding IKE SA
Dec 15 19:07:20 vpn pluto[184801]: packet from 118.112.59.121:13765: INFORMATIONAL message request has no corresponding IKE SA
Dec 15 20:48:25 vpn pluto[184801]: packet from 45.79.94.93:49881: dropping packet with mangled IKE header: exchange type of ISAKMP Message has an unknown value: 115 (0x73)
Dec 16 00:05:20 vpn pluto[184801]: packet from 183.136.225.14:50953: dropping packet with mangled IKE header: not enough room in input packet for ISAKMP Message (remain=0, sd->size=28)
Dec 16 02:08:23 vpn pluto[184801]: "l2tp-psk"[2] 103.139.213.232 #10: responding to Main Mode from unknown peer 103.139.213.232:65421
Dec 16 02:08:23 vpn pluto[184801]: "l2tp-psk"[2] 103.139.213.232 #10: unexpected Protocol ID (PROTO_RESERVED) found in Oakley Proposal
Dec 16 02:08:23 vpn pluto[184801]: "l2tp-psk"[2] 103.139.213.232 #10: sending notification INVALID_PROTOCOL_ID to 103.139.213.232:65421
Dec 16 04:01:24 vpn pluto[184801]: packet from 156.251.172.38:40295: dropping packet with mangled IKE header: not enough room in input packet for ISAKMP Message (remain=14, sd->size=28)
Dec 16 06:10:13 vpn pluto[184801]: packet from 183.136.225.14:8144: too small packet (0)
Dec 16 06:47:40 vpn pluto[184801]: packet from 183.136.225.42:17293: too small packet (0)
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59 #11: proposal 1 corruptproto ID of IKEv2 Proposal Substructure Payload has an unknown value: 0 (0x0)
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59 #11: partial list of remote proposals:  [corrupt-proposal]
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59 #11: responding to IKE_SA_INIT message (ID 0) from 8.142.80.59:45770 with unencrypted notification INVALID_SYNTAX
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59 #11: state transition 'Respond to IKE_SA_INIT' failed
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59 #11: deleting state (STATE_V2_PARENT_R0) aged 0.000795s and NOT sending notification
Dec 16 08:34:34 vpn pluto[184801]: "ikev2-cp"[9] 8.142.80.59: deleting connection instance with peer 8.142.80.59 {isakmp=#0/ipsec=#0}
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121 #12: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121 #12: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121 #12: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 10:17:35 vpn pluto[184801]: loading root certificate cache
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121 #12: switched from "ikev2-cp"[10] 118.112.59.121 to "ikev2-cp"
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[10] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 10:17:35 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #13: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0e143ab6 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 10:17:36 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #13: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0e143ab6 <0x69d3b37a xfrm=AES_GCM_16_128-NONE NATOA=none NATD=118.112.59.121:15843 DPD=active}
Dec 16 10:20:31 vpn pluto[184801]: "l2tp-psk"[1] 65.49.20.96 #7: discarding initial packet; already STATE_MAIN_R0
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202 #14: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202 #14: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202 #14: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202 #14: switched from "ikev2-cp"[12] 117.139.198.202 to "ikev2-cp"
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[12] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@12pm' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #15: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=07aa9eea chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 10:21:28 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #15: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x07aa9eea <0x29b66275 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=117.139.198.202:4500 DPD=active}
Dec 16 10:26:28 vpn pluto[184801]: destroying root certificate cache
Dec 16 11:41:29 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: received duplicate INFORMATIONAL message request (Message ID 9); retransmitting response
Dec 16 11:55:37 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 16 11:55:38 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 16 11:55:39 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 16 11:55:41 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec 16 11:55:45 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec 16 11:55:53 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec 16 11:56:09 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec 16 11:56:41 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: STATE_V2_ESTABLISHED_IKE_SA: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec 16 11:56:41 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: liveness action - clearing connection kind CK_INSTANCE
Dec 16 11:56:41 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #13: ESP traffic information: in=11MB out=263MB
Dec 16 11:56:41 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121 #12: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 5945.53925s and sending notification
Dec 16 11:56:41 vpn pluto[184801]: "ikev2-cp"[11] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 11:57:30 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 16 11:57:30 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 16 11:57:31 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 16 11:57:33 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec 16 11:57:37 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec 16 11:57:45 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec 16 11:58:01 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec 16 11:58:33 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: STATE_V2_ESTABLISHED_IKE_SA: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec 16 11:58:33 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: liveness action - clearing connection kind CK_INSTANCE
Dec 16 11:58:33 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #15: ESP traffic information: in=25MB out=671MB
Dec 16 11:58:33 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202 #14: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 5825.15358s and sending notification
Dec 16 11:58:33 vpn pluto[184801]: "ikev2-cp"[13] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 12:23:46 vpn pluto[184801]: packet from 118.112.59.121:12510: INFORMATIONAL message request has no corresponding IKE SA
Dec 16 12:23:49 vpn pluto[184801]: message repeated 3 times: [ packet from 118.112.59.121:12510: INFORMATIONAL message request has no corresponding IKE SA]
Dec 16 12:23:50 vpn pluto[184801]: packet from 118.112.59.121:12510: INFORMATIONAL message request has no corresponding IKE SA
Dec 16 12:23:51 vpn pluto[184801]: packet from 118.112.59.121:12510: INFORMATIONAL message request has no corresponding IKE SA
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202 #16: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202 #16: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202 #16: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 12:56:09 vpn pluto[184801]: loading root certificate cache
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202 #16: switched from "ikev2-cp"[14] 117.139.198.202 to "ikev2-cp"
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[14] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202 #16: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202 #17: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0e05e34c chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 12:56:09 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202 #17: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0e05e34c <0x2c8d9d88 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=117.139.198.202:4500 DPD=active}
Dec 16 13:01:09 vpn pluto[184801]: destroying root certificate cache
Dec 16 13:14:58 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202 #17: ESP traffic information: in=807KB out=6MB
Dec 16 13:14:58 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202 #16: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 1128.737631s and NOT sending notification
Dec 16 13:14:58 vpn pluto[184801]: "ikev2-cp"[15] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202 #18: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202 #18: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202 #18: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 13:15:01 vpn pluto[184801]: loading root certificate cache
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202 #18: switched from "ikev2-cp"[16] 117.139.198.202 to "ikev2-cp"
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[16] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #19: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=05e13e63 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 13:15:01 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #19: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x05e13e63 <0x0528b1cc xfrm=AES_GCM_16_128-NONE NATOA=none NATD=117.139.198.202:4500 DPD=active}
Dec 16 13:20:01 vpn pluto[184801]: destroying root certificate cache
Dec 16 13:33:31 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 16 13:33:32 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 16 13:33:33 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 16 13:33:35 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec 16 13:33:39 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec 16 13:33:47 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec 16 13:34:03 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec 16 13:34:35 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: STATE_V2_ESTABLISHED_IKE_SA: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec 16 13:34:35 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: liveness action - clearing connection kind CK_INSTANCE
Dec 16 13:34:35 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #19: ESP traffic information: in=6MB out=139MB
Dec 16 13:34:35 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202 #18: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 1174.373307s and sending notification
Dec 16 13:34:35 vpn pluto[184801]: "ikev2-cp"[17] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 14:01:34 vpn pluto[184801]: packet from 118.112.59.121:16080: INFORMATIONAL message request has no corresponding IKE SA
Dec 16 14:01:36 vpn pluto[184801]: message repeated 2 times: [ packet from 118.112.59.121:16080: INFORMATIONAL message request has no corresponding IKE SA]
Dec 16 14:01:37 vpn pluto[184801]: packet from 118.112.59.121:16080: INFORMATIONAL message request has no corresponding IKE SA
Dec 16 14:01:39 vpn pluto[184801]: message repeated 2 times: [ packet from 118.112.59.121:16080: INFORMATIONAL message request has no corresponding IKE SA]
Dec 16 15:42:04 vpn pluto[184801]: packet from 146.88.240.4:54623: dropping packet with mangled IKE header: 0-byte length of ISAKMP Message is smaller than minimum
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121 #20: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121 #20: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121 #20: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 17:28:08 vpn pluto[184801]: loading root certificate cache
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121 #20: switched from "ikev2-cp"[18] 118.112.59.121 to "ikev2-cp"
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[18] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #21: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=08e4c279 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 17:28:08 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #21: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x08e4c279 <0x5d70c264 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=118.112.59.121:16291 DPD=active}
Dec 16 17:30:09 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 16 17:30:09 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 16 17:30:10 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 16 17:30:12 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec 16 17:30:16 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec 16 17:30:24 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec 16 17:30:40 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec 16 17:31:12 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: STATE_V2_ESTABLISHED_IKE_SA: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec 16 17:31:12 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: liveness action - clearing connection kind CK_INSTANCE
Dec 16 17:31:12 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #21: ESP traffic information: in=1MB out=22MB
Dec 16 17:31:12 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121 #20: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 184.274407s and sending notification
