Closed cai-xiaotao closed 1 year ago
问题描述 如图所示,刚开始搭建完是能连接的,然后后面断开连接几次也都正常,但是过了大概两个小时左右,再连接就出问题了!之后重装系统没得到结局,然后换了公网ip重装解决了,但是过了两个小时左右又是一样了,用的是腾讯云的服务器硅谷节点
期待的正确结果 能连接上
日志
Dec 8 17:39:49 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=26e586a8 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 17:39:49 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: responder established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x26e586a8 <0xdbfd1282 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15200 DPD=active} Dec 8 17:39:50 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 17:39:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 17:40:19 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 17:40:20 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 17:40:21 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 17:40:23 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 17:40:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 17:40:35 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 17:40:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 17:41:23 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 17:42:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response Dec 8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Dec 8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} Dec 8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: switched to "ikev2-cp"[2] 222.191.246.242 Dec 8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 17:42:55 VM-4-15-centos pluto[6241]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2 Dec 8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0980c474 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0980c474 <0x3944f4fe xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15204 DPD=active} Dec 8 17:42:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:42:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:43:02 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:43:10 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Dec 8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} Dec 8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0cfe33b3 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0cfe33b3 <0x9a140c1f xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15204 DPD=active} Dec 8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 17:43:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:43:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 17:43:30 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:43:33 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 17:43:34 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:43:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 17:43:42 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 17:43:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 17:43:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 17:43:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 17:43:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 17:44:01 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 17:44:05 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 17:44:13 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 17:44:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 17:44:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 17:44:35 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response Dec 8 17:45:01 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 17:45:33 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response Dec 8 17:46:05 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response Dec 8 17:47:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response Dec 8 17:48:13 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response Dec 8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message Dec 8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: liveness action - clearing connection kind CK_INSTANCE Dec 8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: ESP traffic information: in=0B out=0B Dec 8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.273739s and NOT sending notification Dec 8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#0/ipsec=#0} Dec 8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message Dec 8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: liveness action - clearing connection kind CK_INSTANCE Dec 8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: ESP traffic information: in=0B out=0B Dec 8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.22388s and NOT sending notification Dec 8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message Dec 8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: liveness action - clearing connection kind CK_INSTANCE Dec 8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: ESP traffic information: in=0B out=0B Dec 8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.272715s and NOT sending notification Dec 8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#0/ipsec=#0} Dec 8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048 Dec 8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr} Dec 8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=120fd550 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: responder established Child SA using #7; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x120fd550 <0x8affdfdb xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15205 DPD=active} Dec 8 17:53:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 17:54:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 17:54:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 17:54:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 17:54:30 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 17:54:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 17:54:36 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 17:54:44 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 17:55:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 17:55:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 17:56:36 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response Dec 8 17:58:44 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response Dec 8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Dec 8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} Dec 8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: switched to "ikev2-cp"[4] 222.191.246.242 Dec 8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0f346b45 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: responder established Child SA using #9; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0f346b45 <0x6a2849f3 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15206 DPD=active} Dec 8 18:00:54 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:00:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:01:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:01:08 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Dec 8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} Dec 8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0044d172 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: responder established Child SA using #11; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0044d172 <0xe4588dbf xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15206 DPD=active} Dec 8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 18:01:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:01:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 18:01:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:01:31 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 18:01:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048 Dec 8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr} Dec 8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: switched to "ikev2-cp"[3] 222.191.246.242 Dec 8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=e14751ae chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: responder established Child SA using #13; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0xe14751ae <0x2883e717 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15207 DPD=active} Dec 8 18:01:39 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 18:01:39 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 18:01:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response Dec 8 18:01:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 18:01:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 18:01:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 18:01:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 18:01:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 18:01:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 18:02:03 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 18:02:09 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 18:02:09 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 18:02:10 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 18:02:11 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 18:02:12 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 18:02:16 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 18:02:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 18:02:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 18:02:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 18:02:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 18:02:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message Dec 8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: liveness action - clearing connection kind CK_INSTANCE Dec 8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: ESP traffic information: in=0B out=0B Dec 8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.21711s and NOT sending notification Dec 8 18:03:12 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 18:03:31 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response Dec 8 18:03:41 VM-4-15-centos pluto[6241]: shutting down Dec 8 18:03:41 VM-4-15-centos pluto[6241]: Pluto is shutting down Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#11/ipsec=#12} Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 136.730593s and sending notification Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: ESP traffic information: in=0B out=0B Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: ESP traffic information: in=0B out=0B Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 167.995081s and sending notification Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#13/ipsec=#14} Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 122.885402s and sending notification Dec 8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: ESP traffic information: in=0B out=0B Dec 8 18:03:41 VM-4-15-centos pluto[6241]: forgetting secrets Dec 8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo [::1]:4500 Dec 8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo [::1]:500 Dec 8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo 127.0.0.1:4500 Dec 8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo 127.0.0.1:500 Dec 8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface eth0 10.0.4.15:4500 Dec 8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface eth0 10.0.4.15:500 Dec 8 18:03:41 VM-4-15-centos pluto[6241]: leak detective found no leaks Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Initializing NSS using read-write database "sql:/etc/ipsec.d" Dec 8 18:03:42 VM-4-15-centos pluto[10406]: FIPS Mode: NO Dec 8 18:03:42 VM-4-15-centos pluto[10406]: NSS crypto library initialized Dec 8 18:03:42 VM-4-15-centos pluto[10406]: FIPS mode disabled for pluto daemon Dec 8 18:03:42 VM-4-15-centos pluto[10406]: FIPS HMAC integrity support [disabled] Dec 8 18:03:42 VM-4-15-centos pluto[10406]: libcap-ng support [enabled] Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Linux audit support [disabled] Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10406 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: core dump dir: /run/pluto Dec 8 18:03:42 VM-4-15-centos pluto[10406]: secrets file: /etc/ipsec.secrets Dec 8 18:03:42 VM-4-15-centos pluto[10406]: leak-detective enabled Dec 8 18:03:42 VM-4-15-centos pluto[10406]: NSS crypto [enabled] Dec 8 18:03:42 VM-4-15-centos pluto[10406]: XAUTH PAM support [enabled] Dec 8 18:03:42 VM-4-15-centos pluto[10406]: initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Dec 8 18:03:42 VM-4-15-centos pluto[10406]: NAT-Traversal support [enabled] Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encryption algorithms: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a Dec 8 18:03:42 VM-4-15-centos pluto[10406]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des Dec 8 18:03:42 VM-4-15-centos pluto[10406]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP Dec 8 18:03:42 VM-4-15-centos pluto[10406]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes Dec 8 18:03:42 VM-4-15-centos pluto[10406]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac Dec 8 18:03:42 VM-4-15-centos pluto[10406]: NULL [] IKEv1: ESP IKEv2: ESP Dec 8 18:03:42 VM-4-15-centos pluto[10406]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Hash algorithms: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MD5 IKEv1: IKE IKEv2: NSS Dec 8 18:03:42 VM-4-15-centos pluto[10406]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha Dec 8 18:03:42 VM-4-15-centos pluto[10406]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: IDENTITY IKEv1: IKEv2: FIPS Dec 8 18:03:42 VM-4-15-centos pluto[10406]: PRF algorithms: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Integrity algorithms: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Dec 8 18:03:42 VM-4-15-centos pluto[10406]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Dec 8 18:03:42 VM-4-15-centos pluto[10406]: DH algorithms: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: IPCOMP algorithms: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS Dec 8 18:03:42 VM-4-15-centos pluto[10406]: LZS IKEv1: IKEv2: ESP AH FIPS Dec 8 18:03:42 VM-4-15-centos pluto[10406]: LZJH IKEv1: IKEv2: ESP AH FIPS Dec 8 18:03:42 VM-4-15-centos pluto[10406]: testing CAMELLIA_CBC: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Camellia: 16 bytes with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Camellia: 16 bytes with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Camellia: 16 bytes with 256-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Camellia: 16 bytes with 