All seems OK on server-side, but vpn-client (iphone l2tp vpn) shows 'L2TP-VPN server not responding..'
/var/log/auth.log shows
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: responding to Main Mode from unknown peer 223.104.212.77 on port 39241
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Oct 8 07:58:15 localhost pluto[10062]: | ISAKMP Notification Payload
Oct 8 07:58:15 localhost pluto[10062]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: switched from "l2tp-psk"[1] 223.104.212.77 to "l2tp-psk"
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: deleting connection "l2tp-psk"[1] 223.104.212.77 instance with peer 223.104.212.77 {isakmp=#0/ipsec=#0}
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Oct 8 07:58:19 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:58:22 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:58:25 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Oct 8 07:58:38 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Oct 8 07:58:59 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: responding to Main Mode from unknown peer 223.104.212.77 on port 39241
Oct 8 07:58:59 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 8 07:58:59 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 8 07:59:00 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Oct 8 07:59:00 localhost pluto[10062]: | ISAKMP Notification Payload
Oct 8 07:59:00 localhost pluto[10062]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Oct 8 07:59:00 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:59:00 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Oct 8 07:59:03 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:59:06 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:59:09 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Below are full logs
# ipsec verify
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.29 (netkey) on 4.4.0-62-generic
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
Exit code: 0
# grep pluto /var/log/auth.log
Oct 8 07:43:15 localhost pluto[29901]: NSS DB directory: sql:/etc/ipsec.d
Oct 8 07:43:15 localhost pluto[29901]: Initializing NSS
Oct 8 07:43:15 localhost pluto[29901]: Opening NSS database "sql:/etc/ipsec.d" read-only
Oct 8 07:43:16 localhost pluto[29901]: NSS initialized
Oct 8 07:43:16 localhost pluto[29901]: NSS crypto library initialized
Oct 8 07:43:16 localhost pluto[29901]: FIPS HMAC integrity support [disabled]
Oct 8 07:43:16 localhost pluto[29901]: libcap-ng support [enabled]
Oct 8 07:43:16 localhost pluto[29901]: Linux audit support [disabled]
Oct 8 07:43:16 localhost pluto[29901]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) SYSTEMD_WATCHDOG LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:29901
Oct 8 07:43:16 localhost pluto[29901]: core dump dir: /run/pluto
Oct 8 07:43:16 localhost pluto[29901]: secrets file: /etc/ipsec.secrets
Oct 8 07:43:16 localhost pluto[29901]: leak-detective enabled
Oct 8 07:43:16 localhost pluto[29901]: NSS crypto [enabled]
Oct 8 07:43:16 localhost pluto[29901]: XAUTH PAM support [enabled]
Oct 8 07:43:16 localhost pluto[29901]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Oct 8 07:43:16 localhost pluto[29901]: NAT-Traversal support [enabled]
Oct 8 07:43:16 localhost pluto[29901]: Encryption algorithms:
Oct 8 07:43:16 localhost pluto[29901]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c
Oct 8 07:43:16 localhost pluto[29901]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b
Oct 8 07:43:16 localhost pluto[29901]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a
Oct 8 07:43:16 localhost pluto[29901]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des
Oct 8 07:43:16 localhost pluto[29901]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Oct 8 07:43:16 localhost pluto[29901]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia
Oct 8 07:43:16 localhost pluto[29901]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c
Oct 8 07:43:16 localhost pluto[29901]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b
Oct 8 07:43:16 localhost pluto[29901]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a
Oct 8 07:43:16 localhost pluto[29901]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr
Oct 8 07:43:16 localhost pluto[29901]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes
Oct 8 07:43:16 localhost pluto[29901]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent
Oct 8 07:43:16 localhost pluto[29901]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish
Oct 8 07:43:16 localhost pluto[29901]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh
Oct 8 07:43:16 localhost pluto[29901]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac
Oct 8 07:43:16 localhost pluto[29901]: NULL IKEv1: ESP IKEv2: ESP []
Oct 8 07:43:16 localhost pluto[29901]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305
Oct 8 07:43:16 localhost pluto[29901]: Hash algorithms:
Oct 8 07:43:16 localhost pluto[29901]: MD5 IKEv1: IKE IKEv2:
Oct 8 07:43:16 localhost pluto[29901]: SHA1 IKEv1: IKE IKEv2: FIPS sha
Oct 8 07:43:16 localhost pluto[29901]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256
Oct 8 07:43:16 localhost pluto[29901]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384
Oct 8 07:43:16 localhost pluto[29901]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512
Oct 8 07:43:16 localhost pluto[29901]: PRF algorithms:
Oct 8 07:43:16 localhost pluto[29901]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512
Oct 8 07:43:16 localhost pluto[29901]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc
Oct 8 07:43:16 localhost pluto[29901]: Integrity algorithms:
Oct 8 07:43:16 localhost pluto[29901]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Oct 8 07:43:16 localhost pluto[29901]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Oct 8 07:43:16 localhost pluto[29901]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96
Oct 8 07:43:16 localhost pluto[29901]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Oct 8 07:43:16 localhost pluto[29901]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Oct 8 07:43:16 localhost pluto[29901]: DH algorithms:
Oct 8 07:43:16 localhost pluto[29901]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0
Oct 8 07:43:16 localhost pluto[29901]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2
Oct 8 07:43:16 localhost pluto[29901]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5
Oct 8 07:43:16 localhost pluto[29901]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14
Oct 8 07:43:16 localhost pluto[29901]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15
Oct 8 07:43:16 localhost pluto[29901]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16
Oct 8 07:43:16 localhost pluto[29901]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17
Oct 8 07:43:16 localhost pluto[29901]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18
Oct 8 07:43:16 localhost pluto[29901]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256
Oct 8 07:43:16 localhost pluto[29901]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384
Oct 8 07:43:16 localhost pluto[29901]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521
Oct 8 07:43:16 localhost pluto[29901]: 2 CPU cores online
Oct 8 07:43:16 localhost pluto[29901]: starting up 2 crypto helpers
Oct 8 07:43:16 localhost pluto[29901]: started thread for crypto helper 0
Oct 8 07:43:16 localhost pluto[29901]: started thread for crypto helper 1
Oct 8 07:43:16 localhost pluto[29901]: Using Linux XFRM/NETKEY IPsec interface code on 4.4.0-62-generic
Oct 8 07:43:16 localhost pluto[29901]: seccomp security for crypto helper not supported
Oct 8 07:43:16 localhost pluto[29901]: seccomp security for crypto helper not supported
Oct 8 07:43:16 localhost pluto[29901]: selinux support is NOT enabled.
Oct 8 07:43:16 localhost pluto[29901]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Oct 8 07:43:16 localhost pluto[29901]: watchdog: sending probes every 100 secs
Oct 8 07:43:16 localhost pluto[29901]: seccomp security not supported
Oct 8 07:43:16 localhost pluto[29901]: added connection description "l2tp-psk"
Oct 8 07:43:16 localhost pluto[29901]: added connection description "xauth-psk"
Oct 8 07:43:16 localhost pluto[29901]: listening for IKE messages
Oct 8 07:43:16 localhost pluto[29901]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported
Oct 8 07:43:16 localhost pluto[29901]: Kernel does not support NIC esp-hw-offload
Oct 8 07:43:16 localhost pluto[29901]: adding interface eth0/eth0 (esp-hw-offload=no) 176.122.170.87:500
Oct 8 07:43:16 localhost pluto[29901]: adding interface eth0/eth0 176.122.170.87:4500
Oct 8 07:43:16 localhost pluto[29901]: Kernel does not support NIC esp-hw-offload
Oct 8 07:43:16 localhost pluto[29901]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500
Oct 8 07:43:16 localhost pluto[29901]: adding interface lo/lo 127.0.0.1:4500
Oct 8 07:43:16 localhost pluto[29901]: Kernel does not support NIC esp-hw-offload
Oct 8 07:43:16 localhost pluto[29901]: adding interface lo/lo (esp-hw-offload=no) ::1:500
Oct 8 07:43:16 localhost pluto[29901]: loading secrets from "/etc/ipsec.secrets"
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[1] 223.104.212.77 #1: responding to Main Mode from unknown peer 223.104.212.77 on port 39240
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[1] 223.104.212.77 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[1] 223.104.212.77 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[1] 223.104.212.77 #1: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Oct 8 07:45:06 localhost pluto[29901]: | ISAKMP Notification Payload
Oct 8 07:45:06 localhost pluto[29901]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[1] 223.104.212.77 #1: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[1] 223.104.212.77 #1: switched from "l2tp-psk"[1] 223.104.212.77 to "l2tp-psk"
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77 #1: deleting connection "l2tp-psk"[1] 223.104.212.77 instance with peer 223.104.212.77 {isakmp=#0/ipsec=#0}
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77 #1: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:45:06 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Oct 8 07:45:09 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:45:12 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:45:16 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Oct 8 07:45:29 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Oct 8 07:53:28 localhost pluto[29901]: shutting down
Oct 8 07:53:28 localhost pluto[29901]: forgetting secrets
Oct 8 07:53:28 localhost pluto[29901]: "l2tp-psk"[2] 223.104.212.77: deleting connection "l2tp-psk"[2] 223.104.212.77 instance with peer 223.104.212.77 {isakmp=#1/ipsec=#0}
Oct 8 07:53:28 localhost pluto[29901]: "l2tp-psk" #1: deleting state (STATE_MAIN_R3) aged 502.663s and sending notification
Oct 8 07:53:28 localhost pluto[29901]: shutting down interface lo/lo ::1:500
Oct 8 07:53:28 localhost pluto[29901]: shutting down interface lo/lo 127.0.0.1:4500
Oct 8 07:53:28 localhost pluto[29901]: shutting down interface lo/lo 127.0.0.1:500
Oct 8 07:53:28 localhost pluto[29901]: shutting down interface eth0/eth0 176.122.170.87:4500
Oct 8 07:53:28 localhost pluto[29901]: shutting down interface eth0/eth0 176.122.170.87:500