Dec 16 17:31:12 vpn pluto[184801]: "ikev2-cp"[19] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 17:33:08 vpn pluto[184801]: destroying root certificate cache
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: responding to Main Mode from unknown peer 222.209.93.155:64105
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: Oakley Transform [3DES_CBC (192), HMAC_SHA1, MODP1024] refused
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: Oakley Transform [3DES_CBC (192), HMAC_MD5, MODP1024] refused
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: OAKLEY_DES_CBC(UNUSED) is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: no acceptable Oakley Transform
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: sending notification NO_PROPOSAL_CHOSEN to 222.209.93.155:64105
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: ERROR: asynchronous network error report on ens160 (192.168.10.19:500), complainant 222.209.93.155: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Dec 16 17:33:46 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: discarding initial packet; already STATE_MAIN_R0
Dec 16 17:34:12 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 17:34:12 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:34:12 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:34:12 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:34:12 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:34:12 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121 #23: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:34:12 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121 #23: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:34:12 vpn pluto[184801]: "l2tp-psk"[3] 222.209.93.155 #22: discarding initial packet; already STATE_MAIN_R0
Dec 16 17:37:11 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121 #24: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:37:11 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121 #24: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:37:32 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121 #23: deleting incomplete state after 200 seconds
Dec 16 17:37:32 vpn pluto[184801]: "ikev2-cp"[20] 118.112.59.121 #23: deleting state (STATE_V2_PARENT_R1) aged 200.015434s and NOT sending notification
Dec 16 17:37:46 vpn pluto[1245]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 16 17:37:46 vpn pluto[1245]: FIPS Mode: NO
Dec 16 17:37:46 vpn pluto[1245]: NSS crypto library initialized
Dec 16 17:37:46 vpn pluto[1245]: FIPS mode disabled for pluto daemon
Dec 16 17:37:46 vpn pluto[1245]: FIPS HMAC integrity support [disabled]
Dec 16 17:37:46 vpn pluto[1245]: libcap-ng support [enabled]
Dec 16 17:37:46 vpn pluto[1245]: Linux audit support [disabled]
Dec 16 17:37:46 vpn pluto[1245]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1245
Dec 16 17:37:46 vpn pluto[1245]: core dump dir: /run/pluto
Dec 16 17:37:46 vpn pluto[1245]: secrets file: /etc/ipsec.secrets
Dec 16 17:37:46 vpn pluto[1245]: leak-detective enabled
Dec 16 17:37:46 vpn pluto[1245]: NSS crypto [enabled]
Dec 16 17:37:46 vpn pluto[1245]: XAUTH PAM support [enabled]
Dec 16 17:37:46 vpn pluto[1245]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 16 17:37:46 vpn pluto[1245]: NAT-Traversal support  [enabled]
Dec 16 17:37:46 vpn pluto[1245]: Encryption algorithms:
Dec 16 17:37:46 vpn pluto[1245]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 16 17:37:46 vpn pluto[1245]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 16 17:37:46 vpn pluto[1245]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 16 17:37:46 vpn pluto[1245]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 16 17:37:46 vpn pluto[1245]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 17:37:46 vpn pluto[1245]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 16 17:37:46 vpn pluto[1245]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 16 17:37:46 vpn pluto[1245]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 16 17:37:46 vpn pluto[1245]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 16 17:37:46 vpn pluto[1245]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 16 17:37:46 vpn pluto[1245]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 16 17:37:46 vpn pluto[1245]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 16 17:37:46 vpn pluto[1245]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 17:37:46 vpn pluto[1245]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 16 17:37:46 vpn pluto[1245]: Hash algorithms:
Dec 16 17:37:46 vpn pluto[1245]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 16 17:37:46 vpn pluto[1245]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 16 17:37:46 vpn pluto[1245]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 16 17:37:46 vpn pluto[1245]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 16 17:37:46 vpn pluto[1245]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 16 17:37:46 vpn pluto[1245]: PRF algorithms:
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 16 17:37:46 vpn pluto[1245]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 16 17:37:46 vpn pluto[1245]: Integrity algorithms:
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 16 17:37:46 vpn pluto[1245]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 16 17:37:46 vpn pluto[1245]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 16 17:37:46 vpn pluto[1245]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 16 17:37:46 vpn pluto[1245]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 16 17:37:46 vpn pluto[1245]: DH algorithms:
Dec 16 17:37:46 vpn pluto[1245]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 16 17:37:46 vpn pluto[1245]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 16 17:37:46 vpn pluto[1245]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 16 17:37:46 vpn pluto[1245]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 16 17:37:46 vpn pluto[1245]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 16 17:37:46 vpn pluto[1245]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 16 17:37:46 vpn pluto[1245]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 16 17:37:46 vpn pluto[1245]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 16 17:37:46 vpn pluto[1245]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 16 17:37:46 vpn pluto[1245]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 16 17:37:46 vpn pluto[1245]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 16 17:37:46 vpn pluto[1245]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 16 17:37:46 vpn pluto[1245]: testing CAMELLIA_CBC:
Dec 16 17:37:46 vpn pluto[1245]:   Camellia: 16 bytes with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Camellia: 16 bytes with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Camellia: 16 bytes with 256-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Camellia: 16 bytes with 256-bit key
Dec 16 17:37:46 vpn pluto[1245]: testing AES_GCM_16:
Dec 16 17:37:46 vpn pluto[1245]:   empty string
Dec 16 17:37:46 vpn pluto[1245]:   one block
Dec 16 17:37:46 vpn pluto[1245]:   two blocks
ericshunhawk commented 2 years ago 
Dec 16 17:37:46 vpn pluto[1245]:   two blocks with associated data
Dec 16 17:37:46 vpn pluto[1245]: testing AES_CTR:
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 16 17:37:46 vpn pluto[1245]: testing AES_CBC:
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 16 17:37:46 vpn pluto[1245]: testing AES_XCBC:
Dec 16 17:37:46 vpn pluto[1245]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 16 17:37:46 vpn pluto[1245]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 16 17:37:46 vpn pluto[1245]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 16 17:37:46 vpn pluto[1245]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 16 17:37:46 vpn pluto[1245]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 16 17:37:46 vpn pluto[1245]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 16 17:37:46 vpn pluto[1245]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 16 17:37:46 vpn pluto[1245]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 16 17:37:46 vpn pluto[1245]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 16 17:37:46 vpn pluto[1245]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 16 17:37:46 vpn pluto[1245]: testing HMAC_MD5:
Dec 16 17:37:46 vpn pluto[1245]:   RFC 2104: MD5_HMAC test 1
Dec 16 17:37:46 vpn pluto[1245]:   RFC 2104: MD5_HMAC test 2
Dec 16 17:37:46 vpn pluto[1245]:   RFC 2104: MD5_HMAC test 3
Dec 16 17:37:46 vpn pluto[1245]: 2 CPU cores online
Dec 16 17:37:46 vpn pluto[1245]: starting up 2 helper threads
Dec 16 17:37:46 vpn pluto[1245]: started thread for helper 0
Dec 16 17:37:46 vpn pluto[1245]: started thread for helper 1
Dec 16 17:37:46 vpn pluto[1245]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 16 17:37:46 vpn pluto[1245]: seccomp security for helper not supported
Dec 16 17:37:46 vpn pluto[1245]: seccomp security for helper not supported
Dec 16 17:37:46 vpn pluto[1245]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 16 17:37:46 vpn pluto[1245]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 16 17:37:46 vpn pluto[1245]: watchdog: sending probes every 100 secs
Dec 16 17:37:46 vpn pluto[1245]: seccomp security not supported
Dec 16 17:37:46 vpn pluto[1245]: "l2tp-psk": added IKEv1 connection
Dec 16 17:37:46 vpn pluto[1245]: "xauth-psk": added IKEv1 connection
Dec 16 17:37:46 vpn pluto[1245]: "ikev2-cp": loaded private key matching left certificate 'hspage.cn'
Dec 16 17:37:46 vpn pluto[1245]: "ikev2-cp": added IKEv2 connection
Dec 16 17:37:46 vpn pluto[1245]: listening for IKE messages
Dec 16 17:37:46 vpn pluto[1245]: Kernel supports NIC esp-hw-offload
Dec 16 17:37:46 vpn pluto[1245]: adding UDP interface ens160 192.168.10.19:500
Dec 16 17:37:46 vpn pluto[1245]: adding UDP interface ens160 192.168.10.19:4500
Dec 16 17:37:46 vpn pluto[1245]: adding UDP interface lo 127.0.0.1:500
Dec 16 17:37:46 vpn pluto[1245]: adding UDP interface lo 127.0.0.1:4500
Dec 16 17:37:46 vpn pluto[1245]: forgetting secrets
Dec 16 17:37:46 vpn pluto[1245]: loading secrets from "/etc/ipsec.secrets"
Dec 16 17:38:00 vpn pluto[1245]: shutting down
Dec 16 17:38:00 vpn pluto[1245]: forgetting secrets
Dec 16 17:38:00 vpn pluto[1245]: shutting down interface lo 127.0.0.1:4500
Dec 16 17:38:00 vpn pluto[1245]: shutting down interface lo 127.0.0.1:500
Dec 16 17:38:00 vpn pluto[1245]: shutting down interface ens160 192.168.10.19:4500
Dec 16 17:38:00 vpn pluto[1245]: shutting down interface ens160 192.168.10.19:500
Dec 16 17:38:00 vpn pluto[1245]: leak detective found no leaks
Dec 16 17:38:00 vpn pluto[1666]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 16 17:38:00 vpn pluto[1666]: FIPS Mode: NO
Dec 16 17:38:00 vpn pluto[1666]: NSS crypto library initialized
Dec 16 17:38:00 vpn pluto[1666]: FIPS mode disabled for pluto daemon
Dec 16 17:38:00 vpn pluto[1666]: FIPS HMAC integrity support [disabled]
Dec 16 17:38:00 vpn pluto[1666]: libcap-ng support [enabled]
Dec 16 17:38:00 vpn pluto[1666]: Linux audit support [disabled]
Dec 16 17:38:00 vpn pluto[1666]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1666
Dec 16 17:38:00 vpn pluto[1666]: core dump dir: /run/pluto
Dec 16 17:38:00 vpn pluto[1666]: secrets file: /etc/ipsec.secrets
Dec 16 17:38:00 vpn pluto[1666]: leak-detective enabled
Dec 16 17:38:00 vpn pluto[1666]: NSS crypto [enabled]
Dec 16 17:38:00 vpn pluto[1666]: XAUTH PAM support [enabled]
Dec 16 17:38:00 vpn pluto[1666]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 16 17:38:00 vpn pluto[1666]: NAT-Traversal support  [enabled]
Dec 16 17:38:00 vpn pluto[1666]: Encryption algorithms:
Dec 16 17:38:00 vpn pluto[1666]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 16 17:38:00 vpn pluto[1666]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 16 17:38:00 vpn pluto[1666]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 16 17:38:00 vpn pluto[1666]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 16 17:38:00 vpn pluto[1666]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 17:38:00 vpn pluto[1666]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 16 17:38:00 vpn pluto[1666]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 16 17:38:00 vpn pluto[1666]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 16 17:38:00 vpn pluto[1666]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 16 17:38:00 vpn pluto[1666]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 16 17:38:00 vpn pluto[1666]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 16 17:38:00 vpn pluto[1666]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 16 17:38:00 vpn pluto[1666]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 17:38:00 vpn pluto[1666]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 16 17:38:00 vpn pluto[1666]: Hash algorithms:
Dec 16 17:38:00 vpn pluto[1666]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 16 17:38:00 vpn pluto[1666]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 16 17:38:00 vpn pluto[1666]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 16 17:38:00 vpn pluto[1666]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 16 17:38:00 vpn pluto[1666]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 16 17:38:00 vpn pluto[1666]: PRF algorithms:
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 16 17:38:00 vpn pluto[1666]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 16 17:38:00 vpn pluto[1666]: Integrity algorithms:
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 16 17:38:00 vpn pluto[1666]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 16 17:38:00 vpn pluto[1666]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 16 17:38:00 vpn pluto[1666]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 16 17:38:00 vpn pluto[1666]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 16 17:38:00 vpn pluto[1666]: DH algorithms:
Dec 16 17:38:00 vpn pluto[1666]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 16 17:38:00 vpn pluto[1666]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 16 17:38:00 vpn pluto[1666]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 16 17:38:00 vpn pluto[1666]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 16 17:38:00 vpn pluto[1666]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 16 17:38:00 vpn pluto[1666]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 16 17:38:00 vpn pluto[1666]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 16 17:38:00 vpn pluto[1666]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 16 17:38:00 vpn pluto[1666]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 16 17:38:00 vpn pluto[1666]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 16 17:38:00 vpn pluto[1666]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 16 17:38:00 vpn pluto[1666]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 16 17:38:00 vpn pluto[1666]: testing CAMELLIA_CBC:
Dec 16 17:38:00 vpn pluto[1666]:   Camellia: 16 bytes with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Camellia: 16 bytes with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Camellia: 16 bytes with 256-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Camellia: 16 bytes with 256-bit key
Dec 16 17:38:00 vpn pluto[1666]: testing AES_GCM_16:
Dec 16 17:38:00 vpn pluto[1666]:   empty string
Dec 16 17:38:00 vpn pluto[1666]:   one block
Dec 16 17:38:00 vpn pluto[1666]:   two blocks
Dec 16 17:38:00 vpn pluto[1666]:   two blocks with associated data
Dec 16 17:38:00 vpn pluto[1666]: testing AES_CTR:
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 16 17:38:00 vpn pluto[1666]: testing AES_CBC:
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 16 17:38:00 vpn pluto[1666]: testing AES_XCBC:
Dec 16 17:38:00 vpn pluto[1666]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 16 17:38:00 vpn pluto[1666]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 16 17:38:00 vpn pluto[1666]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 16 17:38:00 vpn pluto[1666]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 16 17:38:00 vpn pluto[1666]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 16 17:38:00 vpn pluto[1666]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 16 17:38:00 vpn pluto[1666]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 16 17:38:00 vpn pluto[1666]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 16 17:38:00 vpn pluto[1666]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 16 17:38:00 vpn pluto[1666]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 16 17:38:00 vpn pluto[1666]: testing HMAC_MD5:
Dec 16 17:38:00 vpn pluto[1666]:   RFC 2104: MD5_HMAC test 1
Dec 16 17:38:00 vpn pluto[1666]:   RFC 2104: MD5_HMAC test 2
Dec 16 17:38:00 vpn pluto[1666]:   RFC 2104: MD5_HMAC test 3
Dec 16 17:38:00 vpn pluto[1666]: 2 CPU cores online
Dec 16 17:38:00 vpn pluto[1666]: starting up 2 helper threads
Dec 16 17:38:00 vpn pluto[1666]: started thread for helper 0
Dec 16 17:38:00 vpn pluto[1666]: started thread for helper 1
Dec 16 17:38:00 vpn pluto[1666]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 16 17:38:00 vpn pluto[1666]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 16 17:38:00 vpn pluto[1666]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 16 17:38:00 vpn pluto[1666]: watchdog: sending probes every 100 secs
Dec 16 17:38:00 vpn pluto[1666]: seccomp security not supported
Dec 16 17:38:00 vpn pluto[1666]: "l2tp-psk": added IKEv1 connection
Dec 16 17:38:00 vpn pluto[1666]: "xauth-psk": added IKEv1 connection
Dec 16 17:38:00 vpn pluto[1666]: "ikev2-cp": loaded private key matching left certificate 'hspage.cn'
Dec 16 17:38:00 vpn pluto[1666]: "ikev2-cp": added IKEv2 connection
Dec 16 17:38:00 vpn pluto[1666]: listening for IKE messages
Dec 16 17:38:00 vpn pluto[1666]: Kernel supports NIC esp-hw-offload
Dec 16 17:38:00 vpn pluto[1666]: adding UDP interface ens160 192.168.10.19:500
Dec 16 17:38:00 vpn pluto[1666]: adding UDP interface ens160 192.168.10.19:4500
Dec 16 17:38:00 vpn pluto[1666]: adding UDP interface lo 127.0.0.1:500
Dec 16 17:38:00 vpn pluto[1666]: adding UDP interface lo 127.0.0.1:4500
Dec 16 17:38:00 vpn pluto[1666]: forgetting secrets
Dec 16 17:38:00 vpn pluto[1666]: loading secrets from "/etc/ipsec.secrets"
Dec 16 17:38:00 vpn pluto[1666]: seccomp security for helper not supported
Dec 16 17:38:00 vpn pluto[1666]: seccomp security for helper not supported
Dec 16 17:38:48 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 17:38:48 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:38:48 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:38:48 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:38:48 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:38:48 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:38:48 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202 #2: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202 #2: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 17:39:01 vpn pluto[1666]: loading root certificate cache
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202 #2: reloaded private key matching left certificate 'hspage.cn'
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202 #2: switched from "ikev2-cp"[2] 117.139.198.202 to "ikev2-cp"
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[2] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@12pm' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 17:39:01 vpn pluto[1666]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #3: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0abc5558 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 17:39:01 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #3: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0abc5558 <0x9ea52352 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=117.139.198.202:4500 DPD=active}
Dec 16 17:40:08 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #4: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:40:08 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #4: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:42:08 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #1: deleting incomplete state after 200 seconds
Dec 16 17:42:08 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #1: deleting state (STATE_V2_PARENT_R1) aged 200.009031s and NOT sending notification
Dec 16 17:43:10 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:43:10 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:43:28 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #4: deleting incomplete state after 200 seconds
Dec 16 17:43:28 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #4: deleting state (STATE_V2_PARENT_R1) aged 200.00665s and NOT sending notification
Dec 16 17:44:01 vpn pluto[1666]: destroying root certificate cache
Dec 16 17:46:07 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #6: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 17:46:07 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #6: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 17:46:30 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #5: deleting incomplete state after 200 seconds
Dec 16 17:46:30 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #5: deleting state (STATE_V2_PARENT_R1) aged 200.01293s and NOT sending notification
Dec 16 17:49:27 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #6: deleting incomplete state after 200 seconds
Dec 16 17:49:27 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121 #6: deleting state (STATE_V2_PARENT_R1) aged 200.008694s and NOT sending notification
Dec 16 17:49:27 vpn pluto[1666]: "ikev2-cp"[1] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121 #7: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121 #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121 #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 18:07:02 vpn pluto[1666]: loading root certificate cache
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121 #7: switched from "ikev2-cp"[4] 118.112.59.121 to "ikev2-cp"
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[4] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121 #7: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 18:07:02 vpn pluto[1666]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121 #8: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=074f8daf chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 18:07:02 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121 #8: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x074f8daf <0xb19afcb2 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=118.112.59.121:14162 DPD=active}
Dec 16 18:07:24 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121 #8: ESP traffic information: in=34KB out=73KB
Dec 16 18:07:24 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121 #7: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 22.803182s and NOT sending notification
Dec 16 18:07:24 vpn pluto[1666]: "ikev2-cp"[5] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 18:12:02 vpn pluto[1666]: destroying root certificate cache
Dec 16 18:21:02 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 16 18:21:02 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121 #9: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121 #9: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121 #9: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 18:21:28 vpn pluto[1666]: loading root certificate cache
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121 #9: switched from "ikev2-cp"[6] 118.112.59.121 to "ikev2-cp"
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[6] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121 #9: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@mbp' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121 #10: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0c4a4871 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 18:21:28 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121 #10: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0c4a4871 <0x578e2f15 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=118.112.59.121:13839 DPD=active}
Dec 16 18:21:30 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121 #10: ESP traffic information: in=14KB out=9KB
Dec 16 18:21:30 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121 #9: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.248968s and NOT sending notification
Dec 16 18:21:30 vpn pluto[1666]: "ikev2-cp"[7] 118.112.59.121: deleting connection instance with peer 118.112.59.121 {isakmp=#0/ipsec=#0}
Dec 16 18:26:02 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec 16 18:26:02 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec 16 18:26:03 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec 16 18:26:05 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec 16 18:26:09 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec 16 18:26:17 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec 16 18:26:28 vpn pluto[1666]: destroying root certificate cache
Dec 16 18:26:33 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec 16 18:27:05 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: STATE_V2_ESTABLISHED_IKE_SA: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec 16 18:27:05 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: liveness action - clearing connection kind CK_INSTANCE
Dec 16 18:27:05 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #3: ESP traffic information: in=3MB out=103MB
Dec 16 18:27:05 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202 #2: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2884.634626s and sending notification
Dec 16 18:27:05 vpn pluto[1666]: "ikev2-cp"[3] 117.139.198.202: deleting connection instance with peer 117.139.198.202 {isakmp=#0/ipsec=#0}
Dec 16 21:27:12 vpn pluto[1666]: shutting down
Dec 16 21:27:12 vpn pluto[1666]: forgetting secrets
Dec 16 21:27:12 vpn pluto[1666]: shutting down interface lo 127.0.0.1:4500
Dec 16 21:27:12 vpn pluto[1666]: shutting down interface lo 127.0.0.1:500
Dec 16 21:27:12 vpn pluto[1666]: shutting down interface ens160 192.168.10.19:4500
Dec 16 21:27:12 vpn pluto[1666]: shutting down interface ens160 192.168.10.19:500
Dec 16 21:27:12 vpn pluto[1666]: leak detective found no leaks
