starred/docker-ipsec-vpn-server

Fork 0

mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-25 17:45:55 +03:00

[GH-ISSUE #313] 使用arm64镜像, 客户端无法连接ikev2 vpn, x86镜像没有此问题 #289

New issue

Closed

opened 2026-03-02 08:01:07 +03:00 by kerem · 5 comments

kerem commented

2026-03-02 08:01:07 +03:00

Owner

Originally created by @webca7 on GitHub (Oct 19, 2022).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/313

任务列表

我已阅读自述文件
我已阅读重要提示
我已按照说明配置 VPN 客户端
我检查了故障排除，IKEv2 故障排除，启用日志并查看了 VPN 状态
我搜索了已有的 Issues
这个 bug 是关于 IPsec VPN 服务器 Docker 镜像，而不是 IPsec VPN 本身

问题描述
使用arm64镜像，客户端无法连接ikev2 vpn；x86镜像没有此问题

重现步骤
重现该 bug 的步骤：

docker-compose.yml

version: '3.3'
services:
  vpn:
    image: hwdsl2/ipsec-vpn-server
    restart: always
    env_file:
      - ./vpn.env
    ports:
      - ":500:500/udp"
      - ":4500:4500/udp"
    privileged: true
    hostname: ipsec-vpn-server
    container_name: ipsec-vpn-server
    volumes:
      - ./volume-etc:/etc/ipsec.d
      - /lib/modules:/lib/modules:ro

vpn.env

VPN_DNS_NAME=xx.xx.com
VPN_IKEV2_ONLY=yes
VPN_CLIENT_NAME=client

x86镜像使用这个配置正常工作，arm64镜像docker服务正常启动，日志也没有任何报错，唯一的异常就是客户端（无论mac、windows等）连接不上。

/var/log/auth.log

2022-10-19T15:16:52.247051+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2022-10-19T15:16:52.254272+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2022-10-19T15:16:53.255520+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:16:55.254056+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:16:59.262879+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:17:07.261653+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:18:32.983999+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
2022-10-19T15:18:32.990541+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2022-10-19T15:18:33.978988+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:18:34.999624+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:20:12.255496+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting incomplete state after 200 seconds
2022-10-19T15:20:12.255510+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting state (STATE_V2_PARENT_R1) aged 200.008508s and NOT sending notification
2022-10-19T15:21:52.991612+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting incomplete state after 200 seconds
2022-10-19T15:21:52.991625+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting state (STATE_V2_PARENT_R1) aged 200.007677s and NOT sending notification
2022-10-19T15:21:52.991644+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0}
2022-10-19T15:24:20.276061+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2022-10-19T15:24:20.282806+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2022-10-19T15:24:21.280808+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:24:23.284373+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:24:27.286887+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:24:35.489258+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:27:40.291777+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting incomplete state after 200 seconds
2022-10-19T15:27:40.291799+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting state (STATE_V2_PARENT_R1) aged 200.015778s and NOT sending notification
2022-10-19T15:27:40.291825+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0}

期待的正确结果
使用arm64镜像，客户端正常连接ikev2 vpn

日志

docker exec -it ipsec-vpn-server ipsec status

000 using kernel interface: xfrm
000
000 interface lo UDP 127.0.0.1:4500
000 interface lo UDP 127.0.0.1:500
000 interface eth0 UDP 172.18.0.2:4500
000 interface eth0 UDP 172.18.0.2:500
000
000 fips mode=disabled;
000 SElinux=disabled
000 seccomp=unsupported
000
000 config setup options:
000
000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d
000 nssdir=/etc/ipsec.d, dumpdir=/run/pluto, statsbin=unset
000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec
000 pluto_version=4.7, pluto_vendorid=OE-Libreswan-4.7, audit-log=yes
000 nhelpers=-1, uniqueids=no, dnssec-enable=no, logappend=yes, logip=yes, shuntlifetime=900s, xfrmlifetime=30s
000 ddos-cookies-threshold=25000, ddos-max-halfopen=50000, ddos-mode=auto, ikev1-policy=accept
000 ikebuf=0, msg_errqueue=yes, crl-strict=no, crlcheckinterval=0, listen=<any>, nflog-all=0
000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>
000 ocsp-trust-name=<unset>
000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get
000 global-redirect=no, global-redirect-to=<unset>
000 secctx-attr-type=<unsupported>
000 debug:
000
000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
000 virtual-private (%priv):
000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
000 - excluded subnets: 192.168.42.0/24, 192.168.43.0/24
000
000 Kernel algorithms supported:
000
000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256
000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256
000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128
000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128
000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256
000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384
000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512
000 algorithm AH/ESP auth: name=NONE, key-length=0
000
000 IKE algorithms supported:
000
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256
000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16
000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20
000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32
000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48
000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64
000 algorithm IKE PRF: name=AES_XCBC, hashlen=16
000 algorithm IKE DH Key Exchange: name=MODP1024, bits=1024
000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536
000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048
000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072
000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096
000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144
000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192
000 algorithm IKE DH Key Exchange: name=DH19, bits=512
000 algorithm IKE DH Key Exchange: name=DH20, bits=768
000 algorithm IKE DH Key Exchange: name=DH21, bits=1056
000 algorithm IKE DH Key Exchange: name=DH31, bits=256
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 Connection list:
000
000 "ikev2-cp": 0.0.0.0/0===172.18.0.2[@xx.xx.com,MS+S=C]---172.18.0.1...%any[%fromcert,+MC+S=C]; unrouted; eroute owner: #0
000 "ikev2-cp":     oriented; my_ip=unset; their_ip=unset; mycert=xx.xx.com; my_updown=ipsec _updown;
000 "ikev2-cp":   xauth us:none, xauth them:none,  my_username=[any]; their_username=[any]
000 "ikev2-cp":   our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+ECDSA+RSASIG_v1_5, our autheap:none, their autheap:none;
000 "ikev2-cp":   modecfg info: us:server, them:client, modecfg policy:push, dns:8.8.8.8, 8.8.4.4, domains:unset, cat:unset;
000 "ikev2-cp":   sec_label:unset;
000 "ikev2-cp":   CAs: 'CN=IKEv2 VPN CA, O=IKEv2 VPN'...'CN=IKEv2 VPN CA, O=IKEv2 VPN'
000 "ikev2-cp":   ike_life: 86400s; ipsec_life: 86400s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "ikev2-cp":   retransmit-interval: 500ms; retransmit-timeout: 300s; iketcp:no; iketcp-port:4500;
000 "ikev2-cp":   initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "ikev2-cp":   policy: IKEv2+RSASIG+ECDSA+RSASIG_v1_5+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW_NARROWING+IKE_FRAG_ALLOW+ESN_NO+ESN_YES;
000 "ikev2-cp":   v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512;
000 "ikev2-cp":   conn_prio: 0,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "ikev2-cp":   nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
000 "ikev2-cp":   our idtype: ID_FQDN; our id=@xx.xx.com; their idtype: %fromcert; their id=%fromcert
000 "ikev2-cp":   liveness: active; dpdaction:clear; dpddelay:30s; retransmit-timeout:300s
000 "ikev2-cp":   nat-traversal: encaps:yes; keepalive:20s
000 "ikev2-cp":   newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $1;
000 "ikev2-cp":   IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA1-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA1-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31
000 "ikev2-cp":   ESP algorithms: AES_GCM_16-NONE, AES_CBC_128-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA1_96, AES_CBC_128-HMAC_SHA2_256_128, AES_CBC_256-HMAC_SHA2_256_128
000
000 Total IPsec connections: loaded 1, active 0
000
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0)
000 IPsec SAs: total(0), authenticated(0), anonymous(0)
000
000 Bare Shunt list:
000

