Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

搭建完能连接,过几个小时连接不上了 #1295

Closed
cai-xiaotao opened this issue Dec 8, 2022 · 2 comments
Closed

搭建完能连接,过几个小时连接不上了 #1295

cai-xiaotao opened this issue Dec 8, 2022 · 2 comments

Comments

@cai-xiaotao
Copy link

cai-xiaotao commented Dec 8, 2022
edited by hwdsl2
Loading

问题描述
image
如图所示,刚开始搭建完是能连接的,然后后面断开连接几次也都正常,但是过了大概两个小时左右,再连接就出问题了!之后重装系统没得到结局,然后换了公网ip重装解决了,但是过了两个小时左右又是一样了,用的是腾讯云的服务器硅谷节点

期待的正确结果
能连接上

日志

Dec  8 17:39:49 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=26e586a8 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:39:49 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: responder established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x26e586a8 <0xdbfd1282 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15200 DPD=active}
Dec  8 17:39:50 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:39:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:40:19 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:40:20 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:40:21 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:40:23 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:40:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:40:35 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:40:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:41:23 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:42:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #3: switched to "ikev2-cp"[2] 222.191.246.242
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: | pool 192.168.43.10-192.168.43.250: growing address pool from 1 to 2
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0980c474 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:42:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0980c474 <0x3944f4fe xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15204 DPD=active}
Dec  8 17:42:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:42:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:02 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:10 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 17:43:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0cfe33b3 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: responder established Child SA using #5; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x0cfe33b3 <0x9a140c1f xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15204 DPD=active}
Dec  8 17:43:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:43:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:43:30 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:33 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:43:34 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:43:42 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 17:43:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:43:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:43:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:43:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:44:01 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:44:05 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:44:13 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:44:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:44:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:44:35 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 17:45:01 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:45:33 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:46:05 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:47:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 17:48:13 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: liveness action - clearing connection kind CK_INSTANCE
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #2: ESP traffic information: in=0B out=0B
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242 #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.273739s and NOT sending notification
Dec  8 17:48:51 VM-4-15-centos pluto[6241]: "ikev2-cp"[1] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#0/ipsec=#0}
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: liveness action - clearing connection kind CK_INSTANCE
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #4: ESP traffic information: in=0B out=0B
Dec  8 17:51:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #3: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.22388s and NOT sending notification
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: liveness action - clearing connection kind CK_INSTANCE
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #6: ESP traffic information: in=0B out=0B
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242 #5: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.272715s and NOT sending notification
Dec  8 17:52:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[2] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#0/ipsec=#0}
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=120fd550 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 17:53:58 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: responder established Child SA using #7; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0x120fd550 <0x8affdfdb xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15205 DPD=active}
Dec  8 17:53:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:54:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 17:54:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 17:54:29 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 17:54:30 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 17:54:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 17:54:36 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 17:54:44 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 17:55:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 17:55:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 17:56:36 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 17:58:44 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #9: switched to "ikev2-cp"[4] 222.191.246.242
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0f346b45 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:00:53 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: responder established Child SA using #9; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0f346b45 <0x6a2849f3 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15206 DPD=active}
Dec  8 18:00:54 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:00:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:08 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
Dec  8 18:01:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: processing decrypted IKE_AUTH request: SK{IDi,CERT,N(INITIAL_CONTACT),IDr,AUTH,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate '@cxt_ios' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=0044d172 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: responder established Child SA using #11; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x0044d172 <0xe4588dbf xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15206 DPD=active}