Oct 8 07:53:28 localhost pluto[29901]: leak: 3 * libevent_malloc, item size: 40
Oct 8 07:53:28 localhost pluto[29901]: leak detective found 3 leaks, total size 40
Oct 8 07:53:29 localhost pluto[3912]: NSS DB directory: sql:/etc/ipsec.d
Oct 8 07:53:29 localhost pluto[3912]: Initializing NSS
Oct 8 07:53:29 localhost pluto[3912]: Opening NSS database "sql:/etc/ipsec.d" read-only
Oct 8 07:53:29 localhost pluto[3912]: NSS initialized
Oct 8 07:53:29 localhost pluto[3912]: NSS crypto library initialized
Oct 8 07:53:29 localhost pluto[3912]: FIPS HMAC integrity support [disabled]
Oct 8 07:53:29 localhost pluto[3912]: libcap-ng support [enabled]
Oct 8 07:53:29 localhost pluto[3912]: Linux audit support [disabled]
Oct 8 07:53:29 localhost pluto[3912]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) SYSTEMD_WATCHDOG LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:3912
Oct 8 07:53:29 localhost pluto[3912]: core dump dir: /run/pluto
Oct 8 07:53:29 localhost pluto[3912]: secrets file: /etc/ipsec.secrets
Oct 8 07:53:29 localhost pluto[3912]: leak-detective enabled
Oct 8 07:53:29 localhost pluto[3912]: NSS crypto [enabled]
Oct 8 07:53:29 localhost pluto[3912]: XAUTH PAM support [enabled]
Oct 8 07:53:29 localhost pluto[3912]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Oct 8 07:53:29 localhost pluto[3912]: NAT-Traversal support [enabled]
Oct 8 07:53:29 localhost pluto[3912]: Encryption algorithms:
Oct 8 07:53:29 localhost pluto[3912]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c
Oct 8 07:53:29 localhost pluto[3912]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b
Oct 8 07:53:29 localhost pluto[3912]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a
Oct 8 07:53:29 localhost pluto[3912]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des
Oct 8 07:53:29 localhost pluto[3912]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Oct 8 07:53:29 localhost pluto[3912]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia
Oct 8 07:53:29 localhost pluto[3912]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c
Oct 8 07:53:29 localhost pluto[3912]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b
Oct 8 07:53:29 localhost pluto[3912]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a
Oct 8 07:53:29 localhost pluto[3912]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr
Oct 8 07:53:29 localhost pluto[3912]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes
Oct 8 07:53:29 localhost pluto[3912]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent
Oct 8 07:53:29 localhost pluto[3912]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish
Oct 8 07:53:29 localhost pluto[3912]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh
Oct 8 07:53:29 localhost pluto[3912]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac
Oct 8 07:53:29 localhost pluto[3912]: NULL IKEv1: ESP IKEv2: ESP []
Oct 8 07:53:29 localhost pluto[3912]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305
Oct 8 07:53:29 localhost pluto[3912]: Hash algorithms:
Oct 8 07:53:29 localhost pluto[3912]: MD5 IKEv1: IKE IKEv2:
Oct 8 07:53:29 localhost pluto[3912]: SHA1 IKEv1: IKE IKEv2: FIPS sha
Oct 8 07:53:29 localhost pluto[3912]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256
Oct 8 07:53:29 localhost pluto[3912]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384
Oct 8 07:53:29 localhost pluto[3912]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512
Oct 8 07:53:29 localhost pluto[3912]: PRF algorithms:
Oct 8 07:53:29 localhost pluto[3912]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512
Oct 8 07:53:29 localhost pluto[3912]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc
Oct 8 07:53:29 localhost pluto[3912]: Integrity algorithms:
Oct 8 07:53:29 localhost pluto[3912]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Oct 8 07:53:29 localhost pluto[3912]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Oct 8 07:53:29 localhost pluto[3912]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96
Oct 8 07:53:29 localhost pluto[3912]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Oct 8 07:53:29 localhost pluto[3912]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Oct 8 07:53:29 localhost pluto[3912]: DH algorithms:
Oct 8 07:53:29 localhost pluto[3912]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0
Oct 8 07:53:29 localhost pluto[3912]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2
Oct 8 07:53:29 localhost pluto[3912]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5
Oct 8 07:53:29 localhost pluto[3912]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14
Oct 8 07:53:29 localhost pluto[3912]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15
Oct 8 07:53:29 localhost pluto[3912]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16
Oct 8 07:53:29 localhost pluto[3912]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17
Oct 8 07:53:29 localhost pluto[3912]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18
Oct 8 07:53:29 localhost pluto[3912]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256
Oct 8 07:53:29 localhost pluto[3912]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384
Oct 8 07:53:29 localhost pluto[3912]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521
Oct 8 07:53:29 localhost pluto[3912]: 2 CPU cores online
Oct 8 07:53:29 localhost pluto[3912]: starting up 2 crypto helpers
Oct 8 07:53:29 localhost pluto[3912]: started thread for crypto helper 0
Oct 8 07:53:29 localhost pluto[3912]: started thread for crypto helper 1
Oct 8 07:53:29 localhost pluto[3912]: Using Linux XFRM/NETKEY IPsec interface code on 4.4.0-62-generic
Oct 8 07:53:29 localhost pluto[3912]: selinux support is NOT enabled.