docker exec -it ipsec-vpn-server grep pluto /var/log/auth.log

2022-10-19T15:14:28.322228+00:00 ipsec-vpn-server pluto[455]: Pluto is shutting down
2022-10-19T15:14:28.322351+00:00 ipsec-vpn-server pluto[455]: forgetting secrets
2022-10-19T15:14:28.322366+00:00 ipsec-vpn-server pluto[455]: shutting down interface lo 127.0.0.1:4500
2022-10-19T15:14:28.322371+00:00 ipsec-vpn-server pluto[455]: shutting down interface lo 127.0.0.1:500
2022-10-19T15:14:28.322376+00:00 ipsec-vpn-server pluto[455]: shutting down interface eth0 172.18.0.2:4500
2022-10-19T15:14:28.322380+00:00 ipsec-vpn-server pluto[455]: shutting down interface eth0 172.18.0.2:500
2022-10-19T15:14:28.860644+00:00 ipsec-vpn-server pluto[1796]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
2022-10-19T15:14:28.863961+00:00 ipsec-vpn-server pluto[1796]: FIPS Mode: NO
2022-10-19T15:14:28.864376+00:00 ipsec-vpn-server pluto[1796]: NSS crypto library initialized
2022-10-19T15:14:28.864468+00:00 ipsec-vpn-server pluto[1796]: FIPS mode disabled for pluto daemon
2022-10-19T15:14:28.864570+00:00 ipsec-vpn-server pluto[1796]: FIPS HMAC integrity support [disabled]
2022-10-19T15:14:28.864722+00:00 ipsec-vpn-server pluto[1796]: libcap-ng support [enabled]
2022-10-19T15:14:28.864765+00:00 ipsec-vpn-server pluto[1796]: Linux audit support [disabled]
2022-10-19T15:14:28.864817+00:00 ipsec-vpn-server pluto[1796]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1796
2022-10-19T15:14:28.864857+00:00 ipsec-vpn-server pluto[1796]: core dump dir: /run/pluto
2022-10-19T15:14:28.864894+00:00 ipsec-vpn-server pluto[1796]: secrets file: /etc/ipsec.secrets
2022-10-19T15:14:28.864934+00:00 ipsec-vpn-server pluto[1796]: leak-detective disabled
2022-10-19T15:14:28.864972+00:00 ipsec-vpn-server pluto[1796]: NSS crypto [enabled]
2022-10-19T15:14:28.865012+00:00 ipsec-vpn-server pluto[1796]: XAUTH PAM support [enabled]
2022-10-19T15:14:28.865072+00:00 ipsec-vpn-server pluto[1796]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
2022-10-19T15:14:28.865164+00:00 ipsec-vpn-server pluto[1796]: NAT-Traversal support  [enabled]
2022-10-19T15:14:28.865346+00:00 ipsec-vpn-server pluto[1796]: Encryption algorithms:
2022-10-19T15:14:28.865395+00:00 ipsec-vpn-server pluto[1796]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
2022-10-19T15:14:28.865438+00:00 ipsec-vpn-server pluto[1796]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
2022-10-19T15:14:28.865479+00:00 ipsec-vpn-server pluto[1796]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
2022-10-19T15:14:28.865523+00:00 ipsec-vpn-server pluto[1796]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
2022-10-19T15:14:28.865566+00:00 ipsec-vpn-server pluto[1796]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
2022-10-19T15:14:28.865607+00:00 ipsec-vpn-server pluto[1796]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
2022-10-19T15:14:28.865650+00:00 ipsec-vpn-server pluto[1796]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
2022-10-19T15:14:28.865695+00:00 ipsec-vpn-server pluto[1796]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
2022-10-19T15:14:28.865736+00:00 ipsec-vpn-server pluto[1796]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
2022-10-19T15:14:28.865776+00:00 ipsec-vpn-server pluto[1796]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
2022-10-19T15:14:28.865818+00:00 ipsec-vpn-server pluto[1796]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
2022-10-19T15:14:28.865865+00:00 ipsec-vpn-server pluto[1796]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
2022-10-19T15:14:28.865904+00:00 ipsec-vpn-server pluto[1796]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
2022-10-19T15:14:28.865948+00:00 ipsec-vpn-server pluto[1796]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
2022-10-19T15:14:28.865985+00:00 ipsec-vpn-server pluto[1796]: Hash algorithms:
2022-10-19T15:14:28.866026+00:00 ipsec-vpn-server pluto[1796]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
2022-10-19T15:14:28.866071+00:00 ipsec-vpn-server pluto[1796]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
2022-10-19T15:14:28.866112+00:00 ipsec-vpn-server pluto[1796]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
2022-10-19T15:14:28.866149+00:00 ipsec-vpn-server pluto[1796]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
2022-10-19T15:14:28.866190+00:00 ipsec-vpn-server pluto[1796]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
2022-10-19T15:14:28.866231+00:00 ipsec-vpn-server pluto[1796]:   IDENTITY                          IKEv1:             IKEv2:             FIPS
2022-10-19T15:14:28.866270+00:00 ipsec-vpn-server pluto[1796]: PRF algorithms:
2022-10-19T15:14:28.866310+00:00 ipsec-vpn-server pluto[1796]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
2022-10-19T15:14:28.866348+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
2022-10-19T15:14:28.866390+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
2022-10-19T15:14:28.866430+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
2022-10-19T15:14:28.866468+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
2022-10-19T15:14:28.866511+00:00 ipsec-vpn-server pluto[1796]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
2022-10-19T15:14:28.866553+00:00 ipsec-vpn-server pluto[1796]: Integrity algorithms:
2022-10-19T15:14:28.866592+00:00 ipsec-vpn-server pluto[1796]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
2022-10-19T15:14:28.866633+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
2022-10-19T15:14:28.866676+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
2022-10-19T15:14:28.866715+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
2022-10-19T15:14:28.866754+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
2022-10-19T15:14:28.866794+00:00 ipsec-vpn-server pluto[1796]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
2022-10-19T15:14:28.866834+00:00 ipsec-vpn-server pluto[1796]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
2022-10-19T15:14:28.866872+00:00 ipsec-vpn-server pluto[1796]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
2022-10-19T15:14:28.866915+00:00 ipsec-vpn-server pluto[1796]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
2022-10-19T15:14:28.866953+00:00 ipsec-vpn-server pluto[1796]: DH algorithms:
2022-10-19T15:14:28.866994+00:00 ipsec-vpn-server pluto[1796]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
2022-10-19T15:14:28.867036+00:00 ipsec-vpn-server pluto[1796]:   MODP1024                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh2
2022-10-19T15:14:28.867077+00:00 ipsec-vpn-server pluto[1796]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
2022-10-19T15:14:28.867119+00:00 ipsec-vpn-server pluto[1796]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
2022-10-19T15:14:28.867183+00:00 ipsec-vpn-server pluto[1796]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
2022-10-19T15:14:28.867222+00:00 ipsec-vpn-server pluto[1796]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
2022-10-19T15:14:28.867261+00:00 ipsec-vpn-server pluto[1796]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
2022-10-19T15:14:28.867301+00:00 ipsec-vpn-server pluto[1796]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
2022-10-19T15:14:28.867345+00:00 ipsec-vpn-server pluto[1796]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
2022-10-19T15:14:28.867388+00:00 ipsec-vpn-server pluto[1796]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
2022-10-19T15:14:28.867430+00:00 ipsec-vpn-server pluto[1796]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
2022-10-19T15:14:28.867472+00:00 ipsec-vpn-server pluto[1796]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
2022-10-19T15:14:28.867512+00:00 ipsec-vpn-server pluto[1796]: IPCOMP algorithms:
2022-10-19T15:14:28.867548+00:00 ipsec-vpn-server pluto[1796]:   DEFLATE                           IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS
2022-10-19T15:14:28.867587+00:00 ipsec-vpn-server pluto[1796]:   LZS                               IKEv1:             IKEv2:     ESP AH  FIPS
2022-10-19T15:14:28.867626+00:00 ipsec-vpn-server pluto[1796]:   LZJH                              IKEv1:             IKEv2:     ESP AH  FIPS
2022-10-19T15:14:28.867666+00:00 ipsec-vpn-server pluto[1796]: testing CAMELLIA_CBC:
2022-10-19T15:14:28.867706+00:00 ipsec-vpn-server pluto[1796]:   Camellia: 16 bytes with 128-bit key
2022-10-19T15:14:28.867860+00:00 ipsec-vpn-server pluto[1796]:   Camellia: 16 bytes with 128-bit key
2022-10-19T15:14:28.867974+00:00 ipsec-vpn-server pluto[1796]:   Camellia: 16 bytes with 256-bit key