Dec  8 18:01:25 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:01:26 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:01:28 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:31 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:01:32 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #13: switched to "ikev2-cp"[3] 222.191.246.242
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=e14751ae chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:01:38 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: responder established Child SA using #13; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.11-192.168.43.11:0-65535 0] {ESPinUDP=>0xe14751ae <0x2883e717 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15207 DPD=active}
Dec  8 18:01:39 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:01:39 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: IKE_AUTH request fragment 1 of 4 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:01:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:01:55 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:01:56 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:01:57 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:01:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:02:03 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:02:09 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:02:09 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:02:10 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:02:11 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:02:12 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:02:16 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:02:24 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:02:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:02:27 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:02:40 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:02:59 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: STATE_V2_ESTABLISHED_IKE_SA: 300 second timeout exceeded after 10 retransmits.  No response (or no acceptable response) to our IKEv2 message
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: liveness action - clearing connection kind CK_INSTANCE
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #8: ESP traffic information: in=0B out=0B
Dec  8 18:03:00 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #7: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 542.21711s and NOT sending notification
Dec  8 18:03:12 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:03:31 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: Pluto is shutting down
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#11/ipsec=#12}
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #11: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 136.730593s and sending notification
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #12: ESP traffic information: in=0B out=0B
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #10: ESP traffic information: in=0B out=0B
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[4] 222.191.246.242 #9: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 167.995081s and sending notification
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242: deleting connection instance with peer 222.191.246.242 {isakmp=#13/ipsec=#14}
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #13: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 122.885402s and sending notification
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: "ikev2-cp"[3] 222.191.246.242 #14: ESP traffic information: in=0B out=0B
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: forgetting secrets
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo [::1]:4500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo [::1]:500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo 127.0.0.1:4500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface lo 127.0.0.1:500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface eth0 10.0.4.15:4500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: shutting down interface eth0 10.0.4.15:500
Dec  8 18:03:41 VM-4-15-centos pluto[6241]: leak detective found no leaks
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: FIPS Mode: NO
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: NSS crypto library initialized
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: FIPS mode disabled for pluto daemon
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: FIPS HMAC integrity support [disabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: libcap-ng support [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Linux audit support [disabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Starting Pluto (Libreswan Version 4.9 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (native-KDF) SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10406
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: core dump dir: /run/pluto
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: secrets file: /etc/ipsec.secrets
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: leak-detective enabled
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: NSS crypto [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: XAUTH PAM support [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: NAT-Traversal support  [enabled]
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Encryption algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NULL               []             IKEv1:     ESP     IKEv2:     ESP
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Hash algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MD5                               IKEv1: IKE         IKEv2:                  NSS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  IDENTITY                          IKEv1:             IKEv2:             FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: PRF algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Integrity algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: DH algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: IPCOMP algorithms:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing CAMELLIA_CBC:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Camellia: 16 bytes with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_GCM_16:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  empty string
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  one block
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  two blocks
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  two blocks with associated data
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_CTR:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 octets using AES-CTR with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 octets using AES-CTR with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 36 octets using AES-CTR with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 octets using AES-CTR with 192-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 octets using AES-CTR with 192-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 36 octets using AES-CTR with 192-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 octets using AES-CTR with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 octets using AES-CTR with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 36 octets using AES-CTR with 256-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_CBC:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing AES_XCBC:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing HMAC_MD5:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 2104: MD5_HMAC test 1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 2104: MD5_HMAC test 2
