[Swan] Alcatel IP-Phone VPN IPSEC disconnect after 1 hour //SOLVED

Hans-Jürgen Brand H-J.Brand at technology-experts.de
Fri Nov 27 07:24:54 UTC 2020


Hello list, 
it is working now.
--> just did an update to version 4.1 and everything is ok.



-----Ursprüngliche Nachricht-----
Von: Hans-Jürgen Brand 
Gesendet: Freitag, 13. November 2020 08:39
An: swan at lists.libreswan.org
Betreff: Alcatel IP-Phone VPN IPSEC disconnect after 1 hour


I’m testing a VPN dialin connection from a Alcatel IP-Phone to Libreswan. The connection gets up and running, but after 1 hour the connection gets broken und the IP-Phone restarts, established a new connection and then I have another hour.

If tried IKEV1+PSK+XAuth and IKV2+PSK. It does not matter.

For me it looks like if the timer ‘EVENT_SA_REPLACE in 3655s’ expired, then I got this problem.
⇒ 000 #1: "xauth-psk"[2] 31.16.111.93:62020 STATE_MODE_CFG_R1 (ModeCfg Set sent, expecting Ack); EVENT_SA_REPLACE in 3655s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle;


If I use the IP-Phone with Fortigate or Zyxel then it is working.

 
Here my System:
- Ubuntu 20.04.1 LTS
- Linux Libreswan 3.32 (netkey) on 5.4.0-53-generic


AAA.BBB.CCC.DDD external public IP of Libreswan
EEE.FFF.GGG.HHH external public IP of the client (IPPhone)


cat /etc/ipsec.conf
version 2.0

config setup
  virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!172.20.192.64/26
  protostack=netkey
  interfaces=%defaultroute
  uniqueids=yes
  plutodebug="tmi"
  logfile=/var/log/pluto.log
  listen=192.168.99.142

conn shared
  left=%defaultroute
  leftid=AAA.BBB.CCC.DDD   
  right=%any
  authby=secret
  keyingtries=0
  dpddelay=3600
  dpdtimeout=4800
  dpdaction=hold
  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
  sha2-truncbug=no
  rekeymargin=600
  rekey=yes
  rekeyfuzz=10%
  ike-frag=yes
  nat-keepalive=yes
  ikelifetime=86400
  salifetime=864000
  uniqueids=no
  initial-contact=yes
  leftmodecfgserver=yes
  modecfgpull=yes
  modecfgdns=172.20.129.150,8.8.8.8

conn ik2-psk
  auto=start
  leftsubnet=0.0.0.0/0
  rightaddresspool=172.20.192.66-172.20.192.100
  also=shared
  ikev2=insist

conn xauth-psk
  auto=start
  leftsubnet=0.0.0.0/0
  rightaddresspool=172.20.192.66-172.20.192.100
  leftxauthserver=yes
  rightxauthclient=yes
  xauthby=file
  also=shared
  ikev2=never




root at texel:~# ipsec status
000 using kernel interface: netkey
000 interface ens160/ens160 192.168.99.142:4500
000 interface ens160/ens160 192.168.99.142:500
000  
000  
000 fips mode=disabled;
000 SElinux=disabled
000 seccomp=unsupported
000  
000 config setup options:
000  
000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d
000 nssdir=/etc/ipsec.d, dumpdir=/run/pluto, statsbin=unset
000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec
000 pluto_version=3.32, pluto_vendorid=OE-Libreswan-3.32, audit-log=yes
000 nhelpers=-1, uniqueids=yes, dnssec-enable=no, perpeerlog=no, logappend=yes, logip=yes, shuntlifetime=900s, xfrmlifetime=30s
000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto
000 ikeport=500, ikebuf=0, msg_errqueue=yes, strictcrlpolicy=no, crlcheckinterval=0, listen=192.168.99.142, nflog-all=0
000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>
000 ocsp-trust-name=<unset>
000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get
000 global-redirect=no, global-redirect-to=<unset>
000 secctx-attr-type=<unsupported>
000 debug: tmi
000  
000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
000 virtual-private (%priv):
000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
000 - excluded subnet: 172.20.192.64/26
000  
000 Kernel algorithms supported:
000  
000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256
000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=SERPENT_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=TWOFISH_CBC, keysizemin=128, keysizemax=256
000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128
000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384
000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512
000 algorithm AH/ESP auth: name=NONE, key-length=0
000  
000 IKE algorithms supported:
000  
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256
000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16
000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20
000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32
000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48
000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64
000 algorithm IKE PRF: name=AES_XCBC, hashlen=16
000 algorithm IKE DH Key Exchange: name=MODP1024, bits=1024
000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536
000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048
000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072
000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096
000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144
000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192
000 algorithm IKE DH Key Exchange: name=DH19, bits=512
000 algorithm IKE DH Key Exchange: name=DH20, bits=768
000 algorithm IKE DH Key Exchange: name=DH21, bits=1056
000  
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 
000  
000 Connection list:
000  
000 "ik2-psk": 0.0.0.0/0===192.168.99.142[213.170.188.203,MS+S=C]---192.168.99.254...%any[+MC+S=C]; unrouted; eroute owner: #0
000 "ik2-psk":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "ik2-psk":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "ik2-psk":   our auth:secret, their auth:secret
000 "ik2-psk":   modecfg info: us:server, them:client, modecfg policy:pull, dns:172.20.129.150,8.8.8.8, domains:unset, banner:unset, cat:unset;
000 "ik2-psk":   policy_label:unset;
000 "ik2-psk":   ike_life: 86400s; ipsec_life: 86400s; replay_window: 32; rekey_margin: 600s; rekey_fuzz: 10%; keyingtries: 0;
000 "ik2-psk":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "ik2-psk":   initial-contact:yes; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "ik2-psk":   policy: PSK+ENCRYPT+TUNNEL+PFS+MODECFG_PULL+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "ik2-psk":   v2-auth-hash-policy: none;
000 "ik2-psk":   conn_prio: 0,32; interface: ens160; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "ik2-psk":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "ik2-psk":   our idtype: ID_IPV4_ADDR; our id=213.170.188.203; their idtype: %none; their id=(none)
000 "ik2-psk":   dpd: action:hold; delay:3600; timeout:4800; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "ik2-psk":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "ik2-psk":   IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21, AES_CBC_128-HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21, AES_CBC_256-HMAC_SHA1-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21, AES_CBC_128-HMAC_SHA1-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21, AES_CBC_256-HMAC_SHA2_256-MODP1024, AES_CBC_128-HMAC_SHA1-MODP1024
000 "ik2-psk":   ESP algorithms: AES_GCM_16-NONE, AES_CBC_128-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA2_512_256, AES_CBC_128-HMAC_SHA2_256_128, AES_CBC_256-HMAC_SHA2_256_128
000 "xauth-psk": 0.0.0.0/0===192.168.99.142[213.170.188.203,MS+XS+S=C]---192.168.99.254...%any[+MC+XC+S=C]; unrouted; eroute owner: #0
000 "xauth-psk":     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "xauth-psk":   xauth us:server, xauth them:client, xauthby:file; my_username=[any]; their_username=[any]
000 "xauth-psk":   our auth:secret, their auth:secret
000 "xauth-psk":   modecfg info: us:server, them:client, modecfg policy:pull, dns:172.20.129.150,8.8.8.8, domains:unset, banner:unset, cat:unset;
000 "xauth-psk":   policy_label:unset;
000 "xauth-psk":   ike_life: 86400s; ipsec_life: 86400s; replay_window: 32; rekey_margin: 600s; rekey_fuzz: 10%; keyingtries: 0;
000 "xauth-psk":   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "xauth-psk":   initial-contact:yes; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "xauth-psk":   policy: PSK+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "xauth-psk":   conn_prio: 0,32; interface: ens160; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "xauth-psk":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "xauth-psk":   our idtype: ID_IPV4_ADDR; our id=213.170.188.203; their idtype: %none; their id=(none)
000 "xauth-psk":   dpd: action:hold; delay:3600; timeout:4800; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "xauth-psk":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "xauth-psk":   IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048, AES_CBC_256-HMAC_SHA2_256-MODP1536, AES_CBC_128-HMAC_SHA2_256-MODP2048, AES_CBC_128-HMAC_SHA2_256-MODP1536, AES_CBC_256-HMAC_SHA1-MODP2048, AES_CBC_256-HMAC_SHA1-MODP1536, AES_CBC_128-HMAC_SHA1-MODP2048, AES_CBC_128-HMAC_SHA1-MODP1536, AES_CBC_256-HMAC_SHA2_256-MODP1024, AES_CBC_128-HMAC_SHA1-MODP1024
000 "xauth-psk":   ESP algorithms: AES_GCM_16-NONE, AES_CBC_128-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA2_512_256, AES_CBC_128-HMAC_SHA2_256_128, AES_CBC_256-HMAC_SHA2_256_128
000 "xauth-psk"[2]: 0.0.0.0/0===192.168.99.142[213.170.188.203,MS+XS+S=C]---192.168.99.254...EEE.FFF.GGG.HHH[192.168.101.124,+MC+XC+S=C]===172.20.192.66/32; unrouted; eroute owner: #0
000 "xauth-psk"[2]:     oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown;
000 "xauth-psk"[2]:   xauth us:server, xauth them:client, xauthby:file; my_username=[any]; their_username=[any]
000 "xauth-psk"[2]:   our auth:secret, their auth:secret
000 "xauth-psk"[2]:   modecfg info: us:server, them:client, modecfg policy:pull, dns:172.20.129.150, domains:unset, banner:unset, cat:unset;
000 "xauth-psk"[2]:   policy_label:unset;
000 "xauth-psk"[2]:   ike_life: 86400s; ipsec_life: 86400s; replay_window: 32; rekey_margin: 600s; rekey_fuzz: 10%; keyingtries: 0;
000 "xauth-psk"[2]:   retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "xauth-psk"[2]:   initial-contact:yes; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "xauth-psk"[2]:   policy: PSK+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "xauth-psk"[2]:   conn_prio: 0,32; interface: ens160; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "xauth-psk"[2]:   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "xauth-psk"[2]:   our idtype: ID_IPV4_ADDR; our id=213.170.188.203; their idtype: ID_IPV4_ADDR; their id=192.168.101.124
000 "xauth-psk"[2]:   dpd: action:hold; delay:3600; timeout:4800; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "xauth-psk"[2]:   newest ISAKMP SA: #1; newest IPsec SA: #0;
000 "xauth-psk"[2]:   IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048, AES_CBC_256-HMAC_SHA2_256-MODP1536, AES_CBC_128-HMAC_SHA2_256-MODP2048, AES_CBC_128-HMAC_SHA2_256-MODP1536, AES_CBC_256-HMAC_SHA1-MODP2048, AES_CBC_256-HMAC_SHA1-MODP1536, AES_CBC_128-HMAC_SHA1-MODP2048, AES_CBC_128-HMAC_SHA1-MODP1536, AES_CBC_256-HMAC_SHA2_256-MODP1024, AES_CBC_128-HMAC_SHA1-MODP1024
000 "xauth-psk"[2]:   IKEv1 algorithm newest: AES_CBC_256-HMAC_SHA2_256-MODP2048
000 "xauth-psk"[2]:   ESP algorithms: AES_GCM_16-NONE, AES_CBC_128-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA2_512_256, AES_CBC_128-HMAC_SHA2_256_128, AES_CBC_256-HMAC_SHA2_256_128
000  
000 Total IPsec connections: loaded 3, active 0
000  
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(1), half-open(0), open(0), authenticated(1), anonymous(0)
000 IPsec SAs: total(1), authenticated(1), anonymous(0)
000  
000 #1: "xauth-psk"[2] EEE.FFF.GGG.HHH:62020 STATE_MODE_CFG_R1 (ModeCfg Set sent, expecting Ack); EVENT_SA_REPLACE in 3655s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle;
000 #2: "xauth-psk"[2] EEE.FFF.GGG.HHH:62020 STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed, expecting QI2); EVENT_RETRANSMIT in 0s; isakmp#1; idle;
000 #2: "xauth-psk"[2] EEE.FFF.GGG.HHH mailto:esp.c3af1065 at EEE.FFF.GGG.HHH mailto:esp.82e2afef at 192.168.99.142 mailto:tun.0 at EEE.FFF.GGG.HHH mailto:tun.0 at 192.168.99.142 ref=0 refhim=0 Traffic: ESPin=0B ESPout=0B! ESPmax=4194303B username=vpn522
000  
000 Bare Shunt list:
000  
root at texel:~# date
Thu Nov 12 18:07:36 UTC 2020






