ZZXPStudios
commented
2 years ago Logs
/var/log/auth.log
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: FIPS Mode: NO
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: NSS crypto library initialized
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: FIPS mode disabled for pluto daemon
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: FIPS HMAC integrity support [disabled]
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: libcap-ng support [enabled]
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Linux audit support [disabled]
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12549
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: core dump dir: /run/pluto
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: secrets file: /etc/ipsec.secrets
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: leak-detective enabled
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: NSS crypto [enabled]
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: XAUTH PAM support [enabled]
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: NAT-Traversal support [enabled]
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encryption algorithms:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: NULL [] IKEv1: ESP IKEv2: ESP
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Hash algorithms:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MD5 IKEv1: IKE IKEv2: NSS
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: IDENTITY IKEv1: IKEv2: FIPS
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: PRF algorithms:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Integrity algorithms:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: DH algorithms:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: IPCOMP algorithms:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: LZS IKEv1: IKEv2: ESP AH FIPS
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: LZJH IKEv1: IKEv2: ESP AH FIPS
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: testing CAMELLIA_CBC:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Camellia: 16 bytes with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Camellia: 16 bytes with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Camellia: 16 bytes with 256-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Camellia: 16 bytes with 256-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: testing AES_GCM_16:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: empty string
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: one block
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: two blocks
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: two blocks with associated data
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: testing AES_CTR:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 16 octets using AES-CTR with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 32 octets using AES-CTR with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 36 octets using AES-CTR with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 16 octets using AES-CTR with 192-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 32 octets using AES-CTR with 192-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 36 octets using AES-CTR with 192-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 16 octets using AES-CTR with 256-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 32 octets using AES-CTR with 256-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 36 octets using AES-CTR with 256-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: testing AES_CBC:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: testing AES_XCBC:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: testing HMAC_MD5:
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 2104: MD5_HMAC test 1
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 2104: MD5_HMAC test 2
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: RFC 2104: MD5_HMAC test 3
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: 2 CPU cores online
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: starting up 2 helper threads
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: started thread for helper 0
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: started thread for helper 1
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: using Linux xfrm kernel support code on #32~20.04.1-Ubuntu SMP Thu Jun 9 13:03:13 UTC 2022
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: watchdog: sending probes every 100 secs
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: helper(2) seccomp security for helper not supported
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: helper(1) seccomp security for helper not supported
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: seccomp security not supported
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: "l2tp-psk": added IKEv1 connection
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: "xauth-psk": added IKEv1 connection
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: listening for IKE messages
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: Kernel supports NIC esp-hw-offload
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: adding UDP interface ens5 172.31.10.61:500
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: adding UDP interface ens5 172.31.10.61:4500
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: adding UDP interface lo 127.0.0.1:500
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: adding UDP interface lo 127.0.0.1:4500
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: adding UDP interface lo [::1]:500
Jun 12 03:55:27 ip-172-31-10-61 pluto[12549]: loading secrets from "/etc/ipsec.secrets"
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: shutting down
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: Pluto is shutting down
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: forgetting secrets
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: shutting down interface lo [::1]:500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: shutting down interface lo 127.0.0.1:4500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: shutting down interface lo 127.0.0.1:500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: shutting down interface ens5 172.31.10.61:4500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: shutting down interface ens5 172.31.10.61:500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12549]: leak detective found no leaks
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: FIPS Mode: NO
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: NSS crypto library initialized
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: FIPS mode disabled for pluto daemon
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: FIPS HMAC integrity support [disabled]
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: libcap-ng support [enabled]
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Linux audit support [disabled]
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12944
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: core dump dir: /run/pluto
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: secrets file: /etc/ipsec.secrets
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: leak-detective enabled
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: NSS crypto [enabled]