Dec 16 21:27:12 vpn pluto[9022]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 16 21:27:12 vpn pluto[9022]: FIPS Mode: NO
Dec 16 21:27:12 vpn pluto[9022]: NSS crypto library initialized
Dec 16 21:27:12 vpn pluto[9022]: FIPS mode disabled for pluto daemon
Dec 16 21:27:12 vpn pluto[9022]: FIPS HMAC integrity support [disabled]
Dec 16 21:27:12 vpn pluto[9022]: libcap-ng support [enabled]
Dec 16 21:27:12 vpn pluto[9022]: Linux audit support [disabled]
Dec 16 21:27:12 vpn pluto[9022]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:9022
Dec 16 21:27:12 vpn pluto[9022]: core dump dir: /run/pluto
Dec 16 21:27:12 vpn pluto[9022]: secrets file: /etc/ipsec.secrets
Dec 16 21:27:12 vpn pluto[9022]: leak-detective enabled
Dec 16 21:27:12 vpn pluto[9022]: NSS crypto [enabled]
Dec 16 21:27:12 vpn pluto[9022]: XAUTH PAM support [enabled]
Dec 16 21:27:12 vpn pluto[9022]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 16 21:27:12 vpn pluto[9022]: NAT-Traversal support  [enabled]
Dec 16 21:27:12 vpn pluto[9022]: Encryption algorithms:
Dec 16 21:27:12 vpn pluto[9022]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 16 21:27:12 vpn pluto[9022]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 16 21:27:12 vpn pluto[9022]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 16 21:27:12 vpn pluto[9022]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 16 21:27:12 vpn pluto[9022]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 21:27:12 vpn pluto[9022]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 16 21:27:12 vpn pluto[9022]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 16 21:27:12 vpn pluto[9022]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 16 21:27:12 vpn pluto[9022]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 16 21:27:12 vpn pluto[9022]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 16 21:27:12 vpn pluto[9022]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 16 21:27:12 vpn pluto[9022]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 16 21:27:12 vpn pluto[9022]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 21:27:12 vpn pluto[9022]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 16 21:27:12 vpn pluto[9022]: Hash algorithms:
Dec 16 21:27:12 vpn pluto[9022]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 16 21:27:12 vpn pluto[9022]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 16 21:27:12 vpn pluto[9022]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 16 21:27:12 vpn pluto[9022]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 16 21:27:12 vpn pluto[9022]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 16 21:27:12 vpn pluto[9022]: PRF algorithms:
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 16 21:27:12 vpn pluto[9022]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 16 21:27:12 vpn pluto[9022]: Integrity algorithms:
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 16 21:27:12 vpn pluto[9022]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 16 21:27:12 vpn pluto[9022]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 16 21:27:12 vpn pluto[9022]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 16 21:27:12 vpn pluto[9022]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 16 21:27:12 vpn pluto[9022]: DH algorithms:
Dec 16 21:27:12 vpn pluto[9022]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 16 21:27:12 vpn pluto[9022]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 16 21:27:12 vpn pluto[9022]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 16 21:27:12 vpn pluto[9022]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 16 21:27:12 vpn pluto[9022]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 16 21:27:12 vpn pluto[9022]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 16 21:27:12 vpn pluto[9022]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 16 21:27:12 vpn pluto[9022]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 16 21:27:12 vpn pluto[9022]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 16 21:27:12 vpn pluto[9022]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 16 21:27:12 vpn pluto[9022]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 16 21:27:12 vpn pluto[9022]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 16 21:27:12 vpn pluto[9022]: testing CAMELLIA_CBC:
Dec 16 21:27:12 vpn pluto[9022]:   Camellia: 16 bytes with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Camellia: 16 bytes with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Camellia: 16 bytes with 256-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Camellia: 16 bytes with 256-bit key
Dec 16 21:27:12 vpn pluto[9022]: testing AES_GCM_16:
Dec 16 21:27:12 vpn pluto[9022]:   empty string
Dec 16 21:27:12 vpn pluto[9022]:   one block
Dec 16 21:27:12 vpn pluto[9022]:   two blocks
Dec 16 21:27:12 vpn pluto[9022]:   two blocks with associated data
Dec 16 21:27:12 vpn pluto[9022]: testing AES_CTR:
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 16 21:27:12 vpn pluto[9022]: testing AES_CBC:
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 16 21:27:12 vpn pluto[9022]: testing AES_XCBC:
Dec 16 21:27:12 vpn pluto[9022]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 16 21:27:12 vpn pluto[9022]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 16 21:27:12 vpn pluto[9022]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 16 21:27:12 vpn pluto[9022]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 16 21:27:12 vpn pluto[9022]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 16 21:27:12 vpn pluto[9022]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 16 21:27:12 vpn pluto[9022]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 16 21:27:12 vpn pluto[9022]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 16 21:27:12 vpn pluto[9022]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 16 21:27:12 vpn pluto[9022]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 16 21:27:12 vpn pluto[9022]: testing HMAC_MD5:
Dec 16 21:27:12 vpn pluto[9022]:   RFC 2104: MD5_HMAC test 1
Dec 16 21:27:12 vpn pluto[9022]:   RFC 2104: MD5_HMAC test 2
Dec 16 21:27:12 vpn pluto[9022]:   RFC 2104: MD5_HMAC test 3
Dec 16 21:27:12 vpn pluto[9022]: 2 CPU cores online
Dec 16 21:27:12 vpn pluto[9022]: starting up 2 helper threads
Dec 16 21:27:12 vpn pluto[9022]: started thread for helper 0
Dec 16 21:27:12 vpn pluto[9022]: started thread for helper 1
Dec 16 21:27:12 vpn pluto[9022]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 16 21:27:12 vpn pluto[9022]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 16 21:27:12 vpn pluto[9022]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 16 21:27:12 vpn pluto[9022]: watchdog: sending probes every 100 secs
Dec 16 21:27:12 vpn pluto[9022]: seccomp security not supported
Dec 16 21:27:12 vpn pluto[9022]: "l2tp-psk": added IKEv1 connection
Dec 16 21:27:12 vpn pluto[9022]: "xauth-psk": added IKEv1 connection
Dec 16 21:27:12 vpn pluto[9022]: "ikev2-cp": loaded private key matching left certificate 'hspage.cn'
Dec 16 21:27:12 vpn pluto[9022]: "ikev2-cp": added IKEv2 connection
Dec 16 21:27:12 vpn pluto[9022]: listening for IKE messages
Dec 16 21:27:12 vpn pluto[9022]: Kernel supports NIC esp-hw-offload
Dec 16 21:27:12 vpn pluto[9022]: adding UDP interface ens160 192.168.10.19:500
Dec 16 21:27:12 vpn pluto[9022]: adding UDP interface ens160 192.168.10.19:4500
Dec 16 21:27:12 vpn pluto[9022]: adding UDP interface lo 127.0.0.1:500
Dec 16 21:27:12 vpn pluto[9022]: adding UDP interface lo 127.0.0.1:4500
Dec 16 21:27:12 vpn pluto[9022]: forgetting secrets
Dec 16 21:27:12 vpn pluto[9022]: loading secrets from "/etc/ipsec.secrets"
Dec 16 21:27:12 vpn pluto[9022]: seccomp security for helper not supported
Dec 16 21:27:12 vpn pluto[9022]: seccomp security for helper not supported
Dec 16 21:27:28 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 16 21:27:28 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 21:27:28 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 21:27:28 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 21:27:28 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 16 21:27:28 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 16 21:27:28 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 16 21:27:29 vpn pluto[9022]: loading root certificate cache
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254 #1: reloaded private key matching left certificate 'hspage.cn'
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254 #1: switched from "ikev2-cp"[1] 171.218.112.254 to "ikev2-cp"
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[1] 171.218.112.254: deleting connection instance with peer 171.218.112.254 {isakmp=#0/ipsec=#0}
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254 #1: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@12pm' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 16 21:27:29 vpn pluto[9022]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
ericshunhawk commented 2 years ago 
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0b292104 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 16 21:27:29 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0b292104 <0x77117e8a xfrm=AES_GCM_16_128-NONE NATOA=none NATD=171.218.112.254:41940 DPD=active}
Dec 16 21:27:30 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254 #2: ESP traffic information: in=16KB out=9KB
Dec 16 21:27:30 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.004431s and NOT sending notification
Dec 16 21:27:30 vpn pluto[9022]: "ikev2-cp"[2] 171.218.112.254: deleting connection instance with peer 171.218.112.254 {isakmp=#0/ipsec=#0}
Dec 16 21:32:29 vpn pluto[9022]: destroying root certificate cache
Dec 16 22:56:40 vpn pluto[9022]: shutting down
Dec 16 22:56:40 vpn pluto[9022]: forgetting secrets
Dec 16 22:56:40 vpn pluto[9022]: shutting down interface lo 127.0.0.1:4500
Dec 16 22:56:40 vpn pluto[9022]: shutting down interface lo 127.0.0.1:500
Dec 16 22:56:40 vpn pluto[9022]: shutting down interface ens160 192.168.10.19:4500
Dec 16 22:56:40 vpn pluto[9022]: shutting down interface ens160 192.168.10.19:500
Dec 16 22:56:40 vpn pluto[9022]: leak detective found no leaks
Dec 16 22:56:40 vpn pluto[11536]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 16 22:56:40 vpn pluto[11536]: FIPS Mode: NO
Dec 16 22:56:40 vpn pluto[11536]: NSS crypto library initialized
Dec 16 22:56:40 vpn pluto[11536]: FIPS mode disabled for pluto daemon
Dec 16 22:56:40 vpn pluto[11536]: FIPS HMAC integrity support [disabled]
Dec 16 22:56:40 vpn pluto[11536]: libcap-ng support [enabled]
Dec 16 22:56:40 vpn pluto[11536]: Linux audit support [disabled]
Dec 16 22:56:40 vpn pluto[11536]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11536
Dec 16 22:56:40 vpn pluto[11536]: core dump dir: /run/pluto
Dec 16 22:56:40 vpn pluto[11536]: secrets file: /etc/ipsec.secrets
Dec 16 22:56:40 vpn pluto[11536]: leak-detective enabled
Dec 16 22:56:40 vpn pluto[11536]: NSS crypto [enabled]
Dec 16 22:56:40 vpn pluto[11536]: XAUTH PAM support [enabled]
Dec 16 22:56:40 vpn pluto[11536]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 16 22:56:40 vpn pluto[11536]: NAT-Traversal support  [enabled]
Dec 16 22:56:40 vpn pluto[11536]: Encryption algorithms:
Dec 16 22:56:40 vpn pluto[11536]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 16 22:56:40 vpn pluto[11536]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 16 22:56:40 vpn pluto[11536]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 16 22:56:40 vpn pluto[11536]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 16 22:56:40 vpn pluto[11536]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 22:56:40 vpn pluto[11536]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 16 22:56:40 vpn pluto[11536]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 16 22:56:40 vpn pluto[11536]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 16 22:56:40 vpn pluto[11536]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 16 22:56:40 vpn pluto[11536]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 16 22:56:40 vpn pluto[11536]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 16 22:56:40 vpn pluto[11536]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 16 22:56:40 vpn pluto[11536]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 22:56:40 vpn pluto[11536]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 16 22:56:40 vpn pluto[11536]: Hash algorithms:
Dec 16 22:56:40 vpn pluto[11536]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 16 22:56:40 vpn pluto[11536]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 16 22:56:40 vpn pluto[11536]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 16 22:56:40 vpn pluto[11536]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 16 22:56:40 vpn pluto[11536]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 16 22:56:40 vpn pluto[11536]: PRF algorithms:
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 16 22:56:40 vpn pluto[11536]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 16 22:56:40 vpn pluto[11536]: Integrity algorithms:
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 16 22:56:40 vpn pluto[11536]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 16 22:56:40 vpn pluto[11536]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 16 22:56:40 vpn pluto[11536]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 16 22:56:40 vpn pluto[11536]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 16 22:56:40 vpn pluto[11536]: DH algorithms:
Dec 16 22:56:40 vpn pluto[11536]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 16 22:56:40 vpn pluto[11536]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 16 22:56:40 vpn pluto[11536]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 16 22:56:40 vpn pluto[11536]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 16 22:56:40 vpn pluto[11536]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 16 22:56:40 vpn pluto[11536]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 16 22:56:40 vpn pluto[11536]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 16 22:56:40 vpn pluto[11536]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 16 22:56:40 vpn pluto[11536]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 16 22:56:40 vpn pluto[11536]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 16 22:56:40 vpn pluto[11536]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 16 22:56:40 vpn pluto[11536]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 16 22:56:40 vpn pluto[11536]: testing CAMELLIA_CBC:
Dec 16 22:56:40 vpn pluto[11536]:   Camellia: 16 bytes with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Camellia: 16 bytes with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Camellia: 16 bytes with 256-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Camellia: 16 bytes with 256-bit key
Dec 16 22:56:40 vpn pluto[11536]: testing AES_GCM_16:
Dec 16 22:56:40 vpn pluto[11536]:   empty string
Dec 16 22:56:40 vpn pluto[11536]:   one block
Dec 16 22:56:40 vpn pluto[11536]:   two blocks
Dec 16 22:56:40 vpn pluto[11536]:   two blocks with associated data
Dec 16 22:56:40 vpn pluto[11536]: testing AES_CTR:
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 16 22:56:40 vpn pluto[11536]: testing AES_CBC:
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 16 22:56:40 vpn pluto[11536]: testing AES_XCBC:
Dec 16 22:56:40 vpn pluto[11536]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 16 22:56:40 vpn pluto[11536]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 16 22:56:40 vpn pluto[11536]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 16 22:56:40 vpn pluto[11536]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 16 22:56:40 vpn pluto[11536]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 16 22:56:40 vpn pluto[11536]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 16 22:56:40 vpn pluto[11536]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 16 22:56:40 vpn pluto[11536]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 16 22:56:40 vpn pluto[11536]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 16 22:56:40 vpn pluto[11536]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 16 22:56:40 vpn pluto[11536]: testing HMAC_MD5:
Dec 16 22:56:40 vpn pluto[11536]:   RFC 2104: MD5_HMAC test 1
Dec 16 22:56:40 vpn pluto[11536]:   RFC 2104: MD5_HMAC test 2
Dec 16 22:56:40 vpn pluto[11536]:   RFC 2104: MD5_HMAC test 3
Dec 16 22:56:40 vpn pluto[11536]: 2 CPU cores online
Dec 16 22:56:40 vpn pluto[11536]: starting up 2 helper threads
Dec 16 22:56:40 vpn pluto[11536]: started thread for helper 0
Dec 16 22:56:40 vpn pluto[11536]: seccomp security for helper not supported
Dec 16 22:56:40 vpn pluto[11536]: started thread for helper 1
Dec 16 22:56:40 vpn pluto[11536]: seccomp security for helper not supported
Dec 16 22:56:40 vpn pluto[11536]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 16 22:56:40 vpn pluto[11536]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 16 22:56:40 vpn pluto[11536]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 16 22:56:40 vpn pluto[11536]: watchdog: sending probes every 100 secs
Dec 16 22:56:40 vpn pluto[11536]: seccomp security not supported
Dec 16 22:56:40 vpn pluto[11536]: "l2tp-psk": added IKEv1 connection
Dec 16 22:56:40 vpn pluto[11536]: "xauth-psk": added IKEv1 connection
Dec 16 22:56:40 vpn pluto[11536]: "ikev2-cp": failed to add connection: new addresspool 192.168.43.10-192.168.43.20 INEXACTLY OVERLAPS with existing one 192.168.43.10-192.168.43.250.
Dec 16 22:56:40 vpn pluto[11536]: listening for IKE messages
Dec 16 22:56:40 vpn pluto[11536]: Kernel supports NIC esp-hw-offload
Dec 16 22:56:40 vpn pluto[11536]: adding UDP interface ens160 192.168.10.19:500
Dec 16 22:56:40 vpn pluto[11536]: adding UDP interface ens160 192.168.10.19:4500
Dec 16 22:56:40 vpn pluto[11536]: adding UDP interface lo 127.0.0.1:500
Dec 16 22:56:40 vpn pluto[11536]: adding UDP interface lo 127.0.0.1:4500
Dec 16 22:56:40 vpn pluto[11536]: loading secrets from "/etc/ipsec.secrets"
Dec 16 22:56:59 vpn pluto[11536]: packet from 171.218.112.254:41794: ISAKMP_v2_IKE_SA_INIT message received on 192.168.10.19:500 but no suitable connection found with IKEv2 policy
Dec 16 22:56:59 vpn pluto[11536]: packet from 171.218.112.254:41794: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN
Dec 16 22:58:30 vpn pluto[11536]: shutting down
Dec 16 22:58:30 vpn pluto[11536]: forgetting secrets
Dec 16 22:58:30 vpn pluto[11536]: shutting down interface lo 127.0.0.1:4500
Dec 16 22:58:30 vpn pluto[11536]: shutting down interface lo 127.0.0.1:500
Dec 16 22:58:30 vpn pluto[11536]: shutting down interface ens160 192.168.10.19:4500
Dec 16 22:58:30 vpn pluto[11536]: shutting down interface ens160 192.168.10.19:500
Dec 16 22:58:30 vpn pluto[11536]: leak detective found no leaks
Dec 16 22:58:31 vpn pluto[11860]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 16 22:58:31 vpn pluto[11860]: FIPS Mode: NO
Dec 16 22:58:31 vpn pluto[11860]: NSS crypto library initialized
Dec 16 22:58:31 vpn pluto[11860]: FIPS mode disabled for pluto daemon
Dec 16 22:58:31 vpn pluto[11860]: FIPS HMAC integrity support [disabled]
Dec 16 22:58:31 vpn pluto[11860]: libcap-ng support [enabled]
Dec 16 22:58:31 vpn pluto[11860]: Linux audit support [disabled]
Dec 16 22:58:31 vpn pluto[11860]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11860
Dec 16 22:58:31 vpn pluto[11860]: core dump dir: /run/pluto
Dec 16 22:58:31 vpn pluto[11860]: secrets file: /etc/ipsec.secrets
Dec 16 22:58:31 vpn pluto[11860]: leak-detective enabled
Dec 16 22:58:31 vpn pluto[11860]: NSS crypto [enabled]
Dec 16 22:58:31 vpn pluto[11860]: XAUTH PAM support [enabled]
Dec 16 22:58:31 vpn pluto[11860]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 16 22:58:31 vpn pluto[11860]: NAT-Traversal support  [enabled]
Dec 16 22:58:31 vpn pluto[11860]: Encryption algorithms:
Dec 16 22:58:31 vpn pluto[11860]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 16 22:58:31 vpn pluto[11860]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 16 22:58:31 vpn pluto[11860]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 16 22:58:31 vpn pluto[11860]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 16 22:58:31 vpn pluto[11860]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 22:58:31 vpn pluto[11860]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 16 22:58:31 vpn pluto[11860]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 16 22:58:31 vpn pluto[11860]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 16 22:58:31 vpn pluto[11860]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 16 22:58:31 vpn pluto[11860]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 16 22:58:31 vpn pluto[11860]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 16 22:58:31 vpn pluto[11860]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 16 22:58:31 vpn pluto[11860]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 16 22:58:31 vpn pluto[11860]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 16 22:58:31 vpn pluto[11860]: Hash algorithms:
Dec 16 22:58:31 vpn pluto[11860]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 16 22:58:31 vpn pluto[11860]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 16 22:58:31 vpn pluto[11860]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 16 22:58:31 vpn pluto[11860]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 16 22:58:31 vpn pluto[11860]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 16 22:58:31 vpn pluto[11860]: PRF algorithms:
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 16 22:58:31 vpn pluto[11860]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 16 22:58:31 vpn pluto[11860]: Integrity algorithms:
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 16 22:58:31 vpn pluto[11860]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 16 22:58:31 vpn pluto[11860]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 16 22:58:31 vpn pluto[11860]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 16 22:58:31 vpn pluto[11860]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 16 22:58:31 vpn pluto[11860]: DH algorithms:
Dec 16 22:58:31 vpn pluto[11860]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 16 22:58:31 vpn pluto[11860]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 16 22:58:31 vpn pluto[11860]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 16 22:58:31 vpn pluto[11860]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 16 22:58:31 vpn pluto[11860]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 16 22:58:31 vpn pluto[11860]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 16 22:58:31 vpn pluto[11860]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 16 22:58:31 vpn pluto[11860]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 16 22:58:31 vpn pluto[11860]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 16 22:58:31 vpn pluto[11860]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 16 22:58:31 vpn pluto[11860]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 16 22:58:31 vpn pluto[11860]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 16 22:58:31 vpn pluto[11860]: testing CAMELLIA_CBC:
Dec 16 22:58:31 vpn pluto[11860]:   Camellia: 16 bytes with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Camellia: 16 bytes with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Camellia: 16 bytes with 256-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Camellia: 16 bytes with 256-bit key
Dec 16 22:58:31 vpn pluto[11860]: testing AES_GCM_16:
Dec 16 22:58:31 vpn pluto[11860]:   empty string
Dec 16 22:58:31 vpn pluto[11860]:   one block
Dec 16 22:58:31 vpn pluto[11860]:   two blocks
Dec 16 22:58:31 vpn pluto[11860]:   two blocks with associated data
Dec 16 22:58:31 vpn pluto[11860]: testing AES_CTR:
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 16 22:58:31 vpn pluto[11860]: testing AES_CBC:
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 16 22:58:31 vpn pluto[11860]: testing AES_XCBC:
Dec 16 22:58:31 vpn pluto[11860]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 16 22:58:31 vpn pluto[11860]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 16 22:58:31 vpn pluto[11860]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 16 22:58:31 vpn pluto[11860]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 16 22:58:31 vpn pluto[11860]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 16 22:58:31 vpn pluto[11860]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 16 22:58:31 vpn pluto[11860]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 16 22:58:31 vpn pluto[11860]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 16 22:58:31 vpn pluto[11860]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 16 22:58:31 vpn pluto[11860]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 16 22:58:31 vpn pluto[11860]: testing HMAC_MD5:
Dec 16 22:58:31 vpn pluto[11860]:   RFC 2104: MD5_HMAC test 1
Dec 16 22:58:31 vpn pluto[11860]:   RFC 2104: MD5_HMAC test 2
Dec 16 22:58:31 vpn pluto[11860]:   RFC 2104: MD5_HMAC test 3
Dec 16 22:58:31 vpn pluto[11860]: 2 CPU cores online
Dec 16 22:58:31 vpn pluto[11860]: starting up 2 helper threads
Dec 16 22:58:31 vpn pluto[11860]: started thread for helper 0
Dec 16 22:58:31 vpn pluto[11860]: started thread for helper 1
Dec 16 22:58:31 vpn pluto[11860]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 16 22:58:31 vpn pluto[11860]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 16 22:58:31 vpn pluto[11860]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 16 22:58:31 vpn pluto[11860]: watchdog: sending probes every 100 secs
Dec 16 22:58:31 vpn pluto[11860]: seccomp security not supported
Dec 16 22:58:31 vpn pluto[11860]: seccomp security for helper not supported
Dec 16 22:58:31 vpn pluto[11860]: seccomp security for helper not supported
Dec 16 22:58:31 vpn pluto[11860]: "l2tp-psk": added IKEv1 connection
Dec 16 22:58:31 vpn pluto[11860]: "xauth-psk": added IKEv1 connection
Dec 16 22:58:31 vpn pluto[11860]: "ikev2-cp": failed to add connection: new addresspool 192.168.43.10-192.168.43.20 INEXACTLY OVERLAPS with existing one 192.168.43.10-192.168.43.250.
