IKEv2 Server freezes due to Android phone client #1190

sleepingmoonmoon · 2022-06-30T13:09:26Z

I have setup my VPN server in Orange PI using your scripts and I have 4 different users that use it in their work and home WiFi.

This is their current setup:

During Work: 3 iOS device, 1 android device (Android 12)
At Home: 2 android device (TV box), 1 Mac laptop, 1 Ubuntu laptop

My problem is that when they are using the VPN while in their work, the server freezes and I cannot ssh to my OrangePI. I need to manually restart OrangePI for the VPN to work again. After some monitoring, I suspect that User A that uses the android device during work causes this problem because he is always connected (ipsec traffic) before the freezing occurs.

How do I fix this? Also, what can I do to isolate the cause of this problem (what to monitor)? I have attached an output in my OrangePI when the freeze occurs below and also the VPN logs right before the freezing occured.

Here is a recent output in OrangePI before it crashes:

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.676442] Internal error: Oops: 805 [#1] SMP THUMB2

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.881451] Process pluto (pid: 3268, stack limit = 0xecee338d)

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.887385] Stack: (0xcf1fbc80 to 0xcf1fc000)

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.891763] bc80: 00005ed2 c177bce8 c177bcc0 c094e0cf 00000000 c177bcc0 c0f04fc8 c09574e1

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.899951] bca0: d899a000 00000000 00000000 00000000 00000000 c05ad5c5 00000000 2dfd1b1a

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.908140] bcc0: cf1fbd00 c0b0b078 c0f04fc8 cf3b0a00 d899a000 c0956085 c0b0b060 00000000

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.916328] bce0: cf1fbda8 c04d737b d899a000 c0f04fc8 00000000 c088ffff 00080000 c08d4a7f

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.924515] bd00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

Last log before the freeze happened:

Jun 29 12:53:50 orangepizero pluto[17222]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Jun 29 12:53:50 orangepizero pluto[17222]: FIPS Mode: NO
Jun 29 12:53:50 orangepizero pluto[17222]: NSS crypto library initialized
Jun 29 12:53:50 orangepizero pluto[17222]: FIPS mode disabled for pluto daemon
Jun 29 12:53:50 orangepizero pluto[17222]: FIPS HMAC integrity support [disabled]
Jun 29 12:53:50 orangepizero pluto[17222]: libcap-ng support [enabled]
Jun 29 12:53:50 orangepizero pluto[17222]: Linux audit support [disabled]
Jun 29 12:53:50 orangepizero pluto[17222]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-PRF) SYSTEMD_WATCHDOG LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17222
Jun 29 12:53:50 orangepizero pluto[17222]: core dump dir: /run/pluto
Jun 29 12:53:50 orangepizero pluto[17222]: secrets file: /etc/ipsec.secrets
Jun 29 12:53:50 orangepizero pluto[17222]: leak-detective enabled
Jun 29 12:53:50 orangepizero pluto[17222]: NSS crypto [enabled]
Jun 29 12:53:50 orangepizero pluto[17222]: XAUTH PAM support [enabled]
Jun 29 12:53:50 orangepizero pluto[17222]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
Jun 29 12:53:50 orangepizero pluto[17222]: NAT-Traversal support [enabled]
Jun 29 12:53:50 orangepizero pluto[17222]: Encryption algorithms:
Jun 29 12:53:50 orangepizero pluto[17222]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
Jun 29 12:53:50 orangepizero pluto[17222]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
Jun 29 12:53:50 orangepizero pluto[17222]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
Jun 29 12:53:50 orangepizero pluto[17222]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
Jun 29 12:53:50 orangepizero pluto[17222]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
Jun 29 12:53:50 orangepizero pluto[17222]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
Jun 29 12:53:50 orangepizero pluto[17222]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
Jun 29 12:53:50 orangepizero pluto[17222]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
Jun 29 12:53:50 orangepizero pluto[17222]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
Jun 29 12:53:50 orangepizero pluto[17222]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
Jun 29 12:53:50 orangepizero pluto[17222]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
Jun 29 12:53:50 orangepizero pluto[17222]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
Jun 29 12:53:50 orangepizero pluto[17222]: NULL [] IKEv1: ESP IKEv2: ESP
Jun 29 12:53:50 orangepizero pluto[17222]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
Jun 29 12:53:50 orangepizero pluto[17222]: Hash algorithms:
Jun 29 12:53:50 orangepizero pluto[17222]: MD5 IKEv1: IKE IKEv2: NSS
Jun 29 12:53:50 orangepizero pluto[17222]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
Jun 29 12:53:50 orangepizero pluto[17222]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
Jun 29 12:53:50 orangepizero pluto[17222]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
Jun 29 12:53:50 orangepizero pluto[17222]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
Jun 29 12:53:50 orangepizero pluto[17222]: IDENTITY IKEv1: IKEv2: FIPS
Jun 29 12:53:50 orangepizero pluto[17222]: PRF algorithms:
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
Jun 29 12:53:50 orangepizero pluto[17222]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
Jun 29 12:53:50 orangepizero pluto[17222]: Integrity algorithms:
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Jun 29 12:53:50 orangepizero pluto[17222]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
Jun 29 12:53:50 orangepizero pluto[17222]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Jun 29 12:53:50 orangepizero pluto[17222]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
Jun 29 12:53:50 orangepizero pluto[17222]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
Jun 29 12:53:50 orangepizero pluto[17222]: DH algorithms:
Jun 29 12:53:50 orangepizero pluto[17222]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
Jun 29 12:53:50 orangepizero pluto[17222]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2
Jun 29 12:53:50 orangepizero pluto[17222]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
Jun 29 12:53:50 orangepizero pluto[17222]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
Jun 29 12:53:50 orangepizero pluto[17222]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
Jun 29 12:53:50 orangepizero pluto[17222]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
Jun 29 12:53:50 orangepizero pluto[17222]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
Jun 29 12:53:50 orangepizero pluto[17222]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
Jun 29 12:53:50 orangepizero pluto[17222]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
Jun 29 12:53:50 orangepizero pluto[17222]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
Jun 29 12:53:50 orangepizero pluto[17222]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
Jun 29 12:53:50 orangepizero pluto[17222]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
Jun 29 12:53:50 orangepizero pluto[17222]: IPCOMP algorithms:
Jun 29 12:53:50 orangepizero pluto[17222]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS
Jun 29 12:53:50 orangepizero pluto[17222]: LZS IKEv1: IKEv2: ESP AH FIPS
Jun 29 12:53:50 orangepizero pluto[17222]: LZJH IKEv1: IKEv2: ESP AH FIPS
Jun 29 12:53:50 orangepizero pluto[17222]: testing CAMELLIA_CBC:
Jun 29 12:53:50 orangepizero pluto[17222]: Camellia: 16 bytes with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Camellia: 16 bytes with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Camellia: 16 bytes with 256-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Camellia: 16 bytes with 256-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: testing AES_GCM_16:
Jun 29 12:53:50 orangepizero pluto[17222]: empty string
Jun 29 12:53:50 orangepizero pluto[17222]: one block
Jun 29 12:53:50 orangepizero pluto[17222]: two blocks
Jun 29 12:53:50 orangepizero pluto[17222]: two blocks with associated data
Jun 29 12:53:50 orangepizero pluto[17222]: testing AES_CTR:
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 16 octets using AES-CTR with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 32 octets using AES-CTR with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 36 octets using AES-CTR with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 16 octets using AES-CTR with 192-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 32 octets using AES-CTR with 192-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 36 octets using AES-CTR with 192-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 16 octets using AES-CTR with 256-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 32 octets using AES-CTR with 256-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 36 octets using AES-CTR with 256-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: testing AES_CBC:
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Jun 29 12:53:50 orangepizero pluto[17222]: testing AES_XCBC:
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Jun 29 12:53:50 orangepizero pluto[17222]: testing HMAC_MD5:
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 2104: MD5_HMAC test 1
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 2104: MD5_HMAC test 2
Jun 29 12:53:50 orangepizero pluto[17222]: RFC 2104: MD5_HMAC test 3
Jun 29 12:53:50 orangepizero pluto[17222]: 2 CPU cores online
Jun 29 12:53:50 orangepizero pluto[17222]: starting up 2 helper threads
Jun 29 12:53:50 orangepizero pluto[17222]: started thread for helper 0
Jun 29 12:53:50 orangepizero pluto[17222]: started thread for helper 1
Jun 29 12:53:50 orangepizero pluto[17222]: using Linux xfrm kernel support code on #22.05.3 SMP Wed Jun 22 07:35:10 UTC 2022
Jun 29 12:53:50 orangepizero pluto[17222]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Jun 29 12:53:50 orangepizero pluto[17222]: watchdog: sending probes every 100 secs
Jun 29 12:53:50 orangepizero pluto[17222]: helper(1) seccomp security for helper not supported
Jun 29 12:53:50 orangepizero pluto[17222]: helper(2) seccomp security for helper not supported
Jun 29 12:53:50 orangepizero pluto[17222]: seccomp security not supported
Jun 29 12:53:50 orangepizero pluto[17222]: "l2tp-psk": added IKEv1 connection
Jun 29 12:53:50 orangepizero pluto[17222]: "xauth-psk": added IKEv1 connection
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": IKE SA proposals:
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": Child SA proposals:
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": loaded private key matching left certificate 'mydnsxxxx.ddns.net'
Jun 29 12:53:50 orangepizero pluto[17222]: "ikev2-cp": added IKEv2 connection
Jun 29 12:53:50 orangepizero pluto[17222]: listening for IKE messages
Jun 29 12:53:50 orangepizero pluto[17222]: Kernel supports NIC esp-hw-offload
Jun 29 12:53:50 orangepizero pluto[17222]: adding UDP interface eth0 192.168.1.12:500
Jun 29 12:53:50 orangepizero pluto[17222]: adding UDP interface eth0 192.168.1.12:4500
Jun 29 12:53:50 orangepizero pluto[17222]: adding UDP interface lo 127.0.0.1:500
Jun 29 12:53:50 orangepizero pluto[17222]: adding UDP interface lo 127.0.0.1:4500
Jun 29 12:53:50 orangepizero pluto[17222]: adding UDP interface lo [::1]:500
Jun 29 12:53:51 orangepizero pluto[17222]: forgetting secrets
Jun 29 12:53:51 orangepizero pluto[17222]: loading secrets from "/etc/ipsec.secrets"
Jun 29 12:53:57 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
Jun 29 12:53:57 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 12:53:57 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),CERTREQ,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),SA,TSi,TSr,N(MOBIKE_SUPPORTED),N(NO_ADDITIONAL_ADDRESSES),N(EAP_ONLY_AUTHENTICATION),N(IKEV2_MESSAGE_ID_SYNC_SUPPORTED)}
Jun 29 12:53:57 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #1: ignoring CERTREQ payload that is not ASN1: content is not binary ASN.1
Jun 29 12:53:57 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #1: reloaded private key matching left certificate 'mydnsxxxx.ddns.net'
Jun 29 12:53:57 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #1: responder established IKE SA; authenticated using RSASSA-PSS with SHA2_256 and peer certificate 'CN=VPN-mat2, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 12:53:58 orangepizero pluto[17222]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Jun 29 12:53:58 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=4cd03cb2 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 12:53:58 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #2: responder established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x4cd03cb2 <0xc365744a xfrm=AES_GCM_16_128-NONE NATD=XX.XXX.XXX.XXX:44717 DPD=active}
Jun 29 12:53:59 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #2: ESP traffic information: in=1KB out=715B
Jun 29 12:53:59 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 1.943156s and NOT sending notification
Jun 29 12:53:59 orangepizero pluto[17222]: "ikev2-cp"[1] XX.XXX.XXX.XXX: deleting connection instance with peer XX.XXX.XXX.XXX {isakmp=#0/ipsec=#0}
Jun 29 13:04:44 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 29 13:04:44 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 13:04:45 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 29 13:04:45 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate 'CN=VPN-kim, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 13:04:45 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0a005d32 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 13:04:45 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0a005d32 <0x2e0a5cdc xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:44514 DPD=active}
Jun 29 13:06:50 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 29 13:06:50 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 13:06:51 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 29 13:06:51 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #5: switched to "ikev2-cp"[3] YYY.YYY.YYY.YYY
Jun 29 13:06:51 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate '@VPN-A' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 13:06:51 orangepizero pluto[17222]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2
Jun 29 13:06:51 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=084580b8 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 13:06:51 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x084580b8 <0x6aa0e22a xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:13850 DPD=active}
Jun 29 13:15:28 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 13:15:29 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 13:15:30 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 13:16:15 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #7: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 29 13:16:15 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 13:16:16 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 29 13:16:16 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #7: switched to "ikev2-cp"[4] YYY.YYY.YYY.YYY
Jun 29 13:16:16 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #7: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate '@VPN-C' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 13:16:16 orangepizero pluto[17222]: | pool 192.168.43.10-192.168.43.250: growing address pool from 2 to 4
Jun 29 13:16:16 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #8: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=074a81f9 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 13:16:16 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #8: responder established Child SA using #7; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.13-192.168.43.13:0-65535 0] {ESPinUDP=>0x074a81f9 <0x91ef1b06 xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:23465 DPD=active}