root at texel:~# cat /var/log/pluto.log 
Nov 12 18:06:27.712039: NSS DB directory: sql:/etc/ipsec.d
Nov 12 18:06:27.712270: Initializing NSS
Nov 12 18:06:27.712285: Opening NSS database "sql:/etc/ipsec.d" read-only
Nov 12 18:06:27.759493: NSS crypto library initialized
Nov 12 18:06:27.759515: FIPS Mode: NO
Nov 12 18:06:27.759522: FIPS mode disabled for pluto daemon
Nov 12 18:06:27.759527: FIPS HMAC integrity support [disabled]
Nov 12 18:06:27.759633: libcap-ng support [enabled]
Nov 12 18:06:27.759642: Linux audit support [disabled]
Nov 12 18:06:27.759648: Starting Pluto (Libreswan Version 3.32 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (AVA copy) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:11655
Nov 12 18:06:27.759653: core dump dir: /run/pluto
Nov 12 18:06:27.759658: secrets file: /etc/ipsec.secrets
Nov 12 18:06:27.759662: leak-detective enabled
Nov 12 18:06:27.759666: NSS crypto [enabled]
Nov 12 18:06:27.759670: XAUTH PAM support [enabled]
Nov 12 18:06:27.759799: Initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 12 18:06:27.759908: NAT-Traversal support  [enabled]
Nov 12 18:06:27.760033: Encryption algorithms:
Nov 12 18:06:27.760048:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Nov 12 18:06:27.760055:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Nov 12 18:06:27.760061:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Nov 12 18:06:27.760067:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Nov 12 18:06:27.760073:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Nov 12 18:06:27.760079:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Nov 12 18:06:27.760085:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Nov 12 18:06:27.760091:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Nov 12 18:06:27.760097:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Nov 12 18:06:27.760103:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Nov 12 18:06:27.760109:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Nov 12 18:06:27.760115:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Nov 12 18:06:27.760121:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Nov 12 18:06:27.760127:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Nov 12 18:06:27.760133:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
Nov 12 18:06:27.760138:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Nov 12 18:06:27.760144:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Nov 12 18:06:27.760154: Hash algorithms:
Nov 12 18:06:27.760159:   MD5                     IKEv1: IKE         IKEv2:                 
Nov 12 18:06:27.760165:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Nov 12 18:06:27.760170:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Nov 12 18:06:27.760176:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Nov 12 18:06:27.760181:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Nov 12 18:06:27.760196: PRF algorithms:
Nov 12 18:06:27.760201:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Nov 12 18:06:27.760207:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Nov 12 18:06:27.760213:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Nov 12 18:06:27.760227:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Nov 12 18:06:27.760233:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Nov 12 18:06:27.760239:   AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Nov 12 18:06:27.760265: Integrity algorithms:
Nov 12 18:06:27.760271:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Nov 12 18:06:27.760277:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Nov 12 18:06:27.760283:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 12 18:06:27.760289:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 12 18:06:27.760295:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 12 18:06:27.760301:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
Nov 12 18:06:27.760306:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 12 18:06:27.760312:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Nov 12 18:06:27.760317:   NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
Nov 12 18:06:27.760332: DH algorithms:
Nov 12 18:06:27.760338:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Nov 12 18:06:27.760343:   MODP1024                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh2
Nov 12 18:06:27.760348:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Nov 12 18:06:27.760353:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Nov 12 18:06:27.760358:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Nov 12 18:06:27.760364:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Nov 12 18:06:27.760369:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Nov 12 18:06:27.760374:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Nov 12 18:06:27.760379:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
Nov 12 18:06:27.760385:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
Nov 12 18:06:27.760390:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
Nov 12 18:06:27.760395: testing CAMELLIA_CBC:
Nov 12 18:06:27.760399:   Camellia: 16 bytes with 128-bit key
Nov 12 18:06:27.760585:   Camellia: 16 bytes with 128-bit key
Nov 12 18:06:27.760652:   Camellia: 16 bytes with 256-bit key
Nov 12 18:06:27.760692:   Camellia: 16 bytes with 256-bit key
Nov 12 18:06:27.760728: testing AES_GCM_16:
Nov 12 18:06:27.760736:   empty string
Nov 12 18:06:27.760773:   one block
Nov 12 18:06:27.760806:   two blocks
Nov 12 18:06:27.760839:   two blocks with associated data
Nov 12 18:06:27.760872: testing AES_CTR:
Nov 12 18:06:27.760880:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 12 18:06:27.760911:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 12 18:06:27.760945:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 12 18:06:27.760980:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 12 18:06:27.761012:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 12 18:06:27.761046:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 12 18:06:27.761080:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 12 18:06:27.761113:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 12 18:06:27.761146:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 12 18:06:27.761181: testing AES_CBC:
Nov 12 18:06:27.761188:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 12 18:06:27.761220:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 12 18:06:27.761264:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 12 18:06:27.761301:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 12 18:06:27.761340: testing AES_XCBC:
Nov 12 18:06:27.761348:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 12 18:06:27.761483:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 12 18:06:27.761621:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 12 18:06:27.761747:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 12 18:06:27.761876:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 12 18:06:27.762004:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 12 18:06:27.762134:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 12 18:06:27.762398:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 12 18:06:27.762528:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 12 18:06:27.762663:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 12 18:06:27.762883: testing HMAC_MD5:
Nov 12 18:06:27.762892:   RFC 2104: MD5_HMAC test 1
Nov 12 18:06:27.763063:   RFC 2104: MD5_HMAC test 2
Nov 12 18:06:27.763216:   RFC 2104: MD5_HMAC test 3
Nov 12 18:06:27.763410: 2 CPU cores online
Nov 12 18:06:27.763420: starting up 2 crypto helpers
Nov 12 18:06:27.763484: started thread for crypto helper 0
Nov 12 18:06:27.763506: seccomp security for crypto helper not supported
Nov 12 18:06:27.763521: started thread for crypto helper 1
Nov 12 18:06:27.763538: Using Linux XFRM/NETKEY IPsec kernel support code on 5.4.0-53-generic
Nov 12 18:06:27.763545: seccomp security for crypto helper not supported
Nov 12 18:06:27.763919: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 12 18:06:27.763931: watchdog: sending probes every 100 secs
Nov 12 18:06:27.764312: | pid table: inserting addconn pid 11658 (nil)<-0x560fc86c9e90->(nil) into list HEAD 0x560fc775e4e0<-0x560fc775e4e0->0x560fc775e4e0
Nov 12 18:06:27.764343: | pid table: inserted  addconn pid 11658 0x560fc775e4e0<-0x560fc86c9e90->0x560fc775e4e0 into list HEAD 0x560fc86c9e90<-0x560fc775e4e0->0x560fc86c9e90
Nov 12 18:06:27.764350: seccomp security not supported
Nov 12 18:06:27.766267: | parsing 'aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024' for IKE
Nov 12 18:06:27.766285: | proposal: 'aes256-sha2'
Nov 12 18:06:27.766292: | delim: '