Dec 16 22:58:31 vpn pluto[11860]: listening for IKE messages
Dec 16 22:58:31 vpn pluto[11860]: Kernel supports NIC esp-hw-offload
Dec 16 22:58:31 vpn pluto[11860]: adding UDP interface ens160 192.168.10.19:500
Dec 16 22:58:31 vpn pluto[11860]: adding UDP interface ens160 192.168.10.19:4500
Dec 16 22:58:31 vpn pluto[11860]: adding UDP interface lo 127.0.0.1:500
Dec 16 22:58:31 vpn pluto[11860]: adding UDP interface lo 127.0.0.1:4500
Dec 16 22:58:31 vpn pluto[11860]: loading secrets from "/etc/ipsec.secrets"
Dec 16 23:09:56 vpn pluto[11860]: packet from 14.1.112.177:38376: dropping packet with mangled IKE header: not enough room in input packet for ISAKMP Message (remain=17, sd->size=28)
Dec 16 23:09:56 vpn pluto[11860]: packet from 14.1.112.177:38376: dropping packet with mangled IKE header: not enough room in input packet for ISAKMP Message (remain=17, sd->size=28)
Dec 16 23:36:18 vpn pluto[11860]: packet from 171.218.112.254:41948: ISAKMP_v2_IKE_SA_INIT message received on 192.168.10.19:500 but no suitable connection found with IKEv2 policy
Dec 16 23:36:18 vpn pluto[11860]: packet from 171.218.112.254:41948: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN
Dec 17 03:01:00 vpn pluto[11860]: packet from 71.6.231.83:57239: ISAKMP_v2_IKE_SA_INIT message received on 192.168.10.19:500 but no suitable connection found with IKEv2 policy
Dec 17 03:01:00 vpn pluto[11860]: packet from 71.6.231.83:57239: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN
Dec 17 05:06:11 vpn pluto[11860]: packet from 52.90.211.140:50776: ISAKMP_v2_IKE_SA_INIT message received on 192.168.10.19:500 but no suitable connection found with IKEv2 policy
Dec 17 05:06:11 vpn pluto[11860]: packet from 52.90.211.140:50776: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN
Dec 17 09:05:09 vpn pluto[11860]: "l2tp-psk"[1] 65.49.20.90 #1: responding to Main Mode from unknown peer 65.49.20.90:41714
Dec 17 09:05:09 vpn pluto[11860]: "l2tp-psk"[1] 65.49.20.90 #1: OAKLEY_CAST_CBC is not supported.  Attribute OAKLEY_ENCRYPTION_ALGORITHM
Dec 17 09:05:09 vpn pluto[11860]: "l2tp-psk"[1] 65.49.20.90 #1: no acceptable Oakley Transform
Dec 17 09:05:09 vpn pluto[11860]: "l2tp-psk"[1] 65.49.20.90 #1: sending notification NO_PROPOSAL_CHOSEN to 65.49.20.90:41714
Dec 17 11:41:08 vpn pluto[11860]: packet from 192.168.10.1:500: ISAKMP_v2_IKE_SA_INIT message received on 192.168.10.19:500 but no suitable connection found with IKEv2 policy
Dec 17 11:41:08 vpn pluto[11860]: packet from 192.168.10.1:500: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN
Dec 17 11:41:10 vpn pluto[11860]: packet from 192.168.10.1:500: ISAKMP_v2_IKE_SA_INIT message received on 192.168.10.19:500 but no suitable connection found with IKEv2 policy
Dec 17 11:41:10 vpn pluto[11860]: packet from 192.168.10.1:500: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN
Dec 17 11:42:12 vpn pluto[11860]: shutting down
Dec 17 11:42:12 vpn pluto[11860]: "l2tp-psk"[1] 65.49.20.90: deleting connection instance with peer 65.49.20.90 {isakmp=#0/ipsec=#0}
Dec 17 11:42:12 vpn pluto[11860]: "l2tp-psk"[1] 65.49.20.90 #1: deleting state (STATE_MAIN_R0) aged 9423.254427s and NOT sending notification
Dec 17 11:42:12 vpn pluto[11860]: forgetting secrets
Dec 17 11:42:12 vpn pluto[11860]: shutting down interface lo 127.0.0.1:4500
Dec 17 11:42:12 vpn pluto[11860]: shutting down interface lo 127.0.0.1:500
Dec 17 11:42:12 vpn pluto[11860]: shutting down interface ens160 192.168.10.19:4500
Dec 17 11:42:12 vpn pluto[11860]: shutting down interface ens160 192.168.10.19:500
Dec 17 11:42:12 vpn pluto[11860]: leak detective found no leaks
Dec 17 11:56:25 vpn pluto[27146]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 17 11:56:25 vpn pluto[27146]: FIPS Mode: NO
Dec 17 11:56:25 vpn pluto[27146]: NSS crypto library initialized
Dec 17 11:56:25 vpn pluto[27146]: FIPS mode disabled for pluto daemon
Dec 17 11:56:25 vpn pluto[27146]: FIPS HMAC integrity support [disabled]
Dec 17 11:56:25 vpn pluto[27146]: libcap-ng support [enabled]
Dec 17 11:56:25 vpn pluto[27146]: Linux audit support [disabled]
Dec 17 11:56:25 vpn pluto[27146]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:27146
Dec 17 11:56:25 vpn pluto[27146]: core dump dir: /run/pluto
Dec 17 11:56:25 vpn pluto[27146]: secrets file: /etc/ipsec.secrets
Dec 17 11:56:25 vpn pluto[27146]: leak-detective enabled
Dec 17 11:56:25 vpn pluto[27146]: NSS crypto [enabled]
Dec 17 11:56:25 vpn pluto[27146]: XAUTH PAM support [enabled]
Dec 17 11:56:25 vpn pluto[27146]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 17 11:56:25 vpn pluto[27146]: NAT-Traversal support  [enabled]
Dec 17 11:56:25 vpn pluto[27146]: Encryption algorithms:
Dec 17 11:56:25 vpn pluto[27146]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 17 11:56:25 vpn pluto[27146]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 17 11:56:25 vpn pluto[27146]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 17 11:56:25 vpn pluto[27146]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 17 11:56:25 vpn pluto[27146]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 17 11:56:25 vpn pluto[27146]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 17 11:56:25 vpn pluto[27146]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 17 11:56:25 vpn pluto[27146]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 17 11:56:25 vpn pluto[27146]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 17 11:56:25 vpn pluto[27146]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 17 11:56:25 vpn pluto[27146]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 17 11:56:25 vpn pluto[27146]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 17 11:56:25 vpn pluto[27146]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 17 11:56:25 vpn pluto[27146]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 17 11:56:25 vpn pluto[27146]: Hash algorithms:
Dec 17 11:56:25 vpn pluto[27146]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 17 11:56:25 vpn pluto[27146]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 17 11:56:25 vpn pluto[27146]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 17 11:56:25 vpn pluto[27146]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 17 11:56:25 vpn pluto[27146]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 17 11:56:25 vpn pluto[27146]: PRF algorithms:
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 17 11:56:25 vpn pluto[27146]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 17 11:56:25 vpn pluto[27146]: Integrity algorithms:
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 17 11:56:25 vpn pluto[27146]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 17 11:56:25 vpn pluto[27146]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 17 11:56:25 vpn pluto[27146]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 17 11:56:25 vpn pluto[27146]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 17 11:56:25 vpn pluto[27146]: DH algorithms:
Dec 17 11:56:25 vpn pluto[27146]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 17 11:56:25 vpn pluto[27146]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 17 11:56:25 vpn pluto[27146]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 17 11:56:25 vpn pluto[27146]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 17 11:56:25 vpn pluto[27146]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 17 11:56:25 vpn pluto[27146]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 17 11:56:25 vpn pluto[27146]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 17 11:56:25 vpn pluto[27146]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 17 11:56:25 vpn pluto[27146]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 17 11:56:25 vpn pluto[27146]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 17 11:56:25 vpn pluto[27146]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 17 11:56:25 vpn pluto[27146]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 17 11:56:25 vpn pluto[27146]: testing CAMELLIA_CBC:
Dec 17 11:56:25 vpn pluto[27146]:   Camellia: 16 bytes with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Camellia: 16 bytes with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Camellia: 16 bytes with 256-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Camellia: 16 bytes with 256-bit key
Dec 17 11:56:25 vpn pluto[27146]: testing AES_GCM_16:
Dec 17 11:56:25 vpn pluto[27146]:   empty string
Dec 17 11:56:25 vpn pluto[27146]:   one block
Dec 17 11:56:25 vpn pluto[27146]:   two blocks
Dec 17 11:56:25 vpn pluto[27146]:   two blocks with associated data
Dec 17 11:56:25 vpn pluto[27146]: testing AES_CTR:
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 17 11:56:25 vpn pluto[27146]: testing AES_CBC:
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 17 11:56:25 vpn pluto[27146]: testing AES_XCBC:
Dec 17 11:56:25 vpn pluto[27146]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 17 11:56:25 vpn pluto[27146]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 17 11:56:25 vpn pluto[27146]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 17 11:56:25 vpn pluto[27146]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 17 11:56:25 vpn pluto[27146]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 17 11:56:25 vpn pluto[27146]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 17 11:56:25 vpn pluto[27146]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 17 11:56:25 vpn pluto[27146]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 17 11:56:25 vpn pluto[27146]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 17 11:56:25 vpn pluto[27146]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 17 11:56:25 vpn pluto[27146]: testing HMAC_MD5:
Dec 17 11:56:25 vpn pluto[27146]:   RFC 2104: MD5_HMAC test 1
Dec 17 11:56:25 vpn pluto[27146]:   RFC 2104: MD5_HMAC test 2
Dec 17 11:56:25 vpn pluto[27146]:   RFC 2104: MD5_HMAC test 3
Dec 17 11:56:25 vpn pluto[27146]: 2 CPU cores online
Dec 17 11:56:25 vpn pluto[27146]: starting up 2 helper threads
Dec 17 11:56:25 vpn pluto[27146]: started thread for helper 0
Dec 17 11:56:25 vpn pluto[27146]: started thread for helper 1
Dec 17 11:56:25 vpn pluto[27146]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 17 11:56:25 vpn pluto[27146]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 17 11:56:25 vpn pluto[27146]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 17 11:56:25 vpn pluto[27146]: watchdog: sending probes every 100 secs
Dec 17 11:56:25 vpn pluto[27146]: seccomp security not supported
Dec 17 11:56:25 vpn pluto[27146]: seccomp security for helper not supported