Jun 29 13:47:47 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 13:57:16 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 13:57:17 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 13:57:18 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 13:57:20 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jun 29 13:57:24 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jun 29 13:57:32 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jun 29 13:57:48 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jun 29 13:58:20 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jun 29 13:59:24 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jun 29 14:01:32 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jun 29 14:04:57 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:04:57 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:05:29 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:05:29 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:05:48 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message
Jun 29 14:05:48 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: liveness action - clearing connection kind CK_INSTANCE
Jun 29 14:05:48 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #4: ESP traffic information: in=8MB out=345MB
Jun 29 14:05:48 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY #3: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 3663.724675s and NOT sending notification
Jun 29 14:05:48 orangepizero pluto[17222]: "ikev2-cp"[2] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 29 14:06:25 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:06:26 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:07:30 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:07:31 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:07:32 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:08:03 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:08:03 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:08:04 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:08:35 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:08:35 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:08:36 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:09:07 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:09:07 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:10:01 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:10:02 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:10:33 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:11:03 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:11:04 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:11:05 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:11:07 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jun 29 14:11:11 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jun 29 14:11:19 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jun 29 14:11:35 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jun 29 14:12:07 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jun 29 14:13:11 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jun 29 14:15:19 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jun 29 14:18:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #9: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 29 14:18:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #9: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 14:18:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #9: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 29 14:18:59 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #9: switched to "ikev2-cp"[3] YYY.YYY.YYY.YYY
Jun 29 14:18:59 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate '@VPN-A' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 14:18:59 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #10: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0c66179b chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 14:18:59 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #10: responder established Child SA using #9; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0c66179b <0xe4725cb2 xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:13850 DPD=active}
Jun 29 14:19:35 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message
Jun 29 14:19:35 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: liveness action - clearing connection kind CK_INSTANCE
Jun 29 14:19:35 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #6: ESP traffic information: in=7MB out=108MB
Jun 29 14:19:35 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #5: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 4364.487409s and NOT sending notification
Jun 29 14:25:04 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:25:04 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:25:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #11: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
Jun 29 14:25:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #11: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 14:25:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #11: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),CERTREQ,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),SA,TSi,TSr,N(MOBIKE_SUPPORTED),N(NO_ADDITIONAL_ADDRESSES),N(EAP_ONLY_AUTHENTICATION),N(IKEV2_MESSAGE_ID_SYNC_SUPPORTED)}
Jun 29 14:25:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #11: ignoring CERTREQ payload that is not ASN1: content is not binary ASN.1
Jun 29 14:25:58 orangepizero pluto[17222]: "ikev2-cp"[4] YYY.YYY.YYY.YYY #11: switched to "ikev2-cp"[5] YYY.YYY.YYY.YYY
Jun 29 14:25:58 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: responder established IKE SA; authenticated using RSASSA-PSS with SHA2_256 and peer certificate 'CN=VPN-B, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 14:25:58 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #12: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=29596652 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 14:25:59 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #12: responder established Child SA using #11; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x29596652 <0xb76d0fbd xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:24399 DPD=active}
Jun 29 14:26:17 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:26:17 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:27:11 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: INFORMATIONAL request has duplicate Message ID 19; retransmitting response
Jun 29 14:27:50 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:27:50 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #13: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 29 14:27:50 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #13: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 14:27:51 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #13: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 29 14:27:51 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:27:51 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #13: switched to "ikev2-cp"[3] YYY.YYY.YYY.YYY
Jun 29 14:27:51 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate '@VPN-A' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 14:27:51 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #14: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=04ea32fa chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 14:27:51 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #14: responder established Child SA using #13; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x04ea32fa <0x08dd15c2 xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:13850 DPD=active}
Jun 29 14:27:52 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:27:54 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jun 29 14:27:58 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jun 29 14:28:06 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jun 29 14:28:22 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jun 29 14:28:54 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jun 29 14:29:58 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jun 29 14:30:24 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:30:25 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:30:26 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:30:28 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jun 29 14:30:32 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jun 29 14:30:40 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jun 29 14:30:56 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jun 29 14:31:28 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jun 29 14:32:06 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jun 29 14:32:32 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jun 29 14:34:40 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jun 29 14:35:23 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #15: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 29 14:35:23 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #15: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 14:35:24 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #15: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 29 14:35:24 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #15: switched to "ikev2-cp"[6] YYY.YYY.YYY.YYY
Jun 29 14:35:24 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate '@VPN-kim' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 14:35:24 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #16: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=030c25ef chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 14:35:24 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #16: responder established Child SA using #15; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.12-192.168.43.12:0-65535 0] {ESPinUDP=>0x030c25ef <0x20fa86d0 xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:44514 DPD=active}
Jun 29 14:36:13 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:36:13 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:36:14 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:36:16 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jun 29 14:36:20 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jun 29 14:36:22 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message
Jun 29 14:36:22 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: liveness action - clearing connection kind CK_INSTANCE
Jun 29 14:36:22 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #10: ESP traffic information: in=1MB out=21MB
Jun 29 14:36:22 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #9: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 1043.970536s and NOT sending notification
Jun 29 14:36:28 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jun 29 14:36:40 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:36:41 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 29 14:36:42 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 29 14:36:44 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jun 29 14:36:44 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jun 29 14:36:48 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jun 29 14:36:56 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jun 29 14:37:12 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jun 29 14:37:16 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jun 29 14:37:44 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jun 29 14:38:20 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jun 29 14:38:48 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jun 29 14:38:56 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message
Jun 29 14:38:56 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: liveness action - clearing connection kind CK_INSTANCE
Jun 29 14:38:56 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #14: ESP traffic information: in=698KB out=5MB
Jun 29 14:38:56 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY #13: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 665.716638s and NOT sending notification
Jun 29 14:38:56 orangepizero pluto[17222]: "ikev2-cp"[3] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 29 14:40:28 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jun 29 14:40:28 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #17: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 29 14:40:28 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #17: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 29 14:40:29 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #17: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 29 14:40:29 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #17: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate '@VPN-kim' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 29 14:40:29 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #18: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=07e03b19 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 29 14:40:29 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #18: responder established Child SA using #17; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.12-192.168.43.12:0-65535 0] {ESPinUDP=>0x07e03b19 <0x3db05eb9 xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:44514 DPD=active}
Jun 29 14:44:44 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits. No response (or no acceptable response) to our IKEv2 message
Jun 29 14:44:44 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: liveness action - clearing connection kind CK_INSTANCE
Jun 29 14:44:44 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #16: ESP traffic information: in=27KB out=160KB
Jun 29 14:44:44 orangepizero pluto[17222]: "ikev2-cp"[6] YYY.YYY.YYY.YYY #15: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 560.98292s and NOT sending notification
Jun 29 14:47:14 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:49:32 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:50:02 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 29 14:50:37 orangepizero pluto[17222]: "ikev2-cp"[5] YYY.YYY.YYY.YYY #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response