Nov 12 18:06:27.766297: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.766310: | ike_alg_byname() failed: IKE encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.766319: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.766325: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.766331: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.766337: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.766343: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.766349: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.766354: | appending DH algorithm MODP3072[_0]
Nov 12 18:06:27.766359: | appending DH algorithm MODP4096[_0]
Nov 12 18:06:27.766363: | appending DH algorithm MODP8192[_0]
Nov 12 18:06:27.766368: | appending DH algorithm DH19[_0]
Nov 12 18:06:27.766373: | appending DH algorithm DH20[_0]
Nov 12 18:06:27.766378: | appending DH algorithm DH21[_0]
Nov 12 18:06:27.766383: | proposal: 'aes128-sha2'
Nov 12 18:06:27.766388: | delim: '
Nov 12 18:06:27.766393: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.766403: | ike_alg_byname() failed: IKE encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.766410: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.766415: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.766420: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.766425: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.766430: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.766435: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.766440: | appending DH algorithm MODP3072[_0]
Nov 12 18:06:27.766444: | appending DH algorithm MODP4096[_0]
Nov 12 18:06:27.766456: | appending DH algorithm MODP8192[_0]
Nov 12 18:06:27.766461: | appending DH algorithm DH19[_0]
Nov 12 18:06:27.766466: | appending DH algorithm DH20[_0]
Nov 12 18:06:27.766471: | appending DH algorithm DH21[_0]
Nov 12 18:06:27.766476: | proposal: 'aes256-sha1'
Nov 12 18:06:27.766482: | delim: '
Nov 12 18:06:27.766486: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.766495: | ike_alg_byname() failed: IKE encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.766502: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.766507: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.766512: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.766517: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.766522: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.766527: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.766531: | appending DH algorithm MODP3072[_0]
Nov 12 18:06:27.766536: | appending DH algorithm MODP4096[_0]
Nov 12 18:06:27.766540: | appending DH algorithm MODP8192[_0]
Nov 12 18:06:27.766545: | appending DH algorithm DH19[_0]
Nov 12 18:06:27.766549: | appending DH algorithm DH20[_0]
Nov 12 18:06:27.766554: | appending DH algorithm DH21[_0]
Nov 12 18:06:27.766559: | proposal: 'aes128-sha1'
Nov 12 18:06:27.766564: | delim: '
Nov 12 18:06:27.766682: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.766696: | ike_alg_byname() failed: IKE encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.766703: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.766709: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.766714: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.766719: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.766724: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.766729: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.766738: | appending DH algorithm MODP3072[_0]
Nov 12 18:06:27.766743: | appending DH algorithm MODP4096[_0]
Nov 12 18:06:27.766748: | appending DH algorithm MODP8192[_0]
Nov 12 18:06:27.766753: | appending DH algorithm DH19[_0]
Nov 12 18:06:27.766757: | appending DH algorithm DH20[_0]
Nov 12 18:06:27.766777: | appending DH algorithm DH21[_0]
Nov 12 18:06:27.766786: | proposal: 'aes256-sha2;modp1024'
Nov 12 18:06:27.766792: | delim: '
Nov 12 18:06:27.766797: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.766806: | ike_alg_byname() failed: IKE encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.766813: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.766818: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.766823: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.766828: | delim: ';' alg: 'modp1024'
Nov 12 18:06:27.766834: | appending DH algorithm MODP1024[_0]
Nov 12 18:06:27.766838: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.766900: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.766908: | proposal: 'aes128-sha1;modp1024'
Nov 12 18:06:27.766913: | delim: '
Nov 12 18:06:27.766918: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.766927: | ike_alg_byname() failed: IKE encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.766934: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.766939: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.766984: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.766991: | delim: ';' alg: 'modp1024'
Nov 12 18:06:27.766996: | appending DH algorithm MODP1024[_0]
Nov 12 18:06:27.767001: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.767006: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.767050: | parsing 'aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2' for ESP
Nov 12 18:06:27.767056: | proposal: 'aes_gcm-null'
Nov 12 18:06:27.767094: | delim: '
Nov 12 18:06:27.767101: | delim: '-' alg: 'null'
Nov 12 18:06:27.767108: | appending encryption algorithm aes_gcm_16[_0]
Nov 12 18:06:27.767114: | delim: '-' alg: 'null'
Nov 12 18:06:27.767155: | appending integrity algorithm none[_0]
Nov 12 18:06:27.767163: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.767168: | proposal: 'aes128-sha1'
Nov 12 18:06:27.767207: | delim: '
Nov 12 18:06:27.767213: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.767231: | ike_alg_byname() failed: ESP encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.767238: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.767243: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.767249: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.767253: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.767258: | proposal: 'aes256-sha1'
Nov 12 18:06:27.767263: | delim: '
Nov 12 18:06:27.767268: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.767277: | ike_alg_byname() failed: ESP encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.767283: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.767288: | delim: '-' alg: 'sha1'
Nov 12 18:06:27.767293: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.767298: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.767303: | proposal: 'aes256-sha2_512'
Nov 12 18:06:27.767308: | delim: '
Nov 12 18:06:27.767312: | delim: '-' alg: 'sha2_512'
Nov 12 18:06:27.767321: | ike_alg_byname() failed: ESP encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.767328: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.767333: | delim: '-' alg: 'sha2_512'
Nov 12 18:06:27.767339: | appending integrity algorithm sha2_512[_0]
Nov 12 18:06:27.767343: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.767348: | proposal: 'aes128-sha2'
Nov 12 18:06:27.767353: | delim: '
Nov 12 18:06:27.767358: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.767366: | ike_alg_byname() failed: ESP encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.767373: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.767378: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.767385: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.767389: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.767394: | proposal: 'aes256-sha2'
Nov 12 18:06:27.767399: | delim: '
Nov 12 18:06:27.767404: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.767412: | ike_alg_byname() failed: ESP encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.767422: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.767432: | delim: '-' alg: 'sha2'
Nov 12 18:06:27.767439: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.767443: | delim: n/a  alg: end-of-input
Nov 12 18:06:27.767450: IPsec lifetime limited to the maximum allowed 86400s
Nov 12 18:06:27.767470: added connection description "ik2-psk"
Nov 12 18:06:27.767657: | parsing 'aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024' for IKE
Nov 12 18:06:27.767669: | algs: algs[0] = 'aes256' algs[1] = 'sha2'
Nov 12 18:06:27.767699: | ike_alg_byname() failed: IKE encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.767713: | adding default DH MODP2048
Nov 12 18:06:27.767719: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.767724: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.767729: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.767734: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.767739: | adding default DH MODP1536
Nov 12 18:06:27.767745: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.767750: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.767754: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.767759: | appending DH algorithm MODP1536[_0]
Nov 12 18:06:27.767844: | algs: algs[0] = 'aes128' algs[1] = 'sha2'