2022-10-19T15:14:28.868090+00:00 ipsec-vpn-server pluto[1796]:   Camellia: 16 bytes with 256-bit key
2022-10-19T15:14:28.868199+00:00 ipsec-vpn-server pluto[1796]: testing AES_GCM_16:
2022-10-19T15:14:28.868239+00:00 ipsec-vpn-server pluto[1796]:   empty string
2022-10-19T15:14:28.868347+00:00 ipsec-vpn-server pluto[1796]:   one block
2022-10-19T15:14:28.868460+00:00 ipsec-vpn-server pluto[1796]:   two blocks
2022-10-19T15:14:28.868623+00:00 ipsec-vpn-server pluto[1796]:   two blocks with associated data
2022-10-19T15:14:28.868748+00:00 ipsec-vpn-server pluto[1796]: testing AES_CTR:
2022-10-19T15:14:28.868790+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 16 octets using AES-CTR with 128-bit key
2022-10-19T15:14:28.868886+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 32 octets using AES-CTR with 128-bit key
2022-10-19T15:14:28.868986+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 36 octets using AES-CTR with 128-bit key
2022-10-19T15:14:28.869088+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 16 octets using AES-CTR with 192-bit key
2022-10-19T15:14:28.869183+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 32 octets using AES-CTR with 192-bit key
2022-10-19T15:14:28.869469+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 36 octets using AES-CTR with 192-bit key
2022-10-19T15:14:28.869578+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 16 octets using AES-CTR with 256-bit key
2022-10-19T15:14:28.869739+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 32 octets using AES-CTR with 256-bit key
2022-10-19T15:14:28.869965+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 36 octets using AES-CTR with 256-bit key
2022-10-19T15:14:28.870073+00:00 ipsec-vpn-server pluto[1796]: testing AES_CBC:
2022-10-19T15:14:28.870113+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
2022-10-19T15:14:28.870214+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
2022-10-19T15:14:28.870312+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
2022-10-19T15:14:28.870415+00:00 ipsec-vpn-server pluto[1796]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
2022-10-19T15:14:28.870516+00:00 ipsec-vpn-server pluto[1796]: testing AES_XCBC:
2022-10-19T15:14:28.870545+00:00 ipsec-vpn-server pluto[1796]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
2022-10-19T15:14:28.870744+00:00 ipsec-vpn-server pluto[1796]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
2022-10-19T15:14:28.870880+00:00 ipsec-vpn-server pluto[1796]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
2022-10-19T15:14:28.871005+00:00 ipsec-vpn-server pluto[1796]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
2022-10-19T15:14:28.871162+00:00 ipsec-vpn-server pluto[1796]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
2022-10-19T15:14:28.871293+00:00 ipsec-vpn-server pluto[1796]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
2022-10-19T15:14:28.871424+00:00 ipsec-vpn-server pluto[1796]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
2022-10-19T15:14:28.871699+00:00 ipsec-vpn-server pluto[1796]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
2022-10-19T15:14:28.871830+00:00 ipsec-vpn-server pluto[1796]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
2022-10-19T15:14:28.871965+00:00 ipsec-vpn-server pluto[1796]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
2022-10-19T15:14:28.872171+00:00 ipsec-vpn-server pluto[1796]: testing HMAC_MD5:
2022-10-19T15:14:28.872202+00:00 ipsec-vpn-server pluto[1796]:   RFC 2104: MD5_HMAC test 1
2022-10-19T15:14:28.872365+00:00 ipsec-vpn-server pluto[1796]:   RFC 2104: MD5_HMAC test 2
2022-10-19T15:14:28.872692+00:00 ipsec-vpn-server pluto[1796]:   RFC 2104: MD5_HMAC test 3
2022-10-19T15:14:28.873169+00:00 ipsec-vpn-server pluto[1796]: 1 CPU cores online
2022-10-19T15:14:28.873398+00:00 ipsec-vpn-server pluto[1796]: starting up 1 helper threads
2022-10-19T15:14:28.873476+00:00 ipsec-vpn-server pluto[1796]: started thread for helper 0
2022-10-19T15:14:28.873507+00:00 ipsec-vpn-server pluto[1796]: using Linux xfrm kernel support code on #24-Ubuntu SMP Wed Sep 28 15:52:04 UTC 2022
2022-10-19T15:14:28.873598+00:00 ipsec-vpn-server pluto[1796]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes
2022-10-19T15:14:28.873872+00:00 ipsec-vpn-server pluto[1796]: seccomp security not supported
2022-10-19T15:14:28.875029+00:00 ipsec-vpn-server pluto[1796]: helper(1) seccomp security for helper not supported
2022-10-19T15:14:28.875223+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": IKE SA proposals:
2022-10-19T15:14:28.875233+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2022-10-19T15:14:28.875239+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2022-10-19T15:14:28.875244+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2022-10-19T15:14:28.875249+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519
2022-10-19T15:14:28.875306+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": Child SA proposals:
2022-10-19T15:14:28.875311+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED
2022-10-19T15:14:28.875316+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED
2022-10-19T15:14:28.875320+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED
2022-10-19T15:14:28.875325+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
2022-10-19T15:14:28.875329+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp":   5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED
2022-10-19T15:14:28.879362+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": loaded private key matching left certificate 'xx.xx.com'
2022-10-19T15:14:28.880944+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": added IKEv2 connection
2022-10-19T15:14:28.881065+00:00 ipsec-vpn-server pluto[1796]: listening for IKE messages
2022-10-19T15:14:28.881147+00:00 ipsec-vpn-server pluto[1796]: Kernel supports NIC esp-hw-offload
2022-10-19T15:14:28.881257+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface eth0 172.18.0.2:500
2022-10-19T15:14:28.881334+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface eth0 172.18.0.2:4500
2022-10-19T15:14:28.881384+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface lo 127.0.0.1:500
2022-10-19T15:14:28.881434+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface lo 127.0.0.1:4500
2022-10-19T15:14:28.893567+00:00 ipsec-vpn-server pluto[1796]: forgetting secrets
2022-10-19T15:14:28.893636+00:00 ipsec-vpn-server pluto[1796]: loading secrets from "/etc/ipsec.secrets"
2022-10-19T15:16:52.247051+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2022-10-19T15:16:52.254272+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2022-10-19T15:16:53.255520+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:16:55.254056+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:16:59.262879+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:17:07.261653+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:18:32.983999+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match]
2022-10-19T15:18:32.990541+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2022-10-19T15:18:33.978988+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:18:34.999624+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:20:12.255496+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting incomplete state after 200 seconds
2022-10-19T15:20:12.255510+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting state (STATE_V2_PARENT_R1) aged 200.008508s and NOT sending notification
2022-10-19T15:21:52.991612+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting incomplete state after 200 seconds
2022-10-19T15:21:52.991625+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting state (STATE_V2_PARENT_R1) aged 200.007677s and NOT sending notification
2022-10-19T15:21:52.991644+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0}
2022-10-19T15:24:20.276061+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2022-10-19T15:24:20.282806+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
2022-10-19T15:24:21.280808+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:24:23.284373+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:24:27.286887+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:24:35.489258+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response
2022-10-19T15:27:40.291777+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting incomplete state after 200 seconds
2022-10-19T15:27:40.291799+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting state (STATE_V2_PARENT_R1) aged 200.015778s and NOT sending notification
2022-10-19T15:27:40.291825+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0}