256-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_GCM_16: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: empty string Dec 8 18:03:42 VM-4-15-centos pluto[10406]: one block Dec 8 18:03:42 VM-4-15-centos pluto[10406]: two blocks Dec 8 18:03:42 VM-4-15-centos pluto[10406]: two blocks with associated data Dec 8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_CTR: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 16 octets using AES-CTR with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 32 octets using AES-CTR with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 36 octets using AES-CTR with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 16 octets using AES-CTR with 192-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 32 octets using AES-CTR with 192-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 36 octets using AES-CTR with 192-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 16 octets using AES-CTR with 256-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 32 octets using AES-CTR with 256-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 36 octets using AES-CTR with 256-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_CBC: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Dec 8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_XCBC: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Dec 8 18:03:42 VM-4-15-centos pluto[10406]: testing HMAC_MD5: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 2104: MD5_HMAC test 1 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 2104: MD5_HMAC test 2 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: RFC 2104: MD5_HMAC test 3 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: testing HMAC_SHA1: Dec 8 18:03:42 VM-4-15-centos pluto[10406]: CAVP: IKEv2 key derivation with HMAC-SHA1 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: 2 CPU cores online Dec 8 18:03:42 VM-4-15-centos pluto[10406]: starting up 2 helper threads Dec 8 18:03:42 VM-4-15-centos pluto[10406]: started thread for helper 0 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: started thread for helper 1 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: using Linux xfrm kernel support code on #1 SMP Mon Jul 18 17:42:52 UTC 2022 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: selinux support is NOT enabled. Dec 8 18:03:42 VM-4-15-centos pluto[10406]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs Dec 8 18:03:42 VM-4-15-centos pluto[10406]: watchdog: sending probes every 100 secs Dec 8 18:03:42 VM-4-15-centos pluto[10406]: seccomp security not supported Dec 8 18:03:42 VM-4-15-centos pluto[10406]: helper(1) seccomp security for helper not supported Dec 8 18:03:42 VM-4-15-centos pluto[10406]: helper(2) seccomp security for helper not supported Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "l2tp-psk": added IKEv1 connection Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "xauth-psk": added IKEv1 connection Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": IKE SA proposals (connection add): Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": Child SA proposals (connection add): Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": loaded private key matching left certificate '43.153.40.113' Dec 8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": added IKEv2 connection Dec 8 18:03:42 VM-4-15-centos pluto[10406]: listening for IKE messages Dec 8 18:03:42 VM-4-15-centos pluto[10406]: Kernel supports NIC esp-hw-offload Dec 8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface eth0 10.0.4.15:500 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface eth0 10.0.4.15:4500 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo 127.0.0.1:500 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo 127.0.0.1:4500 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo [::1]:500 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo [::1]:4500 Dec 8 18:03:42 VM-4-15-centos pluto[10406]: forgetting secrets Dec 8 18:03:42 VM-4-15-centos pluto[10406]: loading secrets from "/etc/ipsec.secrets" Dec 8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048 Dec 8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr} Dec 8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: reloaded private key matching left certificate '43.153.40.113' Dec 8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 18:03:46 VM-4-15-centos pluto[10406]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1 Dec 8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=4a076ffc chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #2: responder established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x4a076ffc <0x51371a96 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15208 DPD=active} Dec 8 18:03:47 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 18:03:48 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 18:04:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 18:04:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 18:04:18 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 18:04:20 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 18:04:24 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 18:04:32 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 18:04:48 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 18:05:20 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 18:05:42 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048 Dec 8 18:05:42 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} Dec 8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr} Dec 8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN' Dec 8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=3a6d83e6 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match] Dec 8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x3a6d83e6 <0xf3d4c0dc xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15208 DPD=active} Dec 8 18:05:44 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 18:05:45 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response Dec 8 18:06:13 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response Dec 8 18:06:14 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response Dec 8 18:06:15 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response Dec 8 18:06:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response Dec 8 18:06:21 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response Dec 8 18:06:24 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response Dec 8 18:06:29 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response Dec 8 18:06:45 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response Dec 8 18:07:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response Dec 8 18:08:21 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response Dec 8 18:08:32 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
检查日志及 VPN 状态,并添加错误日志以帮助解释该问题(如果适用)。
服务器信息(请填写以下信息)
客户端信息(请填写以下信息)
@cai-xiaotao 你好!该问题可能是因为GFW干扰导致的。IPsec VPN 较容易被干扰,建议尝试其他解决方案比如Shadowsocks。
我也是, 上次我 vpn 不能用了, 就装了Shadowsocks, 结果过几天给我 ip 直接封了
问题描述 如图所示,刚开始搭建完是能连接的,然后后面断开连接几次也都正常,但是过了大概两个小时左右,再连接就出问题了!之后重装系统没得到结局,然后换了公网ip重装解决了,但是过了两个小时左右又是一样了,用的是腾讯云的服务器硅谷节点
期待的正确结果 能连接上
日志
检查日志及 VPN 状态,并添加错误日志以帮助解释该问题(如果适用)。
服务器信息(请填写以下信息)
客户端信息(请填写以下信息)