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: XAUTH PAM support [enabled]
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: NAT-Traversal support [enabled]
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encryption algorithms:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: NULL [] IKEv1: ESP IKEv2: ESP
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Hash algorithms:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MD5 IKEv1: IKE IKEv2: NSS
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: IDENTITY IKEv1: IKEv2: FIPS
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: PRF algorithms:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Integrity algorithms:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: DH algorithms:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: IPCOMP algorithms:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: LZS IKEv1: IKEv2: ESP AH FIPS
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: LZJH IKEv1: IKEv2: ESP AH FIPS
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: testing CAMELLIA_CBC:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Camellia: 16 bytes with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Camellia: 16 bytes with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Camellia: 16 bytes with 256-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Camellia: 16 bytes with 256-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: testing AES_GCM_16:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: empty string
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: one block
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: two blocks
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: two blocks with associated data
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: testing AES_CTR:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 16 octets using AES-CTR with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 32 octets using AES-CTR with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 36 octets using AES-CTR with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 16 octets using AES-CTR with 192-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 32 octets using AES-CTR with 192-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 36 octets using AES-CTR with 192-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 16 octets using AES-CTR with 256-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 32 octets using AES-CTR with 256-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 36 octets using AES-CTR with 256-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: testing AES_CBC:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: testing AES_XCBC:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: testing HMAC_MD5:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 2104: MD5_HMAC test 1
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 2104: MD5_HMAC test 2
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: RFC 2104: MD5_HMAC test 3
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: 2 CPU cores online
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: starting up 2 helper threads
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: started thread for helper 0
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: started thread for helper 1
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: using Linux xfrm kernel support code on #32~20.04.1-Ubuntu SMP Thu Jun 9 13:03:13 UTC 2022
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: watchdog: sending probes every 100 secs
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: seccomp security not supported
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: helper(1) seccomp security for helper not supported
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: helper(2) seccomp security for helper not supported
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "l2tp-psk": added IKEv1 connection
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "xauth-psk": added IKEv1 connection
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": IKE SA proposals:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": Child SA proposals:
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": loaded private key matching left certificate '43.198.16.98'
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: "ikev2-cp": added IKEv2 connection
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: listening for IKE messages
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: Kernel supports NIC esp-hw-offload
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: adding UDP interface ens5 172.31.10.61:500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: adding UDP interface ens5 172.31.10.61:4500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: adding UDP interface lo 127.0.0.1:500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: adding UDP interface lo 127.0.0.1:4500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: adding UDP interface lo [::1]:500
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: forgetting secrets
Jun 12 03:55:34 ip-172-31-10-61 pluto[12944]: loading secrets from "/etc/ipsec.secrets"
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: shutting down
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: Pluto is shutting down
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: forgetting secrets
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: shutting down interface lo [::1]:500
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: shutting down interface lo 127.0.0.1:4500
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: shutting down interface lo 127.0.0.1:500
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: shutting down interface ens5 172.31.10.61:4500
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: shutting down interface ens5 172.31.10.61:500
Jun 12 03:59:15 ip-172-31-10-61 pluto[12944]: leak detective found no leaks
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: FIPS Mode: NO
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: NSS crypto library initialized
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: FIPS mode disabled for pluto daemon
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: FIPS HMAC integrity support [disabled]
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: libcap-ng support [enabled]
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Linux audit support [disabled]
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13266
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: core dump dir: /run/pluto
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: secrets file: /etc/ipsec.secrets
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: leak-detective enabled
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: NSS crypto [enabled]
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: XAUTH PAM support [enabled]
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: NAT-Traversal support [enabled]
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encryption algorithms:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: NULL [] IKEv1: ESP IKEv2: ESP
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Hash algorithms:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MD5 IKEv1: IKE IKEv2: NSS