letoams · 2022-06-30T13:29:32Z

On Thu, 30 Jun 2022, sleepingmoonmoon wrote: Here is a recent output in OrangePI before it crashes: Message from ***@***.*** at Jun 30 20:34:34 ... kernel:[74457.676442] Internal error: Oops: 805 [#1] SMP THUMB2 Message from ***@***.*** at Jun 30 20:34:34 ... kernel:[74457.881451] Process pluto (pid: 3268, stack limit = 0xecee338d)

So the libreswan IKE daemon crashed :/ It would be good to get more details, which might be hard to do. Perhaps you can change /etc/ipsec.conf and add plutodebug=tmi so that we might know based on the last debug logs where we kind of crash. But getting the pluto log entries from just before this message would also be useful.

Last log before the freeze happened: Jun 29 12:53:50 orangepizero pluto[17222]: Initializing NSS using read-write database "sql:/etc/ipsec.d" Jun 29 12:53:50 orangepizero pluto[17222]: FIPS Mode: NO Jun 29 12:53:50 orangepizero pluto[17222]: NSS crypto library initialized

... These are the startup messages, eg that is pluto starting after it has crashed. Paul

sleepingmoonmoon · 2022-06-30T14:05:27Z

It would be good to get more details, which might be hard to do. Perhaps
you can change /etc/ipsec.conf and add plutodebug=tmi so that we might
know based on the last debug logs where we kind of crash

Thank you for your reply! I'm sorry I am still new to using Linux. Where do I add plutodebug=tmi? Kindly see my /etc/ipsec.conf and /etc/ipsec.d/ikev2.conf below:

/etc/ipsec.conf:

version 2.0

config setup
  virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24,%v4:!192.168.43.0/24
  uniqueids=no

conn shared
  left=%defaultroute
  leftid=@mydnsxxxx.ddns.net
  right=%any
  encapsulation=yes
  authby=secret
  pfs=no
  rekey=no
  keyingtries=5
  dpddelay=30
  dpdtimeout=300
  dpdaction=clear
  ikev2=never
  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
  ikelifetime=24h
  salifetime=24h
  sha2-truncbug=no

conn l2tp-psk
  auto=add
  leftprotoport=17/1701
  rightprotoport=17/%any
  type=transport
  also=shared

conn xauth-psk
  auto=add
  leftsubnet=0.0.0.0/0
  rightaddresspool=192.168.43.10-192.168.43.250
  modecfgdns="8.8.8.8 8.8.4.4"
  leftxauthserver=yes
  rightxauthclient=yes
  leftmodecfgserver=yes
  rightmodecfgclient=yes
  modecfgpull=yes
  cisco-unity=yes
  also=shared

include /etc/ipsec.d/*.conf

/etc/ipsec.d/ikev2.conf:


conn ikev2-cp
  leftcert=mydnsxxxx.ddns.net
  leftid=@mydnsxxxx.ddns.net
  left=%defaultroute
  leftsendcert=always
  leftsubnet=0.0.0.0/0
  leftrsasigkey=%cert
  right=%any
  rightid=%fromcert
  rightaddresspool=192.168.43.10-192.168.43.250
  rightca=%same
  rightrsasigkey=%cert
  narrowing=yes
  dpddelay=30
  retransmit-timeout=300s
  dpdaction=clear
  auto=add
  ikev2=insist
  rekey=no
  pfs=no
  ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1
  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes128-sha2,aes256-sha2
  ikelifetime=24h
  salifetime=24h
  encapsulation=yes
  modecfgdns="8.8.8.8 8.8.4.4"
  mobike=no

sleepingmoonmoon · 2022-06-30T14:22:28Z

These are the startup messages, eg that is pluto starting after it has crashed.

Please see the last part of the pluto log, that was the part where it crashed.

I am attaching another pluto log right before it crashed.

pluto log right before crash (see last part):