服务器信息

Docker 主机操作系统: Ubuntu 22.04 arm64
服务提供商（如果适用）: Oracle

客户端信息

设备: [mac windows11]
操作系统: [mac windows11]
VPN 模式: [IKEv2]

其它信息
无

Originally created by @webca7 on GitHub (Oct 19, 2022). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/313 **任务列表** - [x] 我已阅读 [自述文件](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md) - [x] 我已阅读 [重要提示](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#重要提示) - [x] 我已按照说明 [配置 VPN 客户端](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/README-zh.md#下一步) - [x] 我检查了 [故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#故障排除)，[IKEv2 故障排除](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto-zh.md#故障排除)，[启用日志](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage-zh.md#启用-libreswan-日志) 并查看了 [VPN 状态](https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#检查日志及-vpn-状态) - [x] 我搜索了已有的 [Issues](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues?q=is%3Aissue) - [ ] 这个 bug 是关于 IPsec VPN 服务器 Docker 镜像，而不是 IPsec VPN 本身  **问题描述** 使用arm64镜像，客户端无法连接ikev2 vpn；x86镜像没有此问题 **重现步骤** 重现该 bug 的步骤： docker-compose.yml ``` version: '3.3' services: vpn: image: hwdsl2/ipsec-vpn-server restart: always env_file: - ./vpn.env ports: - ":500:500/udp" - ":4500:4500/udp" privileged: true hostname: ipsec-vpn-server container_name: ipsec-vpn-server volumes: - ./volume-etc:/etc/ipsec.d - /lib/modules:/lib/modules:ro ``` vpn.env ``` VPN_DNS_NAME=xx.xx.com VPN_IKEV2_ONLY=yes VPN_CLIENT_NAME=client ``` x86镜像使用这个配置正常工作，arm64镜像docker服务正常启动，日志也没有任何报错，唯一的异常就是客户端（无论mac、windows等）连接不上。 /var/log/auth.log ``` 2022-10-19T15:16:52.247051+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2022-10-19T15:16:52.254272+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2022-10-19T15:16:53.255520+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:16:55.254056+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:16:59.262879+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:17:07.261653+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:18:32.983999+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match] 2022-10-19T15:18:32.990541+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2022-10-19T15:18:33.978988+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:18:34.999624+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:20:12.255496+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting incomplete state after 200 seconds 2022-10-19T15:20:12.255510+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting state (STATE_V2_PARENT_R1) aged 200.008508s and NOT sending notification 2022-10-19T15:21:52.991612+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting incomplete state after 200 seconds 2022-10-19T15:21:52.991625+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting state (STATE_V2_PARENT_R1) aged 200.007677s and NOT sending notification 2022-10-19T15:21:52.991644+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0} 2022-10-19T15:24:20.276061+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2022-10-19T15:24:20.282806+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2022-10-19T15:24:21.280808+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:24:23.284373+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:24:27.286887+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:24:35.489258+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:27:40.291777+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting incomplete state after 200 seconds 2022-10-19T15:27:40.291799+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting state (STATE_V2_PARENT_R1) aged 200.015778s and NOT sending notification 2022-10-19T15:27:40.291825+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0} ``` **期待的正确结果** 使用arm64镜像，客户端正常连接ikev2 vpn **日志** docker exec -it ipsec-vpn-server ipsec status ``` 000 using kernel interface: xfrm 000 000 interface lo UDP 127.0.0.1:4500 000 interface lo UDP 127.0.0.1:500 000 interface eth0 UDP 172.18.0.2:4500 000 interface eth0 UDP 172.18.0.2:500 000 000 fips mode=disabled; 000 SElinux=disabled 000 seccomp=unsupported 000 000 config setup options: 000 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d 000 nssdir=/etc/ipsec.d, dumpdir=/run/pluto, statsbin=unset 000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec 000 pluto_version=4.7, pluto_vendorid=OE-Libreswan-4.7, audit-log=yes 000 nhelpers=-1, uniqueids=no, dnssec-enable=no, logappend=yes, logip=yes, shuntlifetime=900s, xfrmlifetime=30s 000 ddos-cookies-threshold=25000, ddos-max-halfopen=50000, ddos-mode=auto, ikev1-policy=accept 000 ikebuf=0, msg_errqueue=yes, crl-strict=no, crlcheckinterval=0, listen=<any>, nflog-all=0 000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset> 000 ocsp-trust-name=<unset> 000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get 000 global-redirect=no, global-redirect-to=<unset> 000 secctx-attr-type=<unsupported> 000 debug: 000 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500 000 virtual-private (%priv): 000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 000 - excluded subnets: 192.168.42.0/24, 192.168.43.0/24 000 000 Kernel algorithms supported: 000 000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256 000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256 000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128 000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384 000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512 000 algorithm AH/ESP auth: name=NONE, key-length=0 000 000 IKE algorithms supported: 000 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256 000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16 000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20 000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32 000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48 000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64 000 algorithm IKE PRF: name=AES_XCBC, hashlen=16 000 algorithm IKE DH Key Exchange: name=MODP1024, bits=1024 000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536 000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048 000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072 000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096 000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144 000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192 000 algorithm IKE DH Key Exchange: name=DH19, bits=512 000 algorithm IKE DH Key Exchange: name=DH20, bits=768 000 algorithm IKE DH Key Exchange: name=DH21, bits=1056 000 algorithm IKE DH Key Exchange: name=DH31, bits=256 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 Connection list: 000 000 "ikev2-cp": 0.0.0.0/0===172.18.0.2[@xx.xx.com,MS+S=C]---172.18.0.1...