Oct 8 07:53:29 localhost pluto[3912]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Oct 8 07:53:29 localhost pluto[3912]: watchdog: sending probes every 100 secs
Oct 8 07:53:29 localhost pluto[3912]: seccomp security not supported
Oct 8 07:53:29 localhost pluto[3912]: seccomp security for crypto helper not supported
Oct 8 07:53:29 localhost pluto[3912]: seccomp security for crypto helper not supported
Oct 8 07:53:29 localhost pluto[3912]: added connection description "l2tp-psk"
Oct 8 07:53:29 localhost pluto[3912]: added connection description "xauth-psk"
Oct 8 07:53:29 localhost pluto[3912]: listening for IKE messages
Oct 8 07:53:29 localhost pluto[3912]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported
Oct 8 07:53:29 localhost pluto[3912]: Kernel does not support NIC esp-hw-offload
Oct 8 07:53:29 localhost pluto[3912]: adding interface eth0/eth0 (esp-hw-offload=no) 176.122.170.87:500
Oct 8 07:53:29 localhost pluto[3912]: adding interface eth0/eth0 176.122.170.87:4500
Oct 8 07:53:29 localhost pluto[3912]: Kernel does not support NIC esp-hw-offload
Oct 8 07:53:29 localhost pluto[3912]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500
Oct 8 07:53:29 localhost pluto[3912]: adding interface lo/lo 127.0.0.1:4500
Oct 8 07:53:29 localhost pluto[3912]: Kernel does not support NIC esp-hw-offload
Oct 8 07:53:29 localhost pluto[3912]: adding interface lo/lo (esp-hw-offload=no) ::1:500
Oct 8 07:53:29 localhost pluto[3912]: loading secrets from "/etc/ipsec.secrets"
Oct 8 07:54:13 localhost pluto[3912]: shutting down
Oct 8 07:54:13 localhost pluto[3912]: forgetting secrets
Oct 8 07:54:13 localhost pluto[3912]: shutting down interface lo/lo ::1:500
Oct 8 07:54:13 localhost pluto[3912]: shutting down interface lo/lo 127.0.0.1:4500
Oct 8 07:54:13 localhost pluto[3912]: shutting down interface lo/lo 127.0.0.1:500
Oct 8 07:54:13 localhost pluto[3912]: shutting down interface eth0/eth0 176.122.170.87:4500
Oct 8 07:54:13 localhost pluto[3912]: shutting down interface eth0/eth0 176.122.170.87:500
Oct 8 07:54:13 localhost pluto[3912]: leak: 3 * libevent_malloc, item size: 40
Oct 8 07:54:13 localhost pluto[3912]: leak detective found 3 leaks, total size 40
Oct 8 07:54:14 localhost pluto[9662]: NSS DB directory: sql:/etc/ipsec.d
Oct 8 07:54:14 localhost pluto[9662]: Initializing NSS
Oct 8 07:54:14 localhost pluto[9662]: Opening NSS database "sql:/etc/ipsec.d" read-only
Oct 8 07:54:14 localhost pluto[9662]: NSS initialized
Oct 8 07:54:14 localhost pluto[9662]: NSS crypto library initialized
Oct 8 07:54:14 localhost pluto[9662]: FIPS HMAC integrity support [disabled]
Oct 8 07:54:14 localhost pluto[9662]: libcap-ng support [enabled]
Oct 8 07:54:14 localhost pluto[9662]: Linux audit support [disabled]
Oct 8 07:54:14 localhost pluto[9662]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) SYSTEMD_WATCHDOG LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:9662
Oct 8 07:54:14 localhost pluto[9662]: core dump dir: /run/pluto
Oct 8 07:54:14 localhost pluto[9662]: secrets file: /etc/ipsec.secrets
Oct 8 07:54:14 localhost pluto[9662]: leak-detective enabled
Oct 8 07:54:14 localhost pluto[9662]: NSS crypto [enabled]
Oct 8 07:54:14 localhost pluto[9662]: XAUTH PAM support [enabled]
Oct 8 07:54:14 localhost pluto[9662]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Oct 8 07:54:14 localhost pluto[9662]: NAT-Traversal support [enabled]
Oct 8 07:54:14 localhost pluto[9662]: Encryption algorithms:
Oct 8 07:54:14 localhost pluto[9662]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c
Oct 8 07:54:14 localhost pluto[9662]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b
Oct 8 07:54:14 localhost pluto[9662]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a
Oct 8 07:54:14 localhost pluto[9662]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des
