Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

一直显示“正在连接...” #1276

Closed
5 tasks done
lucifer001 opened this issue Nov 21, 2022 · 5 comments
Closed
5 tasks done

一直显示“正在连接...” #1276

lucifer001 opened this issue Nov 21, 2022 · 5 comments

Comments

@lucifer001
Copy link

任务列表

问题描述
新购买的阿里云轻量服务器,搭建完vpn后使用 vpnclient.mobileconfig 配置文件在 iOS上 无法连接成功

日志

Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: FIPS Mode: NO
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: NSS crypto library initialized
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: FIPS mode disabled for pluto daemon
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: FIPS HMAC integrity support [disabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: libcap-ng support [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Linux audit support [disabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:69461
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: core dump dir: /run/pluto
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: secrets file: /etc/ipsec.secrets
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: leak-detective enabled
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: NSS crypto [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: XAUTH PAM support [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: NAT-Traversal support  [enabled]
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Encryption algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Hash algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: PRF algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Integrity algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: DH algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: IPCOMP algorithms:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing CAMELLIA_CBC:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_GCM_16:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   empty string
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   one block
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   two blocks
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   two blocks with associated data
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_CTR:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_CBC:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing AES_XCBC:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing HMAC_MD5:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 2104: MD5_HMAC test 1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 2104: MD5_HMAC test 2
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   RFC 2104: MD5_HMAC test 3
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: testing HMAC_SHA1:
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]:   CAVP: IKEv2 key derivation with HMAC-SHA1
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: 1 CPU cores online
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: starting up 1 helper threads
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: started thread for helper 0
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: using Linux xfrm kernel support code on #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: watchdog: sending probes every 100 secs
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: seccomp security not supported
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: helper(1) seccomp security for helper not supported
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: "l2tp-psk": added IKEv1 connection
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: "xauth-psk": added IKEv1 connection
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: listening for IKE messages
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: Kernel supports NIC esp-hw-offload
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface eth0 172.19.45.182:500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface eth0 172.19.45.182:4500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo 127.0.0.1:500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo 127.0.0.1:4500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo [::1]:500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: adding UDP interface lo [::1]:4500
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ pluto[69461]: loading secrets from "/etc/ipsec.secrets"
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: Pluto is shutting down
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: forgetting secrets
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo [::1]:4500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo [::1]:500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo 127.0.0.1:4500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface lo 127.0.0.1:500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface eth0 172.19.45.182:4500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: shutting down interface eth0 172.19.45.182:500
Nov 21 15:30:50 iZt4niurfv78ps6cazrewmZ pluto[69461]: leak detective found no leaks
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: FIPS Mode: NO
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: NSS crypto library initialized
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: FIPS mode disabled for pluto daemon
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: FIPS HMAC integrity support [disabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: libcap-ng support [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Linux audit support [disabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:69862
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: core dump dir: /run/pluto
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: secrets file: /etc/ipsec.secrets
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: leak-detective enabled
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: NSS crypto [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: XAUTH PAM support [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: NAT-Traversal support  [enabled]
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Encryption algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Hash algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: PRF algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Integrity algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: DH algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: IPCOMP algorithms:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing CAMELLIA_CBC:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Camellia: 16 bytes with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_GCM_16:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   empty string
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   one block
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   two blocks
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   two blocks with associated data
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_CTR:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_CBC:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing AES_XCBC:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing HMAC_MD5:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 2104: MD5_HMAC test 1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 2104: MD5_HMAC test 2
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   RFC 2104: MD5_HMAC test 3
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: testing HMAC_SHA1:
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]:   CAVP: IKEv2 key derivation with HMAC-SHA1
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: 1 CPU cores online
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: starting up 1 helper threads
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: started thread for helper 0
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: using Linux xfrm kernel support code on #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: watchdog: sending probes every 100 secs
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: seccomp security not supported
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: helper(1) seccomp security for helper not supported
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "l2tp-psk": added IKEv1 connection
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "xauth-psk": added IKEv1 connection
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": IKE SA proposals (connection add):
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": Child SA proposals (connection add):
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": loaded private key matching left certificate '8.219.8.133'
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: "ikev2-cp": added IKEv2 connection
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: listening for IKE messages
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: Kernel supports NIC esp-hw-offload
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface eth0 172.19.45.182:500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface eth0 172.19.45.182:4500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo 127.0.0.1:500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo 127.0.0.1:4500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo [::1]:500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: adding UDP interface lo [::1]:4500
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: forgetting secrets