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  RFC 2104: MD5_HMAC test 3
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: testing HMAC_SHA1:
Dec  8 18:03:42 VM-4-15-centos pluto[10406]:  CAVP: IKEv2 key derivation with HMAC-SHA1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: 2 CPU cores online
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: starting up 2 helper threads
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: started thread for helper 0
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: started thread for helper 1
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: using Linux xfrm kernel support code on #1 SMP Mon Jul 18 17:42:52 UTC 2022
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: selinux support is NOT enabled.
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: watchdog: sending probes every 100 secs
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: seccomp security not supported
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: helper(1) seccomp security for helper not supported
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: helper(2) seccomp security for helper not supported
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "l2tp-psk": added IKEv1 connection
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "xauth-psk": added IKEv1 connection
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": IKE SA proposals (connection add):
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": Child SA proposals (connection add):
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": loaded private key matching left certificate '43.153.40.113'
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: "ikev2-cp": added IKEv2 connection
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: listening for IKE messages
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: Kernel supports NIC esp-hw-offload
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface eth0 10.0.4.15:500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface eth0 10.0.4.15:4500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo 127.0.0.1:500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo 127.0.0.1:4500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo [::1]:500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: adding UDP interface lo [::1]:4500
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: forgetting secrets
Dec  8 18:03:42 VM-4-15-centos pluto[10406]: loading secrets from "/etc/ipsec.secrets"
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: reloaded private key matching left certificate '43.153.40.113'
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: | pool 192.168.43.10-192.168.43.250: growing address pool from 0 to 1
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #2: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=4a076ffc chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:03:46 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #2: responder established Child SA using #1; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x4a076ffc <0x51371a96 xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15208 DPD=active}
Dec  8 18:03:47 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:03:48 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:04:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:04:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:04:18 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:04:20 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:04:24 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:04:32 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:04:48 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:05:20 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:05:42 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: proposal 2:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048
Dec  8 18:05:42 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: processing decrypted IKE_AUTH request: SK{IDi,CERT,CERTREQ,AUTH,N(MOBIKE_SUPPORTED),CP,SA,TSi,TSr}
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: responder established IKE SA; authenticated peer '3072-bit PKCS#1 1.5 RSA with SHA1' signature using peer certificate 'CN=cxt_win, O=IKEv2 VPN' issued by CA 'CN=IKEv2 VPN CA, O=IKEv2 VPN'
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #4: proposal 1:ESP=AES_GCM_C_128-DISABLED SPI=3a6d83e6 chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_128;ESN=DISABLED[first-match]
Dec  8 18:05:43 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #4: responder established Child SA using #3; IPsec tunnel [0.0.0.0-255.255.255.255:0-65535 0] -> [192.168.43.10-192.168.43.10:0-65535 0] {ESPinUDP=>0x3a6d83e6 <0xf3d4c0dc xfrm=AES_GCM_16_128-NONE NATD=222.191.246.242:15208 DPD=active}
Dec  8 18:05:44 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:05:45 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: IKE_AUTH request fragment 1 of 16 has duplicate Message ID 1; retransmitting response
Dec  8 18:06:13 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 0.5 seconds for response
Dec  8 18:06:14 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 1 seconds for response
Dec  8 18:06:15 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 2 seconds for response
Dec  8 18:06:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 4 seconds for response
Dec  8 18:06:21 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 8 seconds for response
Dec  8 18:06:24 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 18:06:29 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 16 seconds for response
Dec  8 18:06:45 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 32 seconds for response
Dec  8 18:07:17 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 64 seconds for response
Dec  8 18:08:21 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #3: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 128 seconds for response
Dec  8 18:08:32 VM-4-15-centos pluto[10406]: "ikev2-cp"[1] 222.191.246.242 #1: STATE_V2_ESTABLISHED_IKE_SA: retransmission; will wait 256 seconds for response

检查日志及 VPN 状态,并添加错误日志以帮助解释该问题(如果适用)。

服务器信息(请填写以下信息)

  • 操作系统: [centos stream8]
  • 服务提供商(如果适用): [腾讯云]

客户端信息(请填写以下信息)

  • 设备: [笔记本]
  • 操作系统: [win10]
  • VPN 模式: [IKEv2]
@hwdsl2
Copy link
Owner

hwdsl2 commented Dec 8, 2022

@cai-xiaotao 你好!该问题可能是因为GFW干扰导致的。IPsec VPN 较容易被干扰,建议尝试其他解决方案比如Shadowsocks。

@hwdsl2 hwdsl2 closed this as completed Dec 8, 2022
@BillHu
Copy link

BillHu commented Dec 11, 2022

我也是, 上次我 vpn 不能用了, 就装了Shadowsocks, 结果过几天给我 ip 直接封了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BillHu @hwdsl2 @cai-xiaotao