search

hwdsl2 / setup-ipsec-vpn

Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
Other
25.34k stars 6.33k forks source link

与vpn服务器协议失败 #1278

Closed JonesCxy closed 1 year ago

JonesCxy commented 1 year ago

你好,Ubuntu 18.04一直能正常连接,但是最近这段时间,连接不上服务器,报“与vpn服务器协议失败”,请问如何解决,谢谢

下面是两段日志:

Nov 22 10:18:53 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 22 10:18:53 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50 #5: processing decrypted IKE_AUTH request: SK{IDi,N(INITIAL_CONTACT),IDr,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50 #5: Peer attempted EAP authentication, but IKE_AUTH is required
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50 #5: responding to IKE_AUTH message (ID 1) from 223.104.192.50:2839 with encrypted notification AUTHENTICATION_FAILED
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50 #5: encountered fatal error in state STATE_V2_PARENT_R1
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50 #5: deleting state (STATE_V2_PARENT_R1) aged 0.318018s and NOT sending notification
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[5] 223.104.192.50: deleting connection instance with peer 223.104.192.50 {isakmp=#0/ipsec=#0}
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50 #6: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50 #6: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50 #6: processing decrypted IKE_AUTH request: SK{IDi,N(INITIAL_CONTACT),IDr,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50 #6: Peer attempted EAP authentication, but IKE_AUTH is required
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50 #6: responding to IKE_AUTH message (ID 1) from 223.104.192.50:2839 with encrypted notification AUTHENTICATION_FAILED
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50 #6: encountered fatal error in state STATE_V2_PARENT_R1
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50 #6: deleting state (STATE_V2_PARENT_R1) aged 0.399976s and NOT sending notification
Nov 22 10:18:54 localhost pluto[1554]: "ikev2-cp"[6] 223.104.192.50: deleting connection instance with peer 223.104.192.50 {isakmp=#0/ipsec=#0}
Nov 22 10:19:45 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Nov 22 10:19:45 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 22 10:19:45 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov 22 10:19:45 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: reloaded private key matching left certificate '139.144.18.141'
Nov 22 10:19:45 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 22 10:19:45 localhost pluto[1554]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Nov 22 10:19:45 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #8: proposal 4:ESP=AES_CBC_128-HMAC_SHA1_96-DISABLED SPI=0cf6b745 chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[better-match] 5:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED
Nov 22 10:19:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #8: responder established Child SA using #7; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0cf6b745 <0x92d1855f xfrm=AES_CBC_128-HMAC_SHA1_96 NATD=223.104.192.50:18720 DPD=active}
Nov 22 10:19:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:20:00 localhost pluto[1554]: message repeated 3 times: [ "ikev2-cp"[7] 223.104.192.50 #7: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response]
Nov 22 10:20:16 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Nov 22 10:20:16 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Nov 22 10:20:17 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Nov 22 10:20:17 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 22 10:20:17 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov 22 10:20:17 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 22 10:20:17 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #10: proposal 4:ESP=AES_CBC_128-HMAC_SHA1_96-DISABLED SPI=074ae241 chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[better-match] 5:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED
Nov 22 10:20:17 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #10: responder established Child SA using #9; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x074ae241 <0x32461b51 xfrm=AES_CBC_128-HMAC_SHA1_96 NATD=223.104.192.50:18720 DPD=active}
Nov 22 10:20:17 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Nov 22 10:20:18 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:20:19 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Nov 22 10:20:20 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:20:23 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Nov 22 10:20:24 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:20:31 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Nov 22 10:20:32 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:20:47 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Nov 22 10:20:47 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Nov 22 10:20:48 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Nov 22 10:20:49 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Nov 22 10:20:51 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Nov 22 10:20:54 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Nov 22 10:20:54 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 22 10:20:54 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov 22 10:20:54 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 22 10:20:54 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #12: proposal 4:ESP=AES_CBC_128-HMAC_SHA1_96-DISABLED SPI=01dcc19a chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[better-match] 5:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED
Nov 22 10:20:54 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #12: responder established Child SA using #11; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x01dcc19a <0xbdd3fc5b xfrm=AES_CBC_128-HMAC_SHA1_96 NATD=223.104.192.50:18720 DPD=active}