Dec 17 11:56:25 vpn pluto[27146]: seccomp security for helper not supported
Dec 17 11:56:25 vpn pluto[27146]: "l2tp-psk": added IKEv1 connection
Dec 17 11:56:25 vpn pluto[27146]: "xauth-psk": added IKEv1 connection
Dec 17 11:56:25 vpn pluto[27146]: listening for IKE messages
Dec 17 11:56:25 vpn pluto[27146]: Kernel supports NIC esp-hw-offload
Dec 17 11:56:25 vpn pluto[27146]: adding UDP interface ens160 192.168.10.19:500
Dec 17 11:56:25 vpn pluto[27146]: adding UDP interface ens160 192.168.10.19:4500
Dec 17 11:56:25 vpn pluto[27146]: adding UDP interface lo 127.0.0.1:500
Dec 17 11:56:25 vpn pluto[27146]: adding UDP interface lo 127.0.0.1:4500
Dec 17 11:56:25 vpn pluto[27146]: loading secrets from "/etc/ipsec.secrets"
Dec 17 11:58:35 vpn pluto[27146]: shutting down
Dec 17 11:58:35 vpn pluto[27146]: forgetting secrets
Dec 17 11:58:35 vpn pluto[27146]: shutting down interface lo 127.0.0.1:4500
Dec 17 11:58:35 vpn pluto[27146]: shutting down interface lo 127.0.0.1:500
Dec 17 11:58:35 vpn pluto[27146]: shutting down interface ens160 192.168.10.19:4500
Dec 17 11:58:35 vpn pluto[27146]: shutting down interface ens160 192.168.10.19:500
Dec 17 11:58:35 vpn pluto[27146]: leak detective found no leaks
Dec 17 11:58:35 vpn pluto[31989]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 17 11:58:35 vpn pluto[31989]: FIPS Mode: NO
Dec 17 11:58:35 vpn pluto[31989]: NSS crypto library initialized
Dec 17 11:58:35 vpn pluto[31989]: FIPS mode disabled for pluto daemon
Dec 17 11:58:35 vpn pluto[31989]: FIPS HMAC integrity support [disabled]
Dec 17 11:58:35 vpn pluto[31989]: libcap-ng support [enabled]
Dec 17 11:58:35 vpn pluto[31989]: Linux audit support [disabled]
Dec 17 11:58:35 vpn pluto[31989]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:31989
Dec 17 11:58:35 vpn pluto[31989]: core dump dir: /run/pluto
Dec 17 11:58:35 vpn pluto[31989]: secrets file: /etc/ipsec.secrets
Dec 17 11:58:35 vpn pluto[31989]: leak-detective enabled
Dec 17 11:58:35 vpn pluto[31989]: NSS crypto [enabled]
Dec 17 11:58:35 vpn pluto[31989]: XAUTH PAM support [enabled]
Dec 17 11:58:35 vpn pluto[31989]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 17 11:58:35 vpn pluto[31989]: NAT-Traversal support  [enabled]
Dec 17 11:58:35 vpn pluto[31989]: Encryption algorithms:
Dec 17 11:58:35 vpn pluto[31989]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 17 11:58:35 vpn pluto[31989]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 17 11:58:35 vpn pluto[31989]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 17 11:58:35 vpn pluto[31989]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 17 11:58:35 vpn pluto[31989]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 17 11:58:35 vpn pluto[31989]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 17 11:58:35 vpn pluto[31989]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 17 11:58:35 vpn pluto[31989]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 17 11:58:35 vpn pluto[31989]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 17 11:58:35 vpn pluto[31989]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 17 11:58:35 vpn pluto[31989]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 17 11:58:35 vpn pluto[31989]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 17 11:58:35 vpn pluto[31989]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 17 11:58:35 vpn pluto[31989]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 17 11:58:35 vpn pluto[31989]: Hash algorithms:
Dec 17 11:58:35 vpn pluto[31989]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 17 11:58:35 vpn pluto[31989]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 17 11:58:35 vpn pluto[31989]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 17 11:58:35 vpn pluto[31989]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 17 11:58:35 vpn pluto[31989]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 17 11:58:35 vpn pluto[31989]: PRF algorithms:
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 17 11:58:35 vpn pluto[31989]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 17 11:58:35 vpn pluto[31989]: Integrity algorithms:
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 17 11:58:35 vpn pluto[31989]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 17 11:58:35 vpn pluto[31989]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 17 11:58:35 vpn pluto[31989]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 17 11:58:35 vpn pluto[31989]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 17 11:58:35 vpn pluto[31989]: DH algorithms:
Dec 17 11:58:35 vpn pluto[31989]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 17 11:58:35 vpn pluto[31989]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 17 11:58:35 vpn pluto[31989]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 17 11:58:35 vpn pluto[31989]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 17 11:58:35 vpn pluto[31989]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 17 11:58:35 vpn pluto[31989]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 17 11:58:35 vpn pluto[31989]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 17 11:58:35 vpn pluto[31989]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 17 11:58:35 vpn pluto[31989]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 17 11:58:35 vpn pluto[31989]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 17 11:58:35 vpn pluto[31989]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 17 11:58:35 vpn pluto[31989]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 17 11:58:35 vpn pluto[31989]: testing CAMELLIA_CBC:
Dec 17 11:58:35 vpn pluto[31989]:   Camellia: 16 bytes with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Camellia: 16 bytes with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Camellia: 16 bytes with 256-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Camellia: 16 bytes with 256-bit key
Dec 17 11:58:35 vpn pluto[31989]: testing AES_GCM_16:
Dec 17 11:58:35 vpn pluto[31989]:   empty string
Dec 17 11:58:35 vpn pluto[31989]:   one block
Dec 17 11:58:35 vpn pluto[31989]:   two blocks
Dec 17 11:58:35 vpn pluto[31989]:   two blocks with associated data
Dec 17 11:58:35 vpn pluto[31989]: testing AES_CTR:
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 17 11:58:35 vpn pluto[31989]: testing AES_CBC:
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 17 11:58:35 vpn pluto[31989]: testing AES_XCBC:
Dec 17 11:58:35 vpn pluto[31989]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 17 11:58:35 vpn pluto[31989]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 17 11:58:35 vpn pluto[31989]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 17 11:58:35 vpn pluto[31989]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 17 11:58:35 vpn pluto[31989]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 17 11:58:35 vpn pluto[31989]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 17 11:58:35 vpn pluto[31989]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 17 11:58:35 vpn pluto[31989]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 17 11:58:35 vpn pluto[31989]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 17 11:58:35 vpn pluto[31989]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 17 11:58:35 vpn pluto[31989]: testing HMAC_MD5:
Dec 17 11:58:35 vpn pluto[31989]:   RFC 2104: MD5_HMAC test 1
Dec 17 11:58:35 vpn pluto[31989]:   RFC 2104: MD5_HMAC test 2
Dec 17 11:58:35 vpn pluto[31989]:   RFC 2104: MD5_HMAC test 3
Dec 17 11:58:35 vpn pluto[31989]: 2 CPU cores online
Dec 17 11:58:35 vpn pluto[31989]: starting up 2 helper threads
Dec 17 11:58:35 vpn pluto[31989]: started thread for helper 0
Dec 17 11:58:35 vpn pluto[31989]: seccomp security for helper not supported
Dec 17 11:58:35 vpn pluto[31989]: started thread for helper 1
Dec 17 11:58:35 vpn pluto[31989]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 17 11:58:35 vpn pluto[31989]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 17 11:58:35 vpn pluto[31989]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 17 11:58:35 vpn pluto[31989]: watchdog: sending probes every 100 secs
Dec 17 11:58:35 vpn pluto[31989]: seccomp security for helper not supported
Dec 17 11:58:35 vpn pluto[31989]: seccomp security not supported
Dec 17 11:58:35 vpn pluto[31989]: "l2tp-psk": added IKEv1 connection
Dec 17 11:58:35 vpn pluto[31989]: "xauth-psk": added IKEv1 connection
Dec 17 11:58:35 vpn pluto[31989]: listening for IKE messages
Dec 17 11:58:35 vpn pluto[31989]: Kernel supports NIC esp-hw-offload
Dec 17 11:58:35 vpn pluto[31989]: adding UDP interface ens160 192.168.10.19:500
Dec 17 11:58:35 vpn pluto[31989]: adding UDP interface ens160 192.168.10.19:4500
Dec 17 11:58:35 vpn pluto[31989]: adding UDP interface lo 127.0.0.1:500
Dec 17 11:58:35 vpn pluto[31989]: adding UDP interface lo 127.0.0.1:4500
Dec 17 11:58:35 vpn pluto[31989]: loading secrets from "/etc/ipsec.secrets"
Dec 17 11:59:52 vpn pluto[31989]: shutting down
Dec 17 11:59:52 vpn pluto[31989]: forgetting secrets
Dec 17 11:59:52 vpn pluto[31989]: shutting down interface lo 127.0.0.1:4500
Dec 17 11:59:52 vpn pluto[31989]: shutting down interface lo 127.0.0.1:500
Dec 17 11:59:52 vpn pluto[31989]: shutting down interface ens160 192.168.10.19:4500
Dec 17 11:59:52 vpn pluto[31989]: shutting down interface ens160 192.168.10.19:500
Dec 17 11:59:52 vpn pluto[31989]: leak detective found no leaks
Dec 17 11:59:52 vpn pluto[32400]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec 17 11:59:52 vpn pluto[32400]: FIPS Mode: NO
Dec 17 11:59:52 vpn pluto[32400]: NSS crypto library initialized
Dec 17 11:59:52 vpn pluto[32400]: FIPS mode disabled for pluto daemon
Dec 17 11:59:52 vpn pluto[32400]: FIPS HMAC integrity support [disabled]
Dec 17 11:59:52 vpn pluto[32400]: libcap-ng support [enabled]
Dec 17 11:59:52 vpn pluto[32400]: Linux audit support [disabled]
Dec 17 11:59:52 vpn pluto[32400]: Starting Pluto (Libreswan Version 4.5 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:32400
Dec 17 11:59:52 vpn pluto[32400]: core dump dir: /run/pluto
Dec 17 11:59:52 vpn pluto[32400]: secrets file: /etc/ipsec.secrets
Dec 17 11:59:52 vpn pluto[32400]: leak-detective enabled
Dec 17 11:59:52 vpn pluto[32400]: NSS crypto [enabled]
Dec 17 11:59:52 vpn pluto[32400]: XAUTH PAM support [enabled]
Dec 17 11:59:52 vpn pluto[32400]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Dec 17 11:59:52 vpn pluto[32400]: NAT-Traversal support  [enabled]
Dec 17 11:59:52 vpn pluto[32400]: Encryption algorithms:
Dec 17 11:59:52 vpn pluto[32400]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec 17 11:59:52 vpn pluto[32400]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec 17 11:59:52 vpn pluto[32400]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec 17 11:59:52 vpn pluto[32400]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec 17 11:59:52 vpn pluto[32400]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP                      
Dec 17 11:59:52 vpn pluto[32400]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec 17 11:59:52 vpn pluto[32400]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec 17 11:59:52 vpn pluto[32400]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec 17 11:59:52 vpn pluto[32400]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec 17 11:59:52 vpn pluto[32400]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec 17 11:59:52 vpn pluto[32400]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec 17 11:59:52 vpn pluto[32400]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec 17 11:59:52 vpn pluto[32400]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP                      
Dec 17 11:59:52 vpn pluto[32400]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec 17 11:59:52 vpn pluto[32400]: Hash algorithms:
Dec 17 11:59:52 vpn pluto[32400]:   MD5                               IKEv1: IKE         IKEv2:                  NSS         
Dec 17 11:59:52 vpn pluto[32400]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec 17 11:59:52 vpn pluto[32400]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec 17 11:59:52 vpn pluto[32400]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec 17 11:59:52 vpn pluto[32400]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec 17 11:59:52 vpn pluto[32400]: PRF algorithms:
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec 17 11:59:52 vpn pluto[32400]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec 17 11:59:52 vpn pluto[32400]: Integrity algorithms:
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec 17 11:59:52 vpn pluto[32400]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH                   
Dec 17 11:59:52 vpn pluto[32400]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec 17 11:59:52 vpn pluto[32400]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec 17 11:59:52 vpn pluto[32400]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec 17 11:59:52 vpn pluto[32400]: DH algorithms:
Dec 17 11:59:52 vpn pluto[32400]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec 17 11:59:52 vpn pluto[32400]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec 17 11:59:52 vpn pluto[32400]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec 17 11:59:52 vpn pluto[32400]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec 17 11:59:52 vpn pluto[32400]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec 17 11:59:52 vpn pluto[32400]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec 17 11:59:52 vpn pluto[32400]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec 17 11:59:52 vpn pluto[32400]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec 17 11:59:52 vpn pluto[32400]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec 17 11:59:52 vpn pluto[32400]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec 17 11:59:52 vpn pluto[32400]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec 17 11:59:52 vpn pluto[32400]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec 17 11:59:52 vpn pluto[32400]: testing CAMELLIA_CBC:
Dec 17 11:59:52 vpn pluto[32400]:   Camellia: 16 bytes with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Camellia: 16 bytes with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Camellia: 16 bytes with 256-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Camellia: 16 bytes with 256-bit key
Dec 17 11:59:52 vpn pluto[32400]: testing AES_GCM_16:
Dec 17 11:59:52 vpn pluto[32400]:   empty string
Dec 17 11:59:52 vpn pluto[32400]:   one block
Dec 17 11:59:52 vpn pluto[32400]:   two blocks
Dec 17 11:59:52 vpn pluto[32400]:   two blocks with associated data
Dec 17 11:59:52 vpn pluto[32400]: testing AES_CTR:
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 16 octets using AES-CTR with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 32 octets using AES-CTR with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 36 octets using AES-CTR with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 16 octets using AES-CTR with 192-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 32 octets using AES-CTR with 192-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 36 octets using AES-CTR with 192-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 16 octets using AES-CTR with 256-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 32 octets using AES-CTR with 256-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 36 octets using AES-CTR with 256-bit key
Dec 17 11:59:52 vpn pluto[32400]: testing AES_CBC:
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec 17 11:59:52 vpn pluto[32400]: testing AES_XCBC:
Dec 17 11:59:52 vpn pluto[32400]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec 17 11:59:52 vpn pluto[32400]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec 17 11:59:52 vpn pluto[32400]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec 17 11:59:52 vpn pluto[32400]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec 17 11:59:52 vpn pluto[32400]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec 17 11:59:52 vpn pluto[32400]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec 17 11:59:52 vpn pluto[32400]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec 17 11:59:52 vpn pluto[32400]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec 17 11:59:52 vpn pluto[32400]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec 17 11:59:52 vpn pluto[32400]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec 17 11:59:52 vpn pluto[32400]: testing HMAC_MD5:
Dec 17 11:59:52 vpn pluto[32400]:   RFC 2104: MD5_HMAC test 1
Dec 17 11:59:52 vpn pluto[32400]:   RFC 2104: MD5_HMAC test 2
Dec 17 11:59:52 vpn pluto[32400]:   RFC 2104: MD5_HMAC test 3
Dec 17 11:59:52 vpn pluto[32400]: 2 CPU cores online
Dec 17 11:59:52 vpn pluto[32400]: starting up 2 helper threads
Dec 17 11:59:52 vpn pluto[32400]: started thread for helper 0
Dec 17 11:59:52 vpn pluto[32400]: seccomp security for helper not supported
Dec 17 11:59:52 vpn pluto[32400]: started thread for helper 1
Dec 17 11:59:52 vpn pluto[32400]: seccomp security for helper not supported
Dec 17 11:59:52 vpn pluto[32400]: using Linux xfrm kernel support code on #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC 2021
Dec 17 11:59:52 vpn pluto[32400]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
Dec 17 11:59:52 vpn pluto[32400]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec 17 11:59:52 vpn pluto[32400]: watchdog: sending probes every 100 secs
Dec 17 11:59:52 vpn pluto[32400]: seccomp security not supported
Dec 17 11:59:52 vpn pluto[32400]: "l2tp-psk": added IKEv1 connection
Dec 17 11:59:52 vpn pluto[32400]: "xauth-psk": added IKEv1 connection
Dec 17 11:59:52 vpn pluto[32400]: "ikev2-cp": loaded private key matching left certificate 'hspage.cn'
Dec 17 11:59:52 vpn pluto[32400]: "ikev2-cp": added IKEv2 connection
Dec 17 11:59:52 vpn pluto[32400]: listening for IKE messages
Dec 17 11:59:52 vpn pluto[32400]: Kernel supports NIC esp-hw-offload
Dec 17 11:59:52 vpn pluto[32400]: adding UDP interface ens160 192.168.10.19:500
Dec 17 11:59:52 vpn pluto[32400]: adding UDP interface ens160 192.168.10.19:4500
Dec 17 11:59:52 vpn pluto[32400]: adding UDP interface lo 127.0.0.1:500
Dec 17 11:59:52 vpn pluto[32400]: adding UDP interface lo 127.0.0.1:4500
Dec 17 11:59:52 vpn pluto[32400]: forgetting secrets
Dec 17 11:59:52 vpn pluto[32400]: loading secrets from "/etc/ipsec.secrets"
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200: local IKE proposals (IKE SA responder matching remote proposals): 
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200:   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200:   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200:   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200:   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N,IDr,AUTH,CP,N,N,SA,TSi,TSr,N}
Dec 17 12:02:47 vpn pluto[32400]: loading root certificate cache
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200 #1: reloaded private key matching left certificate 'hspage.cn'
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200 #1: switched from "ikev2-cp"[1] 171.219.19.200 to "ikev2-cp"
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[1] 171.219.19.200: deleting connection instance with peer 171.219.19.200 {isakmp=#0/ipsec=#0}
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #1: established IKE SA; authenticated using RSA with SHA1 and peer certificate '@12pm' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec 17 12:02:47 vpn pluto[32400]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200: local ESP/AH proposals (IKE_AUTH responder matching remote ESP/AH proposals): 
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200:   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-DISABLED
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200:   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-DISABLED
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200:   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-DISABLED
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200:   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-DISABLED
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200:   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-DISABLED
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=007b4d09 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec 17 12:02:47 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #2: established Child SA; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x007b4d09 <0x6f53a588 xfrm=AES_GCM_16_128-NONE NATOA=none NATD=171.219.19.200:22643 DPD=active}
Dec 17 12:02:50 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #2: ESP traffic information: in=1KB out=1KB
Dec 17 12:02:50 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 2.429702s and NOT sending notification
Dec 17 12:02:50 vpn pluto[32400]: "ikev2-cp"[2] 171.219.19.200: deleting connection instance with peer 171.219.19.200 {isakmp=#0/ipsec=#0}
Dec 17 12:07:47 vpn pluto[32400]: destroying root certificate cache
hwdsl2 commented 2 years ago

@ericshunhawk 你好!对于问题1,不需要修改 /etc/ipsec.d/ikev2.conf 配置文件里面的 leftid。对于问题2,你的日志中的 retransmission 说明 VPN 客户端和服务器之间的网络不稳定,很可能是连接受到了干扰。在我的测试中 macOS 并没有遇到断开 IKEv2 连接后无法再次连接的问题。