Jun 30 19:15:40 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #130: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Jun 30 19:15:40 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #130: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:15:41 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #130: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Jun 30 19:15:41 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #130: switched to "ikev2-cp"[24] YYY.YYY.YYY.YYY
Jun 30 19:15:41 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate '@VPN-A' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 30 19:15:41 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #131: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=038de1af chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 30 19:15:41 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #131: responder established Child SA using #130; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.17-192.168.43.17:0-65535 0] {ESPinUDP=>0x038de1af <0xcc4b1472 xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:49712 DPD=active}
Jun 30 19:15:50 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:15:54 orangepizero pluto[3268]: "xauth-psk"[39] YYY.YYY.YYY.YYY #129: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:15:55 orangepizero pluto[3268]: "xauth-psk"[39] YYY.YYY.YYY.YYY #129: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:16:27 orangepizero pluto[3268]: "xauth-psk"[39] YYY.YYY.YYY.YYY #129: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:16:27 orangepizero pluto[3268]: "xauth-psk"[39] YYY.YYY.YYY.YYY #129: deleting state (STATE_XAUTH_R0) aged 65.221694s and sending notification
Jun 30 19:16:27 orangepizero pluto[3268]: "xauth-psk"[39] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:16:27 orangepizero pluto[3268]: "xauth-psk"[40] YYY.YYY.YYY.YYY #132: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:16:27 orangepizero pluto[3268]: "xauth-psk"[40] YYY.YYY.YYY.YYY #132: sent Main Mode R1
Jun 30 19:16:27 orangepizero pluto[3268]: "xauth-psk"[40] YYY.YYY.YYY.YYY #132: sent Main Mode R2
Jun 30 19:16:28 orangepizero pluto[3268]: "xauth-psk"[40] YYY.YYY.YYY.YYY #132: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:16:28 orangepizero pluto[3268]: "xauth-psk"[40] YYY.YYY.YYY.YYY #132: switched to "xauth-psk"[41] YYY.YYY.YYY.YYY
Jun 30 19:16:28 orangepizero pluto[3268]: "xauth-psk"[40] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:16:28 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:16:28 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:16:28 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:16:28 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:16:29 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:16:29 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:16:30 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:16:30 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:16:32 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:16:32 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:16:36 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:16:36 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:16:44 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:16:44 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:17:00 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:17:00 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:17:08 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:17:32 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:17:32 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY #132: deleting state (STATE_XAUTH_R0) aged 64.974742s and sending notification
Jun 30 19:17:32 orangepizero pluto[3268]: "xauth-psk"[41] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:17:32 orangepizero pluto[3268]: "xauth-psk"[42] YYY.YYY.YYY.YYY #133: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:17:32 orangepizero pluto[3268]: "xauth-psk"[42] YYY.YYY.YYY.YYY #133: sent Main Mode R1
Jun 30 19:17:33 orangepizero pluto[3268]: "xauth-psk"[42] YYY.YYY.YYY.YYY #133: sent Main Mode R2
Jun 30 19:17:33 orangepizero pluto[3268]: "xauth-psk"[42] YYY.YYY.YYY.YYY #133: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[42] YYY.YYY.YYY.YYY #133: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[42] YYY.YYY.YYY.YYY #133: switched to "xauth-psk"[43] YYY.YYY.YYY.YYY
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[42] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:17:34 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:17:35 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:17:35 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:17:36 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:17:36 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:17:38 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:17:38 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:17:42 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:17:42 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:17:50 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:17:50 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:18:06 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:18:06 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:18:38 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:18:38 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY #133: deleting state (STATE_XAUTH_R0) aged 65.423042s and sending notification
Jun 30 19:18:38 orangepizero pluto[3268]: "xauth-psk"[43] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:18:38 orangepizero pluto[3268]: "xauth-psk"[44] YYY.YYY.YYY.YYY #134: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:18:38 orangepizero pluto[3268]: "xauth-psk"[44] YYY.YYY.YYY.YYY #134: sent Main Mode R1
Jun 30 19:18:39 orangepizero pluto[3268]: "xauth-psk"[44] YYY.YYY.YYY.YYY #134: sent Main Mode R2
Jun 30 19:18:39 orangepizero pluto[3268]: "xauth-psk"[44] YYY.YYY.YYY.YYY #134: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jun 30 19:18:39 orangepizero pluto[3268]: "xauth-psk"[44] YYY.YYY.YYY.YYY #134: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:18:39 orangepizero pluto[3268]: "xauth-psk"[44] YYY.YYY.YYY.YYY #134: switched to "xauth-psk"[45] YYY.YYY.YYY.YYY
Jun 30 19:18:39 orangepizero pluto[3268]: "xauth-psk"[44] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:18:39 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:18:39 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:18:40 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:18:40 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:18:40 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:18:40 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:18:41 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:18:41 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:18:43 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:18:43 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:18:47 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:18:47 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:18:55 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:18:55 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:19:11 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:19:11 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:19:43 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:19:43 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY #134: deleting state (STATE_XAUTH_R0) aged 65.097871s and sending notification
Jun 30 19:19:43 orangepizero pluto[3268]: "xauth-psk"[45] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:19:45 orangepizero pluto[3268]: "xauth-psk"[46] YYY.YYY.YYY.YYY #135: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:19:45 orangepizero pluto[3268]: "xauth-psk"[46] YYY.YYY.YYY.YYY #135: sent Main Mode R1
Jun 30 19:19:46 orangepizero pluto[3268]: "xauth-psk"[46] YYY.YYY.YYY.YYY #135: sent Main Mode R2
Jun 30 19:19:47 orangepizero pluto[3268]: "xauth-psk"[46] YYY.YYY.YYY.YYY #135: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jun 30 19:19:47 orangepizero pluto[3268]: "xauth-psk"[46] YYY.YYY.YYY.YYY #135: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:19:47 orangepizero pluto[3268]: "xauth-psk"[46] YYY.YYY.YYY.YYY #135: switched to "xauth-psk"[47] YYY.YYY.YYY.YYY
Jun 30 19:19:47 orangepizero pluto[3268]: "xauth-psk"[46] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:19:47 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:19:47 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Jun 30 19:19:47 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:19:48 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:19:48 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:19:48 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:19:48 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:19:49 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:19:49 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:19:51 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:19:51 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:19:55 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:19:55 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:20:03 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:20:03 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:20:19 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:20:19 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:20:51 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:20:51 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY #135: deleting state (STATE_XAUTH_R0) aged 66.039479s and sending notification
Jun 30 19:20:51 orangepizero pluto[3268]: "xauth-psk"[47] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:20:52 orangepizero pluto[3268]: "xauth-psk"[48] YYY.YYY.YYY.YYY #136: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:20:52 orangepizero pluto[3268]: "xauth-psk"[48] YYY.YYY.YYY.YYY #136: sent Main Mode R1
Jun 30 19:20:52 orangepizero pluto[3268]: "xauth-psk"[48] YYY.YYY.YYY.YYY #136: sent Main Mode R2
Jun 30 19:20:52 orangepizero pluto[3268]: "xauth-psk"[48] YYY.YYY.YYY.YYY #136: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:20:52 orangepizero pluto[3268]: "xauth-psk"[48] YYY.YYY.YYY.YYY #136: switched to "xauth-psk"[49] YYY.YYY.YYY.YYY
Jun 30 19:20:52 orangepizero pluto[3268]: "xauth-psk"[48] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:20:52 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:20:53 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:20:53 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:20:53 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:20:54 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:20:54 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:20:55 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:20:55 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:20:57 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:20:57 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:21:01 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:21:01 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:21:09 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:21:09 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:21:25 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:21:25 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:21:57 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:21:57 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY #136: deleting state (STATE_XAUTH_R0) aged 65.085924s and sending notification
Jun 30 19:21:57 orangepizero pluto[3268]: "xauth-psk"[49] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:21:57 orangepizero pluto[3268]: "xauth-psk"[50] YYY.YYY.YYY.YYY #137: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:21:57 orangepizero pluto[3268]: "xauth-psk"[50] YYY.YYY.YYY.YYY #137: sent Main Mode R1
Jun 30 19:21:57 orangepizero pluto[3268]: "xauth-psk"[50] YYY.YYY.YYY.YYY #137: sent Main Mode R2
Jun 30 19:21:58 orangepizero pluto[3268]: "xauth-psk"[50] YYY.YYY.YYY.YYY #137: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:21:58 orangepizero pluto[3268]: "xauth-psk"[50] YYY.YYY.YYY.YYY #137: switched to "xauth-psk"[51] YYY.YYY.YYY.YYY
Jun 30 19:21:58 orangepizero pluto[3268]: "xauth-psk"[50] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:21:58 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:21:58 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:21:58 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:21:59 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:21:59 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:21:59 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:22:00 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:22:00 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:22:02 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:22:02 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:22:06 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:22:06 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:22:14 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:22:14 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:22:30 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:22:30 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:23:02 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:23:02 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY #137: deleting state (STATE_XAUTH_R0) aged 65.058664s and sending notification
Jun 30 19:23:02 orangepizero pluto[3268]: "xauth-psk"[51] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:23:02 orangepizero pluto[3268]: "xauth-psk"[52] YYY.YYY.YYY.YYY #138: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:23:02 orangepizero pluto[3268]: "xauth-psk"[52] YYY.YYY.YYY.YYY #138: sent Main Mode R1
Jun 30 19:23:03 orangepizero pluto[3268]: "xauth-psk"[52] YYY.YYY.YYY.YYY #138: sent Main Mode R2
Jun 30 19:23:03 orangepizero pluto[3268]: "xauth-psk"[52] YYY.YYY.YYY.YYY #138: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:23:03 orangepizero pluto[3268]: "xauth-psk"[52] YYY.YYY.YYY.YYY #138: switched to "xauth-psk"[53] YYY.YYY.YYY.YYY
Jun 30 19:23:03 orangepizero pluto[3268]: "xauth-psk"[52] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:23:03 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:23:03 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:23:04 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:23:04 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:23:04 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:23:05 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:23:05 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:23:06 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:23:07 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:23:08 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:23:12 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:23:12 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:23:20 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:23:20 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:23:36 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:23:36 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:24:08 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:24:08 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY #138: deleting state (STATE_XAUTH_R0) aged 65.02457s and sending notification