Oct 8 07:54:14 localhost pluto[9662]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Oct 8 07:54:14 localhost pluto[9662]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia
Oct 8 07:54:14 localhost pluto[9662]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c
Oct 8 07:54:14 localhost pluto[9662]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b
Oct 8 07:54:14 localhost pluto[9662]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a
Oct 8 07:54:14 localhost pluto[9662]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr
Oct 8 07:54:14 localhost pluto[9662]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes
Oct 8 07:54:14 localhost pluto[9662]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent
Oct 8 07:54:14 localhost pluto[9662]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish
Oct 8 07:54:14 localhost pluto[9662]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh
Oct 8 07:54:14 localhost pluto[9662]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac
Oct 8 07:54:14 localhost pluto[9662]: NULL IKEv1: ESP IKEv2: ESP []
Oct 8 07:54:14 localhost pluto[9662]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305
Oct 8 07:54:14 localhost pluto[9662]: Hash algorithms:
Oct 8 07:54:14 localhost pluto[9662]: MD5 IKEv1: IKE IKEv2:
Oct 8 07:54:14 localhost pluto[9662]: SHA1 IKEv1: IKE IKEv2: FIPS sha
Oct 8 07:54:14 localhost pluto[9662]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256
Oct 8 07:54:14 localhost pluto[9662]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384
Oct 8 07:54:14 localhost pluto[9662]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512
Oct 8 07:54:14 localhost pluto[9662]: PRF algorithms:
Oct 8 07:54:14 localhost pluto[9662]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512
Oct 8 07:54:14 localhost pluto[9662]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc
Oct 8 07:54:14 localhost pluto[9662]: Integrity algorithms:
Oct 8 07:54:14 localhost pluto[9662]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Oct 8 07:54:14 localhost pluto[9662]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Oct 8 07:54:14 localhost pluto[9662]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96
Oct 8 07:54:14 localhost pluto[9662]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Oct 8 07:54:14 localhost pluto[9662]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Oct 8 07:54:14 localhost pluto[9662]: DH algorithms:
Oct 8 07:54:14 localhost pluto[9662]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0
Oct 8 07:54:14 localhost pluto[9662]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2
Oct 8 07:54:14 localhost pluto[9662]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5
Oct 8 07:54:14 localhost pluto[9662]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14
Oct 8 07:54:14 localhost pluto[9662]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15
Oct 8 07:54:14 localhost pluto[9662]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16
Oct 8 07:54:14 localhost pluto[9662]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17
Oct 8 07:54:14 localhost pluto[9662]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18
Oct 8 07:54:14 localhost pluto[9662]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256
Oct 8 07:54:14 localhost pluto[9662]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384
Oct 8 07:54:14 localhost pluto[9662]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521
Oct 8 07:54:14 localhost pluto[9662]: 2 CPU cores online
Oct 8 07:54:14 localhost pluto[9662]: starting up 2 crypto helpers
Oct 8 07:54:14 localhost pluto[9662]: started thread for crypto helper 0
Oct 8 07:54:14 localhost pluto[9662]: started thread for crypto helper 1
Oct 8 07:54:14 localhost pluto[9662]: Using Linux XFRM/NETKEY IPsec interface code on 4.4.0-62-generic
Oct 8 07:54:14 localhost pluto[9662]: selinux support is NOT enabled.