%any[%fromcert,+MC+S=C]; unrouted; eroute owner: #0 000 "ikev2-cp": oriented; my_ip=unset; their_ip=unset; mycert=xx.xx.com; my_updown=ipsec _updown; 000 "ikev2-cp": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "ikev2-cp": our auth:rsasig(RSASIG+RSASIG_v1_5), their auth:RSASIG+ECDSA+RSASIG_v1_5, our autheap:none, their autheap:none; 000 "ikev2-cp": modecfg info: us:server, them:client, modecfg policy:push, dns:8.8.8.8, 8.8.4.4, domains:unset, cat:unset; 000 "ikev2-cp": sec_label:unset; 000 "ikev2-cp": CAs: 'CN=IKEv2 VPN CA, O=IKEv2 VPN'...'CN=IKEv2 VPN CA, O=IKEv2 VPN' 000 "ikev2-cp": ike_life: 86400s; ipsec_life: 86400s; replay_window: 128; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; 000 "ikev2-cp": retransmit-interval: 500ms; retransmit-timeout: 300s; iketcp:no; iketcp-port:4500; 000 "ikev2-cp": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "ikev2-cp": policy: IKEv2+RSASIG+ECDSA+RSASIG_v1_5+ENCRYPT+TUNNEL+DONT_REKEY+IKEV2_ALLOW_NARROWING+IKE_FRAG_ALLOW+ESN_NO+ESN_YES; 000 "ikev2-cp": v2-auth-hash-policy: SHA2_256+SHA2_384+SHA2_512; 000 "ikev2-cp": conn_prio: 0,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "ikev2-cp": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "ikev2-cp": our idtype: ID_FQDN; our id=@xx.xx.com; their idtype: %fromcert; their id=%fromcert 000 "ikev2-cp": liveness: active; dpdaction:clear; dpddelay:30s; retransmit-timeout:300s 000 "ikev2-cp": nat-traversal: encaps:yes; keepalive:20s 000 "ikev2-cp": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $1; 000 "ikev2-cp": IKE algorithms: AES_CBC_256-HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA2_256-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_256-HMAC_SHA1-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31, AES_CBC_128-HMAC_SHA1-MODP2048+MODP3072+MODP4096+MODP8192+DH19+DH20+DH21+DH31 000 "ikev2-cp": ESP algorithms: AES_GCM_16-NONE, AES_CBC_128-HMAC_SHA1_96, AES_CBC_256-HMAC_SHA1_96, AES_CBC_128-HMAC_SHA2_256_128, AES_CBC_256-HMAC_SHA2_256_128 000 000 Total IPsec connections: loaded 1, active 0 000 000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0) 000 IPsec SAs: total(0), authenticated(0), anonymous(0) 000 000 Bare Shunt list: 000 ``` docker exec -it ipsec-vpn-server grep pluto /var/log/auth.log ``` 2022-10-19T15:14:28.322228+00:00 ipsec-vpn-server pluto[455]: Pluto is shutting down 2022-10-19T15:14:28.322351+00:00 ipsec-vpn-server pluto[455]: forgetting secrets 2022-10-19T15:14:28.322366+00:00 ipsec-vpn-server pluto[455]: shutting down interface lo 127.0.0.1:4500 2022-10-19T15:14:28.322371+00:00 ipsec-vpn-server pluto[455]: shutting down interface lo 127.0.0.1:500 2022-10-19T15:14:28.322376+00:00 ipsec-vpn-server pluto[455]: shutting down interface eth0 172.18.0.2:4500 2022-10-19T15:14:28.322380+00:00 ipsec-vpn-server pluto[455]: shutting down interface eth0 172.18.0.2:500 2022-10-19T15:14:28.860644+00:00 ipsec-vpn-server pluto[1796]: Initializing NSS using read-write database "sql:/etc/ipsec.d" 2022-10-19T15:14:28.863961+00:00 ipsec-vpn-server pluto[1796]: FIPS Mode: NO 2022-10-19T15:14:28.864376+00:00 ipsec-vpn-server pluto[1796]: NSS crypto library initialized 2022-10-19T15:14:28.864468+00:00 ipsec-vpn-server pluto[1796]: FIPS mode disabled for pluto daemon 2022-10-19T15:14:28.864570+00:00 ipsec-vpn-server pluto[1796]: FIPS HMAC integrity support [disabled] 2022-10-19T15:14:28.864722+00:00 ipsec-vpn-server pluto[1796]: libcap-ng support [enabled] 2022-10-19T15:14:28.864765+00:00 ipsec-vpn-server pluto[1796]: Linux audit support [disabled] 2022-10-19T15:14:28.864817+00:00 ipsec-vpn-server pluto[1796]: Starting Pluto (Libreswan Version 4.7 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) LIBCAP_NG AUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1796 2022-10-19T15:14:28.864857+00:00 ipsec-vpn-server pluto[1796]: core dump dir: /run/pluto 2022-10-19T15:14:28.864894+00:00 ipsec-vpn-server pluto[1796]: secrets file: /etc/ipsec.secrets 2022-10-19T15:14:28.864934+00:00 ipsec-vpn-server pluto[1796]: leak-detective disabled 2022-10-19T15:14:28.864972+00:00 ipsec-vpn-server pluto[1796]: NSS crypto [enabled] 2022-10-19T15:14:28.865012+00:00 ipsec-vpn-server pluto[1796]: XAUTH PAM support [enabled] 2022-10-19T15:14:28.865072+00:00 ipsec-vpn-server pluto[1796]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00) 2022-10-19T15:14:28.865164+00:00 ipsec-vpn-server pluto[1796]: NAT-Traversal support [enabled] 2022-10-19T15:14:28.865346+00:00 ipsec-vpn-server pluto[1796]: Encryption algorithms: 2022-10-19T15:14:28.865395+00:00 ipsec-vpn-server pluto[1796]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c 2022-10-19T15:14:28.865438+00:00 ipsec-vpn-server pluto[1796]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b 2022-10-19T15:14:28.865479+00:00 ipsec-vpn-server pluto[1796]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a 2022-10-19T15:14:28.865523+00:00 ipsec-vpn-server pluto[1796]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des 2022-10-19T15:14:28.865566+00:00 ipsec-vpn-server pluto[1796]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP 2022-10-19T15:14:28.865607+00:00 ipsec-vpn-server pluto[1796]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia 2022-10-19T15:14:28.865650+00:00 ipsec-vpn-server pluto[1796]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c 2022-10-19T15:14:28.865695+00:00 ipsec-vpn-server pluto[1796]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b 2022-10-19T15:14:28.865736+00:00 ipsec-vpn-server pluto[1796]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a 2022-10-19T15:14:28.865776+00:00 ipsec-vpn-server pluto[1796]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr 2022-10-19T15:14:28.865818+00:00 ipsec-vpn-server pluto[1796]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes 2022-10-19T15:14:28.865865+00:00 ipsec-vpn-server pluto[1796]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac 2022-10-19T15:14:28.865904+00:00 ipsec-vpn-server pluto[1796]: NULL [] IKEv1: ESP IKEv2: ESP 2022-10-19T15:14:28.865948+00:00 ipsec-vpn-server pluto[1796]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305 2022-10-19T15:14:28.865985+00:00 ipsec-vpn-server pluto[1796]: Hash algorithms: 2022-10-19T15:14:28.866026+00:00 ipsec-vpn-server pluto[1796]: MD5 IKEv1: IKE IKEv2: NSS 2022-10-19T15:14:28.866071+00:00 ipsec-vpn-server pluto[1796]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha 2022-10-19T15:14:28.866112+00:00 ipsec-vpn-server pluto[1796]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256 2022-10-19T15:14:28.866149+00:00 ipsec-vpn-server pluto[1796]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384 2022-10-19T15:14:28.866190+00:00 ipsec-vpn-server pluto[1796]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512 2022-10-19T15:14:28.866231+00:00 ipsec-vpn-server pluto[1796]: IDENTITY IKEv1: IKEv2: FIPS 2022-10-19T15:14:28.866270+00:00 ipsec-vpn-server pluto[1796]: PRF algorithms: 2022-10-19T15:14:28.866310+00:00 ipsec-vpn-server pluto[1796]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5 2022-10-19T15:14:28.866348+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1 2022-10-19T15:14:28.866390+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256 2022-10-19T15:14:28.866430+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384 2022-10-19T15:14:28.866468+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512 2022-10-19T15:14:28.866511+00:00 ipsec-vpn-server pluto[1796]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc 2022-10-19T15:14:28.866553+00:00 ipsec-vpn-server pluto[1796]: Integrity algorithms: 2022-10-19T15:14:28.866592+00:00 ipsec-vpn-server pluto[1796]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5 2022-10-19T15:14:28.866633+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1 2022-10-19T15:14:28.866676+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512 2022-10-19T15:14:28.866715+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384 2022-10-19T15:14:28.866754+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 2022-10-19T15:14:28.866794+00:00 ipsec-vpn-server pluto[1796]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH 2022-10-19T15:14:28.866834+00:00 ipsec-vpn-server pluto[1796]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96 2022-10-19T15:14:28.866872+00:00 ipsec-vpn-server pluto[1796]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac 2022-10-19T15:14:28.866915+00:00 ipsec-vpn-server pluto[1796]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null 2022-10-19T15:14:28.866953+00:00 ipsec-vpn-server pluto[1796]: DH algorithms: 2022-10-19T15:14:28.866994+00:00 ipsec-vpn-server pluto[1796]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0 2022-10-19T15:14:28.867036+00:00 ipsec-vpn-server pluto[1796]: MODP1024 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh2 2022-10-19T15:14:28.867077+00:00 ipsec-vpn-server pluto[1796]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5 2022-10-19T15:14:28.867119+00:00 ipsec-vpn-server pluto[1796]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14 2022-10-19T15:14:28.867183+00:00 ipsec-vpn-server pluto[1796]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15 2022-10-19T15:14:28.867222+00:00 ipsec-vpn-server pluto[1796]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16 2022-10-19T15:14:28.867261+00:00 ipsec-vpn-server pluto[1796]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17 2022-10-19T15:14:28.867301+00:00 ipsec-vpn-server pluto[1796]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18 2022-10-19T15:14:28.867345+00:00 ipsec-vpn-server pluto[1796]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256 2022-10-19T15:14:28.867388+00:00 ipsec-vpn-server pluto[1796]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384 2022-10-19T15:14:28.867430+00:00 ipsec-vpn-server pluto[1796]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521 2022-10-19T15:14:28.867472+00:00 ipsec-vpn-server pluto[1796]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519 2022-10-19T15:14:28.867512+00:00 ipsec-vpn-server pluto[1796]: IPCOMP algorithms: 2022-10-19T15:14:28.867548+00:00 ipsec-vpn-server pluto[1796]: DEFLATE IKEv1: ESP AH IKEv2: ESP AH FIPS 2022-10-19T15:14:28.867587+00:00 ipsec-vpn-server pluto[1796]: LZS IKEv1: IKEv2: ESP AH FIPS 2022-10-19T15:14:28.867626+00:00 ipsec-vpn-server pluto[1796]: LZJH IKEv1: IKEv2: ESP AH FIPS 2022-10-19T15:14:28.867666+00:00 ipsec-vpn-server pluto[1796]: testing CAMELLIA_CBC: 2022-10-19T15:14:28.867706+00:00 ipsec-vpn-server pluto[1796]: Camellia: 16 bytes with 128-bit key 2022-10-19T15:14:28.867860+00:00 ipsec-vpn-server pluto[1796]: Camellia: 16 bytes with 128-bit key 2022-10-19T15:14:28.867974+00:00 ipsec-vpn-server pluto[1796]: Camellia: 16 bytes with 256-bit key 2022-10-19T15:14:28.868090+00:00 ipsec-vpn-server pluto[1796]: Camellia: 16 bytes with 256-bit key 2022-10-19T15:14:28.868199+00:00 ipsec-vpn-server pluto[1796]: testing AES_GCM_16: 2022-10-19T15:14:28.868239+00:00 ipsec-vpn-server pluto[1796]: empty string 2022-10-19T15:14:28.868347+00:00 ipsec-vpn-server pluto[1796]: one block 2022-10-19T15:14:28.868460+00:00 ipsec-vpn-server pluto[1796]: two blocks 2022-10-19T15:14:28.868623+00:00 ipsec-vpn-server pluto[1796]: two blocks with associated data 2022-10-19T15:14:28.868748+00:00 ipsec-vpn-server pluto[1796]: testing AES_CTR: 2022-10-19T15:14:28.868790+00:00 ipsec-vpn-server pluto[1796]: Encrypting 16 octets using AES-CTR with 128-bit key 2022-10-19T15:14:28.868886+00:00 ipsec-vpn-server pluto[1796]: Encrypting 32 octets using AES-CTR with 128-bit key 2022-10-19T15:14:28.868986+00:00 ipsec-vpn-server pluto[1796]: Encrypting 36 octets using AES-CTR with 128-bit key 2022-10-19T15:14:28.869088+00:00 ipsec-vpn-server pluto[1796]: Encrypting 16 octets using AES-CTR with 192-bit key 2022-10-19T15:14:28.869183+00:00 ipsec-vpn-server pluto[1796]: Encrypting 32 octets using AES-CTR with 192-bit key 2022-10-19T15:14:28.869469+00:00 ipsec-vpn-server pluto[1796]: Encrypting 36 octets using AES-CTR with 192-bit key 2022-10-19T15:14:28.869578+00:00 ipsec-vpn-server pluto[1796]: Encrypting 16 octets using AES-CTR with 256-bit key 2022-10-19T15:14:28.869739+00:00 ipsec-vpn-server pluto[1796]: Encrypting 32 octets using AES-CTR with 256-bit key 2022-10-19T15:14:28.869965+00:00 ipsec-vpn-server pluto[1796]: Encrypting 36 octets using AES-CTR with 256-bit key 2022-10-19T15:14:28.870073+00:00 ipsec-vpn-server pluto[1796]: testing AES_CBC: 2022-10-19T15:14:28.870113+00:00 ipsec-vpn-server pluto[1796]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key 2022-10-19T15:14:28.870214+00:00 ipsec-vpn-server pluto[1796]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key 2022-10-19T15:14:28.870312+00:00 ipsec-vpn-server pluto[1796]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key 2022-10-19T15:14:28.870415+00:00 ipsec-vpn-server pluto[1796]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key 2022-10-19T15:14:28.870516+00:00 ipsec-vpn-server pluto[1796]: testing AES_XCBC: 2022-10-19T15:14:28.870545+00:00 ipsec-vpn-server pluto[1796]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input 2022-10-19T15:14:28.870744+00:00 ipsec-vpn-server pluto[1796]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input 2022-10-19T15:14:28.870880+00:00 ipsec-vpn-server pluto[1796]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input 2022-10-19T15:14:28.871005+00:00 ipsec-vpn-server pluto[1796]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input 2022-10-19T15:14:28.871162+00:00 ipsec-vpn-server pluto[1796]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input 2022-10-19T15:14:28.871293+00:00 