Jun 30 19:24:08 orangepizero pluto[3268]: "xauth-psk"[53] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:24:08 orangepizero pluto[3268]: "xauth-psk"[54] YYY.YYY.YYY.YYY #139: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:24:08 orangepizero pluto[3268]: "xauth-psk"[54] YYY.YYY.YYY.YYY #139: sent Main Mode R1
Jun 30 19:24:09 orangepizero pluto[3268]: "xauth-psk"[54] YYY.YYY.YYY.YYY #139: sent Main Mode R2
Jun 30 19:24:09 orangepizero pluto[3268]: "xauth-psk"[54] YYY.YYY.YYY.YYY #139: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jun 30 19:24:09 orangepizero pluto[3268]: "xauth-psk"[54] YYY.YYY.YYY.YYY #139: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:24:09 orangepizero pluto[3268]: "xauth-psk"[54] YYY.YYY.YYY.YYY #139: switched to "xauth-psk"[55] YYY.YYY.YYY.YYY
Jun 30 19:24:09 orangepizero pluto[3268]: "xauth-psk"[54] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:24:09 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:24:09 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:24:10 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:24:10 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:24:10 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:24:10 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:24:11 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:24:11 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:24:13 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:24:13 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:24:17 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:24:17 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:24:25 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:24:26 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:24:41 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:24:42 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:25:13 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 19:25:13 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY #139: deleting state (STATE_XAUTH_R0) aged 65.499798s and sending notification
Jun 30 19:25:13 orangepizero pluto[3268]: "xauth-psk"[55] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:25:14 orangepizero pluto[3268]: "xauth-psk"[56] YYY.YYY.YYY.YYY #140: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:61713
Jun 30 19:25:14 orangepizero pluto[3268]: "xauth-psk"[56] YYY.YYY.YYY.YYY #140: sent Main Mode R1
Jun 30 19:25:14 orangepizero pluto[3268]: "xauth-psk"[56] YYY.YYY.YYY.YYY #140: sent Main Mode R2
Jun 30 19:25:15 orangepizero pluto[3268]: "xauth-psk"[56] YYY.YYY.YYY.YYY #140: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:25:15 orangepizero pluto[3268]: "xauth-psk"[56] YYY.YYY.YYY.YYY #140: switched to "xauth-psk"[57] YYY.YYY.YYY.YYY
Jun 30 19:25:15 orangepizero pluto[3268]: "xauth-psk"[56] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:25:15 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:25:15 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:25:15 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 19:25:15 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:25:16 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 19:25:16 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:25:17 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 19:25:17 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:25:19 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 19:25:19 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:25:23 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 19:25:23 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:25:31 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 19:25:31 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:25:42 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: INFORMATIONAL request has duplicate Message ID 2; retransmitting response
Jun 30 19:25:47 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 19:25:47 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 19:26:05 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x0a0b73f4) not found (maybe expired)
Jun 30 19:26:05 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: received Delete SA payload: self-deleting ISAKMP State #140
Jun 30 19:26:05 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY #140: deleting state (STATE_XAUTH_R0) aged 50.809576s and sending notification
Jun 30 19:26:05 orangepizero pluto[3268]: "xauth-psk"[57] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:26:06 orangepizero pluto[3268]: "xauth-psk"[58] YYY.YYY.YYY.YYY #141: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:9341
Jun 30 19:26:06 orangepizero pluto[3268]: "xauth-psk"[58] YYY.YYY.YYY.YYY #141: sent Main Mode R1
Jun 30 19:26:07 orangepizero pluto[3268]: "xauth-psk"[58] YYY.YYY.YYY.YYY #141: sent Main Mode R2
Jun 30 19:26:07 orangepizero pluto[3268]: "xauth-psk"[58] YYY.YYY.YYY.YYY #141: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
Jun 30 19:26:07 orangepizero pluto[3268]: "xauth-psk"[58] YYY.YYY.YYY.YYY #141: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 19:26:07 orangepizero pluto[3268]: "xauth-psk"[58] YYY.YYY.YYY.YYY #141: switched to "xauth-psk"[59] YYY.YYY.YYY.YYY
Jun 30 19:26:07 orangepizero pluto[3268]: "xauth-psk"[58] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 19:26:07 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:26:07 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: XAUTH: password file authentication method requested to authenticate user 'kimbies'
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: XAUTH: password file (/etc/ipsec.d/passwd) open.
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: XAUTH: success user(kimbies:xauth-psk) 
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: XAUTH: User kimbies: Authentication Successful
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: XAUTH: xauth_inR1(STF_OK)
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: modecfg_inR0(STF_OK)
Jun 30 19:26:08 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: sent ModeCfg reply, expecting Ack {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:26:09 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: the peer proposed: 0.0.0.0/0 -<all>-> 192.168.43.13/32
Jun 30 19:26:09 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #142: responding to Quick Mode proposal {msgid:0076a31e}
Jun 30 19:26:09 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #142:     us: 0.0.0.0/0===192.168.1.12[@mydnsxxxx.ddns.net,MS+XS+S=C]  them: YYY.YYY.YYY.YYY[10.X.X.190,+MC+XC+S=C]===192.168.43.13/32
Jun 30 19:26:09 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #142: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation tunnel mode {ESPinUDP=>0x029437a9 <0xe0d21342 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATD=YYY.YYY.YYY.YYY:61713 DPD=active username=kimbies}
Jun 30 19:26:09 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #142: IPsec SA established tunnel mode {ESPinUDP=>0x029437a9 <0xe0d21342 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATD=YYY.YYY.YYY.YYY:61713 DPD=active username=kimbies}
Jun 30 19:32:07 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:32:37 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:33:07 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:40:42 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:44:27 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:44:27 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 19:44:28 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 30 19:44:40 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:45:10 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:46:39 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:47:13 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:48:24 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:48:24 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 19:48:25 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 30 19:49:27 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:50:27 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:54:21 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:54:21 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 19:54:28 orangepizero pluto[3268]: "ikev2-cp"[8] XX.XXX.XXX.XXX #143: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Jun 30 19:54:28 orangepizero pluto[3268]: "ikev2-cp"[8] XX.XXX.XXX.XXX #143: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Jun 30 19:54:28 orangepizero pluto[3268]: "ikev2-cp"[8] XX.XXX.XXX.XXX #143: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Jun 30 19:54:28 orangepizero pluto[3268]: "ikev2-cp"[8] XX.XXX.XXX.XXX #143: ignoring CERTREQ payload that is not ASN1: content is not binary ASN.1
Jun 30 19:54:28 orangepizero pluto[3268]: "ikev2-cp"[8] XX.XXX.XXX.XXX #143: switched to "ikev2-cp"[25] XX.XXX.XXX.XXX
Jun 30 19:54:28 orangepizero pluto[3268]: "ikev2-cp"[25] XX.XXX.XXX.XXX #143: responder established IKE SA; authenticated using PKCS#1 1.5 RSA with SHA1 and peer certificate 'CN=VPN-mathew, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Jun 30 19:54:29 orangepizero pluto[3268]: "ikev2-cp"[25] XX.XXX.XXX.XXX #144: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=f6afad50 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 30 19:54:29 orangepizero pluto[3268]: "ikev2-cp"[25] XX.XXX.XXX.XXX #144: responder established Child SA using #143; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.12-192.168.43.12:0-65535 0] {ESPinUDP=>0xf6afad50 <0x123f441e xfrm=AES_GCM_16_128-NONE NATD=XX.XXX.XXX.XXX:4500 DPD=active}
Jun 30 19:55:00 orangepizero pluto[3268]: "ikev2-cp"[25] XX.XXX.XXX.XXX #144: ESP traffic information: in=313KB out=130KB
Jun 30 19:55:00 orangepizero pluto[3268]: "ikev2-cp"[25] XX.XXX.XXX.XXX #143: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 31.946553s and NOT sending notification
Jun 30 19:55:00 orangepizero pluto[3268]: "ikev2-cp"[25] XX.XXX.XXX.XXX: deleting connection instance with peer XX.XXX.XXX.XXX {isakmp=#0/ipsec=#0}
Jun 30 19:57:20 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 19:57:21 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 19:59:39 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:00:09 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:01:19 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:02:10 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:02:40 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #112: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:06:31 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #145: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=95d38a1a chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Jun 30 20:06:31 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #145: responder rekeyed Child SA #113 using #112; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x95d38a1a <0x5a77f097 xfrm=AES_GCM_16_128-NONE NATD=YYY.YYY.YYY.YYY:23117 DPD=active}
Jun 30 20:06:31 orangepizero pluto[3268]: "ikev2-cp"[14] YYY.YYY.YYY.YYY #113: ESP traffic information: in=33MB out=44MB
Jun 30 20:06:41 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:49894
Jun 30 20:06:41 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: sent Main Mode R1
Jun 30 20:06:41 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: sent Main Mode R2
Jun 30 20:06:42 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: Peer ID is ID_IPV4_ADDR: '10.X.X.190'
Jun 30 20:06:42 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
Jun 30 20:06:42 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0)
Jun 30 20:06:42 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: retransmission; will wait 0.5 seconds for response
Jun 30 20:06:42 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 20:06:43 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: retransmission; will wait 1 seconds for response
Jun 30 20:06:43 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 20:06:44 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: retransmission; will wait 2 seconds for response
Jun 30 20:06:44 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 20:06:46 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: retransmission; will wait 4 seconds for response
Jun 30 20:06:46 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 20:06:50 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: retransmission; will wait 8 seconds for response
Jun 30 20:06:50 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 20:06:58 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: retransmission; will wait 16 seconds for response
Jun 30 20:06:58 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 20:07:14 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: retransmission; will wait 32 seconds for response
Jun 30 20:07:14 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: XAUTH: Sending Username/Password request (XAUTH_R0->XAUTH_R0)
Jun 30 20:07:46 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: STATE_XAUTH_R0: 60 second timeout exceeded after 7 retransmits.  No response (or no acceptable response) to our IKEv1 message
Jun 30 20:07:46 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #146: deleting state (STATE_XAUTH_R0) aged 65.025477s and sending notification
Jun 30 20:08:06 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:08:06 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 20:09:23 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:09:23 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 20:10:20 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:10:21 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 20:10:39 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: DPD action - clearing connection kind CK_INSTANCE
Jun 30 20:10:39 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #142: deleting state (STATE_QUICK_R2) aged 2670.786175s and sending notification
Jun 30 20:10:39 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #142: ESP traffic information: in=6MB out=106MB XAUTHuser=kimbies
Jun 30 20:10:39 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY #141: deleting state (STATE_MODE_CFG_R1) aged 2672.993615s and sending notification
Jun 30 20:10:39 orangepizero pluto[3268]: "xauth-psk"[59] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 30 20:14:21 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Jun 30 20:14:22 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Jun 30 20:14:23 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Jun 30 20:14:25 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Jun 30 20:14:29 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Jun 30 20:14:37 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Jun 30 20:14:53 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Jun 30 20:15:25 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Jun 30 20:16:29 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Jun 30 20:18:37 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Jun 30 20:22:53 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Jun 30 20:22:53 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: liveness action - clearing connection kind CK_INSTANCE
Jun 30 20:22:53 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #131: ESP traffic information: in=4MB out=77MB
Jun 30 20:22:53 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY #130: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 4032.737079s and NOT sending notification
Jun 30 20:22:53 orangepizero pluto[3268]: "ikev2-cp"[24] YYY.YYY.YYY.YYY: deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}