Oct 8 07:54:14 localhost pluto[9662]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Oct 8 07:54:14 localhost pluto[9662]: watchdog: sending probes every 100 secs
Oct 8 07:54:14 localhost pluto[9662]: seccomp security not supported
Oct 8 07:54:14 localhost pluto[9662]: seccomp security for crypto helper not supported
Oct 8 07:54:14 localhost pluto[9662]: seccomp security for crypto helper not supported
Oct 8 07:54:14 localhost pluto[9662]: added connection description "l2tp-psk"
Oct 8 07:54:14 localhost pluto[9662]: added connection description "xauth-psk"
Oct 8 07:54:14 localhost pluto[9662]: listening for IKE messages
Oct 8 07:54:14 localhost pluto[9662]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported
Oct 8 07:54:14 localhost pluto[9662]: Kernel does not support NIC esp-hw-offload
Oct 8 07:54:14 localhost pluto[9662]: adding interface eth0/eth0 (esp-hw-offload=no) 176.122.170.87:500
Oct 8 07:54:14 localhost pluto[9662]: adding interface eth0/eth0 176.122.170.87:4500
Oct 8 07:54:14 localhost pluto[9662]: Kernel does not support NIC esp-hw-offload
Oct 8 07:54:14 localhost pluto[9662]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500
Oct 8 07:54:14 localhost pluto[9662]: adding interface lo/lo 127.0.0.1:4500
Oct 8 07:54:14 localhost pluto[9662]: Kernel does not support NIC esp-hw-offload
Oct 8 07:54:14 localhost pluto[9662]: adding interface lo/lo (esp-hw-offload=no) ::1:500
Oct 8 07:54:14 localhost pluto[9662]: loading secrets from "/etc/ipsec.secrets"
Oct 8 07:55:59 localhost pluto[9662]: shutting down
Oct 8 07:55:59 localhost pluto[9662]: forgetting secrets
Oct 8 07:55:59 localhost pluto[9662]: shutting down interface lo/lo ::1:500
Oct 8 07:55:59 localhost pluto[9662]: shutting down interface lo/lo 127.0.0.1:4500
Oct 8 07:55:59 localhost pluto[9662]: shutting down interface lo/lo 127.0.0.1:500
Oct 8 07:55:59 localhost pluto[9662]: shutting down interface eth0/eth0 176.122.170.87:4500
Oct 8 07:55:59 localhost pluto[9662]: shutting down interface eth0/eth0 176.122.170.87:500
Oct 8 07:55:59 localhost pluto[9662]: leak: 3 * libevent_malloc, item size: 40
Oct 8 07:55:59 localhost pluto[9662]: leak detective found 3 leaks, total size 40
Oct 8 07:56:00 localhost pluto[10062]: NSS DB directory: sql:/etc/ipsec.d
Oct 8 07:56:00 localhost pluto[10062]: Initializing NSS
Oct 8 07:56:00 localhost pluto[10062]: Opening NSS database "sql:/etc/ipsec.d" read-only
Oct 8 07:56:00 localhost pluto[10062]: NSS initialized
Oct 8 07:56:00 localhost pluto[10062]: NSS crypto library initialized
Oct 8 07:56:00 localhost pluto[10062]: FIPS HMAC integrity support [disabled]
Oct 8 07:56:00 localhost pluto[10062]: libcap-ng support [enabled]
Oct 8 07:56:00 localhost pluto[10062]: Linux audit support [disabled]
Oct 8 07:56:00 localhost pluto[10062]: Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) SYSTEMD_WATCHDOG LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10062
Oct 8 07:56:00 localhost pluto[10062]: core dump dir: /run/pluto
Oct 8 07:56:00 localhost pluto[10062]: secrets file: /etc/ipsec.secrets
Oct 8 07:56:00 localhost pluto[10062]: leak-detective enabled
Oct 8 07:56:00 localhost pluto[10062]: NSS crypto [enabled]
Oct 8 07:56:00 localhost pluto[10062]: XAUTH PAM support [enabled]
Oct 8 07:56:00 localhost pluto[10062]: Initializing libevent in pthreads mode: headers: 2.0.21-stable (2001500); library: 2.0.21-stable (2001500)
Oct 8 07:56:00 localhost pluto[10062]: NAT-Traversal support [enabled]
Oct 8 07:56:00 localhost pluto[10062]: Encryption algorithms:
Oct 8 07:56:00 localhost pluto[10062]: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c
Oct 8 07:56:00 localhost pluto[10062]: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b
Oct 8 07:56:00 localhost pluto[10062]: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a
Oct 8 07:56:00 localhost pluto[10062]: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des
Oct 8 07:56:00 localhost pluto[10062]: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
Oct 8 07:56:00 localhost pluto[10062]: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia
Oct 8 07:56:00 localhost pluto[10062]: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c
Oct 8 07:56:00 localhost pluto[10062]: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b
Oct 8 07:56:00 localhost pluto[10062]: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a
Oct 8 07:56:00 localhost pluto[10062]: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr
Oct 8 07:56:00 localhost pluto[10062]: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes
Oct 8 07:56:00 localhost pluto[10062]: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent
Oct 8 07:56:00 localhost pluto[10062]: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish
Oct 8 07:56:00 localhost pluto[10062]: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh
Oct 8 07:56:00 localhost pluto[10062]: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac
Oct 8 07:56:00 localhost pluto[10062]: NULL IKEv1: ESP IKEv2: ESP []
Oct 8 07:56:00 localhost pluto[10062]: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305
Oct 8 07:56:00 localhost pluto[10062]: Hash algorithms:
Oct 8 07:56:00 localhost pluto[10062]: MD5 IKEv1: IKE IKEv2:
Oct 8 07:56:00 localhost pluto[10062]: SHA1 IKEv1: IKE IKEv2: FIPS sha
Oct 8 07:56:00 localhost pluto[10062]: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256
Oct 8 07:56:00 localhost pluto[10062]: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384
Oct 8 07:56:00 localhost pluto[10062]: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512
Oct 8 07:56:00 localhost pluto[10062]: PRF algorithms:
Oct 8 07:56:00 localhost pluto[10062]: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512