Nov 21 15:30:51 iZt4niurfv78ps6cazrewmZ pluto[69862]: loading secrets from "/etc/ipsec.secrets"
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: Pluto is shutting down
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: forgetting secrets
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo [::1]:4500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo [::1]:500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo 127.0.0.1:4500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface lo 127.0.0.1:500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface eth0 172.19.45.182:4500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: shutting down interface eth0 172.19.45.182:500
Nov 21 16:21:11 iZt4niurfv78ps6cazrewmZ pluto[69862]: leak detective found no leaks
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: FIPS Mode: NO
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: NSS crypto library initialized
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: FIPS mode disabled for pluto daemon
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: FIPS HMAC integrity support [disabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: libcap-ng support [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Linux audit support [disabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:71193
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: core dump dir: /run/pluto
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: secrets file: /etc/ipsec.secrets
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: leak-detective enabled
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: NSS crypto [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: XAUTH PAM support [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: NAT-Traversal support  [enabled]
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Encryption algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Hash algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: PRF algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Integrity algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: DH algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: IPCOMP algorithms:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing CAMELLIA_CBC:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Camellia: 16 bytes with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_GCM_16:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   empty string
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   one block
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   two blocks
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   two blocks with associated data
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_CTR:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 octets using AES-CTR with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 octets using AES-CTR with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 36 octets using AES-CTR with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 octets using AES-CTR with 192-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 octets using AES-CTR with 192-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 36 octets using AES-CTR with 192-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 octets using AES-CTR with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 octets using AES-CTR with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 36 octets using AES-CTR with 256-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_CBC:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing AES_XCBC:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing HMAC_MD5:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 2104: MD5_HMAC test 1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 2104: MD5_HMAC test 2
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   RFC 2104: MD5_HMAC test 3
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: testing HMAC_SHA1:
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]:   CAVP: IKEv2 key derivation with HMAC-SHA1
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: 1 CPU cores online
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: starting up 1 helper threads
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: started thread for helper 0
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: using Linux xfrm kernel support code on #51-Ubuntu SMP Fri Sep 4 19:50:52 UTC 2020
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: watchdog: sending probes every 100 secs
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: seccomp security not supported
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: helper(1) seccomp security for helper not supported
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "l2tp-psk": added IKEv1 connection
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "xauth-psk": added IKEv1 connection
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": IKE SA proposals (connection add):
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": Child SA proposals (connection add):
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": loaded private key matching left certificate '8.219.8.133'
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: "ikev2-cp": added IKEv2 connection
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: listening for IKE messages
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: Kernel supports NIC esp-hw-offload
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface eth0 172.19.45.182:500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface eth0 172.19.45.182:4500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo 127.0.0.1:500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo 127.0.0.1:4500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo [::1]:500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: adding UDP interface lo [::1]:4500
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: forgetting secrets
Nov 21 16:21:12 iZt4niurfv78ps6cazrewmZ pluto[71193]: loading secrets from "/etc/ipsec.secrets"
root@iZt4niurfv78ps6cazrewmZ:~# grep xl2tpd /var/log/syslog
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64015]: Not looking for kernel SAref support.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64006]: Starting xl2tpd: xl2tpd.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64015]: Using l2tp kernel support.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: xl2tpd version xl2tpd-1.3.12 started on iZt4niurfv78ps6cazrewmZ PID:64029
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Inherited by Jeff McAdams, (C) 2002
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 21 15:29:18 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: Listening on IP address 0.0.0.0, port 1701
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[64029]: death_handler: Fatal signal 15 received
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69470]: Stopping xl2tpd: xl2tpd.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ systemd[1]: xl2tpd.service: Succeeded.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69479]: Not looking for kernel SAref support.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69479]: Using l2tp kernel support.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69475]: Starting xl2tpd: xl2tpd.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: xl2tpd version xl2tpd-1.3.12 started on iZt4niurfv78ps6cazrewmZ PID:69480
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Inherited by Jeff McAdams, (C) 2002
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 21 15:30:43 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: Listening on IP address 0.0.0.0, port 1701
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69480]: death_handler: Fatal signal 15 received
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69898]: Stopping xl2tpd: xl2tpd.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ systemd[1]: xl2tpd.service: Succeeded.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69917]: Not looking for kernel SAref support.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69917]: Using l2tp kernel support.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69903]: Starting xl2tpd: xl2tpd.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: xl2tpd version xl2tpd-1.3.12 started on iZt4niurfv78ps6cazrewmZ PID:69920
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Forked by Scott Balmos and David Stipp, (C) 2001
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Inherited by Jeff McAdams, (C) 2002
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
Nov 21 15:36:10 iZt4niurfv78ps6cazrewmZ xl2tpd[69920]: Listening on IP address 0.0.0.0, port 1701

服务器信息

  • 操作系统: Ubuntu 20.04
  • 服务提供商(如果适用):阿里云

客户端信息

  • 设备: iPhone 13mini
  • 操作系统: iOS 16.1.1
  • VPN 模式: IKEv2
@hwdsl2
Copy link
Owner

hwdsl2 commented Nov 21, 2022

@lucifer001 你好!你的日志中没有记录客户端的连接请求,说明连接请求没有到达服务器。对于阿里云,请打开出站和入站方向的 UDP 500 和 4500 端口。具体请参见 #433

@hwdsl2 hwdsl2 closed this as completed Nov 21, 2022
@lucifer001
Copy link
Author

已经打开了 500 和 4500,但是不知道为什么,使用三方网站检测 所有端口都是关闭的状态(除了22端口)

@lucifer001
Copy link
Author

image
image
image
@hwdsl2

@hwdsl2
Copy link
Owner

hwdsl2 commented Nov 22, 2022

@lucifer001 请检查阿里云的防火墙入站和出站方向的 UDP 500 和 4500 端口应该都许可(参见 #433)。UDP 1701 不需要打开。

@chaomoyule
Copy link

我是亚马逊云,最近也遇到了同样的问题。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hwdsl2 @lucifer001 @chaomoyule