ipsec-vpn-server pluto[1796]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input 2022-10-19T15:14:28.871424+00:00 ipsec-vpn-server pluto[1796]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input 2022-10-19T15:14:28.871699+00:00 ipsec-vpn-server pluto[1796]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) 2022-10-19T15:14:28.871830+00:00 ipsec-vpn-server pluto[1796]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) 2022-10-19T15:14:28.871965+00:00 ipsec-vpn-server pluto[1796]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) 2022-10-19T15:14:28.872171+00:00 ipsec-vpn-server pluto[1796]: testing HMAC_MD5: 2022-10-19T15:14:28.872202+00:00 ipsec-vpn-server pluto[1796]: RFC 2104: MD5_HMAC test 1 2022-10-19T15:14:28.872365+00:00 ipsec-vpn-server pluto[1796]: RFC 2104: MD5_HMAC test 2 2022-10-19T15:14:28.872692+00:00 ipsec-vpn-server pluto[1796]: RFC 2104: MD5_HMAC test 3 2022-10-19T15:14:28.873169+00:00 ipsec-vpn-server pluto[1796]: 1 CPU cores online 2022-10-19T15:14:28.873398+00:00 ipsec-vpn-server pluto[1796]: starting up 1 helper threads 2022-10-19T15:14:28.873476+00:00 ipsec-vpn-server pluto[1796]: started thread for helper 0 2022-10-19T15:14:28.873507+00:00 ipsec-vpn-server pluto[1796]: using Linux xfrm kernel support code on #24-Ubuntu SMP Wed Sep 28 15:52:04 UTC 2022 2022-10-19T15:14:28.873598+00:00 ipsec-vpn-server pluto[1796]: kernel: /proc/sys/net/ipv6/conf/all/disable_ipv6=1 ignore ipv6 holes 2022-10-19T15:14:28.873872+00:00 ipsec-vpn-server pluto[1796]: seccomp security not supported 2022-10-19T15:14:28.875029+00:00 ipsec-vpn-server pluto[1796]: helper(1) seccomp security for helper not supported 2022-10-19T15:14:28.875223+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": IKE SA proposals: 2022-10-19T15:14:28.875233+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2022-10-19T15:14:28.875239+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 2:IKE=AES_CBC_128-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2022-10-19T15:14:28.875244+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 3:IKE=AES_CBC_256-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2022-10-19T15:14:28.875249+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 4:IKE=AES_CBC_128-HMAC_SHA1-HMAC_SHA1_96-MODP2048+MODP3072+MODP4096+MODP8192+ECP_256+ECP_384+ECP_521+CURVE25519 2022-10-19T15:14:28.875306+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": Child SA proposals: 2022-10-19T15:14:28.875311+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 1:ESP=AES_GCM_C_128+AES_GCM_C_256-NONE-NONE-ENABLED+DISABLED 2022-10-19T15:14:28.875316+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 2:ESP=AES_CBC_128-HMAC_SHA1_96-NONE-ENABLED+DISABLED 2022-10-19T15:14:28.875320+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 3:ESP=AES_CBC_256-HMAC_SHA1_96-NONE-ENABLED+DISABLED 2022-10-19T15:14:28.875325+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 4:ESP=AES_CBC_128-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED 2022-10-19T15:14:28.875329+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": 5:ESP=AES_CBC_256-HMAC_SHA2_256_128-NONE-ENABLED+DISABLED 2022-10-19T15:14:28.879362+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": loaded private key matching left certificate 'xx.xx.com' 2022-10-19T15:14:28.880944+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp": added IKEv2 connection 2022-10-19T15:14:28.881065+00:00 ipsec-vpn-server pluto[1796]: listening for IKE messages 2022-10-19T15:14:28.881147+00:00 ipsec-vpn-server pluto[1796]: Kernel supports NIC esp-hw-offload 2022-10-19T15:14:28.881257+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface eth0 172.18.0.2:500 2022-10-19T15:14:28.881334+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface eth0 172.18.0.2:4500 2022-10-19T15:14:28.881384+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface lo 127.0.0.1:500 2022-10-19T15:14:28.881434+00:00 ipsec-vpn-server pluto[1796]: adding UDP interface lo 127.0.0.1:4500 2022-10-19T15:14:28.893567+00:00 ipsec-vpn-server pluto[1796]: forgetting secrets 2022-10-19T15:14:28.893636+00:00 ipsec-vpn-server pluto[1796]: loading secrets from "/etc/ipsec.secrets" 2022-10-19T15:16:52.247051+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2022-10-19T15:16:52.254272+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2022-10-19T15:16:53.255520+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:16:55.254056+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:16:59.262879+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:17:07.261653+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:18:32.983999+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[first-match] 2022-10-19T15:18:32.990541+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2022-10-19T15:18:33.978988+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:18:34.999624+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:20:12.255496+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting incomplete state after 200 seconds 2022-10-19T15:20:12.255510+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #1: deleting state (STATE_V2_PARENT_R1) aged 200.008508s and NOT sending notification 2022-10-19T15:21:52.991612+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting incomplete state after 200 seconds 2022-10-19T15:21:52.991625+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118 #2: deleting state (STATE_V2_PARENT_R1) aged 200.007677s and NOT sending notification 2022-10-19T15:21:52.991644+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[1] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0} 2022-10-19T15:24:20.276061+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2022-10-19T15:24:20.282806+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048} 2022-10-19T15:24:21.280808+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:24:23.284373+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:24:27.286887+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:24:35.489258+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: received duplicate IKE_SA_INIT message request (Message ID 0); retransmitting response 2022-10-19T15:27:40.291777+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting incomplete state after 200 seconds 2022-10-19T15:27:40.291799+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118 #3: deleting state (STATE_V2_PARENT_R1) aged 200.015778s and NOT sending notification 2022-10-19T15:27:40.291825+00:00 ipsec-vpn-server pluto[1796]: "ikev2-cp"[2] 118.118.118.118: deleting connection instance with peer 118.118.118.118 {isakmp=#0/ipsec=#0} ``` **服务器信息** - Docker 主机操作系统: Ubuntu 22.04 arm64 - 服务提供商（如果适用）: Oracle **客户端信息** - 设备: [mac windows11] - 操作系统: [mac windows11] - VPN 模式: [IKEv2] **其它信息** 无