Oct 8 07:56:00 localhost pluto[10062]: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc
Oct 8 07:56:00 localhost pluto[10062]: Integrity algorithms:
Oct 8 07:56:00 localhost pluto[10062]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Oct 8 07:56:00 localhost pluto[10062]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Oct 8 07:56:00 localhost pluto[10062]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96
Oct 8 07:56:00 localhost pluto[10062]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Oct 8 07:56:00 localhost pluto[10062]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Oct 8 07:56:00 localhost pluto[10062]: DH algorithms:
Oct 8 07:56:00 localhost pluto[10062]: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0
Oct 8 07:56:00 localhost pluto[10062]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh2
Oct 8 07:56:00 localhost pluto[10062]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5
Oct 8 07:56:00 localhost pluto[10062]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14
Oct 8 07:56:00 localhost pluto[10062]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15
Oct 8 07:56:00 localhost pluto[10062]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16
Oct 8 07:56:00 localhost pluto[10062]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17
Oct 8 07:56:00 localhost pluto[10062]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18
Oct 8 07:56:00 localhost pluto[10062]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256
Oct 8 07:56:00 localhost pluto[10062]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384
Oct 8 07:56:00 localhost pluto[10062]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521
Oct 8 07:56:00 localhost pluto[10062]: 2 CPU cores online
Oct 8 07:56:00 localhost pluto[10062]: starting up 2 crypto helpers
Oct 8 07:56:00 localhost pluto[10062]: started thread for crypto helper 0
Oct 8 07:56:00 localhost pluto[10062]: started thread for crypto helper 1
Oct 8 07:56:00 localhost pluto[10062]: Using Linux XFRM/NETKEY IPsec interface code on 4.4.0-62-generic
Oct 8 07:56:00 localhost pluto[10062]: selinux support is NOT enabled.
Oct 8 07:56:00 localhost pluto[10062]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Oct 8 07:56:00 localhost pluto[10062]: watchdog: sending probes every 100 secs
Oct 8 07:56:00 localhost pluto[10062]: seccomp security not supported
Oct 8 07:56:00 localhost pluto[10062]: seccomp security for crypto helper not supported
Oct 8 07:56:00 localhost pluto[10062]: seccomp security for crypto helper not supported
Oct 8 07:56:00 localhost pluto[10062]: added connection description "l2tp-psk"
Oct 8 07:56:00 localhost pluto[10062]: added connection description "xauth-psk"
Oct 8 07:56:00 localhost pluto[10062]: listening for IKE messages
Oct 8 07:56:00 localhost pluto[10062]: ERROR: can't offload to eth0 because SIOCETHTOOL ETHTOOL_GSSET_INFO failed. Errno 95: Operation not supported
Oct 8 07:56:00 localhost pluto[10062]: Kernel does not support NIC esp-hw-offload
Oct 8 07:56:00 localhost pluto[10062]: adding interface eth0/eth0 (esp-hw-offload=no) 176.122.170.87:500
Oct 8 07:56:00 localhost pluto[10062]: adding interface eth0/eth0 176.122.170.87:4500
Oct 8 07:56:00 localhost pluto[10062]: Kernel does not support NIC esp-hw-offload
Oct 8 07:56:00 localhost pluto[10062]: adding interface lo/lo (esp-hw-offload=no) 127.0.0.1:500
Oct 8 07:56:00 localhost pluto[10062]: adding interface lo/lo 127.0.0.1:4500
Oct 8 07:56:00 localhost pluto[10062]: Kernel does not support NIC esp-hw-offload
Oct 8 07:56:00 localhost pluto[10062]: adding interface lo/lo (esp-hw-offload=no) ::1:500
Oct 8 07:56:00 localhost pluto[10062]: loading secrets from "/etc/ipsec.secrets"
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: responding to Main Mode from unknown peer 223.104.212.77 on port 39241
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Oct 8 07:58:15 localhost pluto[10062]: | ISAKMP Notification Payload
Oct 8 07:58:15 localhost pluto[10062]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[1] 223.104.212.77 #1: switched from "l2tp-psk"[1] 223.104.212.77 to "l2tp-psk"
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: deleting connection "l2tp-psk"[1] 223.104.212.77 instance with peer 223.104.212.77 {isakmp=#0/ipsec=#0}
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:58:15 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Oct 8 07:58:19 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:58:22 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:58:25 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Oct 8 07:58:38 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #1: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Oct 8 07:58:59 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: responding to Main Mode from unknown peer 223.104.212.77 on port 39241
Oct 8 07:58:59 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 8 07:58:59 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 8 07:59:00 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Oct 8 07:59:00 localhost pluto[10062]: | ISAKMP Notification Payload
Oct 8 07:59:00 localhost pluto[10062]: | 00 00 00 1c 00 00 00 01 01 10 60 02
Oct 8 07:59:00 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: Peer ID is ID_IPV4_ADDR: '10.186.168.56'
Oct 8 07:59:00 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Oct 8 07:59:03 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:59:06 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Oct 8 07:59:09 localhost pluto[10062]: "l2tp-psk"[2] 223.104.212.77 #2: discarding duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
# grep xl2tpd /var/log/syslog
Oct 8 07:42:03 localhost xl2tpd[19704]: Not looking for kernel SAref support.