The last time saved in the log is 08:22:53PM and IKE daemon crashed at 8:34:34PM based from the message from OrangePI:

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.676442] Internal error: Oops: 805 [#1] SMP THUMB2

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.881451] Process pluto (pid: 3268, stack limit = 0xecee338d)

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.887385] Stack: (0xcf1fbc80 to 0xcf1fc000)

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.891763] bc80: 00005ed2 c177bce8 c177bcc0 c094e0cf 00000000 c177bcc0 c0f04fc8 c09574e1

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.899951] bca0: d899a000 00000000 00000000 00000000 00000000 c05ad5c5 00000000 2dfd1b1a

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.908140] bcc0: cf1fbd00 c0b0b078 c0f04fc8 cf3b0a00 d899a000 c0956085 c0b0b060 00000000

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.916328] bce0: cf1fbda8 c04d737b d899a000 c0f04fc8 00000000 c088ffff 00080000 c08d4a7f

Message from syslogd@orangepizero at Jun 30 20:34:34 ...
kernel:[74457.924515] bd00: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

letoams · 2022-06-30T15:16:42Z

On Thu, 30 Jun 2022, sleepingmoonmoon wrote: It would be good to get more details, which might be hard to do. Perhaps you can change /etc/ipsec.conf and add plutodebug=tmi so that we might know based on the last debug logs where we kind of crash Thank you for your reply! I'm sorry I am still new to using Linux. Where do I add plutodebug=tmi? Kindly see my /etc/ipsec.conf and /etc/ipsec.d/ikev2.conf below: /etc/ipsec.conf: version 2.0 config setup virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24,%v4:!192.168.43.0/24 uniqueids=no

Add it here under uniqueids=no The other logs did not show anything useful unfortunately. Paul

sleepingmoonmoon · 2022-06-30T17:19:35Z

I have updated /etc/ipsec.conf to include plutodebug=tmi. I will send the pluto log when my VPN freeze again.

Is there anything I can do to maybe automatically reboot OrangePI or restart ipsec when IKE daemon crashes? This is just a workaround if ever until the real cause of the issue is found. Thank you!

letoams · 2022-06-30T17:49:57Z

Libreswan will already restart once it crashes. But that will kick out every client. It might take a few seconds for those clients to realize their connection died. Sent using a virtual keyboard on a phone

…

On Jun 30, 2022, at 13:19, sleepingmoonmoon ***@***.***> wrote: I have updated /etc/ipsec.conf to include plutodebug=tmi. I will send the pluto log when my VPN freeze again. Is there anything I can do to maybe automatically reboot OrangePI or restart ipsec when IKE daemon crashes? This is just a workaround if ever until the real cause of the issue is found. Thank you! — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.

sleepingmoonmoon · 2022-07-01T13:53:40Z

I see. It's just that when my orange pi freezes, the clients cannot connect to the VPN until I disconnect its power to manually restart the orange pi so I need to be close to it at all times.

Today, I monitored this and there was no freezing that occurred since they are connected to their Home wifi all day. It seems that it is their Work wifi that causes this problem and not the android device of one of the clients. But I still have no clue why this happens.

sleepingmoonmoon · 2022-07-03T15:29:35Z

Hello @letoams, my orange pi froze once again. It was fine yesterday when the clients are connected using their home wifi (86.x.x.x). Today, one was connected to the work wifi (212.x.x.x) when freezing occurred. Is it safe to assume that the work wifi causes this issue?