Nov 12 18:06:27.767861: | ike_alg_byname() failed: IKE encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.767870: | adding default DH MODP2048
Nov 12 18:06:27.767876: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.767881: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.767886: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.767891: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.767896: | adding default DH MODP1536
Nov 12 18:06:27.767902: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.767927: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.767934: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.767946: | appending DH algorithm MODP1536[_0]
Nov 12 18:06:27.767953: | algs: algs[0] = 'aes256' algs[1] = 'sha1'
Nov 12 18:06:27.767963: | ike_alg_byname() failed: IKE encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.767971: | adding default DH MODP2048
Nov 12 18:06:27.767976: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.767981: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.767986: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.767991: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.767996: | adding default DH MODP1536
Nov 12 18:06:27.768002: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.768007: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.768011: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.768016: | appending DH algorithm MODP1536[_0]
Nov 12 18:06:27.768022: | algs: algs[0] = 'aes128' algs[1] = 'sha1'
Nov 12 18:06:27.768031: | ike_alg_byname() failed: IKE encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.768038: | adding default DH MODP2048
Nov 12 18:06:27.768043: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.768048: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.768053: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.768061: | appending DH algorithm MODP2048[_0]
Nov 12 18:06:27.768067: | adding default DH MODP1536
Nov 12 18:06:27.768073: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.768077: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.768082: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.768087: | appending DH algorithm MODP1536[_0]
Nov 12 18:06:27.768093: | algs: algs[0] = 'aes256' algs[1] = 'sha2' algs[2] = 'modp1024'
Nov 12 18:06:27.768102: | ike_alg_byname() failed: IKE encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.768110: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.768116: | appending PRF algorithm sha2_256[_0]
Nov 12 18:06:27.768120: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.768125: | appending DH algorithm MODP1024[_0]
Nov 12 18:06:27.768131: | algs: algs[0] = 'aes128' algs[1] = 'sha1' algs[2] = 'modp1024'
Nov 12 18:06:27.768140: | ike_alg_byname() failed: IKE encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.768148: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.768153: | appending PRF algorithm sha[_0]
Nov 12 18:06:27.768158: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.768163: | appending DH algorithm MODP1024[_0]
Nov 12 18:06:27.768169: | parsing 'aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2' for ESP
Nov 12 18:06:27.768175: | algs: algs[0] = 'aes_gcm' algs[1] = 'null'
Nov 12 18:06:27.768184: | appending encryption algorithm aes_gcm_16[_0]
Nov 12 18:06:27.768189: | appending integrity algorithm none[_0]
Nov 12 18:06:27.768195: | algs: algs[0] = 'aes128' algs[1] = 'sha1'
Nov 12 18:06:27.768204: | ike_alg_byname() failed: ESP encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.768212: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.768217: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.768223: | algs: algs[0] = 'aes256' algs[1] = 'sha1'
Nov 12 18:06:27.768232: | ike_alg_byname() failed: ESP encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.768239: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.768245: | appending integrity algorithm sha[_0]
Nov 12 18:06:27.768250: | algs: algs[0] = 'aes256' algs[1] = 'sha2_512'
Nov 12 18:06:27.768259: | ike_alg_byname() failed: ESP encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.768267: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.768272: | appending integrity algorithm sha2_512[_0]
Nov 12 18:06:27.768278: | algs: algs[0] = 'aes128' algs[1] = 'sha2'
Nov 12 18:06:27.768287: | ike_alg_byname() failed: ESP encryption algorithm 'aes128' is not recognized
Nov 12 18:06:27.768296: | appending encryption algorithm aes[_128]
Nov 12 18:06:27.768301: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.768307: | algs: algs[0] = 'aes256' algs[1] = 'sha2'
Nov 12 18:06:27.768321: | ike_alg_byname() failed: ESP encryption algorithm 'aes256' is not recognized
Nov 12 18:06:27.768330: | appending encryption algorithm aes[_256]
Nov 12 18:06:27.768335: | appending integrity algorithm sha2_256[_0]
Nov 12 18:06:27.768341: IPsec lifetime limited to the maximum allowed 86400s
Nov 12 18:06:27.768355: added connection description "xauth-psk"
Nov 12 18:06:27.768470: listening for IKE messages
Nov 12 18:06:27.768605: Kernel supports NIC esp-hw-offload
Nov 12 18:06:27.768624: adding interface ens160/ens160 (esp-hw-offload not supported by kernel) 192.168.99.142:500
Nov 12 18:06:27.768677: adding interface ens160/ens160 192.168.99.142:4500
Nov 12 18:06:27.768690: skipping interface lo with 127.0.0.1
Nov 12 18:06:27.768784: skipping interface lo with ::1
Nov 12 18:06:27.768804: | host_pair table: inserting 192.168.99.142:500->0.0.0.0:500 (nil)<-0x560fc86ce0a0->(nil) into list HEAD 0x560fc7764d20<-0x560fc7764d20->0x560fc7764d20
Nov 12 18:06:27.768815: | host_pair table: inserted  192.168.99.142:500->0.0.0.0:500 0x560fc7764d20<-0x560fc86ce0a0->0x560fc7764d20 into list HEAD 0x560fc86ce0a0<-0x560fc7764d20->0x560fc86ce0a0
Nov 12 18:06:27.775512: loading secrets from "/etc/ipsec.secrets"
Nov 12 18:06:27.775649: "ik2-psk": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Nov 12 18:06:27.775752: "xauth-psk": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Nov 12 18:06:27.775913: | pid table: removing addconn pid 11658 0x560fc775e4e0<-0x560fc86c9e90->0x560fc775e4e0
Nov 12 18:06:27.775924: | pid table: empty
Nov 12 18:07:24.376753: | host_pair table: inserting 192.168.99.142:500->EEE.FFF.GGG.HHH:500 (nil)<-0x560fc86ceb00->(nil) into list HEAD 0x560fc77667c0<-0x560fc77667c0->0x560fc77667c0
Nov 12 18:07:24.376820: | host_pair table: inserted  192.168.99.142:500->EEE.FFF.GGG.HHH:500 0x560fc77667c0<-0x560fc86ceb00->0x560fc77667c0 into list HEAD 0x560fc86ceb00<-0x560fc77667c0->0x560fc86ceb00
Nov 12 18:07:24.376888: | serialno list: inserting #1 (nil)<-0x560fc86d1068->(nil) into list HEAD 0x560fc7763480<-0x560fc7763480->0x560fc7763480
Nov 12 18:07:24.376902: | serialno list: inserted  #1 0x560fc7763480<-0x560fc86d1068->0x560fc7763480 into list HEAD 0x560fc86d1068<-0x560fc7763480->0x560fc86d1068
Nov 12 18:07:24.376910: | st_serialno table: inserting #1 (nil)<-0x560fc86d1088->(nil) into list HEAD 0x560fc775c020<-0x560fc775c020->0x560fc775c020
Nov 12 18:07:24.376917: | st_serialno table: inserted  #1 0x560fc775c020<-0x560fc86d1088->0x560fc775c020 into list HEAD 0x560fc86d1088<-0x560fc775c020->0x560fc86d1088
Nov 12 18:07:24.376924: | st_connection table: inserting #1 (nil)<-0x560fc86d10a8->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 18:07:24.376932: | st_connection table: inserted  #1 0x560fc7756000<-0x560fc86d10a8->0x560fc7756000 into list HEAD 0x560fc86d10a8<-0x560fc7756000->0x560fc86d10a8
Nov 12 18:07:24.376938: | st_reqid table: inserting #1 (nil)<-0x560fc86d10c8->(nil) into list HEAD 0x560fc77521a0<-0x560fc77521a0->0x560fc77521a0
Nov 12 18:07:24.376946: | st_reqid table: inserted  #1 0x560fc77521a0<-0x560fc86d10c8->0x560fc77521a0 into list HEAD 0x560fc86d10c8<-0x560fc77521a0->0x560fc86d10c8
Nov 12 18:07:24.376966: | IKE SPI[ir] table: inserting #1: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 (nil)<-0x560fc86d10e8->(nil) into list HEAD 0x560fc774a760<-0x560fc774a760->0x560fc774a760
Nov 12 18:07:24.376978: | IKE SPI[ir] table: inserted  #1: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc774a760<-0x560fc86d10e8->0x560fc774a760 into list HEAD 0x560fc86d10e8<-0x560fc774a760->0x560fc86d10e8
Nov 12 18:07:24.376989: | IKE SPIi table: inserting #1: 5b cc 8e f8  d8 d2 5f fd (nil)<-0x560fc86d1108->(nil) into list HEAD 0x560fc77502c0<-0x560fc77502c0->0x560fc77502c0
Nov 12 18:07:24.376999: | IKE SPIi table: inserted  #1: 5b cc 8e f8  d8 d2 5f fd 0x560fc77502c0<-0x560fc86d1108->0x560fc77502c0 into list HEAD 0x560fc86d1108<-0x560fc77502c0->0x560fc86d1108
Nov 12 18:07:24.377006: | st_connection table: removing #1 0x560fc7756000<-0x560fc86d10a8->0x560fc7756000
Nov 12 18:07:24.377032: | st_connection table: empty
Nov 12 18:07:24.377039: | st_connection table: inserting #1 (nil)<-0x560fc86d10a8->(nil) into list HEAD 0x560fc77587e0<-0x560fc77587e0->0x560fc77587e0
