search

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.39k stars 6.34k forks source link

一直显示“正在连接...” #1276

Closed lucifer001 closed 2 years ago

lucifer001 commented 2 years ago

任务列表

问题描述 新购买的阿里云轻量服务器,搭建完vpn后使用 vpnclient.mobileconfig 配置文件在 iOS上 无法连接成功

日志

Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: FIPS Mode: NO
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: NSS crypto library initialized
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: FIPS mode disabled for pluto daemon
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: FIPS HMAC integrity support [disabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: libcap-ng support [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Linux audit support [disabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:69461
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: core dump dir: /run/pluto
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: secrets file: /etc/ipsec.secrets
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: leak-detective enabled
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: NSS crypto [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: XAUTH PAM support [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: NAT-Traversal support  [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Encryption algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Hash algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: PRF algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Integrity algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: DH algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: IPCOMP algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing CAMELLIA_CBC:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_GCM_16:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   empty string
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   one block
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   two blocks
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   two blocks with associated data
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_CTR:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_CBC:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_XCBC:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing HMAC_MD5:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 2104: MD5_HMAC test 1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 2104: MD5_HMAC test 2
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 2104: MD5_HMAC test 3
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing HMAC_SHA1:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CAVP: IKEv2 key derivation with HMAC-SHA1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: 1 CPU cores online
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: starting up 1 helper threads
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: started thread for helper 0
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: using Linux xfrm kernel support code on #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: watchdog: sending probes every 100 secs
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: seccomp security not supported
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: helper(1) seccomp security for helper not supported
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: "l2tp-psk": added IKEv1 connection
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: "xauth-psk": added IKEv1 connection
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: listening for IKE messages
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Kernel supports NIC esp-hw-offload
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface eth0 172.19.45.182:500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface eth0 172.19.45.182:4500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo 127.0.0.1:500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo 127.0.0.1:4500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo [::1]:500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo [::1]:4500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: loading secrets from "/etc/ipsec.secrets"
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: Pluto is shutting down
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: forgetting secrets
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo [::1]:4500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo [::1]:500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo 127.0.0.1:4500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo 127.0.0.1:500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface eth0 172.19.45.182:4500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface eth0 172.19.45.182:500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: leak detective found no leaks
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: FIPS Mode: NO
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: NSS crypto library initialized
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: FIPS mode disabled for pluto daemon
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: FIPS HMAC integrity support [disabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: libcap-ng support [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Linux audit support [disabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:69862
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: core dump dir: /run/pluto
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: secrets file: /etc/ipsec.secrets
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: leak-detective enabled
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: NSS crypto [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: XAUTH PAM support [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: NAT-Traversal support  [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Encryption algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Hash algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: PRF algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Integrity algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: DH algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: IPCOMP algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing CAMELLIA_CBC:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_GCM_16:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   empty string
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   one block
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   two blocks
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   two blocks with associated data
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_CTR:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_CBC:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_XCBC:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing HMAC_MD5:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 2104: MD5_HMAC test 1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 2104: MD5_HMAC test 2
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 2104: MD5_HMAC test 3
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing HMAC_SHA1:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CAVP: IKEv2 key derivation with HMAC-SHA1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: 1 CPU cores online
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: starting up 1 helper threads
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: started thread for helper 0
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: using Linux xfrm kernel support code on #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: watchdog: sending probes every 100 secs
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: seccomp security not supported
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: helper(1) seccomp security for helper not supported
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "l2tp-psk": added IKEv1 connection
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "xauth-psk": added IKEv1 connection
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": IKE SA proposals (connection add):
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": Child SA proposals (connection add):
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": loaded private key matching left certificate '8.219.8.133'
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": added IKEv2 connection
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: listening for IKE messages