Kindly see log below for plutodebug log:
plutodebug.txt

Jul  3 20:56:01 orangepizero pluto[2990]: | newref struct fd@0xa0da60(0->1) (whack_handle_cb() +980 programs/pluto/rcv_whack.c)
Jul  3 20:56:01 orangepizero pluto[2990]: | fd_accept: new fd@0xa0da60 (whack_handle_cb() +980 programs/pluto/rcv_whack.c)
Jul  3 20:56:01 orangepizero pluto[2990]: | whack message 19770; size=1180
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->name' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_constant_string: '&end->leftright' is left
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->id' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->cert' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->rsasigkey' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->ckaid' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->ca' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->groups' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->updown' is 13 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->virt' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->xauth_username' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->host_addr_name' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_constant_string: '&end->leftright' is right
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->id' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->cert' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->rsasigkey' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->ckaid' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->ca' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->groups' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->updown' is 13 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->virt' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->xauth_username' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&end->host_addr_name' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->keyid' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->ike' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->esp' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->connalias' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->string1' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->string2' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->string3' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->dnshostname' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->modecfg_dns' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->modecfg_domains' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->modecfg_banner' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->conn_mark_both' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->conn_mark_in' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->conn_mark_out' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->vti_iface' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->remote_host' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->global_redirect_to' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->redirect_to' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->accept_redirect_to' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->active_redirect_dests' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | unpack_string: '&wp->msg->sec_label' is 0 bytes
Jul  3 20:56:01 orangepizero pluto[2990]: | whack: start: trafficstatus (fd@0xa0da60)
Jul  3 20:56:01 orangepizero pluto[2990]: | FOR_EACH_STATE_... in (show_traffic_status() +2397 programs/pluto/state.c)
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-C-2"[3] 86.x.x.x #69
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-B-2"[3] 212.x.x.x #68
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-kimTV"[1] 86.x.x.x #67
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-B-2"[3] 212.x.x.x #65
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-C-2"[3] 86.x.x.x #63
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-kimTV"[1] 86.x.x.x #59
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-A"[3] 86.x.x.x #51
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-A"[3] 86.x.x.x #50
Jul  3 20:56:01 orangepizero pluto[2990]: |   matches: 8
Jul  3 20:56:01 orangepizero pluto[2990]: | FOR_EACH_STATE_... in (show_traffic_status() +2397 programs/pluto/state.c)
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-C-2"[3] 86.x.x.x #69
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-B-2"[3] 212.x.x.x #68
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-kimTV"[1] 86.x.x.x #67
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-B-2"[3] 212.x.x.x #65
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-C-2"[3] 86.x.x.x #63
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-kimTV"[1] 86.x.x.x #59
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-A"[3] 86.x.x.x #51
Jul  3 20:56:01 orangepizero pluto[2990]: |   found "VPN-A"[3] 86.x.x.x #50
Jul  3 20:56:01 orangepizero pluto[2990]: |   matches: 8
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.190c8b6b@192.168.1.12
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.d3a6d2b@86.x.x.x
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: |] #51: "VPN-A"[3] 86.x.x.x, type=ESP, add_time=1656826941, inBytes=21741936, outBytes=460832762, id='@VPN-A', lease=192.168.43.11/32
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.7313e397@192.168.1.12
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.91044e2d@212.x.x.x
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: |] #68: "VPN-B-2"[3] 212.x.x.x, type=ESP, add_time=1656850352, inBytes=124778310, outBytes=169161315, id='CN=VPN-B, O=IKEv2 VPN', lease=192.168.43.14/32
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.50db78f0@192.168.1.12
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.c7f0e65b@86.x.x.x
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: |] #69: "VPN-C-2"[3] 86.x.x.x, type=ESP, add_time=1656851699, inBytes=1553541, outBytes=38456660, id='CN=VPN-C, O=IKEv2 VPN', lease=192.168.43.16/32
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.c4acfaad@192.168.1.12
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.5bdc6b1d@86.x.x.x
Jul  3 20:56:01 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:01 orangepizero pluto[2990]: |] #67: "VPN-kimTV"[1] 86.x.x.x, type=ESP, add_time=1656847183, inBytes=4335436, outBytes=57400629, id='CN=VPN-kimTV, O=IKEv2 VPN', lease=192.168.43.18/32
Jul  3 20:56:01 orangepizero pluto[2990]: | whack: stop: trafficstatus (fd@0xa0da60)
Jul  3 20:56:01 orangepizero pluto[2990]: | delref struct fd@0xa0da60(1->0) (whack_handle_cb() +993 programs/pluto/rcv_whack.c)
Jul  3 20:56:01 orangepizero pluto[2990]: | freeref fd@0xa0da60 (whack_handle_cb() +993 programs/pluto/rcv_whack.c)
Jul  3 20:56:01 orangepizero pluto[2990]: | spent 8.88 (13.1) milliseconds in whack
Jul  3 20:56:02 orangepizero pluto[2990]: | timer_event_cb: processing EVENT_v2_LIVENESS-event@0xa21940 for CHILD SA #69 in state ESTABLISHED_CHILD_SA
Jul  3 20:56:02 orangepizero pluto[2990]: | #69 deleting EVENT_v2_LIVENESS
Jul  3 20:56:02 orangepizero pluto[2990]: | delref tt@0x9c82e8(1->0) (destroy_timeout() +584 programs/pluto/server.c)
Jul  3 20:56:02 orangepizero pluto[2990]: | delref state-event@0xa21940(1->0) (timer_event_cb() +226 programs/pluto/timer.c)
Jul  3 20:56:02 orangepizero pluto[2990]: | kernel: get_sa_bundle_info esp.50db78f0@192.168.1.12
Jul  3 20:56:02 orangepizero pluto[2990]: | xfrm: sendrecv_xfrm_msg() sending 18
Jul  3 20:56:02 orangepizero pluto[2990]: | liveness: #69 scheduling next check for 86.x.x.x:33544 in 28.92671 seconds (recent IPsec traffic was 1.07329 seconds ago)
Jul  3 20:56:02 orangepizero pluto[2990]: | event_schedule_where: newref EVENT_v2_LIVENESS-pe@0xa12000 timeout in 28.92671 seconds for #69
Jul  3 20:56:02 orangepizero pluto[2990]: | newref tt@0x9c82e8(0->1) (schedule_timeout() +566 programs/pluto/server.c)
Jul  3 20:56:02 orangepizero pluto[2990]: | #69 spent 1.3 (1.29) milliseconds in timer_event_cb() EVENT_v2_LIVENESS

sleepingmoonmoon · 2022-07-06T08:59:29Z

Hello! As a workaround, I used wireguard for my clients when they are using their work network and will only use IKEv2 when they are at home. My server does not freeze anymore using this setup.

I am closing this issue for now but it would be good if I will only need to implement a single VPN for my clients.

sleepingmoonmoon closed this as completed Jul 6, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IKEv2 Server freezes due to Android phone client #1190

IKEv2 Server freezes due to Android phone client #1190

sleepingmoonmoon commented Jun 30, 2022

letoams commented Jun 30, 2022 via email

sleepingmoonmoon commented Jun 30, 2022

sleepingmoonmoon commented Jun 30, 2022 •

edited

Loading

letoams commented Jun 30, 2022 via email

sleepingmoonmoon commented Jun 30, 2022

letoams commented Jun 30, 2022 via email

sleepingmoonmoon commented Jul 1, 2022

sleepingmoonmoon commented Jul 3, 2022 •

edited

Loading

sleepingmoonmoon commented Jul 6, 2022

IKEv2 Server freezes due to Android phone client #1190

IKEv2 Server freezes due to Android phone client #1190

Comments

sleepingmoonmoon commented Jun 30, 2022

letoams commented Jun 30, 2022 via email

sleepingmoonmoon commented Jun 30, 2022

sleepingmoonmoon commented Jun 30, 2022 • edited Loading

letoams commented Jun 30, 2022 via email

sleepingmoonmoon commented Jun 30, 2022

letoams commented Jun 30, 2022 via email

sleepingmoonmoon commented Jul 1, 2022

sleepingmoonmoon commented Jul 3, 2022 • edited Loading

sleepingmoonmoon commented Jul 6, 2022

sleepingmoonmoon commented Jun 30, 2022 •

edited

Loading

sleepingmoonmoon commented Jul 3, 2022 •

edited

Loading