Nov 12 18:07:24.377046: | st_connection table: inserted  #1 0x560fc77587e0<-0x560fc86d10a8->0x560fc77587e0 into list HEAD 0x560fc86d10a8<-0x560fc77587e0->0x560fc86d10a8
Nov 12 18:07:24.377058: "xauth-psk"[1] EEE.FFF.GGG.HHH #1: responding to Main Mode from unknown peer EEE.FFF.GGG.HHH:500
Nov 12 18:07:24.377110: "xauth-psk"[1] EEE.FFF.GGG.HHH #1: Oakley Transform [AES_CBC (256), HMAC_SHA2_256, MODP4096] refused
Nov 12 18:07:24.377181: "xauth-psk"[1] EEE.FFF.GGG.HHH #1: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 18:07:25.090937: | backlog: inserting work-order 1 state #1 (nil)<-0x560fc86d1688->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 18:07:25.090985: | backlog: inserted  work-order 1 state #1 0x560fc7768240<-0x560fc86d1688->0x560fc7768240 into list HEAD 0x560fc86d1688<-0x560fc7768240->0x560fc86d1688
Nov 12 18:07:25.091056: | backlog: removing work-order 1 state #1 0x560fc7768240<-0x560fc86d1688->0x560fc7768240
Nov 12 18:07:25.091082: | backlog: empty
Nov 12 18:07:25.109024: | backlog: inserting work-order 2 state #1 (nil)<-0x560fc86d2528->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 18:07:25.109044: | backlog: inserted  work-order 2 state #1 0x560fc7768240<-0x560fc86d2528->0x560fc7768240 into list HEAD 0x560fc86d2528<-0x560fc7768240->0x560fc86d2528
Nov 12 18:07:25.109098: "xauth-psk"[1] EEE.FFF.GGG.HHH #1: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 18:07:25.109140: | backlog: removing work-order 2 state #1 0x560fc7768240<-0x560fc86d2528->0x560fc7768240
Nov 12 18:07:25.109162: | backlog: empty
Nov 12 18:07:25.610804: "xauth-psk"[1] EEE.FFF.GGG.HHH #1: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Nov 12 18:07:25.777182: "xauth-psk"[1] EEE.FFF.GGG.HHH #1: Peer ID is ID_IPV4_ADDR: '192.168.101.124'
Nov 12 18:07:25.780183: "xauth-psk"[1] EEE.FFF.GGG.HHH #1: switched from "xauth-psk"[1] EEE.FFF.GGG.HHH to "xauth-psk"
Nov 12 18:07:25.780211: | st_connection table: removing #1 0x560fc77587e0<-0x560fc86d10a8->0x560fc77587e0
Nov 12 18:07:25.780219: | st_connection table: empty
Nov 12 18:07:25.780226: | st_connection table: inserting #1 (nil)<-0x560fc86d10a8->(nil) into list HEAD 0x560fc7756b40<-0x560fc7756b40->0x560fc7756b40
Nov 12 18:07:25.780231: | st_connection table: inserted  #1 0x560fc7756b40<-0x560fc86d10a8->0x560fc7756b40 into list HEAD 0x560fc86d10a8<-0x560fc7756b40->0x560fc86d10a8
Nov 12 18:07:25.780241: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: deleting connection "xauth-psk"[1] EEE.FFF.GGG.HHH instance with peer EEE.FFF.GGG.HHH {isakmp=#0/ipsec=#0}
Nov 12 18:07:25.780259: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: Peer ID is ID_IPV4_ADDR: '192.168.101.124'
Nov 12 18:07:25.780389: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Nov 12 18:07:25.860515: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Nov 12 18:07:25.946482: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: XAUTH: password file authentication method requested to authenticate user 'vpn522'
Nov 12 18:07:25.946511: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: XAUTH: password file (/etc/ipsec.d/passwd) open.
Nov 12 18:07:25.946732: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: XAUTH: success user(vpn522:xauth-psk) 
Nov 12 18:07:25.946759: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: XAUTH: User vpn522: Authentication Successful
Nov 12 18:07:26.058541: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: XAUTH: xauth_inR1(STF_OK)
Nov 12 18:07:26.058567: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Nov 12 18:07:26.071472: | pool 172.20.192.66-172.20.192.100: growing address pool from 0 to 1
Nov 12 18:07:26.071514: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: modecfg_inR0(STF_OK)
Nov 12 18:07:26.071553: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Nov 12 18:07:26.760088: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: the peer proposed: 0.0.0.0/0:0/0 -> 172.20.192.66/32:0/0
Nov 12 18:07:26.760117: | serialno list: inserting #2 (nil)<-0x560fc86d5078->(nil) into list HEAD 0x560fc86d1068<-0x560fc7763480->0x560fc86d1068
Nov 12 18:07:26.760126: | serialno list: inserted  #2 0x560fc86d1068<-0x560fc86d5078->0x560fc7763480 into list HEAD 0x560fc86d5078<-0x560fc7763480->0x560fc86d1068
Nov 12 18:07:26.760139: | st_serialno table: inserting #2 (nil)<-0x560fc86d5098->(nil) into list HEAD 0x560fc775a380<-0x560fc775a380->0x560fc775a380
Nov 12 18:07:26.760149: | st_serialno table: inserted  #2 0x560fc775a380<-0x560fc86d5098->0x560fc775a380 into list HEAD 0x560fc86d5098<-0x560fc775a380->0x560fc86d5098
Nov 12 18:07:26.760155: | st_connection table: inserting #2 (nil)<-0x560fc86d50b8->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 18:07:26.760161: | st_connection table: inserted  #2 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000 into list HEAD 0x560fc86d50b8<-0x560fc7756000->0x560fc86d50b8
Nov 12 18:07:26.760167: | st_reqid table: inserting #2 (nil)<-0x560fc86d50d8->(nil) into list HEAD 0x560fc86d10c8<-0x560fc77521a0->0x560fc86d10c8
Nov 12 18:07:26.760172: | st_reqid table: inserted  #2 0x560fc86d10c8<-0x560fc86d50d8->0x560fc77521a0 into list HEAD 0x560fc86d50d8<-0x560fc77521a0->0x560fc86d10c8
Nov 12 18:07:26.760181: | IKE SPI[ir] table: inserting #2: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 (nil)<-0x560fc86d50f8->(nil) into list HEAD 0x560fc86d10e8<-0x560fc774a760->0x560fc86d10e8
Nov 12 18:07:26.760190: | IKE SPI[ir] table: inserted  #2: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc86d10e8<-0x560fc86d50f8->0x560fc774a760 into list HEAD 0x560fc86d50f8<-0x560fc774a760->0x560fc86d10e8
Nov 12 18:07:26.760197: | IKE SPIi table: inserting #2: 5b cc 8e f8  d8 d2 5f fd (nil)<-0x560fc86d5118->(nil) into list HEAD 0x560fc86d1108<-0x560fc77502c0->0x560fc86d1108
Nov 12 18:07:26.760204: | IKE SPIi table: inserted  #2: 5b cc 8e f8  d8 d2 5f fd 0x560fc86d1108<-0x560fc86d5118->0x560fc77502c0 into list HEAD 0x560fc86d5118<-0x560fc77502c0->0x560fc86d1108
Nov 12 18:07:26.760210: | st_connection table: removing #2 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000
Nov 12 18:07:26.760214: | st_connection table: empty
Nov 12 18:07:26.760220: | st_connection table: inserting #2 (nil)<-0x560fc86d50b8->(nil) into list HEAD 0x560fc86d10a8<-0x560fc7756b40->0x560fc86d10a8
Nov 12 18:07:26.760225: | st_connection table: inserted  #2 0x560fc86d10a8<-0x560fc86d50b8->0x560fc7756b40 into list HEAD 0x560fc86d50b8<-0x560fc7756b40->0x560fc86d10a8
Nov 12 18:07:26.760245: | backlog: inserting work-order 3 state #2 (nil)<-0x560fc86d52e8->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 18:07:26.760253: | backlog: inserted  work-order 3 state #2 0x560fc7768240<-0x560fc86d52e8->0x560fc7768240 into list HEAD 0x560fc86d52e8<-0x560fc7768240->0x560fc86d52e8
Nov 12 18:07:26.760285: | backlog: removing work-order 3 state #2 0x560fc7768240<-0x560fc86d52e8->0x560fc7768240
Nov 12 18:07:26.760305: | backlog: empty
Nov 12 18:07:26.761206: | backlog: inserting work-order 4 state #2 (nil)<-0x560fc86d5ed8->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 18:07:26.761222: | backlog: inserted  work-order 4 state #2 0x560fc7768240<-0x560fc86d5ed8->0x560fc7768240 into list HEAD 0x560fc86d5ed8<-0x560fc7768240->0x560fc86d5ed8
Nov 12 18:07:26.761259: | backlog: removing work-order 4 state #2 0x560fc7768240<-0x560fc86d5ed8->0x560fc7768240
Nov 12 18:07:26.761282: | backlog: empty
Nov 12 18:07:26.762200: "xauth-psk"[2] EEE.FFF.GGG.HHH #2: responding to Quick Mode proposal {msgid:6ef0ff9c}
Nov 12 18:07:26.762251: "xauth-psk"[2] EEE.FFF.GGG.HHH #2:     us: 0.0.0.0/0===192.168.99.142[AAA.BBB.CCC.DDD,MS+XS+S=C]
Nov 12 18:07:26.762286: "xauth-psk"[2] EEE.FFF.GGG.HHH #2:   them: EEE.FFF.GGG.HHH[192.168.101.124,+MC+XC+S=C]===172.20.192.66/32
Nov 12 18:07:26.762751: "xauth-psk"[2] EEE.FFF.GGG.HHH #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP/NAT=>0xc3af1065 <0x82e2afef xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=EEE.FFF.GGG.HHH:62020 DPD=active username=vpn522}
Nov 12 18:07:27.263341: "xauth-psk"[2] EEE.FFF.GGG.HHH #2: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response
Nov 12 18:07:27.768378: "xauth-psk"[2] EEE.FFF.GGG.HHH #2: STATE_QUICK_R1: retransmission; will wait 1 seconds for response
Nov 12 18:07:28.772648: "xauth-psk"[2] EEE.FFF.GGG.HHH #2: STATE_QUICK_R1: retransmission; will wait 2 seconds for response
Nov 12 18:07:30.776808: "xauth-psk"[2] EEE.FFF.GGG.HHH #2: STATE_QUICK_R1: retransmission; will wait 4 seconds for response
Nov 12 18:07:30.794491: "xauth-psk"[2] EEE.FFF.GGG.HHH #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0xc3af1065 <0x82e2afef xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=EEE.FFF.GGG.HHH:62020 DPD=active username=vpn522}
Nov 12 18:22:37.933650: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: the peer proposed: 0.0.0.0/0:0/0 -> 172.20.192.66/32:0/0