Oct 8 07:42:03 localhost xl2tpd[19704]: Using l2tp kernel support.
Oct 8 07:42:03 localhost xl2tpd[19696]: Starting xl2tpd: xl2tpd.
Oct 8 07:42:03 localhost xl2tpd[19714]: xl2tpd version xl2tpd-1.3.6 started on localhost.localdomain PID:19714
Oct 8 07:42:03 localhost xl2tpd[19714]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 8 07:42:03 localhost xl2tpd[19714]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 8 07:42:03 localhost xl2tpd[19714]: Inherited by Jeff McAdams, (C) 2002
Oct 8 07:42:03 localhost xl2tpd[19714]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 8 07:42:03 localhost xl2tpd[19714]: Listening on IP address 0.0.0.0, port 1701
Oct 8 07:43:16 localhost xl2tpd[29911]: Stopping xl2tpd: xl2tpd.
Oct 8 07:43:16 localhost xl2tpd[19714]: death_handler: Fatal signal 15 received
Oct 8 07:43:16 localhost xl2tpd[29926]: Not looking for kernel SAref support.
Oct 8 07:43:16 localhost xl2tpd[29926]: Using l2tp kernel support.
Oct 8 07:43:16 localhost xl2tpd[29917]: Starting xl2tpd: xl2tpd.
Oct 8 07:43:16 localhost xl2tpd[29927]: xl2tpd version xl2tpd-1.3.6 started on localhost.localdomain PID:29927
Oct 8 07:43:16 localhost xl2tpd[29927]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 8 07:43:16 localhost xl2tpd[29927]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 8 07:43:16 localhost xl2tpd[29927]: Inherited by Jeff McAdams, (C) 2002
Oct 8 07:43:16 localhost xl2tpd[29927]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 8 07:43:16 localhost xl2tpd[29927]: Listening on IP address 0.0.0.0, port 1701
Oct 8 07:53:29 localhost xl2tpd[29927]: death_handler: Fatal signal 15 received
Oct 8 07:53:29 localhost xl2tpd[3927]: Stopping xl2tpd: xl2tpd.
Oct 8 07:53:29 localhost xl2tpd[3943]: Not looking for kernel SAref support.
Oct 8 07:53:29 localhost xl2tpd[3943]: Using l2tp kernel support.
Oct 8 07:53:29 localhost xl2tpd[3934]: Starting xl2tpd: xl2tpd.
Oct 8 07:53:29 localhost xl2tpd[3944]: xl2tpd version xl2tpd-1.3.6 started on localhost.localdomain PID:3944
Oct 8 07:53:29 localhost xl2tpd[3944]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 8 07:53:29 localhost xl2tpd[3944]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 8 07:53:29 localhost xl2tpd[3944]: Inherited by Jeff McAdams, (C) 2002
Oct 8 07:53:29 localhost xl2tpd[3944]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 8 07:53:29 localhost xl2tpd[3944]: Listening on IP address 0.0.0.0, port 1701
Oct 8 07:54:14 localhost xl2tpd[9672]: Stopping xl2tpd: xl2tpd.
Oct 8 07:54:14 localhost xl2tpd[3944]: death_handler: Fatal signal 15 received
Oct 8 07:54:14 localhost xl2tpd[9690]: Not looking for kernel SAref support.
Oct 8 07:54:14 localhost xl2tpd[9690]: Using l2tp kernel support.
Oct 8 07:54:14 localhost xl2tpd[9682]: Starting xl2tpd: xl2tpd.
Oct 8 07:54:14 localhost xl2tpd[9691]: xl2tpd version xl2tpd-1.3.6 started on localhost.localdomain PID:9691
Oct 8 07:54:14 localhost xl2tpd[9691]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Oct 8 07:54:14 localhost xl2tpd[9691]: Forked by Scott Balmos and David Stipp, (C) 2001
Oct 8 07:54:14 localhost xl2tpd[9691]: Inherited by Jeff McAdams, (C) 2002
Oct 8 07:54:14 localhost xl2tpd[9691]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Oct 8 07:54:14 localhost xl2tpd[9691]: Listening on IP address 0.0.0.0, port 1701
Thanks in advance !
All seems OK on server-side, but vpn-client (iphone l2tp vpn) shows 'L2TP-VPN server not responding..'
/var/log/auth.log
showsBelow are full logs