Nov 22 10:20:55 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Nov 22 10:20:55 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:21:01 localhost pluto[1554]: message repeated 2 times: [ "ikev2-cp"[7] 223.104.192.50 #11: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response]
Nov 22 10:21:03 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Nov 22 10:21:09 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:21:19 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Nov 22 10:21:20 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Nov 22 10:21:25 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Nov 22 10:21:25 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Nov 22 10:21:25 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Nov 22 10:21:25 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Nov 22 10:21:26 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Nov 22 10:21:26 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=vpnclient, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Nov 22 10:21:26 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #14: proposal 4:ESP=AES_CBC_128-HMAC_SHA1_96-DISABLED SPI=0a26f3ad chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;ESN=DISABLED[better-match] 5:ESP:ENCR=3DES;INTEG=HMAC_SHA1_96;ESN=DISABLED
Nov 22 10:21:26 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #14: responder established Child SA using #13; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0a26f3ad <0xd894b6c5 xfrm=AES_CBC_128-HMAC_SHA1_96 NATD=223.104.192.50:18720 DPD=active}
Nov 22 10:21:26 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Nov 22 10:21:27 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:21:28 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Nov 22 10:21:29 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:21:32 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Nov 22 10:21:33 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:21:40 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Nov 22 10:21:41 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: IKE_AUTH request fragment 1 of 5 has duplicate Message ID 1; retransmitting response
Nov 22 10:21:51 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Nov 22 10:21:56 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Nov 22 10:21:56 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Nov 22 10:21:57 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Nov 22 10:21:58 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Nov 22 10:22:00 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Nov 22 10:22:04 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Nov 22 10:22:12 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Nov 22 10:22:24 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Nov 22 10:22:28 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Nov 22 10:22:28 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Nov 22 10:22:55 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Nov 22 10:23:00 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Nov 22 10:23:32 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Nov 22 10:24:04 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Nov 22 10:24:32 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Nov 22 10:25:03 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Nov 22 10:25:40 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Nov 22 10:26:12 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Nov 22 10:27:46 localhost pluto[1554]: shutting down
Nov 22 10:27:46 localhost pluto[1554]: Pluto is shutting down
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50: deleting connection instance with peer 223.104.192.50 {isakmp=#13/ipsec=#14}
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #13: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 380.520323s and sending notification
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #14: ESP traffic information: in=0B out=0B
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #12: ESP traffic information: in=0B out=0B
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #11: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 412.076983s and sending notification
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #10: ESP traffic information: in=0B out=0B
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #9: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 449.117661s and sending notification
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #8: ESP traffic information: in=0B out=0B
Nov 22 10:27:46 localhost pluto[1554]: "ikev2-cp"[7] 223.104.192.50 #7: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 480.55369s and sending notification
Nov 22 10:27:46 localhost pluto[1554]: forgetting secrets
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface eth0 [2600:3c02::f03c:93ff:fecf:3acb]:4500
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface eth0 [2600:3c02::f03c:93ff:fecf:3acb]:500
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface lo [::1]:4500
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface lo [::1]:500
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface lo 127.0.0.1:4500
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface lo 127.0.0.1:500
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface eth0 139.144.18.141:4500
Nov 22 10:27:46 localhost pluto[1554]: shutting down interface eth0 139.144.18.141:500
Nov 22 10:27:46 localhost pluto[1554]: leak detective found no leaks
Nov 22 10:27:46 localhost pluto[2448]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 22 10:27:46 localhost pluto[2448]: FIPS Mode: NO
Nov 22 10:27:46 localhost pluto[2448]: NSS crypto library initialized
