搭建完能连接，过几个小时连接不上了

问题描述 如图所示，刚开始搭建完是能连接的，然后后面断开连接几次也都正常，但是过了大概两个小时左右，再连接就出问题了！之后重装系统没得到结局，然后换了公网ip重装解决了，但是过了两个小时左右又是一样了，用的是腾讯云的服务器硅谷节点
期待的正确结果 能连接上
日志
Dec  8 17:39:49 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=26e586a8 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:39:49 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: responder established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x26e586a8 <0xdbfd1282 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15200 DPD=active}
Dec  8 17:39:50 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:39:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:40:19 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:40:20 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:40:21 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:40:23 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:40:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:40:35 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:40:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:41:23 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:42:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: switched to "ikev2-cp"[2] 222.191.246.242
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0980c474 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0980c474 <0x3944f4fe xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15204 DPD=active}
Dec  8 17:42:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:42:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:02 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:10 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0cfe33b3 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0cfe33b3 <0x9a140c1f xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15204 DPD=active}
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:43:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:43:30 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:33 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:43:34 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:43:42 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:43:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:43:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:43:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:44:01 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:44:05 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:44:13 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:44:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:44:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:44:35 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 17:45:01 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:45:33 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:46:05 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:47:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 17:48:13 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: liveness action - clearing connection kind CK_INSTANCE
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: ESP traffic information: in=0B out=0B
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.273739s and NOT sending notification
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#0/ipsec=#0}
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: liveness action - clearing connection kind CK_INSTANCE
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: ESP traffic information: in=0B out=0B
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.22388s and NOT sending notification
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: liveness action - clearing connection kind CK_INSTANCE
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: ESP traffic information: in=0B out=0B
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.272715s and NOT sending notification
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#0/ipsec=#0}
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=120fd550 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: responder established Child SA using #7; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x120fd550 <0x8affdfdb xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15205 DPD=active}
Dec  8 17:53:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:54:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:54:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:54:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:54:30 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:54:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:54:36 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:54:44 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:55:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:55:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:56:36 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:58:44 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: switched to "ikev2-cp"[4] 222.191.246.242
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0f346b45 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: responder established Child SA using #9; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0f346b45 <0x6a2849f3 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15206 DPD=active}
Dec  8 18:00:54 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:00:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:08 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0044d172 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: responder established Child SA using #11; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0044d172 <0xe4588dbf xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15206 DPD=active}
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:01:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:01:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:31 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:01:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: switched to "ikev2-cp"[3] 222.191.246.242
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=e14751ae chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: responder established Child SA using #13; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0xe14751ae <0x2883e717 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15207 DPD=active}
Dec  8 18:01:39 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:01:39 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:01:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:01:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:01:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:01:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:02:03 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:02:09 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:02:09 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:02:10 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:02:11 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:02:12 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:02:16 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:02:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:02:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:02:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:02:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:02:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: liveness action - clearing connection kind CK_INSTANCE
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: ESP traffic information: in=0B out=0B
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.21711s and NOT sending notification
Dec  8 18:03:12 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:03:31 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: Pluto is shutting down
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#11/ipsec=#12}
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 136.730593s and sending notification
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: ESP traffic information: in=0B out=0B
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: ESP traffic information: in=0B out=0B
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 167.995081s and sending notification
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#13/ipsec=#14}
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 122.885402s and sending notification
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: ESP traffic information: in=0B out=0B
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: forgetting secrets
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo [::1]:4500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo [::1]:500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo 127.0.0.1:4500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo 127.0.0.1:500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface eth0 10.0.4.15:4500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface eth0 10.0.4.15:500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: leak detective found no leaks
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: FIPS Mode: NO
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: NSS crypto library initialized
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: FIPS mode disabled for pluto daemon
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: FIPS HMAC integrity support [disabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: libcap-ng support [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Linux audit support [disabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10406
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: core dump dir: /run/pluto
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: secrets file: /etc/ipsec.secrets
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: leak-detective enabled
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: NSS crypto [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: XAUTH PAM support [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: NAT-Traversal support  [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Encryption algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NULL               []             IKEv1:     ESP     IKEv2:     ESP
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Hash algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MD5                               IKEv1: IKE         IKEv2:                  NSS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  IDENTITY                          IKEv1:             IKEv2:             FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: PRF algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Integrity algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: DH algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: IPCOMP algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing CAMELLIA_CBC:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_GCM_16:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  empty string
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  one block
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  two blocks
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  two blocks with associated data
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_CTR:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 octets using AES-CTR with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 octets using AES-CTR with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 36 octets using AES-CTR with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 octets using AES-CTR with 192-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 octets using AES-CTR with 192-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 36 octets using AES-CTR with 192-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 octets using AES-CTR with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 octets using AES-CTR with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 36 octets using AES-CTR with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_CBC:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_XCBC:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing HMAC_MD5:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 2104: MD5_HMAC test 1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 2104: MD5_HMAC test 2
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 2104: MD5_HMAC test 3
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing HMAC_SHA1:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CAVP: IKEv2 key derivation with HMAC-SHA1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: 2 CPU cores online
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: starting up 2 helper threads
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: started thread for helper 0
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: started thread for helper 1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: using Linux xfrm kernel support code on #1 SMP Mon Jul 18 17:42:52 UTC 2022
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: selinux support is NOT enabled.
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: watchdog: sending probes every 100 secs
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: seccomp security not supported
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: helper(1) seccomp security for helper not supported
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: helper(2) seccomp security for helper not supported
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "l2tp-psk": added IKEv1 connection
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "xauth-psk": added IKEv1 connection
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": IKE SA proposals (connection add):
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": Child SA proposals (connection add):
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": loaded private key matching left certificate '43.153.40.113'
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": added IKEv2 connection
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: listening for IKE messages
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Kernel supports NIC esp-hw-offload
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface eth0 10.0.4.15:500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface eth0 10.0.4.15:4500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo 127.0.0.1:500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo 127.0.0.1:4500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo [::1]:500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo [::1]:4500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: forgetting secrets
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: loading secrets from "/etc/ipsec.secrets"
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: reloaded private key matching left certificate '43.153.40.113'
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=4a076ffc chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #2: responder established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x4a076ffc <0x51371a96 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15208 DPD=active}
Dec  8 18:03:47 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:03:48 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:04:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:04:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:04:18 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:04:20 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:04:24 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:04:32 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:04:48 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:05:20 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:05:42 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 18:05:42 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=3a6d83e6 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x3a6d83e6 <0xf3d4c0dc xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15208 DPD=active}
Dec  8 18:05:44 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:05:45 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:06:13 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:06:14 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:06:15 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:06:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:06:21 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:06:24 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 18:06:29 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:06:45 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:07:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:08:21 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 18:08:32 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
检查日志及 VPN 状态，并添加错误日志以帮助解释该问题（如果适用）。
服务器信息（请填写以下信息）
操作系统: [centos stream8]
服务提供商（如果适用）: [腾讯云]
客户端信息（请填写以下信息）
设备: [笔记本]
操作系统: [win10]
VPN 模式: [IKEv2]
hwdsl2 / setup-ipsec-vpn

搭建完能连接，过几个小时连接不上了 #1295