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: IDENTITY IKEv1: IKEv2: FIPS
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: PRF algorithms:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Integrity algorithms:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: DH algorithms:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: IPCOMP algorithms:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: LZS IKEv1: IKEv2: ESP AH FIPS
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: LZJH IKEv1: IKEv2: ESP AH FIPS
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: testing CAMELLIA_CBC:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Camellia: 16 bytes with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Camellia: 16 bytes with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Camellia: 16 bytes with 256-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Camellia: 16 bytes with 256-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: testing AES_GCM_16:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: empty string
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: one block
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: two blocks
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: two blocks with associated data
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: testing AES_CTR:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 16 octets using AES-CTR with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 32 octets using AES-CTR with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 36 octets using AES-CTR with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 16 octets using AES-CTR with 192-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 32 octets using AES-CTR with 192-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 36 octets using AES-CTR with 192-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 16 octets using AES-CTR with 256-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 32 octets using AES-CTR with 256-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 36 octets using AES-CTR with 256-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: testing AES_CBC:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: testing AES_XCBC:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: testing HMAC_MD5:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 2104: MD5_HMAC test 1
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 2104: MD5_HMAC test 2
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: RFC 2104: MD5_HMAC test 3
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: 2 CPU cores online
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: starting up 2 helper threads
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: started thread for helper 0
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: started thread for helper 1
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: using Linux xfrm kernel support code on #32~20.04.1-Ubuntu SMP Thu Jun 9 13:03:13 UTC 2022
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: watchdog: sending probes every 100 secs
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: seccomp security not supported
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: helper(1) seccomp security for helper not supported
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: helper(2) seccomp security for helper not supported
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "l2tp-psk": added IKEv1 connection
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "xauth-psk": added IKEv1 connection
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": IKE SA proposals:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": Child SA proposals:
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": loaded private key matching left certificate '43.198.16.98'
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: "ikev2-cp": added IKEv2 connection
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: listening for IKE messages
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: Kernel supports NIC esp-hw-offload
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: adding UDP interface ens5 172.31.10.61:500
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: adding UDP interface ens5 172.31.10.61:4500
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: adding UDP interface lo 127.0.0.1:500
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: adding UDP interface lo 127.0.0.1:4500
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: adding UDP interface lo [::1]:500
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: forgetting secrets
Jun 12 03:59:15 ip-172-31-10-61 pluto[13266]: loading secrets from "/etc/ipsec.secrets"
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: shutting down
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: Pluto is shutting down
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: forgetting secrets
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: shutting down interface lo [::1]:500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: shutting down interface lo 127.0.0.1:4500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: shutting down interface lo 127.0.0.1:500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: shutting down interface ens5 172.31.10.61:4500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: shutting down interface ens5 172.31.10.61:500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13266]: leak detective found no leaks
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: FIPS Mode: NO
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: NSS crypto library initialized
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: FIPS mode disabled for pluto daemon
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: FIPS HMAC integrity support [disabled]
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: libcap-ng support [enabled]
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Linux audit support [disabled]
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13563
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: core dump dir: /run/pluto
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: secrets file: /etc/ipsec.secrets
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: leak-detective enabled
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: NSS crypto [enabled]
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: XAUTH PAM support [enabled]
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: NAT-Traversal support [enabled]
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encryption algorithms:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: NULL [] IKEv1: ESP IKEv2: ESP
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Hash algorithms:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MD5 IKEv1: IKE IKEv2: NSS
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: IDENTITY IKEv1: IKEv2: FIPS
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: PRF algorithms:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Integrity algorithms:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: DH algorithms:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: IPCOMP algorithms:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: LZS IKEv1: IKEv2: ESP AH FIPS
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: LZJH IKEv1: IKEv2: ESP AH FIPS