Nov 22 10:27:46 localhost pluto[2448]: FIPS mode disabled for pluto daemon
Nov 22 10:27:46 localhost pluto[2448]: FIPS HMAC integrity support [disabled]
Nov 22 10:27:46 localhost pluto[2448]: libcap-ng support [enabled]
Nov 22 10:27:46 localhost pluto[2448]: Linux audit support [disabled]
Nov 22 10:27:46 localhost pluto[2448]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (native-KDF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2448
Nov 22 10:27:46 localhost pluto[2448]: core dump dir: /run/pluto
Nov 22 10:27:46 localhost pluto[2448]: secrets file: /etc/ipsec.secrets
Nov 22 10:27:46 localhost pluto[2448]: leak-detective enabled
Nov 22 10:27:46 localhost pluto[2448]: NSS crypto [enabled]
Nov 22 10:27:46 localhost pluto[2448]: XAUTH PAM support [enabled]
Nov 22 10:27:46 localhost pluto[2448]: initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Nov 22 10:27:46 localhost pluto[2448]: NAT-Traversal support  [enabled]
Nov 22 10:27:46 localhost pluto[2448]: Encryption algorithms:
Nov 22 10:27:46 localhost pluto[2448]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 22 10:27:46 localhost pluto[2448]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 22 10:27:46 localhost pluto[2448]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 22 10:27:46 localhost pluto[2448]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 22 10:27:46 localhost pluto[2448]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Nov 22 10:27:46 localhost pluto[2448]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 22 10:27:46 localhost pluto[2448]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 22 10:27:46 localhost pluto[2448]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 22 10:27:46 localhost pluto[2448]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 22 10:27:46 localhost pluto[2448]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 22 10:27:46 localhost pluto[2448]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 22 10:27:46 localhost pluto[2448]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 22 10:27:46 localhost pluto[2448]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
Nov 22 10:27:46 localhost pluto[2448]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 22 10:27:46 localhost pluto[2448]: Hash algorithms:
Nov 22 10:27:46 localhost pluto[2448]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
Nov 22 10:27:46 localhost pluto[2448]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 22 10:27:46 localhost pluto[2448]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 22 10:27:46 localhost pluto[2448]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 22 10:27:46 localhost pluto[2448]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 22 10:27:46 localhost pluto[2448]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
Nov 22 10:27:46 localhost pluto[2448]: PRF algorithms:
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 22 10:27:46 localhost pluto[2448]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 22 10:27:46 localhost pluto[2448]: Integrity algorithms:
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 22 10:27:46 localhost pluto[2448]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Nov 22 10:27:46 localhost pluto[2448]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 22 10:27:46 localhost pluto[2448]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 22 10:27:46 localhost pluto[2448]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 22 10:27:46 localhost pluto[2448]: DH algorithms:
Nov 22 10:27:46 localhost pluto[2448]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 22 10:27:46 localhost pluto[2448]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 22 10:27:46 localhost pluto[2448]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 22 10:27:46 localhost pluto[2448]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 22 10:27:46 localhost pluto[2448]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 22 10:27:46 localhost pluto[2448]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 22 10:27:46 localhost pluto[2448]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 22 10:27:46 localhost pluto[2448]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 22 10:27:46 localhost pluto[2448]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 22 10:27:46 localhost pluto[2448]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 22 10:27:46 localhost pluto[2448]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 22 10:27:46 localhost pluto[2448]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 22 10:27:46 localhost pluto[2448]: IPCOMP algorithms:
Nov 22 10:27:46 localhost pluto[2448]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Nov 22 10:27:46 localhost pluto[2448]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Nov 22 10:27:46 localhost pluto[2448]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Nov 22 10:27:46 localhost pluto[2448]: testing CAMELLIA_CBC:
Nov 22 10:27:46 localhost pluto[2448]:   Camellia: 16 bytes with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Camellia: 16 bytes with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Camellia: 16 bytes with 256-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Camellia: 16 bytes with 256-bit key
Nov 22 10:27:46 localhost pluto[2448]: testing AES_GCM_16:
Nov 22 10:27:46 localhost pluto[2448]:   empty string
Nov 22 10:27:46 localhost pluto[2448]:   one block
Nov 22 10:27:46 localhost pluto[2448]:   two blocks
Nov 22 10:27:46 localhost pluto[2448]:   two blocks with associated data
Nov 22 10:27:46 localhost pluto[2448]: testing AES_CTR:
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 22 10:27:46 localhost pluto[2448]: testing AES_CBC:
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 22 10:27:46 localhost pluto[2448]: testing AES_XCBC:
Nov 22 10:27:46 localhost pluto[2448]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 22 10:27:46 localhost pluto[2448]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 22 10:27:46 localhost pluto[2448]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 22 10:27:46 localhost pluto[2448]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 22 10:27:46 localhost pluto[2448]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 22 10:27:46 localhost pluto[2448]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 22 10:27:46 localhost pluto[2448]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 22 10:27:46 localhost pluto[2448]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 22 10:27:46 localhost pluto[2448]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 22 10:27:46 localhost pluto[2448]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 22 10:27:46 localhost pluto[2448]: testing HMAC_MD5:
Nov 22 10:27:46 localhost pluto[2448]:   RFC 2104: MD5_HMAC test 1
Nov 22 10:27:46 localhost pluto[2448]:   RFC 2104: MD5_HMAC test 2
Nov 22 10:27:46 localhost pluto[2448]:   RFC 2104: MD5_HMAC test 3
Nov 22 10:27:46 localhost pluto[2448]: testing HMAC_SHA1:
Nov 22 10:27:46 localhost pluto[2448]:   CAVP: IKEv2 key derivation with HMAC-SHA1
Nov 22 10:27:46 localhost pluto[2448]: 1 CPU cores online
Nov 22 10:27:46 localhost pluto[2448]: starting up 1 helper threads
Nov 22 10:27:46 localhost pluto[2448]: started thread for helper 0
Nov 22 10:27:46 localhost pluto[2448]: using Linux xfrm kernel support code on #208-Ubuntu SMP Tue Nov 1 17:23:37 UTC 2022
Nov 22 10:27:46 localhost pluto[2448]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 22 10:27:46 localhost pluto[2448]: watchdog: sending probes every 100 secs
Nov 22 10:27:46 localhost pluto[2448]: seccomp security not supported
Nov 22 10:27:46 localhost pluto[2448]: helper(1) seccomp security for helper not supported
Nov 22 10:27:46 localhost pluto[2448]: "l2tp-psk": added IKEv1 connection
Nov 22 10:27:46 localhost pluto[2448]: "xauth-psk": added IKEv1 connection
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp": IKE SA proposals (connection add):
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp": Child SA proposals (connection add):
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp": loaded private key matching left certificate '139.144.18.141'
Nov 22 10:27:46 localhost pluto[2448]: "ikev2-cp": added IKEv2 connection
Nov 22 10:27:46 localhost pluto[2448]: listening for IKE messages
Nov 22 10:27:46 localhost pluto[2448]: Kernel supports NIC esp-hw-offload
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface eth0 139.144.18.141:500
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface eth0 139.144.18.141:4500
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface lo 127.0.0.1:500
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface lo 127.0.0.1:4500
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface lo [::1]:500
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface lo [::1]:4500
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface eth0 [2600:3c02::f03c:93ff:fecf:3acb]:500
Nov 22 10:27:46 localhost pluto[2448]: adding UDP interface eth0 [2600:3c02::f03c:93ff:fecf:3acb]:4500
Nov 22 10:27:46 localhost pluto[2448]: forgetting secrets
Nov 22 10:27:46 localhost pluto[2448]: loading secrets from "/etc/ipsec.secrets"
Nov 22 10:28:21 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: responding to Main Mode from unknown peer 223.104.192.50:2840
Nov 22 10:28:21 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: sent Main Mode R1
Nov 22 10:28:22 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: sent Main Mode R2
Nov 22 10:28:22 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:22 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:22 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Nov 22 10:28:23 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:23 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:23 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: STATE_MAIN_R2: retransmission; will wait 1 seconds for response
Nov 22 10:28:24 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: STATE_MAIN_R2: retransmission; will wait 2 seconds for response
Nov 22 10:28:25 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:25 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:26 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: STATE_MAIN_R2: retransmission; will wait 4 seconds for response
Nov 22 10:28:26 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:26 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:29 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:29 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:30 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: STATE_MAIN_R2: retransmission; will wait 8 seconds for response
Nov 22 10:28:30 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:30 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:32 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:32 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:38 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: STATE_MAIN_R2: retransmission; will wait 16 seconds for response
Nov 22 10:28:38 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:38 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:45 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: 60057-byte length of ISAKMP Identification Payload is larger than can fit
Nov 22 10:28:45 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: probable authentication failure (mismatch of preshared secrets?): malformed payload in packet
Nov 22 10:28:54 localhost pluto[2448]: "xauth-psk"[1] 223.104.192.50 #1: STATE_MAIN_R2: retransmission; will wait 32 seconds for response