Nov 12 18:22:37.933746: | serialno list: inserting #3 (nil)<-0x560fc86d65f8->(nil) into list HEAD 0x560fc86d5078<-0x560fc7763480->0x560fc86d1068
Nov 12 18:22:37.933756: | serialno list: inserted  #3 0x560fc86d5078<-0x560fc86d65f8->0x560fc7763480 into list HEAD 0x560fc86d65f8<-0x560fc7763480->0x560fc86d1068
Nov 12 18:22:37.933764: | st_serialno table: inserting #3 (nil)<-0x560fc86d6618->(nil) into list HEAD 0x560fc775cc20<-0x560fc775cc20->0x560fc775cc20
Nov 12 18:22:37.933770: | st_serialno table: inserted  #3 0x560fc775cc20<-0x560fc86d6618->0x560fc775cc20 into list HEAD 0x560fc86d6618<-0x560fc775cc20->0x560fc86d6618
Nov 12 18:22:37.933776: | st_connection table: inserting #3 (nil)<-0x560fc86d6638->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 18:22:37.933782: | st_connection table: inserted  #3 0x560fc7756000<-0x560fc86d6638->0x560fc7756000 into list HEAD 0x560fc86d6638<-0x560fc7756000->0x560fc86d6638
Nov 12 18:22:37.933788: | st_reqid table: inserting #3 (nil)<-0x560fc86d6658->(nil) into list HEAD 0x560fc86d50d8<-0x560fc77521a0->0x560fc86d10c8
Nov 12 18:22:37.933793: | st_reqid table: inserted  #3 0x560fc86d50d8<-0x560fc86d6658->0x560fc77521a0 into list HEAD 0x560fc86d6658<-0x560fc77521a0->0x560fc86d10c8
Nov 12 18:22:37.933806: | IKE SPI[ir] table: inserting #3: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 (nil)<-0x560fc86d6678->(nil) into list HEAD 0x560fc86d50f8<-0x560fc774a760->0x560fc86d10e8
Nov 12 18:22:37.933815: | IKE SPI[ir] table: inserted  #3: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc86d50f8<-0x560fc86d6678->0x560fc774a760 into list HEAD 0x560fc86d6678<-0x560fc774a760->0x560fc86d10e8
Nov 12 18:22:37.933826: | IKE SPIi table: inserting #3: 5b cc 8e f8  d8 d2 5f fd (nil)<-0x560fc86d6698->(nil) into list HEAD 0x560fc86d5118<-0x560fc77502c0->0x560fc86d1108
Nov 12 18:22:37.933834: | IKE SPIi table: inserted  #3: 5b cc 8e f8  d8 d2 5f fd 0x560fc86d5118<-0x560fc86d6698->0x560fc77502c0 into list HEAD 0x560fc86d6698<-0x560fc77502c0->0x560fc86d1108
Nov 12 18:22:37.933840: | st_connection table: removing #3 0x560fc7756000<-0x560fc86d6638->0x560fc7756000
Nov 12 18:22:37.933845: | st_connection table: empty
Nov 12 18:22:37.933851: | st_connection table: inserting #3 (nil)<-0x560fc86d6638->(nil) into list HEAD 0x560fc86d50b8<-0x560fc7756b40->0x560fc86d10a8
Nov 12 18:22:37.933857: | st_connection table: inserted  #3 0x560fc86d50b8<-0x560fc86d6638->0x560fc7756b40 into list HEAD 0x560fc86d6638<-0x560fc7756b40->0x560fc86d10a8
Nov 12 18:22:37.933902: | backlog: inserting work-order 5 state #3 (nil)<-0x560fc86d9738->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 18:22:37.933911: | backlog: inserted  work-order 5 state #3 0x560fc7768240<-0x560fc86d9738->0x560fc7768240 into list HEAD 0x560fc86d9738<-0x560fc7768240->0x560fc86d9738
Nov 12 18:22:37.933943: | backlog: removing work-order 5 state #3 0x560fc7768240<-0x560fc86d9738->0x560fc7768240
Nov 12 18:22:37.933998: | backlog: empty
Nov 12 18:22:37.934993: | backlog: inserting work-order 6 state #3 (nil)<-0x560fc86da328->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 18:22:37.935005: | backlog: inserted  work-order 6 state #3 0x560fc7768240<-0x560fc86da328->0x560fc7768240 into list HEAD 0x560fc86da328<-0x560fc7768240->0x560fc86da328
Nov 12 18:22:37.935033: | backlog: removing work-order 6 state #3 0x560fc7768240<-0x560fc86da328->0x560fc7768240
Nov 12 18:22:37.935045: | backlog: empty
Nov 12 18:22:37.935969: "xauth-psk"[2] EEE.FFF.GGG.HHH #3: responding to Quick Mode proposal {msgid:49d02704}
Nov 12 18:22:37.935992: "xauth-psk"[2] EEE.FFF.GGG.HHH #3:     us: 0.0.0.0/0===192.168.99.142[AAA.BBB.CCC.DDD,MS+XS+S=C]
........
........
........
Nov 12 18:58:52.052331: | st_connection table: removing #4 0x560fc86d10a8<-0x560fc86d50b8->0x560fc86d6508
Nov 12 18:58:52.052345: | st_connection table: updated older #1 0x560fc7756b40<-0x560fc86d10a8->0x560fc86d6508
Nov 12 18:58:52.052351: | st_connection table: updated newer  #5 0x560fc86d10a8<-0x560fc86d6508->0x560fc7756b40
Nov 12 18:58:52.052358: | st_connection table: inserting #4 (nil)<-0x560fc86d50b8->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 18:58:52.052374: | st_connection table: inserted  #4 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000 into list HEAD 0x560fc86d50b8<-0x560fc7756000->0x560fc86d50b8
Nov 12 18:58:52.052383: | serialno list: removing #4 0x560fc86d1068<-0x560fc86d5078->0x560fc86d64c8
Nov 12 18:58:52.052388: | serialno list: updated older #1 0x560fc7763480<-0x560fc86d1068->0x560fc86d64c8
Nov 12 18:58:52.052394: | serialno list: updated newer  #5 0x560fc86d1068<-0x560fc86d64c8->0x560fc7763480
Nov 12 18:58:52.052399: | st_serialno table: removing #4 0x560fc775af80<-0x560fc86d5098->0x560fc775af80
Nov 12 18:58:52.052404: | st_serialno table: empty
Nov 12 18:58:52.052410: | st_connection table: removing #4 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000
Nov 12 18:58:52.052414: | st_connection table: empty
Nov 12 18:58:52.052420: | st_reqid table: removing #4 0x560fc86d10c8<-0x560fc86d50d8->0x560fc86d6528
Nov 12 18:58:52.052425: | st_reqid table: updated older #1 0x560fc77521a0<-0x560fc86d10c8->0x560fc86d6528
Nov 12 18:58:52.052434: | st_reqid table: updated newer  #5 0x560fc86d10c8<-0x560fc86d6528->0x560fc77521a0
Nov 12 18:58:52.052444: | IKE SPI[ir] table: removing #4: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc86d10e8<-0x560fc86d50f8->0x560fc86d6548
Nov 12 18:58:52.052452: | IKE SPI[ir] table: updated older #1: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc774a760<-0x560fc86d10e8->0x560fc86d6548
Nov 12 18:58:52.052460: | IKE SPI[ir] table: updated newer  #5: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc86d10e8<-0x560fc86d6548->0x560fc774a760
Nov 12 18:58:52.052467: | IKE SPIi table: removing #4: 5b cc 8e f8  d8 d2 5f fd 0x560fc86d1108<-0x560fc86d5118->0x560fc86d6568
Nov 12 18:58:52.052474: | IKE SPIi table: updated older #1: 5b cc 8e f8  d8 d2 5f fd 0x560fc77502c0<-0x560fc86d1108->0x560fc86d6568
Nov 12 18:58:52.052481: | IKE SPIi table: updated newer  #5: 5b cc 8e f8  d8 d2 5f fd 0x560fc86d1108<-0x560fc86d6568->0x560fc77502c0
Nov 12 18:58:52.063608: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xc3b0e392) not found (maybe expired)
Nov 12 19:05:52.163147: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: the peer proposed: 0.0.0.0/0:0/0 -> 172.20.192.66/32:0/0
Nov 12 19:05:52.163305: | serialno list: inserting #6 (nil)<-0x560fc86d5078->(nil) into list HEAD 0x560fc86d64c8<-0x560fc7763480->0x560fc86d1068
Nov 12 19:05:52.163316: | serialno list: inserted  #6 0x560fc86d64c8<-0x560fc86d5078->0x560fc7763480 into list HEAD 0x560fc86d5078<-0x560fc7763480->0x560fc86d1068
Nov 12 19:05:52.163325: | st_serialno table: inserting #6 (nil)<-0x560fc86d5098->(nil) into list HEAD 0x560fc775bb80<-0x560fc775bb80->0x560fc775bb80
Nov 12 19:05:52.163357: | st_serialno table: inserted  #6 0x560fc775bb80<-0x560fc86d5098->0x560fc775bb80 into list HEAD 0x560fc86d5098<-0x560fc775bb80->0x560fc86d5098
Nov 12 19:05:52.163366: | st_connection table: inserting #6 (nil)<-0x560fc86d50b8->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 19:05:52.163373: | st_connection table: inserted  #6 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000 into list HEAD 0x560fc86d50b8<-0x560fc7756000->0x560fc86d50b8
Nov 12 19:05:52.163429: | st_reqid table: inserting #6 (nil)<-0x560fc86d50d8->(nil) into list HEAD 0x560fc86d6528<-0x560fc77521a0->0x560fc86d10c8
Nov 12 19:05:52.163436: | st_reqid table: inserted  #6 0x560fc86d6528<-0x560fc86d50d8->0x560fc77521a0 into list HEAD 0x560fc86d50d8<-0x560fc77521a0->0x560fc86d10c8
Nov 12 19:05:52.163447: | IKE SPI[ir] table: inserting #6: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 (nil)<-0x560fc86d50f8->(nil) into list HEAD 0x560fc86d6548<-0x560fc774a760->0x560fc86d10e8
Nov 12 19:05:52.163456: | IKE SPI[ir] table: inserted  #6: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc86d6548<-0x560fc86d50f8->0x560fc774a760 into list HEAD 0x560fc86d50f8<-0x560fc774a760->0x560fc86d10e8
Nov 12 19:05:52.163467: | IKE SPIi table: inserting #6: 5b cc 8e f8  d8 d2 5f fd (nil)<-0x560fc86d5118->(nil) into list HEAD 0x560fc86d6568<-0x560fc77502c0->0x560fc86d1108
Nov 12 19:05:52.163476: | IKE SPIi table: inserted  #6: 5b cc 8e f8  d8 d2 5f fd 0x560fc86d6568<-0x560fc86d5118->0x560fc77502c0 into list HEAD 0x560fc86d5118<-0x560fc77502c0->0x560fc86d1108
Nov 12 19:05:52.163482: | st_connection table: removing #6 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000
Nov 12 19:05:52.163488: | st_connection table: empty
Nov 12 19:05:52.163494: | st_connection table: inserting #6 (nil)<-0x560fc86d50b8->(nil) into list HEAD 0x560fc86d6508<-0x560fc7756b40->0x560fc86d10a8
Nov 12 19:05:52.163500: | st_connection table: inserted  #6 0x560fc86d6508<-0x560fc86d50b8->0x560fc7756b40 into list HEAD 0x560fc86d50b8<-0x560fc7756b40->0x560fc86d10a8