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: testing CAMELLIA_CBC:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Camellia: 16 bytes with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Camellia: 16 bytes with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Camellia: 16 bytes with 256-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Camellia: 16 bytes with 256-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: testing AES_GCM_16:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: empty string
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: one block
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: two blocks
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: two blocks with associated data
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: testing AES_CTR:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 16 octets using AES-CTR with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 32 octets using AES-CTR with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 36 octets using AES-CTR with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 16 octets using AES-CTR with 192-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 32 octets using AES-CTR with 192-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 36 octets using AES-CTR with 192-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 16 octets using AES-CTR with 256-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 32 octets using AES-CTR with 256-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 36 octets using AES-CTR with 256-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: testing AES_CBC:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: testing AES_XCBC:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: testing HMAC_MD5:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 2104: MD5_HMAC test 1
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 2104: MD5_HMAC test 2
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: RFC 2104: MD5_HMAC test 3
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: 2 CPU cores online
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: starting up 2 helper threads
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: started thread for helper 0
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: helper(1) seccomp security for helper not supported
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: started thread for helper 1
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: using Linux xfrm kernel support code on #32~20.04.1-Ubuntu SMP Thu Jun 9 13:03:13 UTC 2022
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: watchdog: sending probes every 100 secs
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: seccomp security not supported
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: helper(2) seccomp security for helper not supported
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "l2tp-psk": added IKEv1 connection
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "xauth-psk": added IKEv1 connection
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": IKE SA proposals:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": Child SA proposals:
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": loaded private key matching left certificate '43.198.16.98'
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: "ikev2-cp": added IKEv2 connection
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: listening for IKE messages
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: Kernel supports NIC esp-hw-offload
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: adding UDP interface ens5 172.31.10.61:500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: adding UDP interface ens5 172.31.10.61:4500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: adding UDP interface lo 127.0.0.1:500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: adding UDP interface lo 127.0.0.1:4500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: adding UDP interface lo [::1]:500
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: forgetting secrets
Jun 12 04:09:12 ip-172-31-10-61 pluto[13563]: loading secrets from "/etc/ipsec.secrets"
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: shutting down
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: Pluto is shutting down
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: forgetting secrets
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: shutting down interface lo [::1]:500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: shutting down interface lo 127.0.0.1:4500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: shutting down interface lo 127.0.0.1:500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: shutting down interface ens5 172.31.10.61:4500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: shutting down interface ens5 172.31.10.61:500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13563]: leak detective found no leaks
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: FIPS Mode: NO
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: NSS crypto library initialized
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: FIPS mode disabled for pluto daemon
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: FIPS HMAC integrity support [disabled]
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: libcap-ng support [enabled]
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Linux audit support [disabled]
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:13836
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: core dump dir: /run/pluto
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: secrets file: /etc/ipsec.secrets
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: leak-detective enabled
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: NSS crypto [enabled]
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: XAUTH PAM support [enabled]
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: NAT-Traversal support [enabled]
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encryption algorithms:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: NULL [] IKEv1: ESP IKEv2: ESP
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Hash algorithms:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MD5 IKEv1: IKE IKEv2: NSS
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: IDENTITY IKEv1: IKEv2: FIPS
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: PRF algorithms:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Integrity algorithms:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: DH algorithms:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: IPCOMP algorithms:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: LZS IKEv1: IKEv2: ESP AH FIPS
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: LZJH IKEv1: IKEv2: ESP AH FIPS
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: testing CAMELLIA_CBC:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Camellia: 16 bytes with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Camellia: 16 bytes with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Camellia: 16 bytes with 256-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Camellia: 16 bytes with 256-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: testing AES_GCM_16:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: empty string