========================================

Nov 22 10:09:49 localhost xl2tpd[1213]: Not looking for kernel SAref support.
Nov 22 10:09:49 localhost xl2tpd[1213]: Using l2tp kernel support.
Nov 22 10:09:49 localhost xl2tpd[1205]: Starting xl2tpd: xl2tpd.
Nov 22 10:09:49 localhost xl2tpd[1218]: xl2tpd version xl2tpd-1.3.10 started on localhost PID:1218
Nov 22 10:09:49 localhost xl2tpd[1218]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 22 10:09:49 localhost xl2tpd[1218]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 22 10:09:49 localhost xl2tpd[1218]: Inherited by Jeff McAdams, (C) 2002
Nov 22 10:09:49 localhost xl2tpd[1218]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 22 10:09:49 localhost xl2tpd[1218]: Listening on IP address 0.0.0.0, port 1701
Nov 22 10:10:03 localhost xl2tpd[1218]: death_handler: Fatal signal 15 received
Nov 22 10:10:03 localhost xl2tpd[1565]: Stopping xl2tpd: xl2tpd.
Nov 22 10:10:03 localhost xl2tpd[1586]: Not looking for kernel SAref support.
Nov 22 10:10:03 localhost xl2tpd[1586]: Using l2tp kernel support.
Nov 22 10:10:03 localhost xl2tpd[1571]: Starting xl2tpd: xl2tpd.
Nov 22 10:10:03 localhost xl2tpd[1587]: xl2tpd version xl2tpd-1.3.10 started on localhost PID:1587
Nov 22 10:10:03 localhost xl2tpd[1587]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 22 10:10:03 localhost xl2tpd[1587]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 22 10:10:03 localhost xl2tpd[1587]: Inherited by Jeff McAdams, (C) 2002
Nov 22 10:10:03 localhost xl2tpd[1587]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 22 10:10:03 localhost xl2tpd[1587]: Listening on IP address 0.0.0.0, port 1701
Nov 22 10:28:01 localhost xl2tpd[1587]: death_handler: Fatal signal 15 received
Nov 22 10:28:01 localhost xl2tpd[2463]: Stopping xl2tpd: xl2tpd.
Nov 22 10:28:01 localhost xl2tpd[2482]: Not looking for kernel SAref support.
Nov 22 10:28:01 localhost xl2tpd[2482]: Using l2tp kernel support.
Nov 22 10:28:01 localhost xl2tpd[2468]: Starting xl2tpd: xl2tpd.
Nov 22 10:28:01 localhost xl2tpd[2483]: xl2tpd version xl2tpd-1.3.10 started on localhost PID:2483
Nov 22 10:28:01 localhost xl2tpd[2483]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 22 10:28:01 localhost xl2tpd[2483]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 22 10:28:01 localhost xl2tpd[2483]: Inherited by Jeff McAdams, (C) 2002
Nov 22 10:28:01 localhost xl2tpd[2483]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 22 10:28:01 localhost xl2tpd[2483]: Listening on IP address 0.0.0.0, port 1701
lucifer001 commented 1 year ago

@JonesCxy 是阿里云的服务器吗?

dyrilyz commented 1 year ago

我今天也遇到了,自动断开连接后再也连不上了。我尝试重新安装系统都没有用

Tangor522 commented 1 year ago

一样的情况,之前一直用得好好的,最近一直连不上(阿里云服务器)

hwdsl2 commented 1 year ago

你好!日志中的 retransmission 字样说明 VPN 连接有可能被 GFW 屏蔽或干扰了。IPsec VPN 相对来说较容易被干扰,建议尝试其他解决方案比如 Shadowsocks。

JonesCxy commented 1 year ago

不是

JonesCxy commented 1 year ago

你好!日志中的重传 字样说明 VPN 连接有可能被 GFW 显示或干查了。IPsec VPN 相对来说比较容易被干查,建议尝试其他解决方法如 Shadowsocks。

谢谢