Nov 12 19:05:52.163537: | backlog: inserting work-order 11 state #6 (nil)<-0x560fc86d9bc8->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 19:05:52.163549: | backlog: inserted  work-order 11 state #6 0x560fc7768240<-0x560fc86d9bc8->0x560fc7768240 into list HEAD 0x560fc86d9bc8<-0x560fc7768240->0x560fc86d9bc8
Nov 12 19:05:52.163585: | backlog: removing work-order 11 state #6 0x560fc7768240<-0x560fc86d9bc8->0x560fc7768240
Nov 12 19:05:52.163612: | backlog: empty
Nov 12 19:05:52.164554: | backlog: inserting work-order 12 state #6 (nil)<-0x560fc86dd998->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 19:05:52.164570: | backlog: inserted  work-order 12 state #6 0x560fc7768240<-0x560fc86dd998->0x560fc7768240 into list HEAD 0x560fc86dd998<-0x560fc7768240->0x560fc86dd998
Nov 12 19:05:52.164601: | backlog: removing work-order 12 state #6 0x560fc7768240<-0x560fc86dd998->0x560fc7768240
Nov 12 19:05:52.164616: | backlog: empty
Nov 12 19:05:52.165553: "xauth-psk"[2] EEE.FFF.GGG.HHH #6: responding to Quick Mode proposal {msgid:4a49c3e8}
Nov 12 19:05:52.165573: "xauth-psk"[2] EEE.FFF.GGG.HHH #6:     us: 0.0.0.0/0===192.168.99.142[AAA.BBB.CCC.DDD,MS+XS+S=C]
Nov 12 19:05:52.165584: "xauth-psk"[2] EEE.FFF.GGG.HHH #6:   them: EEE.FFF.GGG.HHH[192.168.101.124,+MC+XC+S=C]===172.20.192.66/32
Nov 12 19:05:52.165730: "xauth-psk"[2] EEE.FFF.GGG.HHH #6: keeping refhim=0 during rekey
Nov 12 19:05:52.165976: "xauth-psk"[2] EEE.FFF.GGG.HHH #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP/NAT=>0xcf9d5f0f <0x52c76944 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=EEE.FFF.GGG.HHH:62020 DPD=active username=vpn522}
Nov 12 19:05:52.668686: "xauth-psk"[2] EEE.FFF.GGG.HHH #6: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response
Nov 12 19:05:52.906345: "xauth-psk"[2] EEE.FFF.GGG.HHH #6: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0xcf9d5f0f <0x52c76944 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=EEE.FFF.GGG.HHH:62020 DPD=active username=vpn522}
Nov 12 19:07:15.055067: | serialno list: inserting #7 (nil)<-0x560fc86da558->(nil) into list HEAD 0x560fc86d5078<-0x560fc7763480->0x560fc86d1068
Nov 12 19:07:15.055137: | serialno list: inserted  #7 0x560fc86d5078<-0x560fc86da558->0x560fc7763480 into list HEAD 0x560fc86da558<-0x560fc7763480->0x560fc86d1068
Nov 12 19:07:15.055148: | st_serialno table: inserting #7 (nil)<-0x560fc86da578->(nil) into list HEAD 0x560fc775a5c0<-0x560fc775a5c0->0x560fc775a5c0
Nov 12 19:07:15.055155: | st_serialno table: inserted  #7 0x560fc775a5c0<-0x560fc86da578->0x560fc775a5c0 into list HEAD 0x560fc86da578<-0x560fc775a5c0->0x560fc86da578
Nov 12 19:07:15.055180: | st_connection table: inserting #7 (nil)<-0x560fc86da598->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 19:07:15.055187: | st_connection table: inserted  #7 0x560fc7756000<-0x560fc86da598->0x560fc7756000 into list HEAD 0x560fc86da598<-0x560fc7756000->0x560fc86da598
Nov 12 19:07:15.055194: | st_reqid table: inserting #7 (nil)<-0x560fc86da5b8->(nil) into list HEAD 0x560fc86d50d8<-0x560fc77521a0->0x560fc86d10c8
Nov 12 19:07:15.055200: | st_reqid table: inserted  #7 0x560fc86d50d8<-0x560fc86da5b8->0x560fc77521a0 into list HEAD 0x560fc86da5b8<-0x560fc77521a0->0x560fc86d10c8
Nov 12 19:07:15.055210: | IKE SPI[ir] table: inserting #7: 34 8d 77 85  7e 9b 99 6e  bc e2 f5 ef  df 01 4d 59 (nil)<-0x560fc86da5d8->(nil) into list HEAD 0x560fc774ca00<-0x560fc774ca00->0x560fc774ca00
Nov 12 19:07:15.055227: | IKE SPI[ir] table: inserted  #7: 34 8d 77 85  7e 9b 99 6e  bc e2 f5 ef  df 01 4d 59 0x560fc774ca00<-0x560fc86da5d8->0x560fc774ca00 into list HEAD 0x560fc86da5d8<-0x560fc774ca00->0x560fc86da5d8
Nov 12 19:07:15.055236: | IKE SPIi table: inserting #7: 34 8d 77 85  7e 9b 99 6e (nil)<-0x560fc86da5f8->(nil) into list HEAD 0x560fc774f500<-0x560fc774f500->0x560fc774f500
Nov 12 19:07:15.055246: | IKE SPIi table: inserted  #7: 34 8d 77 85  7e 9b 99 6e 0x560fc774f500<-0x560fc86da5f8->0x560fc774f500 into list HEAD 0x560fc86da5f8<-0x560fc774f500->0x560fc86da5f8
Nov 12 19:07:15.055257: | st_connection table: removing #7 0x560fc7756000<-0x560fc86da598->0x560fc7756000
Nov 12 19:07:15.055264: | st_connection table: empty
Nov 12 19:07:15.055270: | st_connection table: inserting #7 (nil)<-0x560fc86da598->(nil) into list HEAD 0x560fc86d50b8<-0x560fc7756b40->0x560fc86d10a8
Nov 12 19:07:15.055276: | st_connection table: inserted  #7 0x560fc86d50b8<-0x560fc86da598->0x560fc7756b40 into list HEAD 0x560fc86da598<-0x560fc7756b40->0x560fc86d10a8
Nov 12 19:07:15.055290: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: responding to Main Mode from unknown peer EEE.FFF.GGG.HHH:62020
Nov 12 19:07:15.055325: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: Oakley Transform [AES_CBC (256), HMAC_SHA2_256, MODP4096] refused
Nov 12 19:07:15.055384: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: STATE_MAIN_R1: sent MR1, expecting MI2
Nov 12 19:07:15.812737: | backlog: inserting work-order 13 state #7 (nil)<-0x560fc86dd998->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 19:07:15.812799: | backlog: inserted  work-order 13 state #7 0x560fc7768240<-0x560fc86dd998->0x560fc7768240 into list HEAD 0x560fc86dd998<-0x560fc7768240->0x560fc86dd998
Nov 12 19:07:15.812836: | backlog: removing work-order 13 state #7 0x560fc7768240<-0x560fc86dd998->0x560fc7768240
Nov 12 19:07:15.812862: | backlog: empty
Nov 12 19:07:15.813860: | backlog: inserting work-order 14 state #7 (nil)<-0x560fc86de588->(nil) into list HEAD 0x560fc7768240<-0x560fc7768240->0x560fc7768240
Nov 12 19:07:15.813875: | backlog: inserted  work-order 14 state #7 0x560fc7768240<-0x560fc86de588->0x560fc7768240 into list HEAD 0x560fc86de588<-0x560fc7768240->0x560fc86de588
Nov 12 19:07:15.813906: | backlog: removing work-order 14 state #7 0x560fc7768240<-0x560fc86de588->0x560fc7768240
Nov 12 19:07:15.813921: | backlog: empty
Nov 12 19:07:15.813924: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: STATE_MAIN_R2: sent MR2, expecting MI3
Nov 12 19:07:16.315589: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Nov 12 19:07:16.535877: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: Peer ID is ID_IPV4_ADDR: '192.168.101.124'
Nov 12 19:07:16.535993: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Nov 12 19:07:16.616119: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Nov 12 19:07:16.669484: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: XAUTH: password file authentication method requested to authenticate user 'vpn522'
Nov 12 19:07:16.669564: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: XAUTH: password file (/etc/ipsec.d/passwd) open.
Nov 12 19:07:16.669771: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: XAUTH: success user(vpn522:xauth-psk) 
Nov 12 19:07:16.669797: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: XAUTH: User vpn522: Authentication Successful
Nov 12 19:07:16.740053: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: XAUTH: xauth_inR1(STF_OK)
Nov 12 19:07:16.740080: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Nov 12 19:07:16.752243: | pool 172.20.192.66-172.20.192.100: growing address pool from 1 to 2
Nov 12 19:07:16.752283: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: modecfg_inR0(STF_OK)
Nov 12 19:07:16.752327: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Nov 12 19:13:15.054407: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: received Delete SA payload: self-deleting ISAKMP State #1
Nov 12 19:13:15.054490: "xauth-psk"[2] EEE.FFF.GGG.HHH #1: deleting state (STATE_MODE_CFG_R1) aged 3950.677s and sending notification
Nov 12 19:13:15.054575: | st_connection table: removing #1 0x560fc7756b40<-0x560fc86d10a8->0x560fc86d6508
Nov 12 19:13:15.054588: | st_connection table: updated older HEAD 0x560fc86da598<-0x560fc7756b40->0x560fc86d6508
Nov 12 19:13:15.054594: | st_connection table: updated newer  #5 0x560fc7756b40<-0x560fc86d6508->0x560fc86d50b8
Nov 12 19:13:15.054600: | st_connection table: inserting #1 (nil)<-0x560fc86d10a8->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 19:13:15.054607: | st_connection table: inserted  #1 0x560fc7756000<-0x560fc86d10a8->0x560fc7756000 into list HEAD 0x560fc86d10a8<-0x560fc7756000->0x560fc86d10a8
Nov 12 19:13:15.054613: | serialno list: removing #1 0x560fc7763480<-0x560fc86d1068->0x560fc86d64c8
Nov 12 19:13:15.054618: | serialno list: updated older HEAD 0x560fc86da558<-0x560fc7763480->0x560fc86d64c8
Nov 12 19:13:15.054624: | serialno list: updated newer  #5 0x560fc7763480<-0x560fc86d64c8->0x560fc86d5078
Nov 12 19:13:15.054629: | st_serialno table: removing #1 0x560fc775c020<-0x560fc86d1088->0x560fc775c020
Nov 12 19:13:15.054634: | st_serialno table: empty
Nov 12 19:13:15.054639: | st_connection table: removing #1 0x560fc7756000<-0x560fc86d10a8->0x560fc7756000
Nov 12 19:13:15.054644: | st_connection table: empty
Nov 12 19:13:15.054649: | st_reqid table: removing #1 0x560fc77521a0<-0x560fc86d10c8->0x560fc86d6528