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Kernel supports NIC esp-hw-offload
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface eth0 172.19.45.182:500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface eth0 172.19.45.182:4500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo 127.0.0.1:500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo 127.0.0.1:4500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo [::1]:500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo [::1]:4500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: forgetting secrets
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: loading secrets from "/etc/ipsec.secrets"
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: Pluto is shutting down
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: forgetting secrets
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo [::1]:4500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo [::1]:500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo 127.0.0.1:4500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo 127.0.0.1:500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface eth0 172.19.45.182:4500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface eth0 172.19.45.182:500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: leak detective found no leaks
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: FIPS Mode: NO
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: NSS crypto library initialized
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: FIPS mode disabled for pluto daemon
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: FIPS HMAC integrity support [disabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: libcap-ng support [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Linux audit support [disabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:71193
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: core dump dir: /run/pluto
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: secrets file: /etc/ipsec.secrets
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: leak-detective enabled
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: NSS crypto [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: XAUTH PAM support [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: NAT-Traversal support  [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Encryption algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Hash algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: PRF algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Integrity algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: DH algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: IPCOMP algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing CAMELLIA_CBC:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_GCM_16:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   empty string
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   one block
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   two blocks
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   two blocks with associated data
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_CTR:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_CBC:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_XCBC:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing HMAC_MD5:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 2104: MD5_HMAC test 1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 2104: MD5_HMAC test 2
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 2104: MD5_HMAC test 3
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing HMAC_SHA1:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CAVP: IKEv2 key derivation with HMAC-SHA1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: 1 CPU cores online
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: starting up 1 helper threads
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: started thread for helper 0
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: using Linux xfrm kernel support code on #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: watchdog: sending probes every 100 secs
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: seccomp security not supported
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: helper(1) seccomp security for helper not supported
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "l2tp-psk": added IKEv1 connection
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "xauth-psk": added IKEv1 connection
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": IKE SA proposals (connection add):
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": Child SA proposals (connection add):
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": loaded private key matching left certificate '8.219.8.133'
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": added IKEv2 connection
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: listening for IKE messages
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Kernel supports NIC esp-hw-offload
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface eth0 172.19.45.182:500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface eth0 172.19.45.182:4500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo 127.0.0.1:500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo 127.0.0.1:4500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo [::1]:500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo [::1]:4500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: forgetting secrets
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: loading secrets from "/etc/ipsec.secrets"
root@iZt4niurfv78ps6cazrewmZ:~# grep xl2tpd /var/log/syslog
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64015]: Not looking for kernel SAref support.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64006]: Starting xl2tpd: xl2tpd.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64015]: Using l2tp kernel support.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: xl2tpd version xl2tpd-1.3.12 started on iZt4niurfv78ps6cazrewmZ PID:64029
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Inherited by Jeff McAdams, (C) 2002
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Listening on IP address 0.0.0.0, port 1701
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: death_handler: Fatal signal 15 received
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69470]: Stopping xl2tpd: xl2tpd.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ systemd[1]: xl2tpd.service: Succeeded.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69479]: Not looking for kernel SAref support.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69479]: Using l2tp kernel support.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69475]: Starting xl2tpd: xl2tpd.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: xl2tpd version xl2tpd-1.3.12 started on iZt4niurfv78ps6cazrewmZ PID:69480
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Inherited by Jeff McAdams, (C) 2002
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Listening on IP address 0.0.0.0, port 1701
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: death_handler: Fatal signal 15 received
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69898]: Stopping xl2tpd: xl2tpd.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ systemd[1]: xl2tpd.service: Succeeded.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69917]: Not looking for kernel SAref support.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69917]: Using l2tp kernel support.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69903]: Starting xl2tpd: xl2tpd.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: xl2tpd version xl2tpd-1.3.12 started on iZt4niurfv78ps6cazrewmZ PID:69920
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Inherited by Jeff McAdams, (C) 2002
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Listening on IP address 0.0.0.0, port 1701

服务器信息

客户端信息

hwdsl2 commented 2 years ago

@lucifer001 你好!你的日志中没有记录客户端的连接请求,说明连接请求没有到达服务器。对于阿里云,请打开出站和入站方向的 UDP 500 和 4500 端口。具体请参见 #433。

lucifer001 commented 2 years ago

已经打开了 500 和 4500,但是不知道为什么,使用三方网站检测 所有端口都是关闭的状态(除了22端口)

lucifer001 commented 2 years ago

image image image @hwdsl2

hwdsl2 commented 2 years ago

@lucifer001 请检查阿里云的防火墙入站和出站方向的 UDP 500 和 4500 端口应该都许可(参见 #433)。UDP 1701 不需要打开。

chaomoyule commented 2 years ago

我是亚马逊云,最近也遇到了同样的问题。