kerem closed this issue

2026-03-02 08:01:07 +03:00

kerem commented

2026-03-02 08:01:08 +03:00

Author

Owner

@hwdsl2 commented on GitHub (Oct 20, 2022):

@webca7 你好！感谢你提供详细的错误报告。从你的日志来看，一般 retransmitting 相关的错误与客户端和服务器之间的网络问题有关，而不是服务器本身的问题。例如，有可能是 GFW 屏蔽或干扰无法使用。你看看是否与此有关？

@hwdsl2 commented on GitHub (Oct 20, 2022): @webca7 你好！感谢你提供详细的错误报告。从你的日志来看，一般 `retransmitting` 相关的错误与客户端和服务器之间的网络问题有关，而不是服务器本身的问题。例如，有可能是 GFW 屏蔽或干扰无法使用。你看看是否与此有关？

kerem commented

2026-03-02 08:01:08 +03:00

Author

Owner

@webca7 commented on GitHub (Oct 20, 2022):

我确定不是gfw 的原因，同样的ip我绑定到x86的服务器上面没有这个问题

@webca7 commented on GitHub (Oct 20, 2022): 我确定不是gfw 的原因，同样的ip我绑定到x86的服务器上面没有这个问题

kerem commented

2026-03-02 08:01:08 +03:00

Author

Owner

@webca7 commented on GitHub (Oct 20, 2022):

从国外vpn网络也无法连接arm64版的docker服务

@webca7 commented on GitHub (Oct 20, 2022): 从国外vpn网络也无法连接arm64版的docker服务

kerem commented

2026-03-02 08:01:08 +03:00

Author

Owner

@webca7 commented on GitHub (Oct 27, 2022):

是因为docker无法识别我服务器的第二张网卡的原因，bind到第一张网卡就可以了，bind到第二张网卡的任何端口都不通。issue可以关了。thinks

@webca7 commented on GitHub (Oct 27, 2022): 是因为docker无法识别我服务器的第二张网卡的原因，bind到第一张网卡就可以了，bind到第二张网卡的任何端口都不通。issue可以关了。thinks

kerem commented

2026-03-02 08:01:08 +03:00

Author

Owner

@hwdsl2 commented on GitHub (Oct 28, 2022):

@webca7 好的，谢谢你的更新。

@hwdsl2 commented on GitHub (Oct 28, 2022): @webca7 好的，谢谢你的更新。

kerem referenced this issue

2026-03-02 08:35:40 +03:00

[PR #289] [MERGED] Make the script executable #482