Nov 12 19:13:15.054659: | st_reqid table: updated older HEAD 0x560fc86da5b8<-0x560fc77521a0->0x560fc86d6528
Nov 12 19:13:15.054665: | st_reqid table: updated newer  #5 0x560fc77521a0<-0x560fc86d6528->0x560fc86d50d8
Nov 12 19:13:15.054673: | IKE SPI[ir] table: removing #1: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc774a760<-0x560fc86d10e8->0x560fc86d6548
Nov 12 19:13:15.054679: | IKE SPI[ir] table: updated older HEAD 0x560fc86d50f8<-0x560fc774a760->0x560fc86d6548
Nov 12 19:13:15.054687: | IKE SPI[ir] table: updated newer  #5: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc774a760<-0x560fc86d6548->0x560fc86d50f8
Nov 12 19:13:15.054694: | IKE SPIi table: removing #1: 5b cc 8e f8  d8 d2 5f fd 0x560fc77502c0<-0x560fc86d1108->0x560fc86d6568
Nov 12 19:13:15.054702: | IKE SPIi table: updated older HEAD 0x560fc86d5118<-0x560fc77502c0->0x560fc86d6568
Nov 12 19:13:15.054710: | IKE SPIi table: updated newer  #5: 5b cc 8e f8  d8 d2 5f fd 0x560fc77502c0<-0x560fc86d6568->0x560fc86d5118
Nov 12 19:13:33.507474: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: received Delete SA(0xc9236e0e) payload: deleting IPsec State #5
Nov 12 19:13:33.507528: "xauth-psk"[2] EEE.FFF.GGG.HHH #5: deleting other state #5 (STATE_QUICK_R2) aged 1320.744s and sending notification
Nov 12 19:13:33.507607: "xauth-psk"[2] EEE.FFF.GGG.HHH #5: ESP traffic information: in=8MB out=8MB XAUTHuser=vpn522
Nov 12 19:13:33.507751: | st_connection table: removing #5 0x560fc7756b40<-0x560fc86d6508->0x560fc86d50b8
Nov 12 19:13:33.507764: | st_connection table: updated older HEAD 0x560fc86da598<-0x560fc7756b40->0x560fc86d50b8
Nov 12 19:13:33.507800: | st_connection table: updated newer  #6 0x560fc7756b40<-0x560fc86d50b8->0x560fc86da598
Nov 12 19:13:33.507807: | st_connection table: inserting #5 (nil)<-0x560fc86d6508->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 19:13:33.507813: | st_connection table: inserted  #5 0x560fc7756000<-0x560fc86d6508->0x560fc7756000 into list HEAD 0x560fc86d6508<-0x560fc7756000->0x560fc86d6508
Nov 12 19:13:33.507820: | serialno list: removing #5 0x560fc7763480<-0x560fc86d64c8->0x560fc86d5078
Nov 12 19:13:33.507825: | serialno list: updated older HEAD 0x560fc86da558<-0x560fc7763480->0x560fc86d5078
Nov 12 19:13:33.507829: | serialno list: updated newer  #6 0x560fc7763480<-0x560fc86d5078->0x560fc86da558
Nov 12 19:13:33.507834: | st_serialno table: removing #5 0x560fc775d820<-0x560fc86d64e8->0x560fc775d820
Nov 12 19:13:33.507839: | st_serialno table: empty
Nov 12 19:13:33.507844: | st_connection table: removing #5 0x560fc7756000<-0x560fc86d6508->0x560fc7756000
Nov 12 19:13:33.507848: | st_connection table: empty
Nov 12 19:13:33.507853: | st_reqid table: removing #5 0x560fc77521a0<-0x560fc86d6528->0x560fc86d50d8
Nov 12 19:13:33.507858: | st_reqid table: updated older HEAD 0x560fc86da5b8<-0x560fc77521a0->0x560fc86d50d8
Nov 12 19:13:33.507862: | st_reqid table: updated newer  #6 0x560fc77521a0<-0x560fc86d50d8->0x560fc86da5b8
Nov 12 19:13:33.507871: | IKE SPI[ir] table: removing #5: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc774a760<-0x560fc86d6548->0x560fc86d50f8
Nov 12 19:13:33.507876: | IKE SPI[ir] table: updated older HEAD 0x560fc86d50f8<-0x560fc774a760->0x560fc86d50f8
Nov 12 19:13:33.507883: | IKE SPI[ir] table: updated newer  #6: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc774a760<-0x560fc86d50f8->0x560fc774a760
Nov 12 19:13:33.507890: | IKE SPIi table: removing #5: 5b cc 8e f8  d8 d2 5f fd 0x560fc77502c0<-0x560fc86d6568->0x560fc86d5118
Nov 12 19:13:33.507895: | IKE SPIi table: updated older HEAD 0x560fc86d5118<-0x560fc77502c0->0x560fc86d5118
Nov 12 19:13:33.507901: | IKE SPIi table: updated newer  #6: 5b cc 8e f8  d8 d2 5f fd 0x560fc77502c0<-0x560fc86d5118->0x560fc77502c0
Nov 12 19:14:28.214952: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: received Delete SA(0xcf9d5f0f) payload: deleting IPsec State #6
Nov 12 19:14:28.215014: "xauth-psk"[2] EEE.FFF.GGG.HHH #6: deleting other state #6 (STATE_QUICK_R2) aged 516.051s and sending notification
Nov 12 19:14:28.215073: "xauth-psk"[2] EEE.FFF.GGG.HHH #6: ESP traffic information: in=4MB out=4MB XAUTHuser=vpn522
Nov 12 19:14:28.219837: | st_connection table: removing #6 0x560fc7756b40<-0x560fc86d50b8->0x560fc86da598
Nov 12 19:14:28.219864: | st_connection table: updated older HEAD 0x560fc86da598<-0x560fc7756b40->0x560fc86da598
Nov 12 19:14:28.219874: | st_connection table: updated newer  #7 0x560fc7756b40<-0x560fc86da598->0x560fc7756b40
Nov 12 19:14:28.219881: | st_connection table: inserting #6 (nil)<-0x560fc86d50b8->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 19:14:28.219888: | st_connection table: inserted  #6 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000 into list HEAD 0x560fc86d50b8<-0x560fc7756000->0x560fc86d50b8
Nov 12 19:14:28.219895: | serialno list: removing #6 0x560fc7763480<-0x560fc86d5078->0x560fc86da558
Nov 12 19:14:28.219900: | serialno list: updated older HEAD 0x560fc86da558<-0x560fc7763480->0x560fc86da558
Nov 12 19:14:28.219906: | serialno list: updated newer  #7 0x560fc7763480<-0x560fc86da558->0x560fc7763480
Nov 12 19:14:28.219911: | st_serialno table: removing #6 0x560fc775bb80<-0x560fc86d5098->0x560fc775bb80
Nov 12 19:14:28.219920: | st_serialno table: empty
Nov 12 19:14:28.219926: | st_connection table: removing #6 0x560fc7756000<-0x560fc86d50b8->0x560fc7756000
Nov 12 19:14:28.219931: | st_connection table: empty
Nov 12 19:14:28.219936: | st_reqid table: removing #6 0x560fc77521a0<-0x560fc86d50d8->0x560fc86da5b8
Nov 12 19:14:28.219941: | st_reqid table: updated older HEAD 0x560fc86da5b8<-0x560fc77521a0->0x560fc86da5b8
Nov 12 19:14:28.219946: | st_reqid table: updated newer  #7 0x560fc77521a0<-0x560fc86da5b8->0x560fc77521a0
Nov 12 19:14:28.219966: | IKE SPI[ir] table: removing #6: 5b cc 8e f8  d8 d2 5f fd  90 96 b6 3c  b7 0b 4a 46 0x560fc774a760<-0x560fc86d50f8->0x560fc774a760
Nov 12 19:14:28.219972: | IKE SPI[ir] table: empty
Nov 12 19:14:28.219978: | IKE SPIi table: removing #6: 5b cc 8e f8  d8 d2 5f fd 0x560fc77502c0<-0x560fc86d5118->0x560fc77502c0
Nov 12 19:14:28.219982: | IKE SPIi table: empty
Nov 12 19:14:28.220044: "xauth-psk"[2] EEE.FFF.GGG.HHH #7: deleting state (STATE_MODE_CFG_R1) aged 433.164s and sending notification
Nov 12 19:14:28.220116: | st_connection table: removing #7 0x560fc7756b40<-0x560fc86da598->0x560fc7756b40
Nov 12 19:14:28.220127: | st_connection table: empty
Nov 12 19:14:28.220133: | st_connection table: inserting #7 (nil)<-0x560fc86da598->(nil) into list HEAD 0x560fc7756000<-0x560fc7756000->0x560fc7756000
Nov 12 19:14:28.220138: | st_connection table: inserted  #7 0x560fc7756000<-0x560fc86da598->0x560fc7756000 into list HEAD 0x560fc86da598<-0x560fc7756000->0x560fc86da598
Nov 12 19:14:28.220144: | serialno list: removing #7 0x560fc7763480<-0x560fc86da558->0x560fc7763480
Nov 12 19:14:28.220148: | serialno list: empty
Nov 12 19:14:28.220153: | st_serialno table: removing #7 0x560fc775a5c0<-0x560fc86da578->0x560fc775a5c0
Nov 12 19:14:28.220157: | st_serialno table: empty
Nov 12 19:14:28.220162: | st_connection table: removing #7 0x560fc7756000<-0x560fc86da598->0x560fc7756000
Nov 12 19:14:28.220166: | st_connection table: empty
Nov 12 19:14:28.220171: | st_reqid table: removing #7 0x560fc77521a0<-0x560fc86da5b8->0x560fc77521a0
Nov 12 19:14:28.220176: | st_reqid table: empty
Nov 12 19:14:28.220184: | IKE SPI[ir] table: removing #7: 34 8d 77 85  7e 9b 99 6e  bc e2 f5 ef  df 01 4d 59 0x560fc774ca00<-0x560fc86da5d8->0x560fc774ca00
Nov 12 19:14:28.220188: | IKE SPI[ir] table: empty
Nov 12 19:14:28.220194: | IKE SPIi table: removing #7: 34 8d 77 85  7e 9b 99 6e 0x560fc774f500<-0x560fc86da5f8->0x560fc774f500
Nov 12 19:14:28.220199: | IKE SPIi table: empty
Nov 12 19:14:28.220250: "xauth-psk"[2] EEE.FFF.GGG.HHH: deleting connection "xauth-psk"[2] EEE.FFF.GGG.HHH instance with peer EEE.FFF.GGG.HHH {isakmp=#0/ipsec=#0}
Nov 12 19:14:28.231480: | host_pair table: removing 192.168.99.142:500->EEE.FFF.GGG.HHH:500 0x560fc77667c0<-0x560fc86ceb00->0x560fc77667c0
Nov 12 19:14:28.231495: | host_pair table: empty
Nov 12 19:16:30.523361: | host_pair table: inserting 192.168.99.142:500->EEE.FFF.GGG.HHH:500 (nil)<-0x560fc86cf110->(nil) into list HEAD 0x560fc77667c0<-0x560fc77667c0->0x560fc77667c0
Nov 12 19:16:30.523420: | host_pair table: inserted  192.168.99.142:500->EEE.FFF.GGG.HHH:500 0x560fc77667c0<-0x560fc86cf110->0x560fc77667c0 into list HEAD 0x560fc86cf110<-0x560fc77667c0->0x560fc86cf110
Nov 12 19:16:30.523475: | serialno list: inserting #8 (nil)<-0x560fc86d1068->(nil) into list HEAD 0x560fc7763480<-0x560fc7763480->0x560fc7763480
Nov 12 19:16:30.523484: | serialno list: inserted  #8 0x560fc7763480<-0x560fc86d1068->0x560fc7763480 into list HEAD 0x560fc86d1068<-0x560fc7763480->0x560fc86d1068
........





More information about the Swan mailing list