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: one block
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: two blocks
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: two blocks with associated data
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: testing AES_CTR:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 16 octets using AES-CTR with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 32 octets using AES-CTR with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 36 octets using AES-CTR with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 16 octets using AES-CTR with 192-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 32 octets using AES-CTR with 192-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 36 octets using AES-CTR with 192-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 16 octets using AES-CTR with 256-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 32 octets using AES-CTR with 256-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 36 octets using AES-CTR with 256-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: testing AES_CBC:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: testing AES_XCBC:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: testing HMAC_MD5:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 2104: MD5_HMAC test 1
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 2104: MD5_HMAC test 2
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: RFC 2104: MD5_HMAC test 3
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: 2 CPU cores online
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: starting up 2 helper threads
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: started thread for helper 0
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: started thread for helper 1
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: using Linux xfrm kernel support code on #32~20.04.1-Ubuntu SMP Thu Jun 9 13:03:13 UTC 2022
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: watchdog: sending probes every 100 secs
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: seccomp security not supported
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: helper(1) seccomp security for helper not supported
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: helper(2) seccomp security for helper not supported
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "l2tp-psk": added IKEv1 connection
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "xauth-psk": added IKEv1 connection
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": IKE SA proposals:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": Child SA proposals:
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": loaded private key matching left certificate '43.198.16.98'
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: "ikev2-cp": added IKEv2 connection
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: listening for IKE messages
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: Kernel supports NIC esp-hw-offload
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: adding UDP interface ens5 172.31.10.61:500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: adding UDP interface ens5 172.31.10.61:4500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: adding UDP interface lo 127.0.0.1:500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: adding UDP interface lo 127.0.0.1:4500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: adding UDP interface lo [::1]:500
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: forgetting secrets
Jun 12 04:09:20 ip-172-31-10-61 pluto[13836]: loading secrets from "/etc/ipsec.secrets"
Jun 12 04:09:40 ip-172-31-10-61 sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/grep pluto /var/log/auth.log/var/log/syslog
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2839]: Not looking for kernel SAref support.
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2839]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2834]: Starting xl2tpd: xl2tpd.
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2842]: xl2tpd version xl2tpd-1.3.12 started on ip-172-31-10-61 PID:2842
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2842]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2842]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2842]: Inherited by Jeff McAdams, (C) 2002
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2842]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 12 03:54:08 ip-172-31-10-61 xl2tpd[2842]: Listening on IP address 0.0.0.0, port 1701
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[2842]: death_handler: Fatal signal 15 received
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12559]: Stopping xl2tpd: xl2tpd.
Jun 12 03:55:27 ip-172-31-10-61 systemd[1]: xl2tpd.service: Succeeded.
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12568]: Not looking for kernel SAref support.
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12568]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12564]: Starting xl2tpd: xl2tpd.
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12570]: xl2tpd version xl2tpd-1.3.12 started on ip-172-31-10-61 PID:12570
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12570]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12570]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12570]: Inherited by Jeff McAdams, (C) 2002
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12570]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 12 03:55:27 ip-172-31-10-61 xl2tpd[12570]: Listening on IP address 0.0.0.0, port 1701
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[12570]: death_handler: Fatal signal 15 received
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13847]: Stopping xl2tpd: xl2tpd.
Jun 12 04:09:26 ip-172-31-10-61 systemd[1]: xl2tpd.service: Succeeded.
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13856]: Not looking for kernel SAref support.
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13856]: L2TP kernel support not detected (try modprobing l2tp_ppp and pppol2tp)
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13852]: Starting xl2tpd: xl2tpd.
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13858]: xl2tpd version xl2tpd-1.3.12 started on ip-172-31-10-61 PID:13858
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13858]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13858]: Forked by Scott Balmos and David Stipp, (C) 2001
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13858]: Inherited by Jeff McAdams, (C) 2002
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13858]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Jun 12 04:09:26 ip-172-31-10-61 xl2tpd[13858]: Listening on IP address 0.0.0.0, port 1701
hwdsl2
Checklist
Describe the issue After I setup my VPN server, I tried to connect my VPN with my HUAWEI router. However, it returned "VPN connection failed! Please reconfigure VPN parameters!". In the configuration file, I entered the server IP, Username and Password (Not PSK), and I am very sure that the firewall has been disabled on the VPN server.
To Reproduce Steps to reproduce the behavior:
Expected behavior VPN connected with my router (Actually I tested it out with Windows 11 built-in VPN client, and it WORKS)
Server (please complete the following information)
Client (please complete the following information)